CyberArk Privileged Account Security Solution
Strengths: Highly flexible and customisable with a solid feature set and analytics.
Weaknesses: None that we found.
Verdict: If you are looking for a tool for very large environments, look no further. Feature set, customisability and flexibility all combine for a tool suitable in just about any large, complicated enterprise.
The CyberArk Privileged Account Security Solution is an entire account management platform that combines a password vault with strong controls and real-time threat detection. It provides solid privileged account management and security. The tool is built with the foundation of a secure vault and master policy with several modules, such as the Enterprise Password Vault, SSH Key Manager, Privileged Session Manager and Application Identity Manager, among others loaded onto the platform. The final layer is a privileged threat analytics engine that uses behaviour-based analytics to determine unauthorised access in real-time.
This solution is a software install onto a server that is either virtual or physical. The vault installs separately and is recommended to be on a physical server. After install, all management is done through an intuitive web-based management console and it can integrate directly with Active Directory to pull in users, groups and systems to be managed. From the user side, the web-based user interface is simple and easy to navigate. Users' most employed connections are prominently displayed in a favorites view when the user first logs in. All sessions are easily launched using native applications, such as the Microsoft Remote Desktop Client or by using RemoteApp. This solution also features the ability to use a universal connector to allow for connection to custom applications engaging a thick client.
Security is the major driving force behind this platform. The passwords stored in the vault are all individually encrypted in a flat file. Aside from the password encryption, this product also provides full session recording including the ability for shadowing and even taking control of a session in the case of unauthorised behaviour. This product also integrates with security information and event managers to enhance event analysis, as well as manage credentials in vulnerability scanners directly, to ensure credential-based scanning can run at highest privilege without exposing the credentials to the end-user. However, the big piece of the Privileged Account Security Solution is the Privileged Threat Analytics, which look for both behavioral and environmental anomalies to determine if there have been events that could be a signs of unauthorised activity.
Documentation included PDF installation and user guides. Both included an excellent amount of detail and clear configuration and usage instructions. Also included were several screen shots and step-by-step examples, especially on end-user tasks, such as navigating the interface and accessing target systems.
CyberArk offers both eight-hours-a-day/five-days-a-week and 24/7 phone and email-based technical support levels through a support and maintenance agreement. Customers can also access an online support portal that includes access to resources, such as a knowledge base, technical documentation, tool downloads and support case management.
With a massive price tag starting at £24,432 out of the gate, this product is a hefty purchase. However, while expensive, we find it to be an excellent value for the money. This platform is designed to be right at home in some very big environments that have the need for more than just a password vault.