Post on 12-Jun-2022
CYBERARK PRIVILEGED ACCESS MANAGER
1
TECHNOLOGIES CHANGE. ATTACK PATHS DON’T.
3
KEYS TO THE KINGDOM
MALICIOUS INSIDERS
Admins DevOps 3rd Party Vendors
Business Application
Users
Robots / Apps
PROLIFERATION OF PRIVILEGED ACCESS
Any Identity can become Privileged under certain conditions
EXTERNAL ATTACKERS
4
Workforce User
3rd Party
Developer
Administrator
APPS
APPS
IaaS / PaaS
SaaS
Access Organisational
Applications to perform
day to day tasks
Provide remote Support
functions / External
Resources
Publish and Maintain
Applications used by
the Org
Keep the Lights on! Admin
level access needed to
support systems
PRIVILEGED ACCESS USE CASESU
SE
RS
PROACTIVE PROTECTION AND DETECTION
5
6
POTENTIAL NEGATIVE CONSEQUENCES
MISALIGNMENT OF
BUSINESS AND SECURITY
INEFFICIENT USE
OF IT RESOURCES
COMPLIANCE
GAPS
SECURITY
BREACHES
POOR USER
EXPERINCE
VENDOR
SPRAWL
7
KEY DRIVERS
7
Satisfy Audit
and ComplianceDrive Operational
EfficienciesEnable the Digital
Business
Defend Against
Attacks
8
Enable the Digital
Business:
Automate
• Identity security platform for current and
future infrastructure, apps, and devices
• Security-first approach to ensure maximum uptime and
availability of digital biz
• Broadest out-of-the-box
integrations
• CyberArk Blueprint for
PAM success
Drive Operational
Efficiencies:
Simplify
• Consistently enable privilege users
• Centralized visibility and controls for PAM
• Automated task and user management via REST
• Broadest out-of-the-box integrations
• CyberArk Blueprint for PAM success
Defend Against
Attacks:
Secure
• Foundational PAM controls
• Secure PAM while managing IDs and
permissions across the cloud
• Least Privilege Just-in-
Time access
• Broadest out-of-the-box
integrations
• CyberArk Blueprint for
PAM success
Satisfy Audit and
Compliance:
Standardize
• Unified platform to assess security posture
• Centralized visibility for access control, with full
audit and accountability
• Aligned with industry standard risk frameworks
• Broadest out-of-the-box integrations
• CyberArk Blueprint for PAM success
PRIVILEGED ACCESS MANAGER BUSINESS VALUE
9
Access DevSecOps
Customer
Identity
Workforce
Identity
Cloud
Entitlements
Manager
Vendor
Privileged
Access
Manager
Privilege
Endpoint
Privilege
Manager
Workstations | Servers
Privileged
Access
Manager
Cloud | On Premises
Secrets
Manager
Conjur Enterprise
Open Source
Secrets
Manager
Credential ProvidersIDENTITY SECURITY PLATFORM
Security First • AI-Enabled • Frictionless • Everywhere
10
CYBERARK PRIVILEGED ACCESS MANAGER
11
1. SINGLE SIGN-ON & ADAPTIVE MULTI-FACTOR
AUTHENTICATION TO BUSINESS APPLICATIONS
2. CREDENTIAL MANAGEMENT AND DISCOVERY
3. SESSION ISOLATION AND RECORDING
4. REMOTE, VPN-LESS ACCESS TO PAM
5. REMEDIATE ANOMALOUS ACTION
THE NEW STANDARD FOR PRIVILEGED USERS
12
SINGLE SIGN-ONDrive employee productivity, reduce helpdesk calls, and demonstrate compliance
Enable one-click access to your cloud, mobile, and legacy apps
Single Sign-On
A single identity to login to all cloud
and on-prem apps leveraging SSO
standards
App Catalog
Easy deployment of single sign-on to
thousands of pre-integrated web and
mobile apps
Self-Service Password Reset
Enable end-users to reset their own
passwords and unlock account.
