HPE thwarts cyber attacks with Privileged Account Management alongside CyberArk
New HPE Security Services offering helps organisations prevent external breaches and insider threats targeting privileged accounts, as well as maintain compliance.
Hewlett Packard Enterprise (HPE) announced the HPE Privileged Account Management (PAM) Service offering, an extension to its HPE Managed Security Services (MSS) portfolio. In partnership with privileged account security software leader CyberArk (Nasdaq: CYBR), this offering is designed to help customers more effectively mitigate the heightened risk associated with privileged accounts, enforce more consistent application of security policies, and reduce manual efforts and administrative costs.
External attackers and malicious insiders are increasingly using the broader network permissions of privileged accounts to execute complex breaches and access sensitive information. In fact, 80 percent of all targeted attacks exploited privileged accounts during the attack process. These attacks are often able to take full control of an organization’s IT infrastructure, disable its security controls, steal confidential information, commit financial fraud, and disrupt operations.
HPE PAM Service leverages the ten global HPE Security Operations Centres (SOCs), offshore resources, and the CyberArk Privileged Account Security Solution to help organizations address some of the biggest security challenges including: advanced targeted attacks, insider threats, malware targeted at privileged accounts, regulation and failed audits, and the outsourcing of sensitive information, assets and infrastructure. The CyberArk Privileged Account Security Solution provides a comprehensive solution for operating systems, databases, applications, hypervisors, network devices, and security appliances. It can be deployed on-premise, in the hybrid cloud and OT/SCADA environments.
“Threats targeting privileged accounts are increasing in frequency, complexity and scope, making it critical for organisations to gain control and visibility of this key user group’s activity,” said Art Wong, senior vice president and general manager, HPE Security Services, Hewlett Packard Enterprise.
“The full-service HPE Privileged Account Management offering backed by CyberArk technology provides organisations with the means to effectively mitigate their risks of both external and internal attacks on privileged accounts, as well as maintain compliance.”
HPE PAM Service is integrated with the HPE Identity and Access Management (IAM) Service to address the growing challenges of IAM, thus improving efficiency and saving costs. In addition, as part of the C3 Alliance, HPE and CyberArk also offer proven and tested bi-directional integrations between the HPE ArcSight SIEM platform and the CyberArk Privileged Account Security and Privileged Threat Analytics™ solutions. The integration provides joint customers with detailed privileged account activity intelligence and actionable alerts on anomalous behaviour in HPE ArcSight where it can be correlated with other indicators to quickly identify and disrupt the most critical in-progress attacks.
“Privileged accounts provide tremendous access to sensitive information and infrastructure that can take down an entire organization if compromised by attackers,” said Adam Bosnian, executive vice president, global business development and head of the C3 Alliance, CyberArk (@CyberArk).
“This partnership combines CyberArk’s proven, innovative Privileged Account Security Solution with HPE’s comprehensive global Managed Security Services portfolio to proactively manage privileged user and account risk and combat this growing challenge.”
Benefits & Impact
The newly introduced HPE PAM Service offering features numerous enterprise security benefits, including:
- Protection against cyber attacks – Lock down privileged accounts and secure sessions to prevent malware infection at the endpoint, lateral movement, and attack escalation to stop attack progression.
- Visibility – Control of administrative access to a wide range of systems and infrastructures, from accounts on operating systems, databases, middleware and applications, to network devices and SaaS applications.
- Compliance Support – Fully auditable system that supports stringent needs of highly regulated industry sectors, such as providing auditors with detailed privileged access reports. By 2017, analysts predict that more stringent regulations around control of privileged access will lead to a rise of 40% in fines and penalties imposed by regulatory bodies on organisations with deficient PAM controls that have been breached.
- Consistency & Accountability – Seamlessly enforcing consistent password policies across the enterprise. Anonymous use of credentials is eliminated across the enterprise and auditable controls tie people to their actions.
- Efficiency – Password policies enforcement and secured, centralised, and automated password management for administrative, service, and application accounts.
The HPE PAM Service is currently available to customers as part of the HPE Managed Security Services (MSS) portfolio, which delivers an extensive security service management process and in-depth consulting expertise to define, implement and manage a resilient security program.