The new option enables users to secure and manage SSH keys as well as other privileged credentials in a single, integrated platform to identify, manage and protect against advanced external attackers and malicious insiders.
Widely used by IT teams to get direct, root access to critical systems, SSH keys are often created without any oversight or management, essentially providing ongoing, uncontrolled privileged access to the target system. Research by Ponemon Institute* showed that three out of four enterprises have no security controls in place for SSH keys and that 51% of enterprises have already experienced an SSH key-related compromise.
Widely used by IT teams to get direct, root access to critical systems, SSH keys are often created without any oversight or management, essentially providing ongoing, uncontrolled privileged access to the target system. Research by Ponemon Institute* showed that three out of four enterprises have no security controls in place for SSH keys and that 51% of enterprises have already experienced an SSH key-related compromise.
 |
Further, because SSH keys are commonly used in automated application-to-application authentication, keys can be created, distributed and never thought of again, leaving systems riddled with unknown and undocumented vulnerabilities ready to be exploited, CyberArk said.
“Cyber attackers know that hundreds of thousands of SSH keys exist in large enterprises and they exploit this situation to gain privileged access to critical systems. In an attempt to simplify trust and connectivity, organisations unwittingly leave giant holes in their defences,” said Roy Adar, VP of product management, CyberArk. “Our focus is on preventing exploited privileged accounts through any attack vector, and therefore the protection of SSH keys is a natural expansion for our Privileged Account Security solution – one that will immediately improve our customers’ security.”
Key benefits include:
· Secure management of privileged accounts accessed through passwords or SSH keys from a single platform to protect, detect, monitor and respond to potential threats.
· SSH key management, including an audit of how many keys exist, where they are located, how they’re being used and the potential risks they pose.
· Secure storage of SSH keys in a hardened, central storage location.
· Elimination of ‘timeless’ keys that create a permanent backdoor into critical systems by automatically rotating all SSH keys at regular intervals.
· Full SSH key session recording for audit and compliance purposes.
“Attackers are looking for ways to blend in with normal IT operations as long as they can and by hijacking an SSH key, they gain direct, seemingly legitimate access to critical systems that are very difficult to detect,” said Adar. “Customers are asking for solutions that prevent legitimate IT operations from being exploited by criminals, without compromising the company’s ability to stay competitive.”
CyberArk SSH Key Manager and CyberArk Privileged Account Security Solution v9 will be generally available worldwide in November 2014. CyberArk SSH Key Manager is licensed on a per target server basis.
“Cyber attackers know that hundreds of thousands of SSH keys exist in large enterprises and they exploit this situation to gain privileged access to critical systems. In an attempt to simplify trust and connectivity, organisations unwittingly leave giant holes in their defences,” said Roy Adar, VP of product management, CyberArk. “Our focus is on preventing exploited privileged accounts through any attack vector, and therefore the protection of SSH keys is a natural expansion for our Privileged Account Security solution – one that will immediately improve our customers’ security.”
Key benefits include:
· Secure management of privileged accounts accessed through passwords or SSH keys from a single platform to protect, detect, monitor and respond to potential threats.
· SSH key management, including an audit of how many keys exist, where they are located, how they’re being used and the potential risks they pose.
· Secure storage of SSH keys in a hardened, central storage location.
· Elimination of ‘timeless’ keys that create a permanent backdoor into critical systems by automatically rotating all SSH keys at regular intervals.
· Full SSH key session recording for audit and compliance purposes.
“Attackers are looking for ways to blend in with normal IT operations as long as they can and by hijacking an SSH key, they gain direct, seemingly legitimate access to critical systems that are very difficult to detect,” said Adar. “Customers are asking for solutions that prevent legitimate IT operations from being exploited by criminals, without compromising the company’s ability to stay competitive.”
CyberArk SSH Key Manager and CyberArk Privileged Account Security Solution v9 will be generally available worldwide in November 2014. CyberArk SSH Key Manager is licensed on a per target server basis.
*All images from the SSH Key Security Infographic.
*The Ponemon 2014 SSH Security Vulnerability Report, February 2014
No comments:
Post a Comment