The Challenge

In today’s environment, organizations spend a lot of resources building aninfrastructure for securing the enterprise and assuring their business continuityand compliance. Every typical IT environment comprises of hundreds orthousands of servers, databases, network devices and more, all controlledand managed by a variety of privileged and shared identities – also knownas break-glass, emergency or fire IDs – which are the most powerful in anyorganization. This includes the Root account on UNIX/Linux, Administratorin Windows, Cisco Enable, Oracle system/sys, MSSQL SA and manymore. Ironically, these identities are often neglected, difficult to monitortheir session activities, and passwords are never changed. In some cases,these identities are required not only by the internal IT personnel, but also by external 3rd party vendors and, thus, require extra care, such as secure remote access and secure session initiation without exposing the credentials. Powerful passwords are also often found hard coded inside applications, scripts and parameter files, leaving them unsecured,rarely changed and visible to the world. As the “Keys to the Kingdom”,mismanagement of privileged identities impose great risks to organizations:

� Audit and accountability – Compliance regulations (such as SarbanesOxley, PCI and Basel II) require organizations to provide accountabilityabout who accessed shared accounts, what was done, and whetherpasswords are protected and updated according to policy.

� Insider threat – One of the biggest concerns today is the risk of insiderthreat. In many organizations, the same root or Administrator passwordis used across the organization, making it easier for a disgruntled insiderto abruptly take down core systems.

� Loss of sensitive information – Privileged accounts usually have unlimitedaccess to backend systems. Compromising such accounts may lead touncontrolled access, bypassing the normal system operation. For instance, this can result in manipulating billing record and loss of money.

� Administrative Overhead – With hundreds of network devices, privilegedidentities can be extremely time-consuming to manually update and report on, and more prone to human errors. Moreover, inaccessibilityof such a password by an on-call administrator may cause hours of delayin recovering from system failure.

The Privileged Identity

Management (PIM) Suite is a full

life-cycle solution for securing,

managing, automatically

changing and monitoring all

activities associated with

Privileged Accounts.

� Secure your Privileged Accounts and administrative passwords found in routers, servers, databases, workstations and embedded in applications.

� Create a centralized point for enterprises to achieve exceptional security, streamline updates, enhance maintenance, and ensurecompliance with regulations and security best practices across all types of Privileged Accounts.

The Solution

The Cyber-Ark’s Privileged Identity Management Suite, a fulllife-cycle solution for managing the most privileged accountsin the enterprise, enables organizations to secure, provision,manage, control and monitor all activities associated with alltypes of Privileged Identities such as administrator on a Windows server, Root on a UNIX server, Cisco Enable on aCisco device, as well as embedded passwords found in applications and scripts.

Privileged passwords, as well as the audit information associatedwith using them, must be protected according to the highest security standards. The Cyber-Ark PIM Suite utilizesthe Patented Digital Vault®, certified as highly secure byindependent security evaluators (such as ICSA Labs). Thiscore technology is the heart of the PIM suite and was designed to meet the highest security requirements for controlling the “keys to the kingdom”. The Digital Vault providesnumerous underlying security capabilities for authentication,encryption, tamper-proof audit and data protection.

The Cyber-Ark PIM Suite includes the following products:� Enterprise Password Vault® – Cyber-Ark’s award winning

Enterprise Password Vault (EPV) enables organizations to

secure, manage, automatically change and log all activitiesassociated with all types of Privileged Passwords. EPV offersindustry leading implementation, integration, scalabilityand robustness for managing hundreds of thousands ofservers, databases, network devices and more.

� Application Identity Manager™ – Cyber-Ark’s marketleading Application Identity Manager (AIM) provides theonly Application Identity Management solution to fully address the challenges of hard-coded App2App credentialsand encryption keys. The solution eliminates the need to store App2App credentials in applications, scripts orconfiguration files, and allows these highly-sensitive passwords to be centrally stored, audited and managedwithin Cyber-Ark’s patented Digital Vault.

� Privileged Session Manager™ – The Privileged SessionManager (PSM) enables organizations to control and monitorprivileged accesses to sensitive systems and devices.PSM provides privileged session recording with DVR-likeplayback, as well as secure remote access to sensitivesystems using privileged single sign-on, and without divulging the used credentials to the end users.

Solution Benefits

With Cyber-Ark PIM Suite, enterprises can easily:� Manage and Protect all Privileged Accounts. Utilize a secure

Digital Vault in order to store, protect, manage and control accessto Privileged Accounts at a centralized point using a robust policymanagement engine. Cyber-Ark’s patented Vaulting Technology®

utilizes a fully integrated model of critical security layers, interwovento meet the highest security needs.

