How to Tap the Valuable Data in CyberArk’s Enterprise Password Vault


A key feature of CyberArk’s Core Privileged Access solution is the Enterprise Password Vault. This vault reduces the risk that privileged account credentials will be compromised by providing a centralized location for managing user entitlements and passwords. It is designed to protect privileged identities throughout the IT environment, including DevOps, DevTest, on-premises, and cloud-based systems. It also provides privileged account reporting to enhance cybersecurity processes and aid in regulatory compliance.

The CyberArk vault is subdivided into safes that make it possible to organize sets of privileged account credentials based on the users who will need access to them. The credentials are stored in the safes along with policy-based controls specifying who has access, how frequently the passwords should be changed, etc.

This system enables granular access controls that ensure only authorized individuals can use privileged accounts for legitimate business purposes. It updates privileged account passwords on demand or at regular intervals, and automatically synchronizes credentials across the environment. RESTful APIs provide further automation of onboarding, permissions granting, and other privileged account management tasks.

When an administrator needs access to a system, CyberArk will either provide the most current password or give the administrator temporary guest access to the account. The vault monitors and records privileged account activity by collecting data from multiple sources as well as tracking privileged account credential access from within CyberArk. Statistical and deterministic algorithms are applied to help identify malicious activity. The detailed audit trails also provide the policy and process data needed to show compliance with government and industry regulations.

This data is a godsend for IT and audit teams tasked with monitoring large numbers of privileged account identities and user sessions across hundreds or even thousands of systems and applications. However, many organizations find that CyberArk’s built-in reporting capabilities do not meet all their operational and compliance requirements. Business users must try to export unformatted data from the CyberArk vault and manipulate it in a spreadsheet, or engage developers to build database queries and write code to generate custom reports.

Clango’s Cyber Analytics Reporting Tool (CART) relieves these headaches. CART enables business users to view, search, analyze, and report on operational data stored in the CyberArk vault. It can also integrate with Active Directory for user authentication and connect to other SQL identity stores for a comprehensive view of role-based access across the organization.

CART’s web-based interface is intuitive and easy to use. Users can browse the CyberArk data in a spreadsheet paradigm with the ability to sort and filter, rearrange columns, and run standard inline and aggregate functions such as total, min, max, and average. Configurable search and filter forms make it easy to run complex queries. The solution also includes prebuilt reports that can be cloned and modified to simplify the creation of customized data views.

CART makes it possible to give non-CyberArk users such as auditors and compliance officers access to the valuable data within CyberArk. These users can easily get the data they need without the time and expense of engaging developers or report writers. Contact us for a no-obligation demo of this powerful reporting solution.


For more information about CyberArk or CART, please send us an email at (

Leave a Comment