Tag: security

Cybercriminals get through to sensitive business information in many different ways. Sometimes they use privileged accounts. Such accounts allow them to grant themselves additional privileges within IT systems. That is how they get even wider access to data and greater possibilities of activity in the corporate internal network. How can one protect against this using CyberArk DNA? Read on to find out!

Is it possible to prevent the interception of privileged accounts by hackers? One can certainly reinforce their safeguards and provide managers with enhanced control over the access to the company’s sensitive information.

One of the tools which can help enterprises in their organisation of privileged accounts is CyberArk Discovery & Audit (DNA). In the first place, this solution is easy to use and extremely helpful. Let us bear in mind that the majority of breaches into enterprise systems occur by the interception of a privileged account. Moreover, hackers who manage to access an internal network in such a manner may navigate it for several months before they launch an attack. It is easy to imagine the amount of information about business operations, customers and employees they can collect during that time.
How can one find privileged accounts?
But how is it possible that cybercriminals intercept accounts with wide privileges? In many enterprises, the number of privileged accounts is several time higher than the overall headcount. These are often forgotten accounts with old passwords used for different systems, unsecured and unmonitored. Sometimes hackers also manage to breach into active accounts which have weak passwords and are not monitored in real time.

The basis for a company’s safeguards is first of all the identification of all privileged accounts in the corporate systems, the assessment of their security features and the minimization of the group of users with excessive privileges. This is made possible by CyberArk DNA.
What is CyberArk DNA and how does it work?
CyberArk DNA scans devices equipped with Windows and Unix in order to detect privileged accounts, certificate hashes and SSH keys. It identifies unchanged passwords in some of the most popular application servers and it generates reports. Importantly, the tools does not require any installation or infrastructures and it can be launched on nearly ever client with a Windows operating system. It is sufficient that it has access to the target systems that need scanning via standard ports and protocols. CyberArk supports numerous functions, including:

find privileged accounts (in the company’s local and cloud-based systems),
assess the security of such accounts,
identify devices vulnerable to attacks,
identify accounts with higher privileges,
identify the most privileged users,
find accounts that fail to comply with the company’s security policies.

Privileged account risk assessment
In conclusion, by using the DNA audit report, a company can assess the risk and take actions to improve the security of data and systems. Risk consists of multiple elements detected by CyberArk, including:

Password age. The older the password, the greater the risk that it can be accessed by many users within and outside the organisation. As a matter of fact, very old passwords mean that the system contains inactive accounts which have not been deleted.
A map of vulnerabilities that facilitate pass-the-hash attacks. On the basis of the DNA audit report and the map, an enterprise can identify devices and accounts which generate the greatest risk. With this knowledge one may determine priorities regarding the security and management of privileged accounts in the most exposed systems.
A map of SSH key trust. Single private SSH keys may be used to get access to multiple accounts and target systems, while target systems may contain additional SSH keys used for accessing other systems.
System criticality. Enterprises which have performed a comprehensive risk assessment can identify systems which contain the most sensitive data and applications. The more critical a system is, the greater is the risk as well as the need to ensure strict access control.

Summing up, the DNA audit is a perfect tool for the verification of who has access to corporate systems and applications and on what principles. It is obvious one cannot protect what is not seen. Therefore, the visibility of what happens within a network is the first step towards security improvement and a better protection of enterprise data.
Interested in a solution presentation? Fill out the form, and we’ll get in touch with you!
 

Contact us: marketing@integritypartners.pl

The DevOps methodology has been gaining more and more followers, both among big corporations and small IT businesses. By combining strict collaboration of developers and administrators as well as through a wide use of work automation tools, it makes IT teams faster and more effective. However, it has its weak points which affect the security of the whole environment. CyberArk Conjur is a solution which can help. How does it work? Let us explain! 

The foundations of DevOps are communication, collaboration and integrations between developers and specialists in the operation of IT systems. This particular methodology accelerates the development of software, products and services. For such efficient collaboration to be possible, it is necessary to automate the IT environment as well as to use multiple tools and cloud-based resources. 
The DevOps methodology
Physical users and various kinds of tools are part of the process of creating software by following the DevOps methodology. Each day, IT environments use new microservices which communicate with one another as well as with users and administrators by means of special credentials called secrets. The entire authentication process in DevOps takes place automatically and remains outside the control of the security department. This means that unauthorised persons can sneak inside programming tools or hijack the administrator’s account and then infect the code, thereby infecting the entire IT system. 

In other words, though the DevOps methodology enables the implementation of multiple tools that optimise development, testing and deployment of new software, it fails to ensure adequate security of the whole IT environment. It results from, among other reasons, the lack of one location for managing credentials and privileged accounts as well as the inability to use rotation of passwords, keys and tokens, since multiple tools share the same data. 
CyberArk Conjur 
CyberArk Conjur is a solution to this problem. It was designed for managing security, credentials and access in DevOps environments. The tool supports the administration of secrets used by applications, microservices, Continuous Integration (CI) and Continuous Delivery (CD), APIs etc. It is an additional module – an extension of the standard Core Privileged Access Security module. 
CyberArk Conjur supports: 
– managing data secrets such as tokens, SSH keys, API keys, certificates
– the use of RBAC (role-based access control) mechanisms
– secure storage and management of secrets combined with the mechanism of automatic rotations based on configurable policies
– centralised audit for all events and operations, including report generation
– full integration with DevOps tools such as Ansible, Chef, Jenkins, and Puppet as well as containerization tools, e.g. Docker, OpenShift etc. 

