Tag: CyberArk

Cybercriminals get through to sensitive business information in many different ways. Sometimes they use privileged accounts. Such accounts allow them to grant themselves additional privileges within IT systems. That is how they get even wider access to data and greater possibilities of activity in the corporate internal network. How can one protect against this using CyberArk DNA? Read on to find out!

Is it possible to prevent the interception of privileged accounts by hackers? One can certainly reinforce their safeguards and provide managers with enhanced control over the access to the company’s sensitive information.

One of the tools which can help enterprises in their organisation of privileged accounts is CyberArk Discovery & Audit (DNA). In the first place, this solution is easy to use and extremely helpful. Let us bear in mind that the majority of breaches into enterprise systems occur by the interception of a privileged account. Moreover, hackers who manage to access an internal network in such a manner may navigate it for several months before they launch an attack. It is easy to imagine the amount of information about business operations, customers and employees they can collect during that time.
How can one find privileged accounts?
But how is it possible that cybercriminals intercept accounts with wide privileges? In many enterprises, the number of privileged accounts is several time higher than the overall headcount. These are often forgotten accounts with old passwords used for different systems, unsecured and unmonitored. Sometimes hackers also manage to breach into active accounts which have weak passwords and are not monitored in real time.

The basis for a company’s safeguards is first of all the identification of all privileged accounts in the corporate systems, the assessment of their security features and the minimization of the group of users with excessive privileges. This is made possible by CyberArk DNA.
What is CyberArk DNA and how does it work?
CyberArk DNA scans devices equipped with Windows and Unix in order to detect privileged accounts, certificate hashes and SSH keys. It identifies unchanged passwords in some of the most popular application servers and it generates reports. Importantly, the tools does not require any installation or infrastructures and it can be launched on nearly ever client with a Windows operating system. It is sufficient that it has access to the target systems that need scanning via standard ports and protocols. CyberArk supports numerous functions, including:

find privileged accounts (in the company’s local and cloud-based systems),
assess the security of such accounts,
identify devices vulnerable to attacks,
identify accounts with higher privileges,
identify the most privileged users,
find accounts that fail to comply with the company’s security policies.

Privileged account risk assessment
In conclusion, by using the DNA audit report, a company can assess the risk and take actions to improve the security of data and systems. Risk consists of multiple elements detected by CyberArk, including:

Password age. The older the password, the greater the risk that it can be accessed by many users within and outside the organisation. As a matter of fact, very old passwords mean that the system contains inactive accounts which have not been deleted.
A map of vulnerabilities that facilitate pass-the-hash attacks. On the basis of the DNA audit report and the map, an enterprise can identify devices and accounts which generate the greatest risk. With this knowledge one may determine priorities regarding the security and management of privileged accounts in the most exposed systems.
A map of SSH key trust. Single private SSH keys may be used to get access to multiple accounts and target systems, while target systems may contain additional SSH keys used for accessing other systems.
System criticality. Enterprises which have performed a comprehensive risk assessment can identify systems which contain the most sensitive data and applications. The more critical a system is, the greater is the risk as well as the need to ensure strict access control.

Summing up, the DNA audit is a perfect tool for the verification of who has access to corporate systems and applications and on what principles. It is obvious one cannot protect what is not seen. Therefore, the visibility of what happens within a network is the first step towards security improvement and a better protection of enterprise data.
Interested in a solution presentation? Fill out the form, and we’ll get in touch with you!
 

Contact us: marketing@integritypartners.pl

The DevOps methodology has been gaining more and more followers, both among big corporations and small IT businesses. By combining strict collaboration of developers and administrators as well as through a wide use of work automation tools, it makes IT teams faster and more effective. However, it has its weak points which affect the security of the whole environment. CyberArk Conjur is a solution which can help. How does it work? Let us explain! 

The foundations of DevOps are communication, collaboration and integrations between developers and specialists in the operation of IT systems. This particular methodology accelerates the development of software, products and services. For such efficient collaboration to be possible, it is necessary to automate the IT environment as well as to use multiple tools and cloud-based resources. 
The DevOps methodology
Physical users and various kinds of tools are part of the process of creating software by following the DevOps methodology. Each day, IT environments use new microservices which communicate with one another as well as with users and administrators by means of special credentials called secrets. The entire authentication process in DevOps takes place automatically and remains outside the control of the security department. This means that unauthorised persons can sneak inside programming tools or hijack the administrator’s account and then infect the code, thereby infecting the entire IT system. 

In other words, though the DevOps methodology enables the implementation of multiple tools that optimise development, testing and deployment of new software, it fails to ensure adequate security of the whole IT environment. It results from, among other reasons, the lack of one location for managing credentials and privileged accounts as well as the inability to use rotation of passwords, keys and tokens, since multiple tools share the same data. 
CyberArk Conjur 
CyberArk Conjur is a solution to this problem. It was designed for managing security, credentials and access in DevOps environments. The tool supports the administration of secrets used by applications, microservices, Continuous Integration (CI) and Continuous Delivery (CD), APIs etc. It is an additional module – an extension of the standard Core Privileged Access Security module. 
CyberArk Conjur supports: 
– managing data secrets such as tokens, SSH keys, API keys, certificates
– the use of RBAC (role-based access control) mechanisms
– secure storage and management of secrets combined with the mechanism of automatic rotations based on configurable policies
– centralised audit for all events and operations, including report generation
– full integration with DevOps tools such as Ansible, Chef, Jenkins, and Puppet as well as containerization tools, e.g. Docker, OpenShift etc. 

How does CyberArk Conjur work? It dynamically collects credentials from a secure location (Vault) only when the given tool, application or system actually needs them. 

CyberArk’s solution can be easily integrated with the most common DevOps tools and platforms as well as with any systems used by enterprises. Thanks to this approach, organisations can implement and enforce predefined security models and practices. As a result, it enhances security without slowing down developers in their work. 

 
Interested in a solution presentation? Fill out the form, and we’ll get in touch with you!