RESEARCH NOTE CYBER-ARK FOR PRIVILEGED ACCOUNT MANAGEMENT



Similar documents
Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Trust but Verify: Best Practices for Monitoring Privileged Users

Windows Least Privilege Management and Beyond

Take Control of Identities & Data Loss. Vipul Kumra

REAL ROI REPORT MICROSOFT DYNAMICS NAV

Seven Things To Consider When Evaluating Privileged Account Security Solutions

PCI DSS Compliance: The Importance of Privileged Management. Marco Zhang

MICROSOFT HIGHER EDUCATION CUSTOMER SOLUTION

How To Secure A Database From A Leaky, Unsecured, And Unpatched Server

IBM Security Privileged Identity Manager helps prevent insider threats

How To Achieve Pca Compliance With Redhat Enterprise Linux

Critical Issues with Lotus Notes and Domino 8.5 Password Authentication, Security and Management

Secret Server Qualys Integration Guide

identity management in Linux and UNIX environments

PRIVILEGED IDENTITY MANAGEMENT CASE STUDY. Barak Feldman, Cyber-Ark Software Seth Fogie, Lancaster General Health

IBM Tivoli Compliance Insight Manager

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform

MICROSOFT HIGHER SOLUTION

IBM Maximo Asset Management for IT

Privileged Session Management Suite: Solution Overview

Learn From the Experts: CyberArk Privileged Account Security. Łukasz Kajdan, Sales Manager Baltic Region Veracomp SA

IBM Tivoli Service Request Manager

CSN38:Tracking Privileged User Access within an ArcSight Logger and SIEM Environment Philip Lieberman, President and CEO

F Cross-system event-driven scheduling. F Central console for managing your enterprise. F Automation for UNIX, Linux, and Windows servers

GUIDEBOOK MICROSOFT DYNAMICS GP

How To Manage A Privileged Account Management

Controlling Remote Access to IBM i

Top Ten Keys to Gaining Enterprise Configuration Visibility TM WHITEPAPER

Security Survey 2009: Privileged User Management It s Time to Take Control Frequently Asked Questions and Background

IT Security & Compliance. On Time. On Budget. On Demand.

VULNERABILITY & COMPLIANCE MANAGEMENT SYSTEM

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

An Oracle White Paper December Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance

Service & Process Account Management

Centrify Server Suite Management Tools

Lifecycle Vulnerability Management and Continuous Monitoring with Rapid7 Nexpose

Hospitality Cloud+Plus. How Technology Can Benefit Your Hotel LIMOTTA IT. LIMOTTAIT.com/hospitality

Best Practices for PCI DSS V3.0 Network Security Compliance

SafeNet DataSecure vs. Native Oracle Encryption

GUIDEBOOK MICROSOFT DYNAMICS NAV

Field Service in the Cloud: Solving the 5 Biggest Challenges of Field Service Delivery

Reining in the Effects of Uncontrolled Change

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

PowerBroker for Windows

RESEARCH NOTE NETSUITE S IMPACT ON MANUFACTURING COMPANY PERFORMANCE

How To Use Ibm Tivoli Monitoring Software

PCI DSS Reporting WHITEPAPER

Security management White paper. Develop effective user management to demonstrate compliance efforts and achieve business value.

ROI EVALUATION REPORT REPLIWEB DEPLOYMENT

What IT Auditors Need to Know About Secure Shell. SSH Communications Security

The Benefits of an Integrated Approach to Security in the Cloud

Kaseya IT Automation Framework

Endpoint Virtualization for Healthcare Providers

PowerBroker for Windows Desktop and Server Use Cases February 2014

Enforcive / Enterprise Security

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite.

Why you need an Automated Asset Management Solution

Best Practices in Lifecycle Management: Comparing Suites from Dell KACE, Symantec, LANDesk, and Microsoft

RESEARCH NOTE NETSUITE S IMPACT ON E-COMMERCE COMPANIES

Business-Driven, Compliant Identity Management

Privilege Gone Wild: The State of Privileged Account Management in 2015

PCI-DSS Penetration Testing

Application Monitoring for SAP

APPLICATION COMPLIANCE AUDIT & ENFORCEMENT

Making Database Security an IT Security Priority

Intro to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Privilege Gone Wild: The State of Privileged Account Management in 2015

Drive Down IT Operations Cost with Multi-Level Automation

FairWarning Mapping to PCI DSS 3.0, Requirement 10

TECHNOLOGY VALUE MATRIX FIRST HALF 2014 CPM

Strengthen security with intelligent identity and access management

CA SiteMinder SSO Agents for ERP Systems

Self-Service SOX Auditing With S3 Control

GOT PRIVILEGE? - THE PRIVILEGED CHALLENGE Adam Bosnian EVP America s and Corporate Development

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.

