Oracle Magazine - September/October 2008

Today, IT security breaches are a growing problem that can have significant operational, financial, and compliance ramifications. Often the greatest threat is close at hand—increasingly the breaches are coming from an organization’s own employees, as evidenced by the growing number of insider incidents. According to a recent Computer Emergency Response Team (CERT) study, more than 80 percent of insider breaches were traced to users with privileged access to systems within the internal infrastructure.

For many companies, the privileged identities that provide administrators with wide-ranging access to systems, applications, and databases are a weak point in internal security. ,the stored The risk comes in part from the fact that these identities are meant to be shared by many users and are generic in nature, so systems don’t track who is logging into them. Additionally, are an enterprise may have tens of thousands of them—they are found on virtually every piece of hardware and software in an organization. Furthermore, these accounts are nearly impossible to disable, because they provide the main method for managing these systems.

To help companies address this problem, Cyber-Ark offers its award-winning Enterprise Password Vault (EPV), which provides a centralized solution to secure and manage all of an organization’s privileged accounts—even application identities embedded in scripts and connectors. Part of a suite of Cyber-Ark security products, EPV creates a multilayered information security infrastructure that helps companies efficiently personalize, manage, and automate privileged accounts while providing the security, flexibility, detailed tracking, and identity-auditing capabilities that are typically missing from today’s various encryption-only solutions.

Cyber-Ark is a member of the Oracle PartnerNet work. EPV integrates out of the box with Oracle Identity Management, enabling the Oracle solution to be the central point for managing and provisioning all identities, including both traditional end-user targets and the privileged administrative and application identities used by network administrators.

In addition, EPV complements the Oracle Database Vault, enhancing the management and personalization capabilities of database administrators. In essence, says Adam Bosnian, vice president of products, strategy, and sales at Cyber-Ark, “The solution enhances security by acting as a front end to Oracle’s products, so an organization knows who is accessing their data-

bases and systems, while improving auditability, workflow automation, security, and manageability.”

At the heart of EPV is Cyber-Ark’s patented and ICSA Labs–validated secure digital vault technology, which provides high levels of security for privileged passwords—or any type of highly sensitive information—both at rest and during transmission. Digital vault technology includes a Federal Information Processing Standard 140-2–validated cryptography module (with advanced encryption standards encryption), and meets payment card industry requirements. “We create an electronic safe haven in the network so that regardless of the overall network or security surrounding it, the privileged accounts are always secure and available, eliminating the traditional tradeoff between accessibility and security,” says Bosnian.

S_Sp_pe_ec_cia_ial_lA_Ad_dv_ve_er_rt_tis_isin_ing_gS_Se_ec_ct_tio_io_on_n

Building on this foundation, the EPV solution also provides

• A Web-based interface that provides a single console for accessing and managing privileged accounts throughout the enterprise

• The Central Policy Manager, a module that automates and instantly changes passwords for the thousands of databases, servers, network devices, and applications within an infrastructure

• Auditing compliance capabilities, such as built-in entitlement reports and the ability to track time, date, personalized identity, changes, and logging history

• The scalability to manage tens of thousands of privileged administrative and application accounts across multiple networks and geographies

• Seamless integration with Oracle Identity Management, providing a complete solution for managing all the identities within an organization

EPV supports an exceptionally wide variety of platforms, including UNIX, Linux, AS/400, MVS, and Microsoft Windows operating systems; Oracle and other databases; firewalls, network devices, and routers; and key systems such as LDAP, Active Directory, and more. The solution’s unique architecture enables companies to dynamically support any other third-party or in-house systems, devices, and applications.

With EPV, Oracle users can enhance security, reduce risk, and improve compliance while reducing the workloads associated with managing privileged identities. “Companies need to have this kind of rock-solid control over their most critical accounts and systems,” says Bosnian. “Together, Oracle and Cyber-Ark help them meet that challenge.”