How does CyberArk Conjur work? It dynamically collects credentials from a secure location (Vault) only when the given tool, application or system actually needs them. 

CyberArk’s solution can be easily integrated with the most common DevOps tools and platforms as well as with any systems used by enterprises. Thanks to this approach, organisations can implement and enforce predefined security models and practices. As a result, it enhances security without slowing down developers in their work. 

 
Interested in a solution presentation? Fill out the form, and we’ll get in touch with you!
 

According to the IDC report (“Worldwide Global DataSphere Forecast”), the global amount of data will reach 180 zettabytes in 2025. This is mainly due to companies which generate new data faster than consumers do. Each year, information stored in the cloud increases by 36%. How to manage, secure, interpret and use dispersed company data for business operations? Various IT solutions can prove helpful. One of them is Imperva SONAR. 

A growing number of data results in new challenges for companies. They need to understand what happens to these resources, where they are stored, who has access to them and how they are used. 

The pandemic quickened the digital transformation by at least several years. Companies are now more willing to use the cloud and the mass storage on a much wider scale. Today data are practically everywhere: on company servers, in cloud-based services and in the hands of external companies. They can have different formats: they are structured, partly structured or raw. In many cases these are sensitive data which require special protection. 

The trick is to manage the data, but also to gain insights, draw conclusions and use the possibilities hidden in the data. Technologies can help. 
Understanding data 
The Database Activity Monitoring (DAM) systems have been on the market for years. They serve to monitor and analyse the activity in databases. 

The Imperva DAM solution which is included in our offer enables detection of locations in the company IT environment where confidential data are stored and determination of databases with gaps in safeguards. It assists in managing access and policies, it shows who has access to what data and informs about unusual user behaviours, alerting the administrator in case of any anomalies. 

But this is still not enough to protect data and use their potential. In the face of constantly expanding company infrastructure, it is important to know where the data are stored, it is important to monitor and alert, but what also matters is quick response and extensive automation. 

In order to address the current needs of many companies, Imperva launched the SONAR platform which provides a new set of features meeting the requirements with respect to protected databases, data collection, reporting, management and automation. Imperva SONAR can be seamlessly integrated with the existing Imperva DAM environment, reducing the total cost of ownership (TCO) and considerably increasing the capabilities of the environment. 
Imperva SONAR – full control from one location 
The new platform from Imperva is a solution designed for security departments, monitoring teams and SOC (Security Operations Centres). SONAR aggregates and segregates data from multiple sources in real time. They can be local sources, cloud-based sources, the existing Imperva Gateway devices, and third-party products (including competitors’ products). The platform provides one shared environment regardless of where the company are actually stored. SONAR works with more than 65 database types, including all top cloud providers such as AWS, Azure, Google Cloud, Snowflake and MongoDB Atlas. 

Data coming from these sources are displayed on one console with a clear layout. Thus SONAR allows to create a convenient command centre where all information is present on an ongoing basis. 

This really makes life easier for administrators. In the standard Imperva DAM solution, reports on database activity are generated at a specific time. They include only the information coming from the Imperva tools. Meanwhile, SONAR monitors and analyses all databases and the reports are generated in real time, so teams can work faster and respond to any anomalies immediately. 
Business benefits of Imperva SONAR 
The features of the SONAR platform improve the team’s performance and efficiency, which results in easily noticeable business benefits. 
Cost reduction 
Since SONAR combines the cloud and the on-premise environment, the company does not have to pay for two separate licences. As a result, the total cost of ownership (TCO) is reduced. 
More effective teams with Imperva SONAR
Imperva SONAR saves time, that is for sure. Since administrators have all data in one location, they do not have to spend their precious time switching between different source and comparing information. 
Work automation 
SONAR enables the automation of manual processes such as reporting deviations, reviewing privileges and reconciling change requests. Built-in work-flow mechanisms and contextual enrichment automatically organise multi-stage operations and direct actions, so all requests are handled without the administrator’s participation. This reduces the consumption of time and resources. 
Access to audit data in real time 
SONAR provides access to historical data in real time. Therefore, there is no need for separate archiving or audit data retrieving. The costs and the time of audits are consequently reduced. 
Enhanced security 
The improved control over data enables immediate detection of errors and threats as well as the implementation of remedial mechanisms. As a result, the security of the company and its key information resources is enhanced. 

The SONAR platform provides extended visibility of what happens to the company data as well as improved access to information, analyses and reports, all in real time and in one location. The work automation results in better team performance and it also saves both time and money. 
Interested in a solution presentation? Fill out the form, and we’ll get in touch with you!