CyberArk focuses on Privilege Access Accounts

In a chat with VARINDIA, ROHAN VAIDYA, Regional Director of Sales, India, CyberArk Software, discusses about the technology landscape, evolution of cyber threats and how CyberArk provides protection to its customers - 
 

It is true that technology has evolved manifold. Previously, enterprises were the early adopters of latest technologies, but these days even SMEs are not lagging behind. Organizations are adopting latest technologies as it helps in faster go-to-market and improve customer experience. But as technology evolves, it gives greater attack area for cybercriminals too.         

“Over the last three years technology has leapfrogged as there have been a lot of happenings around Cloud. Around three years back, people started adopting the Cloud. Initially, technologies are adopted more at an enterprise level, but eventually SMEs start adopting them quickly because everybody sees a value in using technology as time-to-market becomes faster and customer experience improves. Also, the ecommerce companies have started using a very disruptive technology, so the next phase that has come in is automation. Now the moment you have so many engines running at different sides, there will be gaps. That is when cybercriminals or the attackers take advantage of. The next add on was IoT. So when technology evolves and the attack surface increases drastically, security vendors are not able to catch up. These trends will keep evolving as long as we start doing something disruptive and it is going to have that effect. This is going to be a trend which will continue for many years and the more disruption technology brings in the spikes are going to be even more,” explains Rohan Vaidya, Regional Director of Sales, India, CyberArk Software. 

PRIVILEGE ACCESS ACCOUNTS

The major focus of CyberArk is managing the privilege access accounts. The company secures the password of any IP-based devices, records the activities of an IT administrator and also analyzes the activities of the administrator.

“CyberArk has been in business for 20 years with a focus on managing the Privilege Access Accounts. In any IP device, we scan the passwords or the SSH keys. So, we take those keys and vault it so that an administrator need not remember the passwords and you will not be able to view the thousand passwords any longer.

There is a concept called jump server. So instead of going from point A to B, we have an interface in between which is a CyberArk interface. So, one has to go through the interface. It identifies the administrator; he is L1 and has access to this 10 servers. His role and responsibilities to these 10 servers are defined. All the activities of an administrator get recorded. It has multiple searches and I can search on time or command base in terms of certain activities that are done. 

The third part is the weakest link which is always the human being in every technology and you may have internal or external threats. As an administrator, you have keys to the IT kingdom, so why not monitor these guys on their user behaviour. We have something called privilege third analytics, the tool monitors in two parts. One, it monitors its human users, who are the administrators who log in through CyberArk. It learns on its own terms, the different sites the administer visits, what tools are used, and then if there is any abnormality it raises an alarm. 

The other is a correlation factor which you do where you have the active directory, network and SIEM. If a customer has an SIEM already configured into the system, we can do a correlation of the data logs which are being exchanged and can say there is an attack in progress. In an attack chain, if the malware or the insider or the external is trying to do a lateral movement, he may pass through most of the security parameters because he masqueraded as an administrator. The software will start correlating three or four data points and analyze why the person is moving from server to server or why he is getting into a firewall when he is not supposed to do, or why is he changing certain settings. So, we are the last line of defence when it comes to protect the privilege access management,” he says.