Ayehu’s integration with CyberArk Privileged Account Security Solution enables organizations to automatically retrieve and rotate credentials securely stored in the CyberArk Secure Digital Vault. Passwords can be rotated based on the organization’s security policy for all privileged identities.
In addition, the integrated solution combines individual accountability with detailed tracking and reporting on all privileged identity activity, enabling organizations to meet diverse sets of compliance requirements.
Key Challenges: Misuse and Exploitation of Credentials
Unmanaged privileged credentials (e.g. passwords) used by 3rd party tools, such as CSIRT, are typically stored locally in configuration files, or in a database with no control of encryption levels. These credentials can be easily captured and exploited by malicious users or external attackers. In addition, any manual change to these credentials requires an update of credentials across all environments, which in turn requires downtime or a maintenance window.
A single oversight during a manual password change may lock a Windows account, causing all other applications and/or application instances to stop operating. Furthermore, as these credentials are not centrally managed, it is difficult to track who or what has access to them and whether there may be a potential misuse of credentials by a malicious user or external attacker.
Ayehu Integration with CyberArk Privileged Account Security Solution
In today’s highly complex security environments, companies must protect and manage their applications’ privileged identities in order to protect their assets. Successful Privileged Identity Management (PIM) implementation can be measured by specific factors, such as:
Controlling who has access to which credential
Document credential requests for compliance
Eliminating hard-coded passwords in applications
Eliminating hard-coded passwords in 3rd party tools
This is not an easy task! There are many in-house applications and 3rd party tools such as Cyber Security Incident Response Team (CSIRT) automation, IT process automation, and others that run and need access to many servers, PCs, and other devices. The ability of 3rd party tools to access the vault and retrieve the relevant credential information of the specific device is crucial to successful PIM implementation.
To achieve successful PIM implementation, privileged credentials should be removed from and not hard-coded into any script, system or use in any CISRT or IT process automation tools. Credentials should be centrally stored, managed, tracked, and automatically rotated, based on predetermined security policies – or on-demand, without downtime or a maintenance window. Any CISRT automation or IT process automation tool that accesses different devices across the network, should retrieve the credentials from a secured digital vault.