Scribd
Upload
739 views22 pages

By Vaibhav Pandya S R.information Security Consultant M.Tech Solutions (India) PVT - LTD

This document provides an agenda and overview of a CyberArk presentation. The agenda includes an introduction to CyberArk, its components, uses cases, licensing and competitive analysis. It defines privileged accounts and explains why CyberArk is the market leader in privileged access management. The core components of CyberArk are described including the digital vault for secure storage, discovery of accounts, secure auditing and credential protection. Use cases like automated password management and session isolation are highlighted. Sizing questions and probing questions for customers are also provided.

Uploaded by

tsegay.cs
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
739 views22 pages

By Vaibhav Pandya S R.information Security Consultant M.Tech Solutions (India) PVT - LTD

This document provides an agenda and overview of a CyberArk presentation. The agenda includes an introduction to CyberArk, its components, uses cases, licensing and competitive analysis. It defines privileged accounts and explains why CyberArk is the market leader in privileged access management. The core components of CyberArk are described including the digital vault for secure storage, discovery of accounts, secure auditing and credential protection. Use cases like automated password management and session isolation are highlighted. Sizing questions and probing questions for customers are also provided.

Uploaded by

tsegay.cs
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 22

BY VAIBHAV PANDYA

Sr.Information Security Consultant


M.TECH SOLUTIONS(INDIA) PVT.LTD
AGENDA FOR THE DAY

• INTRODUCTION TO CYBERARK.
• WHY CYBERARK
• INTRODUCTION TO CYBERARK PAS COMPONENTS
• CYBERARK PAS PRODUCT OVERVIEW.
• CYBERARK USE CASES.

• CYBERARK LICENSING.
• COMPETITIVE ANALYSIS.
• CYBERARK PAS LIVE DEMO.

2
WHAT IS A PRIVILEGED ACCOUNT

• ANY ACCOUNT WHICH HAS FULL RIGHTS ON THE SYSTEM RATHER THAN THE NORMAL
USER IS CALLED AS A PRIVILEGED ACCOUNT.
• EXAMPLES OF PRIVILEGED ACCOUNTS ARE AS FOLLOWS:-
1. ADMINISTRATOR ACCOUNT IN WINDOWS
2. ROOT ACCOUNT IN LINUX/UNIX.
3. SYS OR SA ACCOUNT IN DATABASE.
4. CISCO ENABLE FOR CISCO DEVICES SUCH AS ROUTERS AND SWITCHES.

3
CYBERARK - #1 IN PRIVILEGED ACCOUNT SECURITY

Strong Business Performance A History of Product Innovation


Growth & Profitability

1Source: IDG “Biggest Breaches of the 21st Century”, 10/17

4
5
CYBERARK - PAM MARKET LEADER

6
WHY CYBERARK

1. MARKET LEADER IN THE PIM/PAM INDUSTRY.


2. BEING A MARKET LEADER, CUSTOMER TRUSTS THE ORGANIZATION FOR THE
OFFERINGS.
3. INTEGRATIONS WITH EXISTING SOLUTIONS ARE EASY DUE TO THE CYBERARK C3
ALLIANCE.
4. ONLY CYBERARK HAS THE CLOUD OFFERING AS COMPARED TO THE OTHER PIM
VENDORS.

7
CYBERARK C3 ALLIANCE

8
INTRODUCTION TO CYBERARK PAS COMPONENTS

9
CYBERARK’S PRIVILEGED ACCOUNT SECURITY SOLUTION

10
CORE PRIVILEGED ACCOUNT SECURITY

Lock Down Isolate & Control Continuously


Credentials Sessions Monitor

Protect privileged Prevent malware Implement continuous


passwords attacks and control monitoring across all
privileged access privileged accounts
DIGITAL VAULT

Secure storage
▪ Passwords
▪ Audit logs and recordings
▪ Policies

Designed for security


▪ Layered encryption
▪ Tamper-resistant audit
▪ Comprehensive monitoring
▪ Built-in firewall
Vault Safes

12
DISCOVER, AUDIT AND INTEGRATE

DISCOVERY ENGINE SECURE AUDIT ENTERPRISE CLASS API

• Continuously discover • Centralized, tamper-proof audit • Seamlessly automate and


servers and workstations records to meet compliance integrate CyberArk solutions with
any existing IT workflow and
• All privileged access activities security tools
• Detect change to your IT recorded
env • C3 integrations for SIEM,
• Records contain the “Who, what, Vulnerability Scanners, ITSM,
• Cloud and on-premise where and why” of each privileged IAM and DevOps
capable activity
• Cloud and on-premise capable
• Real time discovery and • Provides simplified, cost-effective
protection on all privileged fine grained accountability for any • API first strategy when new
access or usage of shared functionality is released enabling
account activity privileged accounts faster adoption

13
CREDENTIAL PROTECTION AND MANAGEMENT

ENTERPRISE
RESOURCES

SERVERS MAINFRAMES

DATABASES APPLICATIONS

NETWORK SECURITY
DEVICES APPLICANCES

PASSWORD SECURE
ROTATION STORAGE
CYBERARK WEB PORTAL WEBSITES/ CLOUD
WEBAPPS INFRASTUCTURE

14
SESSION ISOLATION AND MONITORING

Enterprise Resources

× Block malware from getting in Servers Mainframes

Databases Applications
Privileged Session
× Block credentials from getting out Manager

Network Security
Devices Appliances

▪ Isolates sensitive assets from the rest of the infrastructure


while still enabling necessary access

▪ Tracks and recordsLog in to resources via their


user activity during privileged sessions
preferred method
Websites/ Cloud
Web Apps Infrastructure
▪ Thwarts attacks by scoring and terminating sessions based on
risk level

15
WAY TO PITCH IN CYBERARK

16
DNA

17
CYBERARK DISCOVERY & AUDIT (DNA)
• Discover all accounts (privileged and non-privileged) from
Windows, Unix, Linux and Mac
• Identify privileged accounts and credentials including:
➢ Embedded & hard-coded credentials in WebSphere,
WebLogic, IIS servers and Ansible playbooks
➢ Golden Ticket attack risk
➢ SSH keys
➢ Password hashes and password length
➢ Insecure privilege escalations in Unix
➢ AWS IAM Users, Access Keys and EC2 Key pairs
• Easily view results in the Executive Summary Dashboard
• Enhance insight with visual maps of password hashes and
SSH key trust relationships
• Gain visibility without impacting performance
• Requires no installation
• Consumes very low bandwidth
CYBERARK USE CASES

• AUTOMATED PASSWORD MANAGEMENT.


• AUDITABILITY.
• SEGREGATION OF DUTIES.
• SESSION ISOLATION.
SIZING QUESTIONS

• Cyberark PAS is sized based on number of privileged users.


• If the customer is going for license less than 50 privileged users then the number of privileged
accounts that can be onboarded are in the ratio of 1:20.
• If customer is going for license from 50 and above, unlimited accounts can be onboarded.
• License is available in both perpetual and subscription model.

20
PROBING QUESTIONS TO CUSTOMERS

• How many privileged accounts does your organization have?


• If customer has no idea then we can leverage Cyberark DNA tool to give them the Privileged account
landscape to the customer.
• How are you keeping a track of activities done by the privileged users.
• How do you ensure that your credentials are rotated as per your organization’s password policy.

21
THANK YOU ☺

22

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy