DATA SHEET

CYBERARK® PRIVILEGE ON PREMISES

THE CHALLENGE Efficiently protect, monitor and

Privileged accounts and the access they provide represent the largest security control privileged access across
vulnerability an organization faces today. These powerful accounts exist in almost on-premises, cloud, and hybrid
every piece of hardware and software throughout IT environments. When employed infrastructure
properly, privileged accounts are used to maintain systems, facilitate automated
processes, safeguard sensitive information, and ensure business continuity. But SPECIFICATIONS
in the wrong hands these accounts can be used to steal sensitive data and cause
Encryption Algorithms:
irreparable damage to the business.
ƒ AES-256, RSA-2048
Privileged accounts are exploited in nearly every cyber-attack. Bad actors can ƒ HSM integration
use privileged accounts to disable security systems, to take control of critical ƒ FIPS 140-2 validated
IT infrastructure, and to gain access to confidential business data and personal cryptography
information.
High Availability:
Organizations face a number of challenges protecting, controlling, and monitoring ƒ Clustering support
privileged access including: ƒ Multiple Disaster Recovery sites
• Managing account credentials. Many IT organizations rely on manually ƒ Integration with enterprise
intensive, error-prone administrative processes to rotate and update privileged backup system
credentials—an inefficient, risky and costly approach.
Access and Workflow Management:
• Tracking privileged activity. Many enterprises cannot centrally monitor and
ƒ LDAP directories
control privileged sessions, exposing the business to security threats and
ƒ Identity and Access
compliance violations.
Management
• Monitoring and analyzing threats. Many organizations lack comprehensive ƒ Ticketing and workflow systems
threat analysis tools and are unable to proactively identify suspicious activities
and remediate security incidents. Multi-lingual Portal:
• Controlling privileged user access. Organizations often struggle to effectively ƒ English, French, German,
control privileged user access to cloud platforms (IaaS and PaaS), SaaS Spanish, Russian, Japanese,
applications, social media and more; creating compliance risks and operational Chinese (Simplified and
traditional), Brazilian
complexity.
Portuguese, Korean
• Securing remote vendors. Most organizations have little-to-no visibility or
control over remote access to privileged corporate IT systems and infrastructure. Authentication Methods:
ƒ Username and Password, LDAP,
THE SOLUTION Windows authentication, RSA
The Privilege On Premises solution is a part of the CyberArk Identity Security SecurID, Web SSO, RADIUS, PKI,
SAML, smart cards
Platform, providing foundational controls for protecting, controlling, and
monitoring privileged access across on-premises, cloud, and hybrid infrastructure. Monitoring:
The solution helps organizations efficiently manage privileged credentials with
ƒ SIEM integration, SNMP traps,
strong authentication methods, proactively monitor and control privileged account Email notifications
activity, intelligently identify suspicious activity and quickly respond to threats. Continued on the next page...
• Enable privileged access with modern Single Sign-On (SSO) and adaptive Multi-
Factor Authentication (MFA). Access privileged (or corporate) resources with a
single set of credentials to enforce stronger password policies, reduce the risk

