CyberArk unveils Master Policy, new approach to privileged account security
By Digital News Asia October 4, 2013
- Policy engine for securing privileged accounts to improve audit and compliance; control and enforcement
- Mitigates risk from insider and advanced threats; embedded in all CyberArk privileged account security products
ENTERPRISE security company CyberArk has announced the availability of Master Policy, which it said was a ‘policy engine’ that would enable customers to set, manage and monitor privileged account security in a single, simple, native language interface.
With it, the once complex process of transforming business policy and procedures into technical settings would now be easily manageable and understandable to an organisation’s stakeholders, including security operations, risk officers and auditors, the company claimed.
Master Policy is embedded at the core of all of CyberArk’s privileged account security products, providing simplified, unified and unequaled policy management, it said in a statement.
The release is available in version 8.0 of CyberArk’s privileged account security solution now released and will ship with all new installations of CyberArk’s Privileged Identity Management (PIM) and Privileged Session Management (PSM) suites.
Privileged accounts have been identified as the primary target in internal and advanced external attacks, and have been implicated in 100% of breaches, CyberArk said, citing a 2013 report by security firm CyberSheath.
“Policy is the foundation of a sound security infrastructure. It has been difficult to enforce written policy throughout the enterprise, as it is time-consuming and difficult to translate that written policy to technical settings for operational departments,” said Sally Hudson, Research Director, IDC.
“With today’s advanced threat landscape, the enterprise can no longer afford to overlook the importance of accurate policy settings and enforcement. Simplifying this process gives control back to the security, risk and audit teams and allows them to use their expertise to mitigate the risks posed by insider and outsider threats and comply with strict regulations,” she said in the statement issued by CyberArk.
Master Policy enables organisations to set policy first to better meet their security and compliance needs. Its key benefits include:
- A simplified process for creating and managing privileged account security policy, that can now be set up in minutes rather than days or weeks;
- Improved security posture of the organisation by approaching privileged account security with policy first;
- Meets business demands by quickly and accurately translating written policy into privileged account security controls;
- Enables organisations to meet and demonstrate compliance regulations like PCI DSS, Sarbanes Oxley, NIST, NERC-CIP and more;
- Allows enterprise global policy to be set while providing controlled, granular level exceptions to meet the unique operational needs of the business; and
- Decreases resource strain by empowering security risk and audit teams to enforce policy in their native language.
In addition to Master Policy, CyberArk’s version 8.0 includes the Universal Connector, which empowers organisations to extend privileged session monitoring to virtually any component of their IT infrastructure, including networks, servers, hypervisors, databases, applications and more.
Using customisable solutions, efficient automation and offering 200+ existing connectors, CyberArk said it is able to support nearly all current enterprise systems.
Roy Adar, vice president of product management at CyberArk, said his company’s solution was the only one that “ties together uncompromised core security with a deep understanding of policies and regulations.”
“As privileged accounts continue to be exploited by cyber attackers and rogue insiders, it is our goal to put an end to this vulnerability by arming our customers with the strongest possible defence,” he added.
Policy framework a must for security today: IDC
Security as a business enabler, not a bottleneck
Security no longer about ‘no,’ but ‘know’
HP gets serious about security, controversial Autonomy deal bearing fruit
How to reduce policy accumulation and improve security