Posts

Showing posts with the label CyberArk

PAM Automation Scripts: Don’t Forget to Secure Admin Credentials

Image
While IT executives understand the essential role privileged access management (PAM) solutions play in their organization’s overall security strategy, they’ve also continued to ask their PAM administrators to do more with less resources. To meet these additional asks, PAM admins have automated routine PAM tasks using scripts. PAM automation scripts can significantly lessen the burden on PAM admins and enable organizations to scale PAM usage across their entire enterprise. 1- Why Are PAM Automation Scripts So Powerful? A PAM admin’s daily responsibilities typically revolve around the lifecycles of privileged users in their organization and require high levels of privilege. For example, when a privileged user joins the organization, the PAM admin has to add them to the right safes and grant them the necessary permissions they need to perform their privileged tasks. If a user leaves an organization, all that access has to be revoked to ensure the organization remains secure. These process...

CyberArk Identity Flows - Automate and Orchestrate Identity Security with No-code Workflows

Image
THE CHALLENGE  The number of identities that need access to resources and the number of applications required to keep the business humming have exploded in recent years. And while managing the integrations and dependencies between these apps and identities without automation seems impossible, many companies do rely on manually-intensive, disjointed processes to onboard users and manage their evolving privileges. This is a timeconsuming and error-prone approach. Manually connecting the dots between data, applications, events and services hinders IT service agility, squanders resources and is fraught with risk. For example, it can take days or even weeks to grant new hires secure access to the tools they need to succeed or to remove access when an employee leaves the company — hampering productivity or leaving critical windows of time open to security threats. In addition to onboarding and offboarding challenges, tracking and re-assigning user privileges across disparate applications...

Zero Trust’s Evolution- The Role of Identity Security

Image
Zero Trust You’ve heard about it. A lot. But there are quite a few nuances when it comes to how Zero Trust security is defined and discussed. Is it a platform or a principle? It’s one of those terms that’s so widely cited that it has the tendency these days to elicit eye rolls within the cybersecurity industry and to be referred to as a buzzword by those sitting at the cool kids’ lunch table. At its core, though,  Zero Trust  is a strategic cybersecurity model enabled to protect modern digital business environments, which increasingly include public and private clouds, SaaS applications, DevOps and robotic process automation (RPA). It’s a critical framework, and every organization should adopt it and understand the fundamentals of how it works. Identity-based Zero Trust solutions like  single sign-on  (SSO) and  multi-factor authentication  (MFA) are designed to ensure that only authorized individuals, devices and applications can access an organization's s...

New high-severity vulnerability (CVE-2023-29552) discovered in the Service Location Protocol (SLP)

Image
  What is the Service Location Protocol (SLP)? SLP is a protocol that was created in 1997 through  RFC 2165   to provide a dynamic configuration mechanism for applications in local area networks. SLP allows systems on a network to find each other and communicate with each other. It does this by using a directory of available services, which can include things like printers, file servers, and other network resources. SLP works by having a system register itself with a directory agent, which then makes that system's services available to other systems on the network. Daemons providing SLP are bound to the default port 427, both UDP and TCP. SLP was not intended to be made available to the public Internet. According to RFC 2165, "Service Location provides a dynamic configuration mechanism for applications in local area networks. It is not a global resolution system for the entire Internet; rather, it is intended to serve enterprise networks with shared services." However, th...

How to Map Identity Security Maturity and Elevate Your Strategy

Image
The ultimate goal of Identity Security is to provide secure access to every identity for any resource or environment, from any location, using any device. Yet ever-evolving technology and dynamic threats can make executing a comprehensive Identity Security program a complex undertaking. According to the new Enterprise Strategy Group (ESG) research report “The Holistic Identity Security Maturity Model,” most organizations (42%) are still in the early days of their Identity Security journeys. Understanding your business’s current Identity Security maturity in relation to its ideal state is vital because, in the words of Henry Kissinger, “If you do not know where you are going, every road will get you nowhere.” So, where do you start? What assessment factors matter most? How do you stack up against industry peers and track improvement over time? To help eliminate some of this guesswork, ESG created a data-driven Identity Security Maturity Model that measures maturity levels across four di...

CyberArk Blueprint for Identity Security Success

Image
THE CYBERARK BLUEPRINT  The CyberArk Blueprint for Identity Security Success is designed to help organizations establish and evolve an effective Identity Security program and accelerate their Identity Security success. The CyberArk Blueprint guides organizations through their Identity Security journey by assisting them in understanding the identity attack chain, assessing their security posture, learning best practices and building their roadmap. The CyberArk Blueprint’s prescriptive guidance is not built on theoretical advice; it is built on the combined knowledge and experience of CyberArk battling threats in the Identity Security space. These insights are gathered from more than two decades of lessons learned across CyberArk’s global customer base, post-breach experience, frontline remediators and red-team and innovative researchers. Each component provides best-practice guidance across the people, process and technology domains — all designed to help you accelerate ...

CyberArk Workforce Password Management Delivers Advanced Protections for Enterprise Users

Image
New Capabilities for Securing Access to High-Risk, High-Value Business Applications Help Organizations Improve Security and Reduce Risk NEWTON, Mass. and PETACH TIVKA, Israel – March 14, 2023 – CyberArk (NASDAQ: CYBR), the global leader in Identity Security , announced enhancements to Workforce Password Management. CyberArk’s cloud-based enterprise password management solution enables organizations to securely capture, store and manage password-based applications and other secrets. New capabilities provide administrators with greater flexibility and control to reduce risk and improve security for web applications. Unlike personal password managers, Workforce Password Management is designed for business environments and provides the privacy, availability and security enterprises demand, including support for modern passwordless authentication controls and corporate directories. New features include: Application Access Controls Based on Usernames: Administrators can now prevent end ...