www.cyberark.com Page 1 of 2
 CYBERARK DATA SHEET

of poor password practices, and gain visibility into the access activities across the
enterprise. Provide an extra layer of protection with adaptive MFA that leverages
SPECIFICATIONS user-specific contextual attributes such as location, device, and network information
Sample Supported Managed Devices: to assign risk to each user login attempt and create dynamic access policies.
ƒ Operating Systems, Virtualization, • Centrally secure and control access to privileged credentials based on
and Containers: Windows, *NIX, administratively defined security policies. Automated privileged account
IBM iSeries, Z/OS, OVMS, ESX/
credential (password and SSH key) rotation eliminates manually intensive, time
ESXi, XenServers, HP Tandem*,
consuming and error-prone administrative tasks, safeguarding credentials used
MAC OSX*, Docker
in on-premises, hybrid, and cloud environments. Ensure Windows and macOS
ƒ Windows Applications: Service
credentials that are not connected to the network are secured and rotated.
accounts including SQL server
service accounts in cluster, • Isolate and secure privileged user sessions. Monitoring and recording capabilities
Scheduled Tasks, IIS Application enable security teams to view privileged sessions in real-time, automatically suspend
Pools, COM+, IIS Anonymous and remotely terminate suspicious sessions, and maintain a comprehensive,
Access, Cluster Service
searchable audit trail of privileged user activity. Physical separation of user
ƒ Databases: Oracle, MSSQL, DB2, endpoints to critical target systems via a secure, hardened jump server, helps ensure
Informix, Sybase, MySQL and any that malware on an infected user device is unable to reach critical systems.
ODBC compliant database
ƒ Security Appliances: CheckPoint,
• Detect, alert, and respond to anomalous privileged activity. The solution collects
Cisco, IBM, RSA Authentication data from multiple sources and applies a complex combination of statistical and
Manager, Juniper, Blue Coat*, deterministic algorithms to identify malicious privileged access activity. A bi-
TippingPoint*, SourceFire*, directional data feed enables the exchange of high-risk privileged access findings
Fortinet*, WatchGuard*, Industrial with common SIEM tools.
Defender*, Acme Packet*, Critical
Path*, Symantec*, Palo Alto* • Secure remote vendor access. Easily and securely authenticate external vendors
accessing CyberArk with biometric multi-factor authentication that is VPN-less,
ƒ Network Devices: Cisco, Juniper*,
agent-less and password-less. Simply provision authorized users with just-in-
Nortel*, HP*, 3com*, F5*, Nokia*,
time access to critical internal resources and enable automatic session isolation,
Alcatel*, Quintum*, Brocade*,
Voltaire*, RuggedCom*, Avaya*, monitoring and recording.
BlueCoat*, Radware*, Yamaha*
McAfee NSM* BENEFITS
ƒ Applications: CyberArk, SAP, • Defend against attacks. Strengthen privileged access security. Protect the access to
WebSphere, WebLogic, JBOSS, privileged account passwords and SSH keys. Defend systems against malware and
Tomcat, Cisco, Oracle ERP*, attacks. Efficiently detect and respond to suspicious activity and malicious actions.
Peoplesoft*, TIBCO* Protect against unauthorized privileged account access, impersonation, fraud, and theft.
ƒ Directories: Microsoft, Oracle Sun,
Novell, UNIX vendors, CA • Drive operational efficiency. Eliminate manually intensive, time consuming
and error prone administrative processes. Simplify operations and improve the
ƒ Remote Control and Monitoring:
efficiency of IT security teams. Free up valuable IT staff to focus on strategic tasks
IBM, HP iLO, Sun, Dell DRAC, Digi*,
to support core business activities.
Cyclades*, Fijitsu* and ESX
ƒ Configuration files (flat, INI, XML) • Satisfy audit and compliance. Institute policy-based privileged access controls to
ensure compliance with government and industry regulations. Easily demonstrate
ƒ Public Cloud Environments:
policies and processes to auditors. Produce detailed audit trails and access
Amazon Web Services (AWS),
Microsoft Azure, Google Cloud histories to exhibit compliance.
Platform (GCP) • Enable the digital business. Balance security with a frictionless user experience.
* This plug-in may require customizations or on- Consistently enable seamless access for privileged users connecting to Tier0 assets,
site acceptance testing. Please consult CyberArk with centralized visibility and controls for privileged access management.
Sales Engineering for more details.

©CyberArk Software Ltd. All rights reserved. No portion of this publication may be reproduced in any form
or by any means without the express written consent of CyberArk Software. CyberArk ®, the CyberArk logo
and other trade or service names appearing above are registered trademarks (or trademarks) of CyberArk
Software in the U.S. and other jurisdictions. Any other trade and service names are the property of their
respective owners. U.S., 01.21. Doc. 380705392
CyberArk believes the information in this document is accurate as of its publication date. The information
is provided without any express, statutory, or implied warranties and is subject to change without notice.
www.cyberark.com Page 2 of 2