itb-au logo
Story image

CyberArk releases new ‘just-in-time’ capabilities to help reduce risk

CyberArk has expanded its just-in-time capabilities across its access management portfolio to help organisations reduce risk and implement broader least privilege strategies.

By extending just-in-time support with the ability to remove unnecessary standing access to Linux systems, CyberArk remains the only privileged access management vendor to provide comprehensive just-in-time offerings across cloud and hybrid environments and on the endpoint, the company states.

Some privileged accounts are granted standing, ‘always on’ access despite only requiring access for brief periods of time – increasing the attack surface, CyberArk states.

This is particularly true in the case of SSH keys, which are often mismanaged and easily compromised. New CyberArk capabilities feature short-lived SSH certificate authentication to secure access to existing or newly created instances in Linux systems without the need to manually manage accounts and credentials.

With today’s announcement, CyberArk delivers a set of just-in-time use cases to enable least privilege including:

  • Temporary Elevation: With recent just-in-time elevation and access features in CyberArk Endpoint Privilege Manager, organisations can grant temporary local admin access to Windows and Macs workstations as well as Unix and Linux servers on a per-request basis for a fixed length of time.
  • Ephemeral Accounts: Provide temporary access to Unix and Linux systems based on Microsoft Active Directory Permissions and create a short-lived ephemeral account to establish a one-time session for authorised users. CyberArk also integrates with AWS Security Token Service to request temporary, limited-privileged credentials for AWS Identity and Access Management (IAM) users.
  • Broker and Remove Access: In addition to the new CyberArk Just-in-Time Access with SSH Certificate Authentication delivered via CyberArk Core Privileged Access Security or CyberArk Privilege Cloud, the company’s privileged access management as a service offering, CyberArk Alero also provides just-in-time access to third party remote users.

Through integrations with popular IT Service Management solutions, CyberArk can grant temporary elevated access after ensuring the user has a valid open ticket or has received manual confirmation from authorised managers.

CyberArk chief security strategist Nir Gertner says, “Just-in-time is a function of an overall privileged access management program that reinforces least privilege principles. When coupled with other foundational elements, it becomes a key part of an evolving strategy for protecting privileged access.

“By delivering the industry’s most comprehensive portfolio of just-in-time capabilities, CyberArk helps organisations reduce standing privileged access risk, simplify operations and strengthen their overall security posture across hybrid IT environments.”

CyberArk allows organisations to grant access only when needed and for no longer than required – regardless of user type, target system or environment, the company states.

In addition, sessions are automatically isolated, recorded and monitored in real time in order to help prevent misuse or lateral movement, whether that access is provided via just-in-time or not.

Story image
Global lockdowns put pressure on internet infrastructure
With COVID-19 resulting in many countries going into lockdown, more people are transitioning to working and studying remotely, putting more pressure on internet infrastructure around the world.More
Story image
Mentorship key to bringing women into cybersecurity - Microsoft
“Diverse teams make better and faster decisions 87% of the time compared with all male teams, yet the actual number of women in our field fluctuates between 10 and 20%. What ideas have we missed by not including more women?”More
Story image
Revealed: The top digital data trends for crime scene investigation
75% of law enforcement and investigators say gathering digital evidence at the scene of a crime is critical for investigations, according to research from Cellebrite.More
Link image
All-in-one server monitoring without the pain points
Monitor your entire server infrastructure and get in-depth visibility into key performance indicators of your data center's Windows & Linux servers.More
Link image
How to protect your workforce from COVID-19 cyber attacks
Opportunistic hackers are using the coronavirus to launch large-scale spear phishing campaigns, amongst other threats. Here's how to fight back.More
Story image
Acronis appoints new APAC General Manager and launches Partners Programme
One of Morarji’s first objectives has been to launch the new Acronis Partner Programmes in APAC, in which the Acronis team will help channel partners and managed service providers (MSPs) expand their portfolios and deliver fast ROI.More