More than 90% of organizations have experienced multiple identity breaches in the past year, according to a CyberArk report.
Traditionally, hackers have focused on exploiting software vulnerabilities. Now, they recognize identities – login credentials, access permissions – as the foremost weakest link. Every login, from an employee to a connected device (like a server or printer), represents a potential entry point. The problem is compounded by the fact that not all identities are created equal.
Employee accounts might require strong passwords and multi-factor authentication (MFA), while a server might rely on complex digital certificates. These different identity types have unique risk profiles, respectively. An employee falling for a phishing scam could compromise their login, whereas a server breach might require a more sophisticated attack.
Furthermore, each identity type comes with its own set of challenges. Managing employee access requires user education and strong password policies, while securing machine identities often involves complex encryption protocols.
Organizations need a multi-layered approach to identity security.
Taking these findings into account, CyberArk announced new enhancements across its Identity Security Platform. In short, the CyberArk Identity Security Platform is optimized for the unique needs of each identity, including workforce, IT, developers and machine, without disrupting their workflows.
The new functionality is driven by AI and identity threat detection and response and enables organizations to apply the right level of privilege controls to every identity, while providing a consistent customer experience for CyberArk administrators and end users.
Security teams are provided with better insights into potential identity risks and compromised credentials. Additionally, the update strengthens access controls for web applications and introduces passwordless authentication options for endpoints. CyberArk Secure Web Sessions enhancements include granular access management policies to allow and block access, as well as and actions performed post-authentication. CyberArk Endpoint Privilege Manager introduces strong end-to-end passwordless authentication when signing into endpoints and elevating application controls.
New capabilities also include support for secure standing access and zero standing privileges. Simplified deployment of a single connector and no additional remote desktop licensing cost reduces the footprint for session management by up to 16 times. Within CyberArk Privileged Access Manager, integration of a new session management service with an organization’s self-hosted vault allows customers to retain control of their on-premise secrets. With CyberArk Secure Browser, IT users and vendors can now launch one-click secure access to on-premises and cloud resources from the browser sidebar.
Teams responsible for IT, development and cloud operations can now get temporary, high-level access to databases like Oracle, Postgres, and MongoDB. This access is designed to be secure, keeping databases isolated from malware and ransomware. Access to cloud services is granted with minimal privileges to prevent attackers from moving freely within the system if they gain access. Users can choose their preferred tools while working, and their access rights automatically disappear once they're done. This eliminates the risk of someone else using those elevated privileges after the session ends.
Plus, cloud security teams now have visibility to managed and unmanaged secrets in Azure secrets stores. CyberArk Secrets Hub now discovers, centrally manages and rotates secrets in Azure Key Vaults. It also centrally manages secrets across Google cloud environments. CyberArk Conjur Cloud expands secrets management options for PAM Self-hosted customers by adding dynamic (and rotated) secrets.
Lastly, end user experience is enhanced with one-click, native access to enterprise resources, with intelligent privilege controls protecting the user. Integrated with CyberArk Secure Browser, users can open web sessions by launching any connected client, whether SaaS, cloud or desktop applications. Administrators also now can configure user access from a single screen, see all policies across the platform and use CyberArk CORA AI to streamline their work.
“CyberArk is committed to continuously innovating across our identity security platform to empower our customers to stay one step ahead in this dynamic threat landscape,” said Matt Cohen, CEO of CyberArk. “The enhancements will help security teams be more targeted, more effective and more secure."
Edited by
Alex Passett