7 Tips for Achieving Active Directory Compliance. By Darren Mar-Elia

Study Shows Businesses Experience Significant Operational and Business Benefits from VMware vrealize Operations

SUPPORTING HIPAA COMPLIANCE THROUGH MANAGED HOSTING.

RSA ACCESS MANAGER. Web Access Management Solution ESSENTIALS SECURE ACCESS TO WEB APPLICATIONS WEB SINGLE SIGN-ON CONTEXTUAL AUTHORIZATION

Defending the Database Techniques and best practices

SECURE, MANAGE & CONTROL PRIVILEGED ACCOUNTS & SESSIONS. Presenter: Terence Siau

Reducing the cost and complexity of endpoint management

The 10 Pains of UNIX Security. Learn How Privileged Account Security Solutions are the Right Painkiller

An Oracle White Paper December Implementing Enterprise Single Sign-On in an Identity Management System

How To Manage A Network Security Risk

Guardium Change Auditing System (CAS)

What s New in Centrify Server Suite 2015

AssurX Makes Quality & Compliance a Given Not Just a Goal

Transcription:

Document K23 RESEARCH NOTE CYBER-ARK FOR PRIVILEGED ACCOUNT MANAGEMENT THE BOTTOM LINE Managing privileged accounts requires balancing accessibility and control while ensuring audit capabilities. Cyber-Ark enables organizations to increase administrator productivity while reducing risk. Deployed properly, Cyber-Ark s Privileged Identity Management Suite can deliver payback in fewer than six months, and be extended over time to support other applications without additional licensing costs. The Cyber-Ark Privileged Identity Management Suite secures, manages, and monitors privileged accounts and activities associated with data center management. Cyber-Ark provides policy-based account management for onpremise, off-site, hosted, and cloud environments. Key components include: Enterprise Password Vault to securely store privileged accounts and enforce credential management policies Application Identity Manager to securely manage credentials in application scripts and services Privileged Session Manager to monitor and record account activities during access by privileged accounts On-Demand Privileges Manager enables users to manage superuser account access in the cloud. Because the four components share a common server platform, companies can deploy any individual solution at any time and expand as needed in the future to address new audit or security challenges. Privileged accounts include the root account on UNIX/Linux servers; Microsoft Windows, Microsoft SQL Server, and Oracle systems administrator accounts; Cisco Enable accounts; SAP Application Server administrator accounts; and others such as emergency or help desk administrator accounts. Cyber-Ark supports Windows, Linux, Solaris, and AIX platforms; WebLogic, WebSphere, and Jboss application servers; and various programming languages including Java, C and C++, VB, and.net. The unified product eliminates the need to manage privileged accounts and privileged users on different systems and applications separately. Cyber-Ark enables organizations to leverage the same vault infrastructure, policy engine, and monitoring and reporting tools to manage privileged and shared accounts from one central location. Corporate Headquarters Nucleus Research Inc. 100 State Street Boston, MA 02109 Phone: +1 617.720.2000 Nucleus Research Inc.

