CYBERARK PRIVILEGED ACCESS MANAGER

1

TECHNOLOGIES CHANGE. ATTACK PATHS DON’T.

3

KEYS TO THE KINGDOM

MALICIOUS INSIDERS

Admins DevOps 3rd Party Vendors

Business Application

Users

Robots / Apps

PROLIFERATION OF PRIVILEGED ACCESS

Any Identity can become Privileged under certain conditions

EXTERNAL ATTACKERS

4

Workforce User

3rd Party

Developer

Administrator

APPS

APPS

IaaS / PaaS

SaaS

Access Organisational

Applications to perform

day to day tasks

Provide remote Support

functions / External

Resources

Publish and Maintain

Applications used by

the Org

Keep the Lights on! Admin

level access needed to

support systems

PRIVILEGED ACCESS USE CASESU

SE

RS

PROACTIVE PROTECTION AND DETECTION

5

6

POTENTIAL NEGATIVE CONSEQUENCES

MISALIGNMENT OF

BUSINESS AND SECURITY

INEFFICIENT USE

OF IT RESOURCES

COMPLIANCE

GAPS

SECURITY

BREACHES

POOR USER

EXPERINCE

VENDOR

SPRAWL

7

KEY DRIVERS

7

Satisfy Audit

and ComplianceDrive Operational

EfficienciesEnable the Digital

Business

Defend Against

Attacks

8

Enable the Digital

Business:

Automate

• Identity security platform for current and

future infrastructure, apps, and devices

• Security-first approach to ensure maximum uptime and

availability of digital biz

• Broadest out-of-the-box

integrations

• CyberArk Blueprint for

PAM success

Drive Operational

Efficiencies:

Simplify

• Consistently enable privilege users

• Centralized visibility and controls for PAM

• Automated task and user management via REST

• Broadest out-of-the-box integrations

• CyberArk Blueprint for PAM success

Defend Against

Attacks:

Secure

• Foundational PAM controls

• Secure PAM while managing IDs and

permissions across the cloud

• Least Privilege Just-in-

Time access

• Broadest out-of-the-box

integrations

• CyberArk Blueprint for

PAM success

Satisfy Audit and

Compliance:

Standardize

• Unified platform to assess security posture

• Centralized visibility for access control, with full

audit and accountability

• Aligned with industry standard risk frameworks

• Broadest out-of-the-box integrations

• CyberArk Blueprint for PAM success

PRIVILEGED ACCESS MANAGER BUSINESS VALUE

9

Access DevSecOps

Customer

Identity

Workforce

Identity

Cloud

Entitlements

Manager

Vendor

Privileged

Access

Manager

Privilege

Endpoint

Privilege

Manager

Workstations | Servers

Privileged

Access

Manager

Cloud | On Premises

Secrets

Manager

Conjur Enterprise

Open Source

Secrets

Manager

Credential ProvidersIDENTITY SECURITY PLATFORM

Security First • AI-Enabled • Frictionless • Everywhere

10

CYBERARK PRIVILEGED ACCESS MANAGER

11

1. SINGLE SIGN-ON & ADAPTIVE MULTI-FACTOR

AUTHENTICATION TO BUSINESS APPLICATIONS

2. CREDENTIAL MANAGEMENT AND DISCOVERY

3. SESSION ISOLATION AND RECORDING

4. REMOTE, VPN-LESS ACCESS TO PAM

5. REMEDIATE ANOMALOUS ACTION

THE NEW STANDARD FOR PRIVILEGED USERS

12

SINGLE SIGN-ONDrive employee productivity, reduce helpdesk calls, and demonstrate compliance

Enable one-click access to your cloud, mobile, and legacy apps

Single Sign-On

A single identity to login to all cloud

and on-prem apps leveraging SSO

standards

App Catalog

Easy deployment of single sign-on to

thousands of pre-integrated web and

mobile apps

Self-Service Password Reset

Enable end-users to reset their own

passwords and unlock account.

