CyberArk: Delivering Security Offerings to Enterprises

What are CyberArk’s key focus areas?

CyberArk is the global leader in identity security, providing the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads, and throughout the DevOps lifecycle.

CyberArk provides customers with a unified approach to securing access for any user, across any application or system, from anywhere, using any device. Centered on privileged access management and powered by AI-based behavior and risk analytics, the CyberArk Identity Security Platform helps organizations secure access to critical business data and infrastructure, protect a distributed workforce and accelerate business in the cloud.

Could you tell us more about CyberArk’s presence in the Indian market?

CyberArk established its presence in the India market in 2016. Over the last five years, we have grown our customer base and partner ecosystem.

We have been very successful with larger enterprise customers. Top customers within verticals like Telecom, BFSI as well as IT/ ITES, were early adopters of CyberArk and have continued to work with us for the last four or five years. Apart from these, we have seen many manufacturing customers, especially those that have adopted automation tools or use mature ERP analytic tools, selecting CyberArk because of the out-of-the box integration we have driven together with leading technology vendors for hundreds of technologies through our C3 alliance.

Locally, we work with our partner ecosystem of system integrators, regional value-added resellers, cloud and Managed Service Providers, strategic outsourcers, advisories, and distributors to help customers solve their most critical security issues. CyberArk partners play a critical role in helping customers protect against advanced cyber threats and realize the full value of identity security.

How important has security become post the pandemic? What are your views on the growing significance of identity security?

The COVID-19 outbreak has changed the way businesses operate, and this has significant implications on enterprise security. For one, the rapid move to remote work has completely changed the way we think about the traditional perimeter of an organisation’s IT infrastructure.

CyberArk’s research, ‘The CISO View 2021 Survey: Zero Trust and Privileged Access’ shows that a significant percentage of security professionals are seeing an increase in credential thefts. We have also seen a huge increase in the number of end-users and their endpoints.

A major proportion of breaches that happened last year was due to the compromise of identities and abuse of privileged credentials. Most attacks often start with credential theft via phishing and other common hacking techniques. For example, in a multi-cloud world, any identity – be it a remote IT administrator, remote worker, a third-party vendor can become privileged and have access rights to a company’s most valuable assets.

Within this context, it is important for organizations to recognize that identity is the new perimeter. In this new environment, identity security is critical, as it can be used to empower workers and customers with easy, secure access to apps and resources from any device they use, from any location they are at, and at just the right time when they need them.

An identity security strategy that includes authenticating every identity accurately, authorizing each with proper permissions and providing access for that identity to privileged assets in a structured manner – is critical for creating the foundation of trust, that is vital for every business.

What are the existing security gaps? How does CyberArk contribute in overcoming these gaps?

In India we are seeing more businesses move to the cloud to support remote workforces and digitalization. In fact, research firm Gartner has predicted that end-user spending on public cloud services in India is forecasted to total US$7.3 billion in 2022, an increase of 29.6% from 2021.

Cloud assets and workloads are susceptible to a wide variety of cybersecurity threats including data breaches, ransomware, and phishing attacks. Cyber attackers can exploit cloud security vulnerabilities, using stolen credentials or compromised applications to mount attacks, disrupt services or steal sensitive data.

Within an on-premises infrastructure, users’ privileged access can be limited to certain roles, for instance in IT or business. This changes in the cloud environment where any user may become a privileged user in some circumstances and would retain these privileges until they are revoked. As such, it is best practice to enforce and maintain consistent, enterprise-wide privileged access management policies.

In addition, while more companies adopt collaboration tools to support remote workforces, increase their automation capabilities, and move workloads to the cloud, attackers are refining their strategies to exploit the shifting attack surface. Motivated attackers will use common means such as phishing to gain a foothold on a network to compromise an identity or exploit a known software vulnerability. Once they have this foothold, they will typically seek to exploit privileged access to move laterally, for the purposes of reconnaissance, or to maintain a persistence on the network to launch further attacks.

