Thought Leadership
CyberArk, the identity security company, has unveiled enhancements to its CyberArk Identity Security Platform.
Powered by AI and Identity Threat Detection and Response (ITDR), the new capabilities help organizations enforce appropriate authorization controls for each identity and provide consistent user experiences for CyberArk administrators and end users.
With 93% of organizations experiencing two or more identity-related security breaches in the past year, it’s more important than ever to reliably protect all identities. However, this is made more difficult by the fact that each type of identity brings its own unique risks, requirements and challenges.
The CyberArk Identity Security Platform is optimized to meet the needs of all identities, including regular users, IT staff, developers and non-human identities, without disrupting their workflows. The enhancements now introduced make security teams even more effective in protecting all users and the information they access, providing a new, unified platform experience.
End users: New capabilities monitor the overall health and risk of the identity infrastructure and provide actionable intelligence, continuous analysis and incident remediation guidance. In addition, password insights help stop attacks that originate from compromised credentials. Other user protection enhancements include:
- CyberArk Secure Web Sessions now offers granular policies for access management, among other things. Access and actions can now also be allowed or blocked after authentication.
- CyberArk Endpoint Privilege Manager introduces strong, passwordless end-to-end authentication when logging on to endpoints. This can also be used to grant extended permissions through application control.
IT users: New features include support for Secure Standing Access and Zero Standing Privileges – with the ability to isolate and audit privileged sessions. Easier deployment using a single connector and no additional license costs for remote desktops reduces the effort required for session management to a sixteenth in some cases. Further improvements for the protection of IT users include
- With CyberArk Privileged Access Manager, organizations maintain full control of their secrets by integrating a new session management service with a self-hosted vault.
- In the CyberArk Secure Browser, IT users and IT providers can now gain secure access to resources on-premises and in the cloud with one click from the browser sidebar.
Developers: Organizations can now provide IT, developer and cloud operations teams with just-in-time privileged access to databases such as Oracle, Postgres and MongoDB. The workflow includes native access and session isolation to prevent ransomware and other malware from reaching the databases. Other enhancements for developer protection include:
- Secure developer access to the native services of AWS, Azure and GCP by implementing zero standing privileges to prevent lateral movement during an attack.
- Individual policies allow users to connect natively to their preferred tools – be it a command line interface or a cloud console – with permissions removed at the end of the session.
Non-human identities: Cloud security teams now have visibility into managed and unmanaged secrets in Azure Secret Stores, so they can prevent the proliferation of secret repositories. Other improvements for the protection of non-human identities include
- CyberArk Secrets Hub now recognizes, manages and rotates secrets in Azure Key Vaults and also provides centralized management of secrets in Google Cloud environments.
- CyberArk Conjur Cloud adds dynamic and rotating secrets management options for customers who self-host their PAM.
Unified Portal: The user experience for end users is significantly improved through native access to enterprise resources, where intelligent application controls protect the user. Through integration with the CyberArk Secure Browser, users can also establish any client connection, be it web sessions to SaaS or cloud services or to desktop applications. Administrators, in turn, are able to configure user access via a single screen. They can see all policies across the entire platform at a glance and can use CyberArk CORA AI to make their workflows more efficient.
(pd/CyberArk)
