Scribd
Upload
315 views

Cyberark Vault Features

The document discusses the multiple security layers in CyberArk's Vault system for securing privileged access. The Vault uses 10 interconnected security layers including VPN, firewalls, access control, authentication, encryption, content inspection, and secured backups. In contrast, other products offer only partial security technologies. The Vault also employs hardened servers, dedicated firewalls, encrypted VPN tunnels, strong encryption algorithms, granular access controls, and additional visual, manual and geographic security layers to create an isolated, secure environment for managing privileged accounts and sessions.

Uploaded by

sathish raj
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
315 views

Cyberark Vault Features

The document discusses the multiple security layers in CyberArk's Vault system for securing privileged access. The Vault uses 10 interconnected security layers including VPN, firewalls, access control, authentication, encryption, content inspection, and secured backups. In contrast, other products offer only partial security technologies. The Vault also employs hardened servers, dedicated firewalls, encrypted VPN tunnels, strong encryption algorithms, granular access controls, and additional visual, manual and geographic security layers to create an isolated, secure environment for managing privileged accounts and sessions.

Uploaded by

sathish raj
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

Cyber-

Cyber-Ark lesson

Security Layers in the Vault


Objectives

• Review the Vault security concept


• Understand each security layer

2
Tightly Coupled Layers of Security

• US Patent #6,356,941
• Unparalleled centralized secure storage and sharing platform
• Securing data from end-to-end using multiple security layers

Cyber-Ark
LAN, WAN,
Vault Server INTERNET

3
End-to-end Security

1. VPN
2. Firewall
3. Data Access Control
4. Authentication (including PKI and Token
Based).

5. Encryption

6. Content Inspection

7. Secured Backup and Version Control

8-10. Visual, Manual and Geographical Security

4
Vault Competition -
A Handful of Partial Technologies

VPN Firewall

Vs.
Access Encryption
Control

Vault
Compression Access Control

Choosing many product will cause:


Low Security, Low Performance, Complex Admin., Limited Accessibility
and Very Expensive.

5
Hardened Machine

• Dedicated server
• Remove potentially vulnerable services
• Use “safe configuration” for remaining
services

6
Firewall

• Dedicated firewall
• Cannot be configured
• Code isolation

Cyber-Ark Protocol
Only

7
VPN

• End to end security using session key


• Files are encrypted at rest
• Encryption/Decryption on client side - no
bottle neck on server side

8
Encryption Highlights

• Modular structure – Encryption, Hashing and


Authentication modules can be replaced by the
customer.
• Supported Encryption and Hash Algorithms – AES-
256 / AES-128, RSA-2048 / RSA-1024, 3DES, SHA1
• Every object has a unique encryption key
• When a user is removed from the system he holds no
encryption key
• Secure recovery mechanism for encryption keys.
• Backups are always encrypted and always
recoverable.
9
Encryption
• Default Encryption Algorithm –AES 256
bit + RSA 2048
• Key Hierarchy

10
Data Access Control

• Safe - Basic Access Control Unit in the Vault


• Granular access permissions
– Monitor
– Retrieve
– Store
– Delete
– Backup
– More…
• Object Access Level control – retrieve for
files/passwords
• Users are totally unaware of information that is not
intended for their use
11
Authentication Supported:

• Password (using the SRP protocol)


• User certificate (PKI) – including SmartCard / USB
token support
• Radius (Vasco, Aladdin, RSA,etc..)
• RSA SecurID tokens as secondary authentication
• NT Domain (windows integration)
• LDAP Authentication

Always using strong Two-Way authentication protocols.


12
Visual Security

Back
13
Administrators –
No access to data

Back
14
Build-in Users & Groups

• Administrator
• Auditor (Auditors)
• Backup (Backup Users)
• Batch
• DR (DR Users)
• Master
• NotificationEngine (Notifition Engines)
• Operator (Operators)

15
Manual Security
• Confirmation
• Delay
• Time Limitations

16
Geographical Security

• Network Area

17
Additional Security layers

• PADiskMon –protects server’s keys and


sensitive data
• Content Validated safes
• Text Only Safes
• Vault’s Password policy
• Version control
• Data retention policy

18
Cyber-Ark Vault Secured
Environment

• Enterprise requirements vs. Secured


Environment of the Vault
– Monitoring
– Anti Virus
– Backup
– RDP
– NTP
• Vault Server - Dedicated Hardware vs. Virtual
Machines
– Security Vulnerabilities
– Vault Operator and Master Keys
19
Summary

• Vault – Island of security


• “All-In-One” Multi layers security
• More detailed information can be found in the
Technical white papers.

20
Q&A

You might also like