Privileged accounts and credentials are used by businesses to maintain systems, facilitate processes, safeguard information, and ensure business continuity.

The need to secure privileged accounts and credentials is not a new concept. However, as businesses are forced to move to remote working environments, the risks and vulnerabilities that are being introduced to an organisation's privilege access policy, are growing exponentially.

Attackers have a single goal: gain access to your critical accounts, credentials, and secrets.

CyberArk's Core Privileged Access Security (PAS) solution addresses these vulnerability by preventing and mitigating attacks involving privileged access through risk-based credential protection and session management.  The solution unifies Enterprise Password Vault, Privileged Session Manager, and Privileged Threat Analytics to protect, control and monitor privileged accounts and credentials.

 

The New Era

As businesses continue to strive towards a modern workplace, the perimeters of secure privilege access are changing as companies move their processes and systems to the cloud. As a result, businesses are increasing their reliance on remote employees and vendors for crucial business operations.

The most common methods for providing remote privileged access is through VPNs, agents, and MFA solutions. However, these conventional solutions do not manage the changing requirements of remote privileged access. In 2019, CyberArk conducted a survey and found that 72% of enterprise organisations rank the risk from third-party access in their top 10 security risks. The biggest concerns being a lack of visibility and problems with provisioning and de-provisioning.

CyberArk is changing the game for remote vendor access by providing the perfect combination of strong security and ease of operation through their CyberArk Alero solution.

 

CyberArk Alero

CyberArk Alero is designed to modernise and secure remote privileged access to critical internal systems managed by CyberArk's Privileged Access Security (PAS) Solution. The SaaS-based solution combines; Zero Trust Access, biometric authentication, and seamless just-in-time provisioning. This removes the need for VPNs, security agents or passwords.

Alero enhances and simplifies remote vendor access to CyberArk's Privileged Access Security (PAS) Solution by providing a fast, easy, and secure privileged access to critical systems.  In addition, it leverages on the CyberArk PAS functionality to provide full visibility via Privilege Session Manager (PSM) and control over activities through Privilege Threat Analytics (PTA).

The process starts at the remote users' endpoint where they open a TLS-secure browser connection to the Alero Cloud Service and presented with a one-time QR code. This dynamic QR code is time-restricted and unique to the session being initiated at the point of time. The remote user scans the QR code using the Alero mobile application (available for both iOS and Android), simultaneously uses the onboard biometrics authentication of the user via the smartphone and sends a confirmation to Alero Cloud. Upon confirmation of the remote user identity, a secured browser tunnel from the remote user endpoint to the CyberArk Password Vault Web Access (PVWA) is established.  

Once the remote user clicks on the "connect" button in PVWA, the connection to the target machine is directed via the HTML5 Gateway. The HTML5 gateway tunnels the session between the remote user and the Privileged Session Manager (PSM) using a secure WebSocket protocol (HTTPS), eliminates the need to open a sensitive connection such as RDP, SSH or Telnet. 

 

Core Benefits

  • Mitigate security risks through Zero Trust Access, enforcing remote vendors and employees to authenticate their identity each time they require access to critical IT systems and applications.
  • Improve visibility with real-time privileged access monitoring enabled by the CyberArk Core Privileged Access Security solution.
  • Adopt Just-In-Time (JIT) Provisioning to prevent "always on" access, only providing access to remote users when needed. Deprovision happens when the access expires.
  • Simplify remote access through the biometric capabilities of a smartphone allowing a quick and secure authentication. Eliminate the need for VPN, passwords or agents on remote user endpoints.
  • Reduce operational expenses and complexity as you no longer need to manage corporate laptops, VPN agents or passwords for remote users; No manual provision & deprovision on remote user access.

Why The Missing Link for CyberArk?

The Missing Link has extensive experience in delivering large-scale CyberArk projects for many clients locally as well as internationally. Our resources are highly trained, holding advanced level certifications across products, and have experience leading and delivering CyberArk projects from start to finish. We have been asked on several occasions to remediate deployments that were initiated through other partners and have a great track record in rescuing solutions.

Through this experience, we have become the integrator of choice locally within the Australian client base for CyberArk, having multiple certified (CCDE) members within our team.

Speak to our other clients about their experience with The Missing Link, and we're confident you will see our reputation is well-warranted. Whether your organisation's needs are large or small, you'll receive outstanding service, competitive pricing, and a tailored solution to meet your business needs.

Get in touch with one of our cyber security specialists to learn more about how CyberArk Alero can help secure your remote user access.

Author