� Control Access to Privileged Accounts. PIM Suite offers a simpleaccess control interface that easily pinpoints who is entitled to useprivileged accounts and initiate a privileged session, when and why.

� Initiate and Monitor Privileged Sessions. As a central controlpoint, the PIM Suite also provides privileged single sign-on for initiating privileged sessions, as well as recording any activitiesthat occurred during these sessions. PIM utilizes the Digital Vaultas a tamper-proof secure storage for these session recordings.

� Manage application and service credentials. PIM provides sophisticated and transparent solutions for securing and managingcritical applications as well as Application Server accounts, andeliminating the use of hard-coded and embedded passwords, making them invisible to developers and support staff.

� Comply with audit and regulatory requirements. The PIMSuite provides an easy way to create audit reports required by Sarbanes-Oxley, PCI and more. It allows enterprises to enforcecorporate security policies to ensure compliance with regulatory needsand security best practices related to access and usage of privilegedaccounts for both human and application (unattended) access.

� Streamline management of Privileged Accounts. PIM eliminatesmanual administration and overhead by providing instant and automaticchanging of passwords for thousands of network devices and applications, including scripts and parameter files. Its high level ofautomation ensures extremely reliable and uninterrupted servicewith minimal administrator overhead and increased productivity.

� Seamlessly integrate with enterprise systems. With an industryleading performance, scalability and robustness, PIM can protectand manage up to hundreds of thousands of passwords across ahighly heterogeneous IT environment, with complex and distributednetwork architectures. PIM can leverage existing enterprise infrastructure and integrate with corporate core systems.

� Easily set up and deploy. PIM ensures quick deploymentand implementation proven in over 400 enterprise customers,providing immediate ROI by improving IT productivity.

PIM delivers one central console for managing and monitoring all types of privileged accounts, including the administrative passwords found inrouters, servers, databases, workstations and embedded in applications.

Gain a Bird’s-Eye View of Your

Most Powerful Accounts

Enterprise Password Vault Chosen as ‘ClearChoice’ Winner in Network World’s PrivilegedAccount Management (PAM) product comparison (Apr ’08).

Cyber-Ark’s Privileged Password ManagementTechnology Wins SC Magazine’s Group Testof Password Management Solutions (Nov ’08)

Features

From streamlining password management to delivering the rock-solid securityof a Digital Vault, the many benefits of the Privileged Identity ManagementSuite are powered by a robust set of system capabilities, such as:

Security and Audit

� Highly secure storage for controlling the “keys to the kingdom” utilizingFIPS 140-2 validated cryptographic module

� Centralized audit management through built-in audit-ready reports as wellas self-serve access to auditors

� Sophisticated and flexible web-based access control mechanism for creating personalized views of password access

� Tamper-proof storage for critical corporate PIM-related information, suchas audit records, session recordings, policies, and more

Shared and Administrative Account Management

� Out-of-the-box policy based automation and management for a heterogeneousIT environment with over 50 types of managed devices, including mostoperating systems, databases, firewalls, network devices, routers and more

� Extensible device-management architecture with flexibility to introduce support to additional systems and devices as needed

� Self recovery solutions such as automatic reconciliation of passwords� Automatic provisioning of accounts based on the enterprise directory� Customizable request workflow of privileged accounts by integrating with

enterprise help desk and ticketing systems

Application Identity Management

� Multi-platform easy to use API for eliminating hard coded passwords fromapplications, scripts and configuration files

� Unique patent-pending solution for eliminating passwords from Application Serverdata sources, with no code changes and no downtime during password change

� Secure offline caching for application resiliency, performance and HA

Privileged Session Management

� DVR style playback of recorded privileged sessions� Highly scalable solution supports multiple recording servers for LB/HA� Secure remote HTTPS-based access for enterprise managed devices

Enterprise Readiness

� Integration with enterprise infrastructure, including LDAP and IAM integrationfor user management, authentication products (2-factor, RSA, Radius, PKI,LDAP and more), monitoring and SIEM integration using SNMP, Syslogand SMTP, built-in HA/DR architecture and much more

� Full Software Development Kit (SDK) to integrate with a myriad of enterprisesystems

� Distributed Architecture with central management that is ideal for multi-networkand multi-site environments, and benefits from central administration, auditand monitoring with full performance load-balancing of password management.

©Cyber-Ark Software Ltd. | www.cyber-ark.com | sales@cyber-ark.com

Built-In Auditing Power

The Cyber-Ark PIM Suite includes a rich set of auditing reports, such as the one pictured here. Additional audit features include the ability to track time, date, a personalized identity, changes made andlogging history. Reports are available to auditors in self-service formats or exportable to Microsoft Excel.