1 Introduction
An ongoing task for most organizations is managing access to systems and applications at an elevated permissions level. System administrators typically have powerful access rights that make their accounts a target for anyone wanting to cause damage to a company. A user with administrative privileges has complete control over a computer system whether it is on-premises or in the cloud; with admin rights to one system a hacker will attempt to spawn additional accounts in other systems and avoid detection by altering configuration settings in security monitoring devices or by modifying activity logs. Someone with full administrative rights can add accounts or change privileges on existing accounts such that they have unique access rights which can be difficult to detect and remove. Furthermore, a competent attacker can modify logs and virtually remove evidence of their activity. Similar challenges exist in cloud environments but can be even more damaging, as the management console for the public cloud, offered by vendors such as Amazon Web Services (AWS) or Microsoft Azure, provide an incredible level of capability to cloud administrators. As a result, privileged accounts are targeted in every advanced and internal attack, allowing attackers to gain access to sensitive assets and disrupt business.
It is therefore imperative that a company secures its administrative accounts, i.e. those accounts with elevated privileges that grant users the right to make systemic changes to a computing environment. But in many cases organizations don’t know how many privileged accounts they have nor who has access to them. Some organizations still use shared accounts for system admin functions and have no way to effectively audit administrative activities and obtain individual accountability. The lack of privileged account management is therefore an inherent security risk for many companies.
CyberArk created the category of Privileged Account Security nearly two decades ago. Today, the company is still widely recognized as one of the leading innovators and suppliers of privileged account management solutions, for on-premises, cloud computing, and DevOps environments. They have seen the market grow from a specialist sector providing access control for mainframe accounts to sector-wide solutions to manage all system administration and elevated-privileged account requirements across all hardware and software solutions located on-premises and in the cloud.
Service accounts are also an important concern for enterprise security administrators. In many cases there is reduced vigilance on application-to-application accounts that are used for multiple purposes, such as system back-up. However, in many cases the credentials for these service accounts reside in unencrypted configuration files and text scripts. Moreover, oftentimes these service accounts are overprovisioned, or are used for purposes other than the intended usage. These are bad practices that can be alleviated via a properly configured privileged account management solution.
While internally organizations need ensure that applications and staff accessing systems at a privileged level are authorized to do so, and that appropriate controls have been placed on this access, there is also an increasing need to control access from external sources. Business partners requiring access at an elevated level are a particular concern. They are not always authenticated to the corporate network and are potentially using a mobile device, with all the associated risks. Compromise and abuse of an account for the HVAC contractor that led to the release of sensitive information in a large retail organization. This aptly illustrates how important it is to ensure robust management and monitoring of remote-access accounts.
Operational technology provides another attack surface. An industrial computer system (ICS) represents a high-risk area that, in the past, was typically isolated from IT systems. As business imperatives encourage increased integration between operational and administrative networks, protection of PLC and SCADA systems becomes more important. Many organizations with ICSs delegate management of their operational infrastructure to the supplying vendor. This represents a high-risk to companies with ICS infrastructure.
CyberArk was formed in Israel in 1999 and its co-founder is still active in the company. The company listed on the NASDAQ Exchange in 2014 and since then it has extended its capabilities though acquisition of Cybertinel and Viewfinity in 2015. CyberArk’s longevity in this sector, and on-going product innovation and development has resulted in a comprehensive product offering for privileged account security.