CyberArk helps organizations to secure access to critical business data and infrastructure, protect their distributed workforce and accelerate business in the cloud through its comprehensive suite of AI-driven identity security solutions.

How is CyberArk contributing to India’s digitalisation drive? What initiatives has the company undertaken in this regard?

With the adoption of digital initiatives, most Indian organizations are exposed to an increasing array of cybersecurity threats that have been growing in terms of size, scale and complexity. With limited budgets and resources, it can be hard for organisations to defend against every potential attack.

The average large enterprise can have hundreds or thousands of different devices. Most of these devices have privileged accounts that need to be protected and managed. In a significant number of organizations, there is no centralized approach to manage privileged accounts for these disparate devices. Adding to the issue is the fact that these devices are often added or upgraded regularly resulting in a never-ending scramble to protect all the assets that users and applications interact with. The sooner an organization can get a grip on protecting these assets, the sooner they mitigate the risk against today’s advanced threats.

CyberArk’s Privileged Access Manager solution can automatically discover, and onboard privileged credentials and secrets used by human and non-human identities. The solution can seamlessly integrate with third-party devices, applications and operating systems. When done correctly, this can provide organisations the ability to manage privileged credentials and secrets without significant development cycles, which can consume valuable resources in the process.

What are the trends that hackers have been acting on?

In 2021, media headlines were devoted to high profile ransomware attacks – notably the SolarWinds and Colonial Pipeline attacks. However, 2021 also showed some other unique attacks carried out by hackers. In February 2021, a threat actor attempted to poison a Florida city’s water supply by trying to increase the level of sodium hydroxide in the water by a hundred times. Thanks to the operator’s quick discovery and immediate actions to stabilize the levels, no one was harmed. But real-world threats remain and the attack showed the world how critical infrastructure can be used to create damage.

We believe that the public utilities sector is uniquely vulnerable for many reasons. For one, much of the infrastructure controlling industrial control systems (ICS) — the systems that support essential services — dates to the 1980s or 1990s. The critical nature of utility operations required the developers of these systems to focus on system availability and interoperability but not necessarily on security. Over the years, as these systems became increasingly joined to internet-connected IT, they became more attractive targets for attackers. India, like any other other nation, is exposed to this risk.

IoT devices have been compromised many times in the past, but the danger has not gone away, as more devices are connected to the Internet every single moment. The Internet of Things (IoT) represents a potentially massive attack surface and continues to pose a formidable cybersecurity challenge for enterprises. When IoT devices are not secured like other sensitive network assets, risk can escalate quickly, as seen in March 2021 when attackers breached Verkada, a cloud-based video security company.

Using legitimate admin account credentials found on the Internet, the attackers were able to navigate through live feeds of some 150,000 cameras stationed in factories, hospitals, classrooms, prisons and more, while also accessing sensitive footage belonging to Verkada software customers. It was later confirmed that more than 100 people within the organization had “super admin” access, each of whom could access thousands of customer cameras — demonstrating the potential dangers of over-privileged users. These two incidents demonstrate the scale of damage that can be caused by hackers. 

What should be the top priorities for companies in 2022 and beyond?

In India, a huge number of government organizations and startup firms use open source. In fact, it would be fair to say that our digital economy runs on open-source software (OSS). But countless “open” and “free” OSS libraries also mean a dramatically expanded attack surface.

The April 2021 Codecov breach gave us a glimpse of how one subtle tweak in one line of code can turn a completely benign library into a malicious one — putting any organization using it at risk.  We have seen attackers creating trojanized versions of original packages, which implement or download a backdoor or credential-stealing functionality.

Organisations must hence remain vigilant, as these subtle attacks will rarely send up signals, making them extremely difficult to spot — especially as such libraries are deployed into the pipeline as part of legitimate day-to-day operations.

We also believe that software supply chain attacks such as the SolarWinds breach or Kaseya will continue to happen, and organizations have to be extremely alert in spotting and acting proactively against these attacks. India is also a huge and growing market for cloud adoption. As multi-cloud adoption picks up pace, identity security must remain a key priority area.