CyberArk (NASDAQ: CYBR), the company that protects organisations from cyber attacks that have made their way inside the network perimeter, today announced expanded privileged account security solutions for Amazon Web Services (AWS) to help customers better protect against, detect and respond to advanced threats.
Many organisations already run at least part of their operations in the cloud, while others are seeking to accelerate their migration strategies - with industry research predicting up to 80% of workloads will run on a cloud architecture by 2024.1
Migrating from the data centre to the cloud introduces different cyber security considerations, particularly associated with securing privileged user and application credentials used to manage consoles, enable applications to connect with sensitive assets, and dynamically scale elastic production environments.
For enterprises migrating to the cloud, CyberArk helps customers seamlessly extend and consistently enforce the security policies they have in place today on their on-premises infrastructure into their emerging cloud and DevOps environments.
Prioritise risk reduction in AWS environments
Customers and partners can now take advantage of CyberArk's integrations with multiple AWS services that both reduce and simplify the prioritisation of privilege-related vulnerabilities:
Simplify the discovery and exposure of privileged credential risk - CyberArk Discovery and Audit (DNA) tool v7.1 simplifies the discovery and reporting on privileged users, instances, credentials and keys in the AWS environment. Specifically, CyberArk DNA scans and discovers the AWS environment for identity and access management (IAM) users, AWS access keys and Amazon Elastic Compute Cloud (Amazon EC2) Key pairs to identify potential privilege-related risks, like unmanaged SSH keys. The CyberArk DNA integration with Amazon Inspector pulls data and findings, such as the number of high severity findings on Amazon EC2 instances, into a single CyberArk dashboard to alert and help security teams visualise and prioritise risk mitigation.
Secure and manage AWS access keys - Organisations can automatically discover and secure privileged accounts in cloud-based environments by proactively securing AWS access keys as well as managing and rotating those keys based on their security and compliance policy. AWS access keys are used by applications and scripts for invoking AWS APIs. It is essential to remove them from code and configuration files, and assure that they are rotated periodically to avoid the potential for uncontrolled administrative access.
When a leading provider of value-added services to telecommunication operators and retailers in Latin America chose to move its data centre to AWS, it recognised the importance of ensuring privileged account security was in place to protect its cloud assets from the beginning. It chose to work with CyberArk to improve the process of managing security.
"CyberArk delivers flexible and secure protection for cloud-based environments. These new capabilities provide greater confidence to security teams that need to make sure privilege-related policies are applied consistently across the enterprise and extended into their enterprise AWS environment," said Roy Adar, senior vice-president, product management, CyberArk. "CyberArk helps build privileged account security into cloud environments from the beginning with automatic provisioning and continuous visibility during cloud migration and ongoing management."
Within organisations' cloud environments, the rapid creation and deletion of instances and their associated administrator accounts must be closely managed. CyberArk can detect and rotate credentials based on company policy, and monitor and record privileged access to deliver greater visibility into the security of cloud assets. In addition to AWS, CyberArk supports customers across multiple cloud environments, including AWS, Azure, Google, Alibaba, mixed, hybrid, on-premises as well as DevOps environments.
Availability
New AWS integrations and support are available now through the CyberArk Discovery and Audit (DNA) tool v7.1 and CyberArk Privileged Account Security Solution v9.8. CyberArk is an Amazon Inspector partner: https://aws.amazon.com/inspector.
CyberArk demonstrated AWS integrations at the RSA Conference 2017, in San Francisco, last month.
Additional resources
Case study - FS Deploys CyberArk for Privileged Account Security and SSH Key Management
Video - Securing the Cloud with CyberArk Privileged Account Security
Whitepaper - Securing Privileges in the Cloud
Whitepaper - CyberArk Privileged Account Security for Amazon Web Services (AWS)
1 Intel and Bain analysis 2016
Share