assyst integrates with CyberArk to securely access privileged IT accounts
by Stephen Brunsdon, on 22-Aug-2019 11:31:00
Single system for IT management meets unified solution for privileged account security
CyberArk is the market-leading Privileged Access Security solution, helping organizations protect the administrator accounts which are the focus of most cyberattacks. The assyst IT management solution integrates with CyberArk’s Application Access Manager to provide assyst with quick, secure access to privileged systems credentials.
What are privileged accounts?
Privileged accounts are administrator accounts (sometimes known as default accounts) which are built-in to desktop and server operating systems, applications, databases, network devices, virtualization platforms, and cloud consoles.
Why are privileged accounts important?
Privileged accounts are necessary to enable IT administrators (and IT management systems) the access they need to set up and run the different IT system components which make up the IT infrastructure. Desktop support teams use workstation admin accounts to install and upgrade software, apply security patches, and fix issues. Server technicians use root and admin accounts to set up and operate server-side databases and applications. Network managers use firewall, router, and domain controller admin accounts to keep the network running and secure. Cloud platform managers use cloud consoles to spin-up, monitor, and manage compute and storage resources. And IT management systems, like assyst, use all of the above to automate IT processes.
IT environments in large organizations are complex. Most enterprise-scale organizations have at least three or four times as many privileged accounts as they do employees1. Add up all the end user devices (desktops, laptops, tablets, and smartphones), servers, network devices, cloud resources, and IoT devices and you begin to see the scale of the privileged access security challenge.
These privileged accounts wield significant power—but thousands of privileged accounts also mean thousands of cybersecurity vulnerabilities. To cyberhackers, privileged accounts are the keys to the IT kingdom—giving them direct access to the heart of your organization.
Why integrate assyst with CyberArk Application Access Manager?
The assyst ITSM/ITOM solution integrates with your existing IT systems to collect infrastructure and monitoring data, and to orchestrate IT process automations—including service automation, software deployment, smart detect-and-resolve processes, and human-triggered automations to quickly restore IT services. The scope of privileged account access can range from a single-system break-fix action to a complex service orchestration spanning dozens of individual systems.
To do this, assyst requires privileged access to desktops, servers, network devices, and cloud management systems—to pull information and take actions. Often, organizations use shortcuts to keep things simple, for example using the same local admin password across all desktops, or hard-coding passwords into scripts. These practices may help to simplify operations, but they present serious security risks, as well as causing operational problems when passwords are changed.
CyberArk is the global leader in Privileged Access Management, protecting an organizations privileged account credentials in a central Digital VaultTM. The CyberArk Application Access Manager, enables controlled access to credentials in this vault, while monitoring and recording access to detect suspicious behavior and demonstrate policy and regulatory compliance.
Integration between assyst and CyberArk Application Access Manager allows IT organizations central control over where, when, and how assyst accesses admin accounts. It abstracts privileged system credentials from assyst—eliminating the risks and expanded attack surface exposed with hard-coded credentials.
How does it work?
The integration allows assyst to request credentials from the CyberArk Application Access Manager in real time. This means passwords are never stored in the assyst database, scripts, or configuration files, and assyst always has access to the current set of credentials (no more “Invalid password” errors). With CyberArk, you can rotate passwords as frequently as you need, with no negative impact on IT process automations.
In simple terms, the integration between assyst and CyberArk automates the process of fetching privileged account credentials from the CyberArk Digital VaultTM so assyst can quickly gain access to the admin accounts it needs to automate IT operations.
The technical detail
When assyst requires access to a system—whether to retrieve data or take an action—it sends a REST API or LCP request to the CyberArk Application Access Manager. CyberArk validates the request and pulls the credentials from its secure Digital VaultTM. These credentials are returned to assyst, used, and then cleared from assyst. No credentials are stored within the assyst database, or within any scripts, configuration files, or software code. This request-and-return process happens quickly, with no noticeable performance impact—even for intensive use such as discovery.
- Gain centralized control over the privileged credentials used by assyst automations.
- Increase security by removing hard-coded credentials from scripts and configuration files.
- Get a complete, tamper-resistant audit trail of when and where assyst is accessing privileged accounts.
- Establish real-time visibility over privileged sessions opened by assyst.
- Support rapid enterprise-wide automated discovery with highly scalable solution and quick credential request cycles
Find out more about how you can transform IT through process and service automation with assyst.
All product and company names are trademarks (™) or registered (®) trademarks of their respective holders.