CyberArk P-Cloud (CyberArk Privilege Cloud)

CyberArk Privilege Cloud is a SaaS solution that enables organizations to securely store, rotate and isolate credentials (for both human and non-human users), monitor sessions, and deliver scalable risk reduction to the business.

Privilege Cloud protects, controls, and monitors privileged access across on-premises, cloud, and hybrid infrastructures.  Privilege Cloud = Vault + PVWA + Connector

Note: https://docs.cyberark.com/Product-Doc/OnlineHelp/PrivCloud-SS/Latest/en/Content/Privilege%20Cloud/PrivCloud-detailed-architecture.htm

Privilege Cloud enables your organization to securely store, rotate and isolate credentials (for both human and non-human users), monitor sessions, and deliver scalable risk reduction to the business.

The Privilege Cloud customer setup includes:

• The Windows Connector (Connector) for establishing privileged sessions with Windows target machines
• Optionally, Secure Tunnel client, for SIEM syslog and setup of offline access using CyberArk Remote Access
• Optionally, the Unix connector (PSM for SSH) for establishing privileged sessions with Unix target machines.

For details on each of these components, see Welcome to CyberArk Privilege Cloud.

The Privilege Cloud cloud service includes:

• Privilege Cloud Portal user interface for setting up and managing user access privileges to your organizational resources
• Vault enables organizations to secure, manage, automatically change and log all activities associated with all Privileged Passwords and SSH Keys.

Deployment : One Site

Deployment : Multiple Sites

 

Three Phases Implementation Program

Privilege access projects can vary between organizations, based on priorities, technologies in use, and more. We understand this. We want to offer a path that we see as optimal, based on CyberArk's vast experience in protecting organizations. You can decide how, and in what order to execute the plan to best meet your needs.

With these guidelines and CyberArk's assistance, you can build a successful and, ultimately, mature privileged account security program.

Access your organization's P-Cloud: https://<subdomain>.cyberark.cloud

Connector

Connector servers are quired to be installed in the customer's environment.

• CPM = Password Manager
• PSM
• Identity Connector
• Secure Tunnel

What is A Privileged Account?

How many privileged accounts an organization will have averagely?

Protect Cloud and SaaS Applications:

Securing the console and CLI

Best practice

Protect the identity provider

• AD FS - same level of domain controllers (Tier 0)

Protect the API keys

Managing Workloads in the cloud

Event Driven Automatic Onboarding

Action

Call to action - Skyark

Baseline your accoutns - Discovery Tools

What is CyberArk DNA?

CyberArk DNA is a discovery and audit tool that automatically scans an organization’s network for data related to privileged and non-privileged accounts. The scanner automatically discovers and analyzes any privileged and nonprivileged account within servers and desktops, and then generates a report and visual organizational map that evaluates the privileged account security status in the organization.

Run DNA in your network

Before you can run DNA, you need to set it up on a network machine. All the information for setting up and running DNA can be found in the CyberArk DNA User Guide.

PAS Program Common Risks & Mitigations

 

Note: https://cyberark.wistia.com/medias/u81ofnivie

References

• Best Practices for Privileged Access & Secrets Management in the Cloud
• Secure an Azure IAM Account with Privileged Access Manager | CyberArk
• What are licensing requirements for Microsoft Remote Desktop Services ("RDS") when deploying CyberArk's Privileged Session Manager ("PSM")?