Privileged Identity Management Suite
Managing privileged identities and accounts with Cyber-Ark
Learn More
Learn about the solutions our products provide:
Who has the "Keys to the Kingdom”? Mismanagement of privileged identities puts your company at risk.
Privileged accounts and passwords are extremely powerful, allowing a privileged user to log on anonymously and have complete control of the target system with full access to all of the information on that system. For enterprises, this potential insider threat is especially difficult to manage:
- The average enterprise has thousands of privileged identities, accounts, and passwords.
- Administrative and application accounts are found on virtually every piece of hardware, software, and application within an organization, including virtualized environments.
- Administrative or application accounts are shared, which means that the system does not track WHO logged in as an Administrator, merely that a login occurred—a significant audit challenge.
- Unlike a personal identity, such as JDoe, administrative or application accounts are nearly impossible to disable.
- Administrative and application accounts are subject to regulations such as Sarbanes Oxley, PCI, and Basel II, requiring that companies prove exactly who logs in to sensitive systems and, increasingly, what they are doing.
- Manually managing and updating administrative and application accounts is a time-consuming, costly, and repetitive process.
Results from a survey conducted by Cyber-Ark revealed some important statistics about privileged passwords and the risks they present to companies.
Expand survey
| Where does the password exist? | Examples | How many exist?* | What's the security Risk?* | Solutions |
|---|---|---|---|---|
| Personal Workstation | Login: Administrator | 5000 or more 40% of Enterprises have more than 5000 workers |
High 21% of admin passwords on workstations are never updated |
Manual Privileged Password Solutions |
| Servers | UNIX (Root), LINUX (Root) | 5000 or more 44% of enterprises have more than 500 servers, each with 1-5 administrative passwords |
High 13% of admin passwords on servers are never updated |
Manual Privileged Password Solutions |
| Routers | Cisco (Enable) | 100 or more 41% of enterprises have more than 500 servers, each with 1-5 administrative passwords |
High 13% of admin passwords on routers are never updated |
Manual Privileged Password Solutions |
| Databases | Oracle (System, Sys), Microsoft SQL Server (SA) | Hundreds 66% of enterprises report having more than 100 unique applications, including databases |
High 42% of admin passwords on software and databases are never updated |
Manual Privileged Password Solutions |
| Scripts connecting software applications | Sales tracking application to master database | Thousands Enterprises report having more than 100 apps, with 92% linked to at least one other app. Each unique link creates a unique password incident. |
High 42% of admin passwords on software and databases are never updated |
Manual Privileged Password Solutions |
*Based on Cyber-Ark Enterprise Password Survey 2006
What is the PIM Suite?
Cyber-Ark's Privileged Identity Management (PIM) Suite is an enterprise-class, full life-cycle solution for securing, managing, automatically changing and monitoring all activities associated with privileged accounts:
- Control access to privileged accounts
- Monitor and record privileged sessions
- Manage application and service credentials
- Comply with audit and regulatory requirements
- Streamline policy management of privileged accounts
- Seamlessly integrate with enterprise systems
The PIM Suite allows organizations to control, manage, and audit their most privileged identities, avert insider threats, and prevent the loss of sensitive information.
Expand PIM overview
Privileged accounts include the Root account on UNIX/Linux; Administrator in Windows; Cisco Enable; Oracle systems/sys; MSSQL SA; SAP Application Server; and many more such as Emergency or 'Firecall' IDs. Ironically, these identities are often neglected, their session activities are difficult to monitor, and passwords are never changed. In some cases, these identities are required not only by the internal IT personnel, but also by external 3rd party vendors and, thus, require extra care, such as secure remote access and secure session initiation without exposing the credentials.
The PIM Suite enables the 6 essential steps of privileged identity management:
- Identify and Discover privileged policies and accounts
- Centralize and Secure privileged identities and accounts
- Apply Policy to these privileged identities based on the requester / role
- Personalize access to these privileged identities
- Automatically Reset access to these privileged identities
- Log and Record all activities associated with these privileged identities
The PIM Suite: features and components
The PIM Suite offers a robust set of system features and capabilities for consistent policy definition and enforcement, automated privileged password management, and centralized reporting for compliance audits. The PIM Suite comprises three well integrated core products which can also be purchased separately as needed:
Because they share a common server platform, an initial deployment of any individual solution can quickly and easily be expanded to address any additional audit or security challenges that may arise in the future.
Expand PIM benefits
Key features of the PIM Suite:
- Security and Audit Compliance: centralized system for the highly secure management and delivery of audit reports in order to meet compliance with regulations such as SOX, PCI, NERC/FERC and Basel II
- Shared and Administrative Password Account Management: superb automation and management policy for heterogeneous IT environments, extensive device-management architecture, self-recovery solutions, automatic provisioning, reconciliation and a customizable workflow
- Application Identity Management: multi-platform, easy-to-use, high-performance solution for eliminating passwords embedded in applications, scripts and configuration files. Additional highly secure offline caching for application performance, resiliency and HA
- Privileged Session Management: DVR style playback of recorded privileged sessions, supporting multiplex recording servers and with highly secure remote HTTP-S based access for enterprise environments
- Enterprise Readiness: fully comprehensive integration with enterprise infrastructure, full software deployment kit and intelligent distributed architecture with central management that is ideal for multi-site, multi-network environments
