View
32
Download
2
Category
Preview:
Citation preview
SOLUTION BRIEF
PREVENT PRIVILEGED CREDENTIAL ABUSE WITH
RSA SECURID® ACCESS & CYBERARK PRIVILEGED
ACCOUNT SECURITY SOLUTION
2
SOLUTION BRIEF
THE CHALLENGE
Today, more than ever, organizations need to be aware that compromised
identities represent the single biggest attack vector for adversaries.
The ease with which passwords can be harvested and packaged together
with very sophisticated tools and techniques to exploit them can lead to
devastating consequences.
While any compromised identity can have real consequences for
organizations, it’s widely recognized that privileged accounts pose the
largest security threat. In the wrong hands, privileged credentials can allow
attackers to take control of IT infrastructure, disable security controls,
steal confidential information and commit fraud. In order to help prevent a
potentially catastrophic breach, organizations must know who privileged
users are, what they have access to and what they are doing once logged in to
sensitive systems and applications.
CYBERARK ENTERPRISE PASSWORD VAULTCyberArk Enterprise Password Vault, a component of the CyberArk
Privileged Account Security Solution, is designed to automatically secure,
rotate and control access to privileged account passwords, based on flexible
organizational policies. The solution is proven to scale in the largest, most
complex enterprise IT environments, and it can protect privileged account
passwords used to access the vast majority of systems.
RSA AND CYBERARK: LOCK DOWN PRIVILEGED ACCESS With privileged credentials centrally stored within the CyberArk Enterprise
Password Vault, organizations must have a very high level of confidence that
users accessing the vault are who they claim to be. RSA has collaborated
with CyberArk to seamlessly integrate RSA SecurID® Access with the
CyberArk Enterprise Password Vault. With this integration, joint customers
can leverage the broad range of RSA multi-factor authentication methods,
including mobile push and biometrics, hardware and software tokens and
machine learning behavioral analysis, to provide privileged users with
the ease of use they need, while maintaining the highest levels of identity
assurance that organizations require.
The combined solution further enables organizations to easily tailor different
levels of assurance, based on user privileges, their roles and the sensitivity of
the resources they are trying to access. This gives organizations the flexibility
to provide privileged users with more than one multi-factor authentication
option, allowing users to choose what’s most convenient, but still be secure.
Moreover, RSA and CyberArk together can be deployed to protect SSH
administrative access to remote computers for performing administrative
tasks like troubleshooting and configuring updates, as well as for admin access
to infrastructure equipment such as routers, switches and Unix servers.
KEY BENEFITS• Mitigate privileged
credential abuse with multi-factor authentication for privileged access.
• Protect privileged access across cloud, web and on-premises applications, and enforce consistent policies regardless of where the data lives.
• Simplify user access and deliver a high level of identity assurance with RSA behavioral analytics and mobile push and biometric authentication.
• Balance security and convenience with RSA assurance levels and easily define unique authentication requirements based on policy.
Safeguarding your organization against advanced persistent threats (APTs), which result in credential theft and privilege escalation, requires a high-level of assurance that users are who they claim to be. RSA and CyberArk have teamed up to minimize the risks associated with hijacked credentials, by making it possible for organizations to enforce multi-factor authentication at the point of privileged access.
3
SOLUTION BRIEF
Current RSA SecurID customers can easily leverage their existing
deployment of hardware or software tokens, or add other mobile multi-
factor authentication options, including push or biometrics, for accessing
the CyberArk Enterprise Password Vault. In addition, larger enterprises
that may have hundreds or even thousands of RSA SecurID agents deployed
on Linux machines could use the CyberArk Enterprise Password Vault as
an authentication gateway—to enforce RSA SecurID Access multi-factor
authentication—and reduce complexity by eliminating the need to manage
native RSA agents deployed across these endpoint systems.
HOW IT WORKS
Figure 1: RSA and CyberArk Together Prevent the Abuse and Misuse of Privileged Credentials
CLOUD-TO-GROUND PRIVILEGE PROTECTION The elastic nature of cloud computing can create unique challenges and potentially
new unmanaged and unsecured privileged accounts. Similar to the need for
managing privileges on-premises, organizations must also control and monitor
privileged users in the cloud. The combined solution of RSA SecurID Access and
the CyberArk Privileged Account Security Solution solves this challenge.
With CyberArk, privileged accounts for cloud management tools,
infrastructure and APIs are secured, monitored and managed. And with RSA,
organizations get the identity assurance they need to protect privileged
access in the cloud, as well as secure access to all their cloud provider
consoles, while also providing a consistent and consumer-friendly access
experience for privileged users.
4 RSA challenges user
Multi-factor authentication
methods
3 CyberArk requests identity
assurance from RSA (SAML, RADIUS or API)
CyberArk Enterprise Password Vault
Routers
Servers
Workstations
1Privileged Access Request
User
6Access granted
2User asked for
LDAP creds
5ID verified
4
SOLUTION BRIEF
CENTRALLY GOVERN PRIVILEGED IDENTITIES For complete identity protection, RSA Identity Governance and Lifecycle has also
been tightly integrated with the CyberArk Privileged Account Security Solution to
provide a unified view of user access, driven by centralized, policy-based identity
management for all privileged users and applications, and their entitlements, to
ensure access is appropriate and adheres with security best practices guidelines.
Centralizing and automating identity and access governance of privileged
identities ensures that privileges are accurately managed throughout their
lifecycles, revoking or decrementing privileges appropriately as employees
leave organizations or change roles within them.
ABOUT RSA RSA offers business-driven security solutions that uniquely link business
context with security incidents to help organizations manage risk an d protect
what matters most. RSA solutions are designed to effectively detect and
respond to advanced attacks; manage user identities and access; and, reduce
business risk, fraud, and cybercrime. RSA protects millions of users around
the world and helps more than 90% of the Fortune 500 companies thrive in an
uncertain, high risk world. For more information, go to rsa.com.
ABOUT CYBERARK CyberArk is the global leader in privileged account security, a critical layer of IT
security to protect data, infrastructure and assets across the enterprise, in the
cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s
most complete solution to reduce risk created by privileged credentials and
secrets. The company is trusted by the world’s leading organizations, including
more than 50 percent of the Fortune 100, to protect against external attackers
and malicious insiders. For more info, visit cyberark.com.
RSA and the RSA logo, are registered trademarks or trademarks of Dell Technologies in the United States and other countries. © Copyright 2017 Dell Technologies. All rights reserved. Published in the USA. 11/17, Solution Brief H16855.
RSA believes the information in this document is accurate as of its publication date. The information is subject to change without notice.
Recommended