CyberArk PAM for a Large Financial Institution

Our customer is a leading financial institution of India. It is a Market Infrastructure Institution (MII) and a crucial part of the Capital market structure.

As a financial institution, the customer’s primary requirement was to secure access to the privileged accounts on their servers, firewall devices, web applications etc. Some of the challenges facing the customer are:

  • Prevent unauthorized access to critical resources by monitoring, detecting, and responding to threats.
  • Regularly rotate all passwords including for Windows, Linux, Firewalls, Web application accounts etc.
  • Prevent privilege-related attacks as systems, applications, machine-to-machine accounts, cloud and hybrid environments, DevOps, robotic process automation and IoT devices become increasingly interconnected. Today, nearly 100 percent of advanced attacks rely on the exploitation of privileged credentials to reach a target’s most sensitive data, applications and infrastructure. If abused, privileged access has the power to disrupt business.

Adit Microsys implemented CyberArk PAM to isolate the use of privileged accounts to reduce the risk of credential theft. It helps organizations track and monitor access to ensure compliance with industry regulations. It helps organizations limit the scope of a breach by reducing the number of users with access to administrative functions. PAM helps organizations improve operational performance by providing more visibility into how administrative accounts are used. PAM helps organizations re-establish control over a compromised environment by maintaining a separate bastion environment. PAM works by combining people, processes, and technology to enforce the principle of least privilege, which states that users should only have the minimum level of access needed to do their job.

Implementing CyberArk PAM provided the customer with a robust solution with the following benefits:

  • Control and secure infrastructure accounts. Place all well-known infrastructure accounts in a centrally managed, digital vault. Regularly and automatically rotate passwords after every use.
  • Limit lateral movement. Completely remove all end point users from the local admins group on IT Windows workstations to stop credential theft.
  • Protect credentials for third-party applications. Vault all privileged accounts used by third party applications and eliminate hardcoded credentials for commercial off-the-shelf applications.
  • Manage *NIX SSH keys. Vault all SSH key-pairs on Linux and Unix production servers and rotate them on a routine basis.
  • Defend DevOps secrets in the cloud and on premise. Secure all Public Cloud privileged accounts, keys and API keys. Place all credentials and secrets used by CI/CD tools such as Ansible, Jenkins and Docker in a secure vault, enabling them to be retrieved on the fly, automatically rotated and managed.
  • Secure SaaS admins and privileged business users. Isolate all access to shared IDs and require multi-factor authentication.

This implementation not only addressed their immediate challenges but also positioned them for future growth and success in the highly regulated Finance Industry. Adit Microsys provides regular support services for CyberArk with on-site resource deployment and emergency support at any hour.