VPN-Less App Access
SSO into on-prem apps and enforce
access policies without a VPN
(App Gateway Service)
13
ADAPTIVE MULTI-FACTOR AUTHENTICATIONStrengthen security through high authentication assurance, drive superior MFA user experience
Add an extra layer of protection before granting access to corporate applications
Broad Authentication Methods
Broadest choice of authentication
factors
Risk Aware
Leverage machine learning for
behavior-based MFA
MFA Everywhere
Protect a broad range of
use cases and resources
Standards Based
Leverage standards like OATH, FIDO,
RADIUS for out of box integrations
14
NETWORK
DEVICESSERVERS MAINFRAMES
DATABASES APPLICATIONS
SECURITY
APPLICANCES
WEBSITES/
WEBAPPS
CLOUD
INFRASTUCTURE
Automatic credential rotation in the event of privileged account and
credential compromise or theft
AUTOMATED REMEDIATION BUILT-IN
RISK-BASED CREDENTIAL MANAGEMENT AND DISCOVERY
15
RISK-BASED CREDENTIAL MANAGEMENT AND DISCOVERY
Continually scan the
environment to detect
privileged credentials and
accounts
Add All discovered privileged
accounts to the pending
QUEUE to validate privilege
Automatically add privileged
accounts to be managed and
rotated in the digital vault
DISCOVER ONBOARD MANAGE
16
PRIVILEGED SESSION MANAGEMENT
NETWORK
DEVICESSERVERS MAINFRAMES
DATABASES APPLICATIONS
SECUITY
APPLICANCES
WEBSITES/
WEBAPPS
CLOUD
INFRASTUCTURE
17
PRIVILEGED SESSION MANAGEMENT
Separate endpoints from critical
target systems to prevent
lateral & vertical movement,
and isolate credentials from
end-users & workstations
Monitor, track and detect
suspicious privileged
activities and events in real
time
Support forensic analysis and
audit with detailed audit of
privileged activity
ISOLATE MONITORRECORD & AUDIT
* * * *
18
Network Devices
Servers Cloud /PaaS
Databases Applications
Security Appliances
Websites/ Web Apps
Cloud Infrastructure
3rd Party User
Remote User
CONTROL:Secure Privileged Credentials and Enforce Strong Access Workflows
ISOLATE:Protect Critical Systems and Monitor Privileged Sessions
SECURED REMOTE ACCESS:Secure Remote, Privileged Access from 3rd Party and Remote Based users
Privilege Cloud ConnectorPrivilege Cloud
Service
IT Environment
Office User
Secured Remote Access
Privileged Session Request
Privileged Session Initiated
REMOTE, VPN-LESS ACCESS
WORKFORCE USER
• Non-IT Users;
CXO, VP Finance, Sales
• Access to Business
Applications
• Personal / Shared Access
19
PRIVILEGED USER
• A Member of the IT Team
• Privileged Access to both
Infrastructure and other
Critical or Business
Applications On-Prem & in
the Cloud
3 HUMAN USER TYPES
EXTERNAL VENDOR
• Non-Company Employee
• Privileged Access to both
Infrastructure and other
Critical or Business
Applications On-Prem & in
the Cloud
IT USERS NON-IT USERS
20
SUBSCRIPTION OFFERINGS FOR EACH USER TYPE
PRIVILEGED USER EXTERNAL VENDOR
PAM Controls
✓ Enforced, automatic session isolation, recording and monitoring
✓ Just in time provisioning to CyberArk
PAM
Identity Controls
✓ Biometric MFA to CyberArk PAM
✓ VPN-less Remote Access to PAM
WORKFORCE USER SaaS
PAM Controls
✓ Personal credential vaulting with basic sharing for web-based apps
✓ Browser plug-in with auto-fill
Identity Controls
✓ Adaptive MFA & SSO
✓ Endpoint Authentication & Context
WORKFORCE USER ON PREM
PAM Controls
✓ Personal credential vaulting for all applications (no sharing)
Identity Controls
✓ Adaptive MFA & SSO
PAM Controls
✓ Vault, share and manage credentials
✓ Automatic session isolation, recording and monitoring
For On-Premises: Threat Analytics and Detection
Identity Controls
✓ Adaptive MFA & SSO to Biz Apps
✓ VPN-less Remote Access to PAM
Endpoint Controls
