PRECISION

— PRECISION: Adjusting Your AIM —

PRECISION DIAGRAM

Clango’s PRECISION ensures all credentials in CyberArk’s Credentials Provider are up-to-date in real time and protects your Vaults from accidental DDoS attacks.

Today’s interconnected IT environments have thousands of workflows, processes, scripts, and applications that need to retrieve and store sensitive information. When applications are granted access to these resources, they often use accounts that are given elevated access to vast amounts of sensitive data. Because of this, these accounts are often exploited as part of targeted attacks. Indeed, many recently reported sophisticated attacks have stemmed from the compromise of hard-coded privileged credentials.

CyberArk AIM allows you to secure such credentials with the CyberArk Vault. When an application needs to access a resource, it reaches out to AIM for the necessary credential. However, since AIM doesn’t talk to the Vault in real time, it must query the Vault regularly to ensure it has up-to-date credentials. If you have relatively few applications or rotate passwords infrequently, the AIM refresh works fine. Unfortunately, AIM customers with many applications and/or regular password rotation will need to have a very short Cache Refresh Interval to ensure AIM provides accurate credentials. At scale, this can mimic a Distributed Denial of Service (DDoS) attack, crashing your CyberArk Vaults. The solution would appear to be setting a higher interval, but this limits your ability to rotate or allow on-demand password resets, weakening the security you are trying to set up with AIM in the first place.

Enter PRECISION — AIM with PRECISION ensures all credentials in CyberArk’s Credentials Provider are up-to-date in real time and protects your Vaults from accidental DDoS attacks. PRECISION sits inside the CyberArk environment and monitors the CPM log, looking for manual and automated password changes. Once a password change has been detected, PRECISION remotely invokes the Credential Provider refresh cache command. By eliminating the need for a short Cache Refresh Interval, PRECISION keeps your credentials current and your Vaults online.


Want to see PRECISION in action? Complete the form below to schedule your no-obligation demo.

Features & Benefits

  • Relatively small footprint leveraging existing CyberArk investments
  • Standards-based using REST and PACLI
  • Dramatically lowers unneeded traffic to Vaults
  • Can refresh cache in multiple application servers in parallel utilizing multiple threads to save time
  • Allows for Application Privileged Account Management (PAM) accounts to be rotated regularly or on demand
  • Email notification feature for failure reporting, including which provider, user, and/or application information was problematic