THE CHALLENGE Privileged accounts and passwords, such as those of administrators, allow users to log on and control systems and applications and view, alter, or extract data and information on those systems. Most organizations have multiple workstations, servers, routers, databases, scripts, and applications that require administrator accounts and passwords, and many passwords are shared by different administrators. Multiple workstations, servers, routers, databases, scripts, and applications mean most large organizations can have hundreds of thousands of privileged accounts and passwords. Unlike unique passwords that link one user to one or many accounts, administrative and application passwords cannot link a specific person to a specific application or system action. Because privileged accounts are difficult to disable, most organizations rely on spreadsheets, home-built applications, or paper files to track and manage privileged account users and passwords. This creates a number of challenges, including: Limited visibility and audit capabilities. Because individual administrators use the same password, it is difficult if not impossible to track who made what changes. Risk of rogue administrators or unauthorized access. Because administrator passwords are difficult to disable, users that gain access can often continue to access or alter data and not be detected. Compliance vulnerability. Regulations such as Sarbanes-Oxley, PCI, NERC/FERC, and Basel II require organizations to clearly document and track changes to systems, including changes made by administrators. Without effective identification, authorization, and logging of privileged access, companies cannot ensure they are in compliance. Negative impact on end users. Without effective and efficient application administration, provisioning users, applying critical patches and fixes, and solving application or access problems is delayed, impacting the satisfaction and productivity of internal or external clients. Because of these challenges, many organizations have looked to automated solutions such as Cyber-Ark to secure and log privileged accounts. This research explores the strategies of companies deploying Cyber-Ark and its impact on their ability to control, monitor, and manage privileged accounts and passwords, and is based on in-depth interviews with a number of Cyber-Ark clients. WHY CYBER-ARK Most Cyber-Ark customers find either an audit, a change in operations that requires more streamline privileged account management, or management concern about security and risk drives exploration of a solution for privileged account management: We had an audit in the end of 2007 and one of the findings was that a lot of administrator accounts were not being controlled properly. We were moving to a follow-the-sun model and that made it hard to get the right password our Lotus-Notes based tool was all manual on the back end, and had three instances based on region. 2

Direction was looking for a way to control privileged access. There were no procedures or actual way of keeping track of where administrator passwords were installed or keeping track of the administrators themselves. Many explored multiple identity management solutions as well as more specialized privileged identity management applications and chose Cyber-Ark because it was both focused enough to require minimal customization and extensible enough to support complex global needs. Compared to smaller point applications, users said: We brought in four solutions and ran case studies and did a bakeoff. We chose Cyber-Ark because the other user interfaces were more cumbersome and we didn t like how the transactions were handled in the back end. Others had more than one vault; with Cyber-Ark if I need more passwords I can just add another server. Cyber-Ark stood out for ease of use, and they sat with us for two days to go over things and answer any questions we had. It was a good relationship and their prices were very reasonable. Cyber-Ark had file capabilities you can put anything on a box, not just store a password, but the certificate file as well. Customers found Cyber-Ark enabled them to quickly deploy one vault and bring additional systems, accounts, applications, and privileged users under management as needed without additional application investment. Compared to larger traditional identity and systems management tools, users appreciated Cyber-Ark s focus on privileged identity: We did look at some of the big players but we were really looking for more differentiated technology for administrator password management than the traditional ID management space. It s a very focused solution and it needed to be. You could do it with other tools but you have to put a lot more effort into it. You could look at traditional identity management, like Oracle, CA, IBM, Tivoli, but they re not set up to do it and it would cost a thousand times more by the time I bought all the connectors. KEY BENEFIT AREAS Companies deploying Cyber-Ark can integrate it with enterprise applications to standardize and streamline control of privileged accounts. Key benefits achieved from Cyber-Ark include increased administrator productivity, reduced audit time, improved client service, reduced risk, and improved compliance. Increased administrator productivity Automating manual processes such as user creation, provisioning, and password resetting, and reducing the overall time needed to manage privileged identities, policies, and credentials can increase overall administrator productivity and free up time for more critical tasks. Users found: We used to have to take a security request, find the ID, reset the password, log it, reset it manually, and then synch it up. We couldn t stay on top of it. Now, we just approve administrator passwords and run reports on it once a month. Before, we were spending up to 25 hours a month. 3