VPN-Less App Access

SSO into on-prem apps and enforce

access policies without a VPN

(App Gateway Service)

13

ADAPTIVE MULTI-FACTOR AUTHENTICATIONStrengthen security through high authentication assurance, drive superior MFA user experience

Add an extra layer of protection before granting access to corporate applications

Broad Authentication Methods

Broadest choice of authentication

factors

Risk Aware

Leverage machine learning for

behavior-based MFA

MFA Everywhere

Protect a broad range of

use cases and resources

Standards Based

Leverage standards like OATH, FIDO,

RADIUS for out of box integrations

14

NETWORK

DEVICESSERVERS MAINFRAMES

DATABASES APPLICATIONS

SECURITY

APPLICANCES

WEBSITES/

WEBAPPS

CLOUD

INFRASTUCTURE

Automatic credential rotation in the event of privileged account and

credential compromise or theft

AUTOMATED REMEDIATION BUILT-IN

RISK-BASED CREDENTIAL MANAGEMENT AND DISCOVERY

15

RISK-BASED CREDENTIAL MANAGEMENT AND DISCOVERY

Continually scan the

environment to detect

privileged credentials and

accounts

Add All discovered privileged

accounts to the pending

QUEUE to validate privilege

Automatically add privileged

accounts to be managed and

rotated in the digital vault

DISCOVER ONBOARD MANAGE

16

PRIVILEGED SESSION MANAGEMENT

NETWORK

DEVICESSERVERS MAINFRAMES

DATABASES APPLICATIONS

SECUITY

APPLICANCES

WEBSITES/

WEBAPPS

CLOUD

INFRASTUCTURE

17

PRIVILEGED SESSION MANAGEMENT

Separate endpoints from critical

target systems to prevent

lateral & vertical movement,

and isolate credentials from

end-users & workstations

Monitor, track and detect

suspicious privileged

activities and events in real

time

Support forensic analysis and

audit with detailed audit of

privileged activity

ISOLATE MONITORRECORD & AUDIT

* * * *

18

Network Devices

Servers Cloud /PaaS

Databases Applications

Security Appliances

Websites/ Web Apps

Cloud Infrastructure

3rd Party User

Remote User

CONTROL:Secure Privileged Credentials and Enforce Strong Access Workflows

ISOLATE:Protect Critical Systems and Monitor Privileged Sessions

SECURED REMOTE ACCESS:Secure Remote, Privileged Access from 3rd Party and Remote Based users

Privilege Cloud ConnectorPrivilege Cloud

Service

IT Environment

Office User

Secured Remote Access

Privileged Session Request

Privileged Session Initiated

REMOTE, VPN-LESS ACCESS

WORKFORCE USER

• Non-IT Users;

CXO, VP Finance, Sales

• Access to Business

Applications

• Personal / Shared Access

19

PRIVILEGED USER

• A Member of the IT Team

• Privileged Access to both

Infrastructure and other

Critical or Business

Applications On-Prem & in

the Cloud

3 HUMAN USER TYPES

EXTERNAL VENDOR

• Non-Company Employee

• Privileged Access to both

Infrastructure and other

Critical or Business

Applications On-Prem & in

the Cloud

IT USERS NON-IT USERS

20

SUBSCRIPTION OFFERINGS FOR EACH USER TYPE

PRIVILEGED USER EXTERNAL VENDOR

PAM Controls

✓ Enforced, automatic session isolation, recording and monitoring

✓ Just in time provisioning to CyberArk

PAM

Identity Controls

✓ Biometric MFA to CyberArk PAM

✓ VPN-less Remote Access to PAM

WORKFORCE USER SaaS

PAM Controls

✓ Personal credential vaulting with basic sharing for web-based apps

✓ Browser plug-in with auto-fill

Identity Controls

✓ Adaptive MFA & SSO

✓ Endpoint Authentication & Context

WORKFORCE USER ON PREM

PAM Controls

✓ Personal credential vaulting for all applications (no sharing)

Identity Controls

✓ Adaptive MFA & SSO

PAM Controls

✓ Vault, share and manage credentials

✓ Automatic session isolation, recording and monitoring

For On-Premises: Threat Analytics and Detection

Identity Controls

✓ Adaptive MFA & SSO to Biz Apps

✓ VPN-less Remote Access to PAM

Endpoint Controls

✓ Manage local admin credentials on the

endpoint

Basic Privileged User that includes:

