While privileged accounts have been implicated in 100 percent of advanced cyber-attack breaches1, they largely go unprotected across cloud environments, due to immature defence strategies around this critical security layer. Hackers target these accounts because they provide the ‘keys to controlling the infrastructure,’ – whether that is through the cloud, on-premises, or across industrial control systems. The scalable, fluid infrastructure inherent in cloud environments results in unique differences in how privileged accounts behave.
Plugging this critical security gap, CyberArk’s new cloud capabilities enable full monitoring and control over all privileged and administrative credentials that are uniquely required to manage cloud environments and hosted images. CyberArk is the only provider with a full solution-set, including behavioural analytics, covering the entire spectrum of privilege, including out of the box integrations with SaaS applications, hypervisor management solutions, as well as supporting major cloud platforms such as Amazon Web Services (AWS) and Microsoft Azure.
“The cloud is fundamentally changing the nature of privileged account security. Server instances can be created instantaneously across multiple cloud environments, SaaS applications serve more critical functions, while infrastructure and privileged accounts are maintained in part by third-party vendors,” said Roy Adar, vice president, product management, CyberArk. “Migrating to the cloud introduces complexity for enterprises to navigate, which is why CyberArk has gone to great lengths to create a single, streamlined approach to manage privilege from the datacentre out to any cloud environment. No matter what environment an organisation uses, CyberArk has you covered.”
Defending against advanced threats in the cloud
By extending its Privileged Account Security Solution to the cloud, CyberArk enables customers to use the same platform protecting on-premises and industrial control systems to cover their cloud environments, including:
• Public Clouds: CyberArk integrates with all cloud providers and leading service providers like AWS and Azure empowering customers to:
o Use the same infrastructure to secure privileged access to on-site servers, databases, desktops, network device and remotely managed machines
o Prevent guest machines from exposing default password vulnerabilities
o Eliminate hard coded and visible credentials from applications and scripts that use cloud providers’ API
o Establish single-sign-on to privileged accounts in the cloud
o Protect cloud-based servers from unauthorised access by third-party cloud service providers and malicious attackers
o Monitor all privileged user activity and alert on suspicious behaviour in public cloud environments
• Private Clouds: Integrations with VMware vCenter, and Microsoft HyperV provide:
o Improved security protection of management system credentials, including password rotation
o Automatic replacement of default passwords for newly provisioned systems and guest machines
o Monitoring, recording and alerting on all administrative user sessions for faster and more thorough compliance auditing
• SaaS Environments: Applications provided as a service face a myriad of challenges with shared passwords. CyberArk provides integrations with leading SaaS applications, including Salesforce.com, Office365, Windows Intune, Facebook, Twitter, LinkedIn and Microsoft Dynamics CRM to:
o Automate and enforce best practice privileged account security, including enforcing one-time passwords
o Provide individual accountability fully monitoring activity on shared accounts
o Secure social media accounts from advanced attacks and privileged exploitation
o Provide single-sign-on to SaaS application accounts
o Extend privileged accounts security solution to all SaaS applications with the CyberArk universal connector
Additionally, to combat the significant increase in users accessing key accounts across cloud environments, CyberArk Privileged Threat Analytics analyses all user behaviour and detects activates anomalous to typical behaviour. Behaviour is analysed in real-time, creating alerts for unusual activity, for example a user accessing a credential at an unusual time of day.