Cyber-Ark's Enterprise Password Vault (EPV) enables organizations to secure, manage, automate, store, protect and log all activities associated with privileged, shared and elevated accounts.

This includes the Root account on UNIX/Linux, Administrator in Windows, Cisco Enable, Oracle systems/sys, MSSQL SA, SAP Application Server and many more such as Emergency or 'Firecall' IDs. Ironically, these identities are often neglected, difficult to monitor their session activities, and passwords are never changed. In some cases, these identities are required not only by the internal IT personnel, but also by external 3rd party vendors and, thus, require extra care, such as secure remote access and secure session initiation without exposing the credentials.

Privileged Session Manager

Cyber-Ark's Privileged Session Manager (PSM) allows organizations to secure, control and monitor privileged access to sensitive systems and devices while leveraging privileged single sign-on capabilities.

Click to enlarge: http://www.cyber-ark.com/img/content-design/psm-net-thumb.jpg

These devices are usually accessed by internal IT personnel and, in some cases, they also need to be accessed remotely by 3rd party vendors or outsourced administrators. All session operations can be recorded in a DVR-style playable format and help to comply with the growing security and regulatory demand for organizations to know both 'Who' is accessing key systems, and 'What' is being done during these sessions.

PSM also helps to streamline other challenges and difficulties including the control and management around who is entitled to access the sensitive devices and networks, how to secure and manage the underlying privileged credentials required to initiate these sessions, as well as perform audit reports of all activities within these privileged sessions. All of this is provided as a transparent solution that requires minimal user behavior changes, and no changes to the network architecture or existing IT infrastructure thus easing integration with your organization.

Click to enlarge: http://www.cyber-ark.com/img/content-design/privileged-session-manager.jpg  

Application Identity Manager

Cyber-Ark's Application Identity Manager (AIM) offers a comprehensive suite of software and services to securely manage embedded, privileged application and script accounts, and to eliminate the use of hard-coded credentials.

Managing App2App identities impose great risk to organizations including:

ü       Failed Audits

ü       Lack of Accountability

ü       Security Risks

ü       Elevated Damage Threat

AIM utilizes Cyber-Ark's patented Digital Vault Technology™, ICSA Validated, and is designed to meet the highest security, audit, compliance and business enablement requirements for managing Privileged and App2App accounts. AIM delivers a complete infrastructure to centralize the management of credentials to resources with a comprehensive set of abilities for managing these service accounts   

o        Eliminating Hard-Coded Passwords: AIM allows enterprise organizations to remove passwords from all scripts, application code and configuration files, making them invisible to developers and support staff.

o        High Availability, Redundancy and Business Continuity: With its secured caching capabilities, AIM is designed to meet high-end enterprise requirements for availability and business continuity for the most critical business applications, even with complex and distributed network environments.

o        Unique Solution for Application Server Data-Source Credentials: AIM provides the only solution for securing and automatically managing credentials required by mission critical applications and stored within Application Server Data-Sources (without code changes or downtime).

o        Automatic Password Synchronization: AIM offers the ability to change passwords on demand without any interruption to production or need for development/testing and IT support.

o        Application Authentication: AIM utilizes advanced means to authenticate applications requesting credentials ensuring only those allowed to access them.

o        Encryption: All passwords are encrypted while at rest or in transit to the requesting application.

o        Access Control: Using the Vault's access control, availability to passwords can be managed down to the application level.

o        Accountability: Each Vault transaction is logged providing auditing and accountability for very password request.

o        Enterprise Readiness: AIM easily integrates with enterprise infrastructure.

Click to enlarge: http://www.cyber-ark.com/img/content-design/application-identity-manager-large.jpg

Enterprise Password Vault Features and Benefits

o        Extensive Range of Supported Target Systems: EPV supports the widest variety of platforms on the market, including over 50 operating systems, databases, firewalls, network devices, business suites and key systems.

o        Customizable Request Workflows: EPV can easily integrate with an organization's help desk and ticketing systems, offering powerful dual control approval processes in order to ensure individual accountability.

o        Web Interface for Users and Auditors: EPV offers a unique Dashboard with flexible access control mechanisms to create personalized views of managed devices and privileged accounts.

o        Direct Connection to Managed Devices: EPV provides direct access to allow for ease of use to Windows/SSH device, using the requested privileged account.

o        Reporting: EPV enables organizations to prove exactly who accessed a shared account and when, create audit-ready reports and provide easy accessibility for auditors to these reports.

o        Self Recovery Capabilities: EPV can automatically reconcile passwords, without human intervention.

o        Automatic Provisioning of Accounts: Using enterprise directory, EPV can automatically provision privileged accounts, as well as reflect any changes on removed or new devices.

o        Central Management with Distributed Reach: EPV can locate multiple Central Policy Manager instances for managing accounts within different network segments, all managed and administered from a single EPV installation.