Application

Identity Manager

The Challenge
Fully address the In todays complex IT environments, multiple scripts, processes and applications need to access multi-platform
resources to retrieve and store sensitive information. Such applications are granted use of dedicated accounts,
security challenges usually allowing unlimited access to sensitive information stored in corporate databases. These accounts are
of eliminating hard- usually embedded inside the application code, scripts, services, data sources, configuration files and more.
These accounts often give access to an enterprises most sensitive assets and as a result are often the victim of
coded application ongoing targeted attacks. Indeed, many of the recent sophisticated attacks reported stemmed from the
and script credentials compromise of hard-coded privileged credentials.

across your data Securing, managing and automatically replacing these hard-coded credentials impose significant challenges
and a major overhead to IT departments. As a result, up to 42% of enterprises report that they never change
center and application
hard-coded and embedded passwords for application IDs, testing scripts and batch jobs.
infrastructure.
Mismanaged App2App passwords impose great risks to organizations including:

Failed Audits. Hard-coded and embedded Solution & Key Benefits

With Application Identity Manager you
can eliminate hard-coded and visible
credentials from scripts, jobs and
applications. Moreover, push updated
credentials to configuration files,
databases and 3rd party applications
where code changes are not feasible.
passwords pose serious auditing challenges to
organizations. The PCI Data Security Standard,
for instance, specifically instructs enterprises to
develop and maintain secure systems and
applications, remove any custom usernames
and passwords from applications, including the
enforcement of strong access control and
authentication mechanisms on systems
accessing cardholders data.
Lack of Accountability. Application passwords
may be required for use by IT personnel or
developers for troubleshooting and emergency
cases. Existing solutions provide very limited
auditing and control for such scenarios.
Security Risks. App2App passwords are almost
never changed and often stored in clear text
and known by a wide variety of IT personnel,
developers and regular end-users as well as
many ex-employees or external sub-contractors.
Any attempt to change hard-coded passwords
would usually require code changes which
could negatively impact production systems,
resulting in continuous downtime to critical
business applications.
Elevated DamageThreat. Application accounts
are powerful accounts with almost unlimited
access to backend systems. Compromising the
application account may lead to uncontrolled
access to highly-sensitive business information
and to severe damages.
.
CyberArks market-leading Application Identity
Manager (AIM) fully addresses the security challenges
of eliminating hard-coded application credentials
with a proven enterprise-ready solution for smooth
deployment across your data center. With AIM you can:
Approach Compliance with Confidence.
Organizations can comply with internal and regulatory
requirements for regularly replacing passwords and
securely monitoring privileged access.
Eliminate Internal and External Threats.
Ensure your critical business systems with your
most sensitive data are tightly protected by
eliminating the need to store App2App
passwords and encryption keys found in
applications, scripts or configuration files.
Do Business Better. Secure your core business
systems while they continue running with unparalleled
availability and performance in App2App processes,
independent of network availability.
Application Identity Manager offers you unique value:
- Minimize financial losses and reputational
damage by eliminating hard-coded and visible
credentials from applications and scripts.
- Future-ready solution that easily evolves with you
to secure a multitude of applications over multiple
platforms and sites as your business grows.
- Increase business continuity across your data
center during application credentials
management.

Features
Application Identity Manager (AIM) utilizes
CyberArks patented Digital Vault Technology,
which is ICSA certified, and designed to meet
the highest security requirements for managing
privileged and App2App accounts. The Digital Vault
provides numerous underlying security capabilities
for authentication, encryption, tamper-proof audit
and data protection.
AIM delivers a complete infrastructure to centralize
the management of credentials to resources along
with a comprehensive set of abilities for managing
these service accounts, including:
Eliminate Hard-Coded Passwords.
Using the AIM variety of password SDKs,
enterprises can remove passwords from all
scripts, application code and configuration files,
making them invisible to developers and
support staff while automatically replacing
credentials based on policy without any impact
to application performance or downtime.
Automatic Password Synchronization.
To comply with audit regulations, AIM offers
the ability to change passwords on demand
and according to the enterprise policy without
any interruption to production or need for
development/testing and IT support. AIM can
also be utilized to push passwords to different
locations within configuration files, databases
and 3rd party applications, where code
changes are not feasible
Application Authentication.
AIM utilizes advanced means to authenticate
applications requesting credentials ensuring
only allowed applications can access them. This
includes enforcing limitations like machine
address, OS user, application path and run-time
signature.
High Availability, Redundancy and Business
Continuity.
AIM is designed to meet high-end enterprise
requirements for availability and business continuity
for the most critical business applications, even
within complex and distributed network
environments. With its secure caching capabilities,
enterprises can rest assure their mission critical
applications will always have access to their service
accounts, independent of network performance
and availability. The caching agents require zero
management while providing the highest levels of
resiliency and performance to calling applications.
Cyber-Ark Software Ltd. | cyberark.com
Specifications
Unique Solution for Application Server Encryption Algorithms:
Data-Source Credentials.
AIM provides the only solution for securing and AES-256, RSA-2048
automatically managing credentials required by HSM integration
mission critical applications and stored within FIPS 140-2 validated cryptography
Application Server Data Sources. The patent
pending solution is implemented without code
Access and Workflow
Management:
changes and zero downtime or restarts are
required during password changes. LDAP directories
Identity and Access Management
Out Of The Box Solution for Third Party
Ticketing and workflow systems
Applications.
Many third party applications, such as Authentication Methods:
vulnerability scanning solutions, CRM products
Username and Password
and more, require privileged credentials in
RSA SecurID
order to access sensitive devices or databases
Web SSO
to perform their job. They use credentials found
RADIUS
in config files, databases etc to access these
PKI and smartcards
systems. AIM integrates with these third party
LDAP
products to securely deliver the credential
Windows-based Authentication
when necessary while automatically managing
and replacing these credentials for better High Availability:
protection of your IT resources. Clustering support
Web Based UI for Managing Applications. Persistent secure local cache
Flexible views allow enterprises to audit, track and Multiple Disaster Recovery sites
securely manage all their App2App communication. Integration with enterprise backup system
Encryption.
Monitoring:
All passwords are encrypted while at rest in the
SIEM integration
Vault or in a secure local cache and while in
SNMP traps
transit to the requesting application.
Email notifications
Enterprise Readiness.
Application Platforms:
Easily integrates with the enterprise infrastructure.
This includes LDAP and IAM integration for user Windows
management and automatic account Linux/UNIX
provisioning; use of Windows domain, RADIUS, AIX
PKI, SSO or RSA SecurID for authentication; Solaris
monitoring and SIEM integration using SNMP, HP-UX
Syslog and SMTP; integration with ticketing and
workflow systems; robust SDK, built-in HA/DR Application Platforms:
and much more! Java
CLI
A Comprehensive Solution COM
C/C++
CyberArk Application Identity Manager is a component Application Servers: Websphere,
of the CyberArk Privileged Account Security Solution, a WebLogic, JBOSS, Tomcat
complete solution to protect, monitor, detect, alert, and
respond to privileged accounts. Products in the solution
can be managed independently, or combined for a
cohesive and complete solution for operating systems,
databases, applications, hypervisors, network devices,
security appliances and more. The solution is based on
the CyberArk Shared Technology Platform which delivers
enterprise-class security and allows customers to deploy
a single infrastructure and expand the solution to meet
changing business requirements.