7 min Security

CyberArk extends PAM solution to machine identities

Insight: Security Platforms

CyberArk extends PAM solution to machine identities

Like a spider builds a web, CyberArk is continually increasing the number of profiles for which it has security solutions. The company has always been able to build out that web smartly and ahead of the trends and believes it can continue this trend in the future. To that end, it recently added a new thread to the web: machine identity. It did so through an acquisition of Venafi. When the CyberArk IMPACT tour passed through the Netherlands, we saw an opportunity to find out what the impact on the end user is.

Machine identity is a market that is already very attractive in numbers. After all, every employee has forty to forty-five machine identities that need to be protected, according to Rich Turner, senior vice president of EMEA of CyberArk. The company now offers security for four profiles present in every enterprise. The first three are IT, developers, and all departments beyond, such as finance and management. The fourth profile includes the digital extension of these individuals: machines.

25 years of CyberArk through a proactive attitude

25 years ago, the potential customer base was much smaller, and CyberArk focused on IT people. In any case, back then, the digital aspect in enterprises was much smaller, and paper processes were the norm, while computer jobs were rare. The world has changed and CyberArk has maintained itself for twenty-five years in an excellent way. The humble Udi Mokady, who has been CEO of the company for eighteen years and now sits on the board, could not dream of this great success himself. “As a start-up, we could only promise our first customers that we would exist at least as long as our investors were behind us. We had the investors’ trust for a long time, until ten years ago when we decided to say goodbye to them and go public.”

That is very modest wording because, especially as a company in the security world, you should not take a wait-and-see attitude. If that was the case, any hacker would outsmart your security tool. In conversation with Turner, the proactive attitude that every security provider has quickly emerged. “Innovation is important for staying focused and relevant. In turn, innovation requires research into the thinking and actions of hackers.” A security player analyses what hackers are focussing on at the moment, and researching the movement of hackers and the latest tools allows for predictions of what is to come.

One success story Turner likes to talk about is the expansion into third-party risk. “We saw companies doing more and more things digitally and could well estimate that it was only a matter of time before different companies would also connect with each other digitally. CyberArk has become very relevant in protecting the digital processes that enable these digital connections.”

Innovate without losing the basics (PAM)

The acquisition of Venafi shows that the company continues to anticipate the changing security landscape. At the same time, it does not forget about the past and makes room for innovation in the platform’s long-standing base. The company shows this by not only introducing new security tools for machine identity but also by adding novelties for the three other profiles.

An overview of the most important new features introduced by CyberArk, broken down by profile. Click on an image to enlarge it.

From the new features, we highlight that it is now possible for everyone in the organization (workforce) to securely search online via CyberArk Secure Browser. Developers get a new solution to protect cloud login credentials based on Zero Standing Privileges which means that login credentials are usable only once. This type of security is brought to developers because they usually have access to critical business information within the cloud environment.

The new features are plugged in from CyberArk’s foundation of Privileged Access Management (PAM) solutions. Such solutions protect key data in a company and provide visibility into which corporate data was accessed by which user. One concrete attack that PAM secures a company against is credential theft, or the stealing and misusing of login credentials. With this data, a hacker can log in to a user account, making it easier for a hacker to stay under the radar of security solutions that, for example, scan for brute-force attacks. After logging in, the hacker can access organizational data and spread malware. A PAM solution can mitigate this risk by limiting the level of access to data and business applications on a per-user basis and requiring multifactor authentication.

Tip, the recent hack at Ticketmaster shows that credential theft is a contemporary problem that can cause major problems: Ticketmaster incident shows: attackers no longer break in, but log in

Extend PAM to new identities

Mokady says PAM will also be the answer to contemporary threats: “With remote workers and the expansion of the number of machines, it is difficult to keep track of the identities in a company. Each identity needs the right level of privilege controls to keep the digital infrastructure secure.” CyberArk’s solution is there to protect all these identities in a solution tailored to the employee’s IT level. That means that, on the one hand, someone from IT gets a complex solution but also has extensive access to a company’s digital environments. Someone from the administration, on the other hand, has a solution that is easy to use, but the user has, at the same time, much more limited access.

By acquiring Venafi, CyberArk seeks to ensure that it can stay relevant in the future where it is more necessary to secure machine identities. Venafi CIO Kevin Bocek convinced the visitors present at the event that “Venafi provided the standard for Kubernetes and introduced the first and only identity standard for workloads. Workload identity is the future, and that’s something only CyberArk and Venafi can help with.”

Strengthen security with AI

“As long as innovation has a dark side, we will exist,” is the general thought Mokady wants to impart during IMPACT. In the AI story, innovation also has a positive side. Technology enhances security tools, and that is no different for CyberArk. The company announced CORA AI, which is not a stand-alone product but is integrated into the core of the CyberArk platform. As a result, the existing tools became smarter and can now, for example, immediately raise the alarm on suspicious activity themselves. This is a relief for security teams by reducing the need for constant monitoring of the IT environment.

In the 25 years of CyberArk’s existence, the cybersecurity landscape evolved with the increasing digitization of businesses. During the CyberArk IMPACT tour, it became clear that the future of cybersecurity is not only about protecting human identities but also about securing the growing numbers of machine identities. The security provider additionally showed that when change occurs, it is important not to forget the basics. New challenges are tackled from the same PAM base. In the coming years, CyberArk sees the importance of protecting workload identity growing even more tremendously. That part is already covered through the acquisition of Venafi.