Privileged User Management

Manage and control privileged users and administrative accounts across your IT infrastructure

Who has the “Keys to the Kingdom”? Mismanagement of privileged identities puts your company at risk.

Privileged accounts and passwords are extremely powerful, allowing a privileged user to log on anonymously and have complete control of the target system with full access to all of the information on that system. This vulnerability could potentially cause tremendous financial losses and reputational damage for businesses. For enterprises, this potential insider threat is especially difficult to manage:

  • The average enterprise has thousands of privileged identities, accounts, and passwords. Manually managing and updating these are a time-consuming, costly and repetitive process.
  • Administrative and application accounts are found on virtually every piece of hardware, software, and application within an organization, including virtual environments.
  • Administrative or application accounts are shared, which means that the system does not track WHO logged in as an Administrator, merely that a login occurred—a significant audit challenge.
  • Unlike a personal identity, such as JDoe, administrative or application accounts are nearly impossible to disable.
  • Administrative and application accounts are subject to regulations such as Sarbanes Oxley, PCI, and Basel II, requiring that companies prove exactly who logs in to sensitive systems and, increasingly, what they are doing.

Cyber-Ark’s Privileged Identity Management (PIM) Suite is an enterprise-class, unified policy-based solution that secures, manages and logs all privileged accounts and activities associated with datacenter management whether on-premise or in the cloud:

  • Control access to privileged accounts
  • Manage application and service credentials
  • Grant granular control to the commands superusers can run
  • Comply with audit and regulatory requirements
  • Streamline policy management of privileged accounts
  • Seamlessly integrate with enterprise systems

What is the PIM Suite?

PIM Suite Diagram

The PIM Suite allows organizations to manage, track and audit their most privileged identities, avert insider threats, and prevent the loss of sensitive information. It complements the Privileged Session Management Suite designed to isolate, protect and monitor all sensitive target systems in your datacenter including servers, network devices, databases and virtual environments and records all privileged sessions on these systems for better visibility, control and smoother audit processes.

Privileged accounts include the Root account on UNIX/Linux; Administrator in Windows; Cisco Enable; Oracle systems/sys; MSSQL SA; SAP Application Server; and many more such as Emergency or ‘Firecall’ IDs. Ironically, these identities are often neglected, their session activities are difficult to monitor, and passwords are never changed. In some cases, these identities are required not only by the internal IT personnel, but also by external 3rd party vendors and, thus, require extra care, such as secure remote access and secure session initiation without exposing the credentials.

The PIM Suite enables the 6 essential steps of privileged identity management:

  • Identify and Discover privileged policies and accounts
  • Centralize and Secure privileged identities and accounts
  • Apply Policy to these privileged identities based on the requester / role
  • Personalize access to these privileged identities
  • Automatically Reset access to these privileged identities
  • Log and Record all activities associated with these privileged identities

The PIM Suite: features and components

The PIM Suite offers a robust set of system features and capabilities for consistent policy definition and enforcement, automated privileged password management, and centralized reporting for compliance audits. The PIM Suite comprises three well integrated core products which can also be purchased separately as needed:

  • Enterprise Password Vault
  • Application Identity Manager
  • On-Demand Privileges Manager

Because they share a common server platform, an initial deployment of any individual solution can quickly and easily be expanded to address any additional audit or security challenges that may arise in the future.

With Cyber-Ark’s Privileged Identity Management suite you can:

  • Approach Compliance with Confidence: Superior security that protects the ‘keys to your kingdom’ with a proven ability to meet regulatory requirements
  • Eliminate Insider Threats: Out of the box best practices for defining and enforcing a unified policy for privileged identity management across your data center whether on-premise or in the cloud
  • Do Business Better: Improve workforce productivity with a single access point for handling privileged credentials

Cyber-Ark’s Privileged Identity Management for Cloud Computing