The document discusses the multiple security layers in CyberArk's Vault system for securing privileged access. The Vault uses 10 interconnected security layers including VPN, firewalls, access control, authentication, encryption, content inspection, and secured backups. In contrast, other products offer only partial security technologies. The Vault also employs hardened servers, dedicated firewalls, encrypted VPN tunnels, strong encryption algorithms, granular access controls, and additional visual, manual and geographic security layers to create an isolated, secure environment for managing privileged accounts and sessions.
The document discusses the multiple security layers in CyberArk's Vault system for securing privileged access. The Vault uses 10 interconnected security layers including VPN, firewalls, access control, authentication, encryption, content inspection, and secured backups. In contrast, other products offer only partial security technologies. The Vault also employs hardened servers, dedicated firewalls, encrypted VPN tunnels, strong encryption algorithms, granular access controls, and additional visual, manual and geographic security layers to create an isolated, secure environment for managing privileged accounts and sessions.
The document discusses the multiple security layers in CyberArk's Vault system for securing privileged access. The Vault uses 10 interconnected security layers including VPN, firewalls, access control, authentication, encryption, content inspection, and secured backups. In contrast, other products offer only partial security technologies. The Vault also employs hardened servers, dedicated firewalls, encrypted VPN tunnels, strong encryption algorithms, granular access controls, and additional visual, manual and geographic security layers to create an isolated, secure environment for managing privileged accounts and sessions.
The document discusses the multiple security layers in CyberArk's Vault system for securing privileged access. The Vault uses 10 interconnected security layers including VPN, firewalls, access control, authentication, encryption, content inspection, and secured backups. In contrast, other products offer only partial security technologies. The Vault also employs hardened servers, dedicated firewalls, encrypted VPN tunnels, strong encryption algorithms, granular access controls, and additional visual, manual and geographic security layers to create an isolated, secure environment for managing privileged accounts and sessions.
• US Patent #6,356,941 • Unparalleled centralized secure storage and sharing platform • Securing data from end-to-end using multiple security layers
Cyber-Ark LAN, WAN, Vault Server INTERNET
3 End-to-end Security
1. VPN 2. Firewall 3. Data Access Control 4. Authentication (including PKI and Token Based).
5. Encryption
6. Content Inspection
7. Secured Backup and Version Control
8-10. Visual, Manual and Geographical Security
4 Vault Competition - A Handful of Partial Technologies
VPN Firewall
Vs. Access Encryption Control
Vault Compression Access Control
Choosing many product will cause:
Low Security, Low Performance, Complex Admin., Limited Accessibility and Very Expensive.
5 Hardened Machine
• Dedicated server • Remove potentially vulnerable services • Use “safe configuration” for remaining services
6 Firewall
• Dedicated firewall • Cannot be configured • Code isolation
Cyber-Ark Protocol Only
7 VPN
• End to end security using session key
• Files are encrypted at rest • Encryption/Decryption on client side - no bottle neck on server side
8 Encryption Highlights
• Modular structure – Encryption, Hashing and
Authentication modules can be replaced by the customer. • Supported Encryption and Hash Algorithms – AES- 256 / AES-128, RSA-2048 / RSA-1024, 3DES, SHA1 • Every object has a unique encryption key • When a user is removed from the system he holds no encryption key • Secure recovery mechanism for encryption keys. • Backups are always encrypted and always recoverable. 9 Encryption • Default Encryption Algorithm –AES 256 bit + RSA 2048 • Key Hierarchy
10 Data Access Control
• Safe - Basic Access Control Unit in the Vault
• Granular access permissions – Monitor – Retrieve – Store – Delete – Backup – More… • Object Access Level control – retrieve for files/passwords • Users are totally unaware of information that is not intended for their use 11 Authentication Supported:
• Password (using the SRP protocol)
• User certificate (PKI) – including SmartCard / USB token support • Radius (Vasco, Aladdin, RSA,etc..) • RSA SecurID tokens as secondary authentication • NT Domain (windows integration) • LDAP Authentication
Always using strong Two-Way authentication protocols.
