Scribd Logo
Carica

Benvenuto in Scribd!

  • CyberArk Presentations

    Caricato da

    vishnu vardhan reddy vishnu
    281 visualizzazioni31 pagine

    Titolo originale

    CyberArk Presentations.pptx

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PPTX, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento

    Copyright:

    © All Rights Reserved
    Scarica in formato PPTX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    281 visualizzazioni31 pagine

    CyberArk Presentations

    Caricato da

    vishnu vardhan reddy vishnu

    Copyright:

    © All Rights Reserved
    Scarica in formato PPTX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 31

    CyberArk

    Privileged Account Security Solution

    21-Jul-2017

    © Atos - For internal use


    What is CyberArk?

     The Cyber-Ark Enterprise Password Vault provides a ‘Safe


    Haven’ within an enterprise, where administrative passwords
    can be securely Managed , encrypted and kept safe and
    unknown for everyone.
     CyberArk focuses on privileged account security.
     Enterprise Password Vault protects privileged credentials based
    on privileged account security policy and controls for who can
    access which passwords, and when it can be accessed

    2 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    CyberArk Privileged Account Security Solution

    3 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    Why using CyberArk?

    4 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    Privileged Account
    Security Solution
    Architecture
    Cyber-Ark Architecture

    6 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    Standard Ports and Protocols

    Device type protocol port number


    Unix/linux SSH 22
    Telnet 23
    CyberArk Cyberark 1858
    windows Rdp 3389
    Ldap plain 389
    iseries
    As400 access 449
    HTTP TCP 80
    HTTPS TCP 443
    FTP TCP 21

    7 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    CyberArk Components

    8
    CyberArk Components

    Component Abbreviation
    Enterprise Password Vault EPV
    Central Policy Manager CPM
    Password Vault Web Access PVWA
    Privileged Session Manager PSM
    Disaster Recovery Vault DR Vault
    Privileged threat analytics PTA

    9 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    Enterprise Password Vault

     Centralized secure storage and sharing platform


     Securing data from end-to-end using multiple security layers
     The Digital Vault include seven layers of security to ensure the highest levels of
    protection of your most sensitive credentials, files, and audit logs.

    10 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    Proactive Protection: How does it work?

    11 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    CyberArk Enterprise Password Vault features

    ▶ Privileged account discovery finds and inventories privileged


    accounts throughout the IT environments
    ▶ Centralized, secure storage protects privileged account
    passwords used in on-premises, cloud and OT environments
    behind multiple layers of built-in security
    ▶ Granular privileged access controls prevent unauthorized users
    from accessing privileged account credentials
    ▶ Automated workflows enable users to request access to
    accounts with elevated privileges when needed for business
    purposes

    12 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    CyberArk Enterprise Password Vault features

    ▶ Detailed audit and reporting provides security and audit teams


    with a clear view of which individual users accessed which
    privileged or shared accounts.
    ▶ Technology integrations enable organizations to extend policies
    from existing solutions, such as ticketing, strong authentication,
    and identity and access management, to their privileged
    account security solution, as well as send privileged account
    data to SIEM solutions

    13 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    CyberArk SSH Key Manager features

    ▶ Secure storage of private SSH keys in the CyberArk Digital Vault


    ▶ Proactive rotation of SSH key pairs with automated distribution
    of public keys to target systems
    ▶ Centralized creation and management of all access control
    policies for SSH keys across the enterprise
    ▶ Tamper-proof audit logs enable organizations to report on who
    accessed what SSH keys and when

    14 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    End to End Security

    15 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    Authentication Types

    16 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    Central policy manager-CPM

    17 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    Important notes for CPM

    ▶ Central Policy Manager (CPM)


    ▶ Acts as middleware between Vault and target systems
    ▶ Manages password change processes -how and when to change
    a password
    ▶ Constantly communicates with the Vault
    ▶ Talks to all managed systems
    ▶ Can be a domain member

    18 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    CPM-functionality

    19 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    Architecture-one site

    20 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    Password vault web access-PVWA

    21 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    Important notes for PVWA

    ▶ This scenario describes the first step in managing privileged


    accounts in the CPM.
    ▶ 1. The Security administrator creates a policy for all the
    passwords (length, expiration, complexity and so on) using the
    PVWA.
    ▶ 2. The policies are stored in the Vault.
    ▶ 3. The CPM can access the Vault to view all the policies.

    22 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    PVWA Configaration

    23 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    Privileged Session Manager-PSM

    ▶ CyberArk Privileged Session Manager, part of the CyberArk


    Privileged Account Security Solution, enables organizations to
    isolate, monitor, record and control privileged sessions on
    critical systems including Unix and Windows-based systems,
    databases and virtual machines.
    ▶ The solution acts as a jump server and single access control
    point, prevents malware from jumping to a target system, and
    records keystrokes and commands for continuous monitoring.

    24 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    Privileged session manager-PSM

    ▶ 1.User logs into PVWA, accesses an account, selects Connection


    Component, and presses Connect.
    ▶ 2.PVWA initiates a connection to the PSM via RDP, logging in as
    PSMConnect. PSM retrieves the credentials for the account
    selected above from the Vault.
    ▶ 3.PSM opens the application based on selected connection
    component, using the credentials retrieved from the vault.
    Application is executed as ‘Run As PSM-<shadow user>.

    25 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    PSM-functionality

    26 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    Transparent connection without PSM

    27 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    Connecting using with PSM

    28 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    Secure connect using PSM

    29 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    Privileged Session Manager features

    ▶ Real-time monitoring enables security teams to track user activity and


    detect suspicious events in real-time.
    ▶ Remote session termination enables security teams to immediately
    terminate suspicious privileged sessions directly from the CyberArk
    administrative console.
    ▶ Searchable detailed session audit logs and video recordingsenable
    security teams to pinpoint the moment an incident started, understand
    how the incident began, and quickly assess any damage.
    ▶ Proxy-based, agentless architecture provides a single access control
    point and enforces monitoring and recording of all privileged activity.

    30 | 21-Jul-2017 | Author: Velpula, Hanumeswara | © Atos - For internal use


    Thanks
    For more information please contact:
    T+ 7338698221

    hanumeswara.velpula@atos.net

    Atos, the Atos logo, Atos Codex, Atos Consulting, Atos Worldgrid, Bull, Canopy, equensWorldline, Unify,
    Worldline and Zero Email are registered trademarks of the Atos group. March 2017. © 2017 Atos.
    Confidential information owned by Atos, to be used by the recipient only. This document, or any part of
    it, may not be reproduced, copied, circulated and/or distributed nor quoted without prior written
    approval from Atos.

    Potrebbero piacerti anche