It can be surprisingly challenging to simply list all the privileged accounts stored in the CyberArk Enterprise Password Vault. While Password Vault Web Access (PVWA) provides some reports, they do not cover the full range of use cases most organizations need to meet compliance and operational requirements. Depending on the size of your vault implementation and your specific reporting needs, it could take the skills of a software developer or database administrator to generate the additional reports you need.
Besides the built-in reports available in the PVWA, CyberArk provides a utility called Export Vault Data (EVD) to export data from the vault to a .TXT or .CSV file. It can also export data to a Microsoft SQL Server database. Unfortunately, this tool is not user-friendly. As the term “utility” implies, it is designed for use by IT personnel, not business users.
The EVD utility has a command line interface, so you have to type in long commands to specify the parameters for the data you want to export and how you want it formatted. Many IT administrators are accustomed to using a command line interface; if they are familiar with the EVD parameters, they can quickly enter commands that will give them the data they need.
EVD includes a dozen or so built-in exports that provide lists of safes, groups, users, etc., as well as system and event logs. The desired export must be specified in the command line, along with other parameters such as the vault user and date range. Once the data is exported, the real work begins. The data can be imported into Excel, and someone skilled in manipulating Excel spreadsheets can format and analyze that data. Or, if the data is imported into an SQL database, a programmer can query that data and create reports. The problem is that this process separates business users from the CyberArk data they need to analyze. It also increases costs because organizations must pay experts to provide business users with the information they need.
By contrast, Clango’s Cyber Analytics Reporting Tool (CART) does all this work for you. CART regularly ingests CyberArk data into a database (daily, typically, but more often when required) and provides an intuitive, web-based interface that enables business users to explore the data. Users who know their data best can quickly and easily run queries and generate their own CyberArk reports. Search and filter capabilities are built into the report screen.
But CART is much more than an online spreadsheet prepopulated with CyberArk data. The real value of CART lies in the interconnectedness of the data. A CyberArk vault is subdivided into safes that have privileged accounts checked into them. Users and groups have permissions to safes, and safes are tied to privileged account entitlements. CART understands those interrelationships, allowing users to conduct more complex analyses and generate the privileged account reports they need.
For example, CART’s crosslinking tools make it possible to determine which privileged account entitlements were assigned directly to a particular administrator, and which were granted to that administrator via membership in an Active Directory group. Datasets can also be pivoted to show summaries based on various parameters — a complex undertaking if you use only basic spreadsheet and database tools.
Clango’s CART solution saves time and headaches and puts CyberArk data in the hands of users who need it most.