✓ Vault, share and manage credentials

✓ Adaptive MFA & SSO

✓ Manage local admin credentials on the endpoint

✓ *Available as SaaS only*

CONFIDENTIAL INFORMATION 21

MOST COMPLETE &

EXTENSIBLE IDENTITY

SECURITY PLATFORM

BROADEST INTEGRATION

SUPPORT

IDENTITY SECURITY

INNOVATOR

PROVEN EXPERTISE IN

SECURING IDENTITY

ARCHITECTED FOR THE

MODERN ENTERPRISE

CYBERARK

IDENTITY SECURITY

DIFFERENTIATORS

CONFIDENTIAL INFORMATION 22

Defend

Against

Attacks

PROTECTION FROM

IDENTITY ATTACKSIMPROVED AGILITY

AND PRODUCTIVITY

STREAMLINED

COMPLIANCE

NEW DIGITAL

BUSINESS INITIATIVES

Defend

Against

Attacks

Drive

Operational

Efficiencies

Enable

the Digital

Business

Satisfy Audit

and Compliance

EXPECTED BUSINESS OUTCOMES

CYBERARK

BLUEPRINTSUCCESS

RESOURCES

SECURITY

SERVICES TECHNICAL

SUPPORT

CYBERARK CUSTOMER SUCCESS

Get Expert Assistance l Reduce Security Risk l Maximize Investment value

SUCCESS

MANAGEMENT

ENTERPRISE BEST PRACTICES

6,000+ Global Customers

>50% of Fortune 500

POST-BREACH, RISK-BASED ADVICE

Remediated >40% of Largest Breaches

Red Team and Security Researchers

IDENTITY SECURITY LEADERSHIP

Creator of PAM Market

#1 PAM Vendor & Market Share

WHICH IS BUILT ON

THE CYBERARK BLUEPRINTis a best practices framework for developing a successful identity security

program, providing simple yet perspective guidance, structured in a

measurable way, to defend against attacks and reduce risk

25

1. DEFEND AGAINST ATTACKS

2. DRIVE OPERATIONAL EFFICIENCY

3. ENABLE THE DIGITAL BUSINESS

4. SATISFY AUDIT AND COMPLIANCE

SOLUTION BENEFITS

26

CUSTOMER EXAMPLES

GLOBAL 500 ENERGY PROVIDER

Based in Central Europe

Problem

• With a small, limited team, this organization needed a PAM as-a-Service

program spanning internal access, endpoints and third party vendors

• Regional EU regulations for Operators of Critical Infrastructure call for state-

of-the-art measures to protect critical infrastructure

• The organization has a variety of third parties that require privileged access

and wanted to consolidate and centralize controls

• Consolidating vendors to rely on a single security market leader was a top

objective

SOLUTION: CyberArk Privileged Access Manager (as-a-Service), Endpoint

Privilege Manager and Remote Access Manager (formerly Alero)

RESULT

• Full SaaS solution delivered to secure privileged credentials, establish least

privilege on endpoints, and secure external vendor access

PAM AS-A-SERVICE

FROM TIER 0 TO THE

ENDPOINT:

27

ERP SOFTWARE PROVIDER

Based in São Paulo, Brazil

Problem:

• One of the world’s largest ERP Providers and the LATAM Market Share Leader

sought a PAM solution that would improve their product security and enable

greater availability and efficiency for customers

• The ERP Provider needed a PAM solution that could support their cloud

workloads and enable automation

SOLUTION: CyberArk Privilege Access Manager

RESULT

• With CyberArk, the organization fully automated PAM and credential management

• All access to cloud instances occurs exclusively through CyberArk. Customer

analysts use CyberArk session management to maintain customer environments

without direct access to passwords or SSH keys

• Improved operational efficiency for internal IT admin, customer analysts, security

teams simplified compliance with Brazilian regulations

SECURING CLOUD

WORKLOADS

28

Provide a modern approach to IDENTITY SECURITY

anchored on privilege to protect against advanced

cyber threats

WHY CYBERARK

2929

#1Leader in Privileged

Access Management

6,300Global Customers

50%Trusted by more

than 50% of the

Fortune 500

30

THANK YOU