We don t have to search when we find a breach of an account. To build and manage such [visibility] in house we would need 10 to 15 people. Our security team is about 15 people Before we had about 50 to 100 but we weren t managing. One large financial services firm adopted Cyber-Ark to support PCI and SOX compliance. Moving from a Lotus Notes-based application enabled it to redeploy two full-time developers, save 20 minutes on average for management of each privileged account, and automate password resets and provisioning based on Cyber-Ark s role-based capabilities. Users also found there were advantages to having one centralized application to manage all accounts and passwords, and to managing a relationship with one vendor instead of several different ones. As one user said, They know all our products, so it makes support and troubleshooting easier for both Cyber-Ark and us. It also helps with annual maintenance and service contracts, and not having to juggle different coverage terms and payment schedules. For organizations deploying Cyber-Ark, the potential administrator productivity savings will depend on the number of privileged identities and the frequency of changes. Large organizations that are manually managing privileged identities today can save at least half an administrator s time by deploying Cyber-Ark while improving compliance efforts and response times. At an average annual fully loaded cost of $60,000 per year, Cyber-Ark would save them $30,000 per year in administrator costs alone. Reduced audit time Cyber-Ark provides both a centralized system for logging and recording all activities of privileged identities and standard reporting tools and the ability to export log data into other data analysis tools to drive custom reports and dashboards. This enables organizations using Cyber-Ark to reduce the time needed to prepare for and complete audits: Before, there was no way to audit. Now Cyber-Ark can give it to us fast and easy. Now administrators can access reports and see who s been on their machine and why. Our organization has grown very quickly and so has the whole auditing and compliance issue. We don t know if we had minor bad incidents before; now it s here to mitigate any possible headaches. Unlike individual tools or manual reports, Cyber-Ark automates the monitoring and tracking of changes to systems by administrators, superusers, and other applications all in one place. This enables organizations to provide auditors with a clear trail to support Sarbanes-Oxley, Basel II, and other regulations and requirements, and shorten the time needed to effectively prepare for an audit. Improved client service Integration with enterprise applications and support for multi-site, multi-network environments enables administrators to more rapidly support users while 4

maintaining a secure audit log. Cyber-Ark users found that enabled them to support both internal clients (end users) and external clients, such as customers, more efficiently and cost-effectively: Clients appreciate it. There s a lot more comfort to them knowing that there s secure encryption above and beyond FTP. They really like the fact that they see everything and there is a full audit trail so they know whom the last person was to save it, touch it, or see old versions. If something changes or something is missing, they know exactly who did it. Our fear was, what happens if something gets screwed up and all our administrator passwords don t work Monday morning? Some of our owners have thousands of accounts. Today we can verify [all requests] upfront. Automation and the ability to rapidly identify changes and provide privileged IDs and passwords when needed enable administrators to more quickly respond to access problems and help desk ticket requests. Reduced risk The most significant benefit Cyber-Ark users cited was reduced risk. Privileged identities and passwords can be audited and managed to avert unauthorized internal and external access, changes, and data loss. When privileged identities and their management are automated, companies also reduce the common practice of embedded passwords in scripts and applications. The most significant benefit Cyber-Ark users cited was reduced risk. Most Cyber-Ark users were unable to quantify the benefit of reduced risk; however, organizations evaluating the potential risk-associated savings from privileged identity management should quantify the probability of a privileged identity management-related loss multiplied by the minimal cost of an expected loss. Example: potential risk savings The probability of a security breach occurring in a given year 20 percent The estimated minimal cost to manage a security breach $50,000 The expected annual benefit based on the probability of a breach $10,000 Improved compliance Using Cyber-Ark, superusers, administrators, and managers can securely manage and deliver reports to support audit requirements. Nucleus found most organizations start with a specific goal such as securing a certain percentage or area of accounts and can then use the common platform to support further security and implement privileged account control for new applications and systems: With government and state contracts and nuclear data, it s very critical that we are sensitive with how we store data. Nobody else supports that. This addressed a huge SOX vulnerability. It could have been a severe audit deficiency. If we can avoid that, it s a huge relief and probably kept somebody s job. Our compliance people say you need to rotate passwords on a scheduled basis and outside of manually doing that, we didn t have a good tool to do it. 5

Cyber-Ark automates password resets, system change monitoring, and data access to provide a secure and reliable audit trail for compliance purposes. CONCLUSION Given the number of workstations, servers, routers, databases, scripts, and applications enterprises have to manage, most have thousands of privileged identities, accounts, and passwords. Traditionally, this has been managed manually with in-house developed applications, spreadsheets, and paper files none of which effectively protect against data and application risk. Cyber-Ark automates and provides a central log of privileged administrative tasks, freeing up time for administrators for more critical tasks and reducing risk exposure. Given the relatively low cost, focus on the privileged identity problem, and ability to support a global, multiapplication environment, Cyber-Ark, when deployed properly, presents a cost-effective solution to data and application control and audit challenges. 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information