Welcome to CyberArk Privilege Cloud
This topic provides an overview on Privilege Cloud, its capabilities, and architecture.
Privileged access represents the largest security vulnerability organizations face today. Privileged access exists in infrastructure and applications, whether on-premise or in the cloud. When employed properly, privileged access is used to maintain systems, facilitate automated processes, safeguard sensitive information, and ensure business continuity. But in the wrong hands, this access can be used to steal sensitive data and cause irreparable damage to the business.
Privileged access is exploited in nearly every cyber-attack. Bad actors, whether external attackers or malicious insiders, can abuse privileged access to disable security systems, to take control of critical IT infrastructure and applications, and to gain access to confidential business data and personal information.
CyberArk Privilege Cloud is a SaaS solution that enables organizations to securely store, rotate and isolate credentials (for both human and non-human users), monitor sessions, and deliver scalable risk reduction to the business.
Privilege Cloud protects, controls, and monitors privileged access across on-premises, cloud, and hybrid infrastructures.
The main capabilities of Privilege Cloud are:
Manages privileged access and credentials
Automates privileged credential rotation for both human and non-human users, eliminates manually intensive, time consuming and errorprone administrative tasks, and safeguards credentials used in hybrid and cloud environments.
(This function is managed by Central Policy Manager (CPM)
The CPM changes secrets automatically on remote machines and stores the new secrets in the Privilege Cloud, with no human intervention, according to your organizational policy. It also enables organizations to verify secrets on remote machines, and reconcile them when necessary.
This function is managed by Secrets Rotation
Secrets Rotation manages secrets on remote machines and stores new passwords in Privilege Cloud, with no human intervention, according to the organizational policy.
|Isolates credentials and sessions
Elevates your security posture by establishing a secure control point to isolate sensitive sessions and prevent credential exposure.
Offers automated tools to identify and secure privileged credentials across your organization.
Controls least privilege access for *NIX and Windows
Allows privileged users to run authorized administrative commands from their native sessions while eliminating unneeded superuser privileges. It also enables organizations to block and contain attacks on Windows servers to reduce the risk of information being stolen or encrypted and held for ransom.
This function is supported by Privileged Session Manager (PSM) and PSM for SSH
|Records sessions and enables audit
Reduces audit reporting efforts by automatically recording privileged sessions with a searchable log of privileged sessions.
Monitors and records sessions and enables security teams to view privileged sessions in real-time and maintain a comprehensive, searchable audit trail of privileged user activity. By maintaining strict isolation between endpoints and targets, security teams can help mitigate the risk of malware spreading from infected endpoints to critical systems by never exposing endpoints (typically the weak point in the attack chain) to privileged credentials.
This function is managed by Privileged Session Manager (PSM)
The PSM enables users to establish privileged sessions with Windows target machines and records sessions for future audits.
|Secures credentials for applications and non-human users
Hard coded credentials used in homegrown applications can be removed and managed by Privilege Cloud. The solution also integrates with other leading security vendors to remove hardcoded credentials from applications when they require privileged access to perform set tasks.
To learn about Privilege Cloud architecture and functional components, see Privilege Cloud architecture.
The following diagram describes the Privilege Cloud architecture:
For a more detailed architecture diagram, see Privilege Cloud architecture.
You can extract data at any time by generating reports in the Privilege Cloud Portal in CSV format. For details, see Privilege Cloud report types.
You can also use REST APIs to extract data from Privilege Cloud in JSON format. For details, see REST APIs.
For a detailed description of the Privilege Cloud architecture and functional components, see Privilege Cloud architecture.
If you require assistance, contact CyberArk customer support.