CyberArk Discovery & Audit (DNA) is a powerful tool for assessing privileged access risk. This lightweight, agentless software scans systems to locate all privileged credentials, including passwords, hashes, SSH keys, cloud access keys, and many others. By scanning their networks with CyberArk DNA, organizations can gain visibility into all of their privileged accounts across on-premises, cloud, and DevOps environments.
After a scan is complete, CyberArk DNA generates an executive report to help management understand the potential risk to the organization. A technical report enables IT teams to find privileged passwords that are weak or outdated, uncover misconfigurations, and identify systems that are vulnerable to credential theft attacks.
Clango includes periodic scans with CyberArk DNA as part of our CyberArk managed services program. Our managed services solution gives organizations access to a team of CyberArk-certified engineers who will remotely manage and administer the Enterprise Password Vault, Central Password Manager, and Password Vault Web Access. The program can be expanded to include other CyberArk products and modules and can scale as needed to meet changing business requirements.
Our managed services program recognizes that organizations often struggle to proactively manage and administer security tools. By engaging Clango’s managed services time, organizations can rest assured that CyberArk upgrades and patches will be installed on a timely basis following industry best practices.
We also recognize that cybersecurity is never a “set and forget” operation. In addition to periodic scans using CyberArk DNA, we will conduct ongoing reviews to ensure compliance and a biannual system hygiene program.
Armed with the detailed data we collect using CyberArk DNA, we can prioritize actions to ensure the most critical privileged accounts are protected. Clango’s managed services program includes 16 hours of onsite consultation each quarter, giving you an opportunity to pick the brains of our experts on how best to employ the CyberArk platform to implement a privileged account management strategy.
One approach is to separate systems into at least three tiers: Tier 0 for mission-critical assets, Tier 1 for remaining servers, and Tier 2 for endpoints. The privileged accounts that are given access to systems within a particular tier should not be able to access systems in any other tier. This prevents an attacker from using a compromised endpoint to reach Tier 0 or Tier 1 systems.
Administrative privileges for Tier 0 and Tier 1 systems should be strictly limited, and privileged credentials stored in the Enterprise Password Vault. The vault not only protects passwords but eliminates the risk that admins might write them down or save them in a spreadsheet.
Clango leverages CyberArk DNA to gain a complete snapshot of an organization’s security posture with regard to privileged accounts. Our engineers then apply their expertise to developing a privileged account management strategy and prioritizing threat remediation activities. When combined with ongoing maintenance and administration services through our managed services program, organizations gain an end-to-end solution that helps ensure privileged accounts are protected.
For more information about CyberArk as a Managed Service, please send us an email at (firstname.lastname@example.org).