1 / 14

Privileged Identity Management Enterprise Password Vault

Privileged Identity Management Enterprise Password Vault. Privileged Password Management – Agenda. Privileged Users 101 What are privileged Users The Challenge Common Practices and the Risks Involved Drivers: Regulations and Internal Breaches Business and Technical Requirements

Download Presentation

Privileged Identity Management Enterprise Password Vault

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Privileged Identity ManagementEnterprise Password Vault

  2. Privileged Password Management – Agenda • Privileged Users 101 • What are privileged Users • The Challenge • Common Practices and the Risks Involved • Drivers: Regulations and Internal Breaches • Business and Technical Requirements • Cyber-Ark Enterprise Password Vault • Technology • Architecture • Benefits • Demonstration • Q&A

  3. Identity Management – Individual Users Component - Directories

  4. LDAP/Identity ManagementPartners The Password Vault and can be integrated with any LDAP or Identity management solution, Cyber-Ark has strategic partnerships with the companies below. Together an organization will be able to manage both users and shared privileged accounts

  5. PIM - White Space for Major IAM Players

  6. Shared Predefined: • UNIX root • Cisco enable • DBA accounts • Windows domain • Etc. • Service Accounts: • Windows Service Accounts • Scheduled Tasks • Windows Local administrator: • Desktops • Laptops • Owned by the system: • Not owned by any person or “identity” • Hard-coded, embedded: • Resource (DB) IDs • Generic IDs • Batch jobs • Testing Scripts • Application IDs What Are Privileged Accounts? Administrative Accounts • Shared: • Help Desk • Fire-call • Operations • Emergency • Legacy applications • Developer accounts Application Accounts Personal Computer Accounts

  7. Privileged Accounts Today • Common practices: • Storage: Excel spreadsheets, physical safes, sticky notes, locked drawers, memorizing, hard coded in applications and services • Resets: Handled by a designated IT members, call centers, mostly manual • Known to: IT staff, network operations, help desk, desktop support, developers • Common problems: • Widely known, no accountability • Unchanged passwords • Lost passwords • Same password across multiple systems • Simplistic passwords – easy to remember • Passwords not available when needed

  8. Key Business Drivers • Regulatory Compliance (Sarbanes Oxley, PCI, BS7799 etc.) • Auditing and Reporting • Control • Segregation of Duties • Proactive Improvement of Information Security Practices • Lost and Risk prevention • Return on Investment • Administrative Password Management • Internal Breach • Return On Investment • Efficiency and Productivity

  9. LAN, WAN, INTERNET Mission Statement Cyber-Ark Software is an Information Security company that develops and markets digital vaults for securing and managing highly-sensitive information within and across global enterprise networks. Vault Safes (Local Drive or SAN) Manual & Geographical Security Access Control Auditing (Visual Security) Authentication Firewall File Encryption Session Encryption Cyber-Ark Vault Server

  10. 1 Privileged Users are defined to the Central Password Manager and a copy of their passwords is stored within the Vault 2 Central Password Manager is periodically regenerating new passwords for all managed accounts on all relevant systems and/or Directory Servers and then stores a copy of the new passwords within the Vault 4 3 An Administrator needs to perform an administrative task on any system or device. After authenticating to the Vault, and passing relevant security checks the specific password of the target account on the target system is retrieved. The Administrator is now ready to login to its target application or server WAN Password Vault Architecture Central Password Manager Unix Servers Password Vault Windows Servers Networking Devices Directory Server Desktops Disaster Recovery Site Main Frame

  11. Application Passwords • Scripts • Shell, Perl, Bat, Sqlplus… • Applications • Custom developed C/C++, COM, Java, .NET code • Application Servers (WebSphere, WebLogic…) • Products • IT Management • ETL tools (Informatica, etc…)

  12. Hard-Coded Password Embedded in Code . . UserName = “app” Password = “asdf” Host = “10.10.3.56” ConnectDatabase(Host, UserName, Password) . Work with database . source1.vbs . . UserName = “app” Password = PVToolKit(“Vault.ini”,“User.ini”,“Safe”,“Root\Password”) Host = “10.10.3.56” ConnectDatabase(Host, UserName, Password) . Work with database . source1-new.vbs

  13. Requirements for Privileged Accounts Management Solution • Exceptionally secure solution for the keys of the kingdom • Supreme performance, availability and disaster recovery due to its mission-critical nature • Flexible distributed architecture to fit the enterprise complex network topology • Single standard solution for a multi-facet problem • Intuitive and robust interfaces

  14. Thank You David Adamczyk Channel Sales Manager Cyber-Ark Software david.adamczyk@cyber-ark.com

More Related