✓ Manage local admin credentials on the
endpoint
Basic Privileged User that includes:
✓ Vault, share and manage credentials
✓ Adaptive MFA & SSO
✓ Manage local admin credentials on the endpoint
✓ *Available as SaaS only*
CONFIDENTIAL INFORMATION 21
MOST COMPLETE &
EXTENSIBLE IDENTITY
SECURITY PLATFORM
BROADEST INTEGRATION
SUPPORT
IDENTITY SECURITY
INNOVATOR
PROVEN EXPERTISE IN
SECURING IDENTITY
ARCHITECTED FOR THE
MODERN ENTERPRISE
CYBERARK
IDENTITY SECURITY
DIFFERENTIATORS
CONFIDENTIAL INFORMATION 22
Defend
Against
Attacks
PROTECTION FROM
IDENTITY ATTACKSIMPROVED AGILITY
AND PRODUCTIVITY
STREAMLINED
COMPLIANCE
NEW DIGITAL
BUSINESS INITIATIVES
Defend
Against
Attacks
Drive
Operational
Efficiencies
Enable
the Digital
Business
Satisfy Audit
and Compliance
EXPECTED BUSINESS OUTCOMES
CYBERARK
BLUEPRINTSUCCESS
RESOURCES
SECURITY
SERVICES TECHNICAL
SUPPORT
CYBERARK CUSTOMER SUCCESS
Get Expert Assistance l Reduce Security Risk l Maximize Investment value
SUCCESS
MANAGEMENT
ENTERPRISE BEST PRACTICES
6,000+ Global Customers
>50% of Fortune 500
POST-BREACH, RISK-BASED ADVICE
Remediated >40% of Largest Breaches
Red Team and Security Researchers
IDENTITY SECURITY LEADERSHIP
Creator of PAM Market
#1 PAM Vendor & Market Share
WHICH IS BUILT ON
THE CYBERARK BLUEPRINTis a best practices framework for developing a successful identity security
program, providing simple yet perspective guidance, structured in a
measurable way, to defend against attacks and reduce risk
25
1. DEFEND AGAINST ATTACKS
2. DRIVE OPERATIONAL EFFICIENCY
3. ENABLE THE DIGITAL BUSINESS
4. SATISFY AUDIT AND COMPLIANCE
SOLUTION BENEFITS
26
CUSTOMER EXAMPLES
GLOBAL 500 ENERGY PROVIDER
Based in Central Europe
Problem
• With a small, limited team, this organization needed a PAM as-a-Service
program spanning internal access, endpoints and third party vendors
• Regional EU regulations for Operators of Critical Infrastructure call for state-
of-the-art measures to protect critical infrastructure
• The organization has a variety of third parties that require privileged access
and wanted to consolidate and centralize controls
• Consolidating vendors to rely on a single security market leader was a top
objective
SOLUTION: CyberArk Privileged Access Manager (as-a-Service), Endpoint
Privilege Manager and Remote Access Manager (formerly Alero)
RESULT
• Full SaaS solution delivered to secure privileged credentials, establish least
privilege on endpoints, and secure external vendor access
PAM AS-A-SERVICE
FROM TIER 0 TO THE
ENDPOINT:
27
ERP SOFTWARE PROVIDER
Based in São Paulo, Brazil
Problem:
• One of the world’s largest ERP Providers and the LATAM Market Share Leader
sought a PAM solution that would improve their product security and enable
greater availability and efficiency for customers
• The ERP Provider needed a PAM solution that could support their cloud
workloads and enable automation
SOLUTION: CyberArk Privilege Access Manager
RESULT
• With CyberArk, the organization fully automated PAM and credential management
• All access to cloud instances occurs exclusively through CyberArk. Customer
analysts use CyberArk session management to maintain customer environments
without direct access to passwords or SSH keys
• Improved operational efficiency for internal IT admin, customer analysts, security
teams simplified compliance with Brazilian regulations
SECURING CLOUD
WORKLOADS
28
Provide a modern approach to IDENTITY SECURITY
anchored on privilege to protect against advanced
cyber threats
WHY CYBERARK
2929
#1Leader in Privileged
Access Management
6,300Global Customers
50%Trusted by more
than 50% of the
Fortune 500
30
THANK YOU