Next time you’re outside on a clear night, look up at the stars and start counting. Chances are you’ll lose track, skip over some or completely forget where you started—there are just so many. Now imagine that vast sky is your enterprise, and each sparkling dot represents an identity (or account). Can you find them all—let alone secure them?
If you’re like most organizations out there, the answer is no. And since every identity represents a potential opportunity for attackers, what you don’t know can hurt you.
Undiscovered Identities: Do They Even Exist?
Organizations are facing rapidly changing new environments and exponentially more identities. To put this in perspective, 50% of companies expect the number of identities—human and machine—to grow by 3x in the next year alone. These identities are created by different siloes within the organization; for instance, cloud development is a major growth driver. Permissions, roles and access levels vary greatly from identity to identity.
Discovering identities across hybrid and multi-cloud environments isn’t easy—especially with legacy applications and systems in the mix. Security teams are understandably struggling to do this at scale with traditional methods.
In too many organizations, too many identities fly under the radar—undiscovered, unmanaged and often misconfigured with too many permissions (also called entitlements in cloud environments) and over-provisioned access. These “privileged accounts” provide elevated—and sometimes unrestricted—access to an organization’s underlying information systems and technology, making them key targets for both external attackers and malicious insiders. Threat actors use privileged accounts to access sensitive data, such as intellectual property, business secrets and customer information. They can also bypass critical security controls or even deactivate the organization’s security technologies to disrupt business or deploy ransomware.
Dexcom staff cybersecurity engineer Rene D. Chacon, in a tongue-in-cheek assessment of the discoverability problem, asks, “If it wasn’t discovered, does it even exist?”
Of course, undiscovered identities do exist. A lack of visibility and inability to manage privileged access can result in very real vulnerability, risk and compliance issues. Many of history’s largest, most damaging data breaches stem from identity compromise and privileged access abuse.
Enterprise Customers Highlight Key Benefits of Discovery
Industry frameworks such as NIST emphasize the importance of discovering privileged accounts as a foundational step in managing cybersecurity risk. After all, you can’t protect what you don’t know.
Enterprises need simpler ways to identify and control privileged access across their entire IT estate. That’s why we’ve built powerful discovery capabilities into the CyberArk identity security platform, which enable organizations to automatically discover accounts, credentials, IAM roles and secrets across endpoints and infrastructure in on-prem and multi-cloud environments and onboard them for secure management. We’ve also partnered with leading cloud security provider Wiz to help cloud-native organizations gain a full understanding of every identity in the cloud.
As empowered, organizations can enforce the proper security controls, such as zero standing privileges (ZSP), that are critical for reducing risk and preventing security incidents.
Our customers consistently highlight three key benefits of these discovery capabilities. But don’t take our word for it—here’s what they have to say:
1. Greater Visibility and Control
John Champion, Security Engineer-IAM at Curo Financial Technologies, says, “CyberArk’s discovery capabilities have been helpful for us to find out some unknowns in our environment. They are easy to use and have been a big help in our visibility.”
Limited visibility creates security blind spots. A discovery exercise uncovers them, providing a comprehensive view of all privileged accounts across the organization. This includes unknown or unmanaged accounts, such as backdoors created by IT administrators or developers to bypass typical authentication requirements. With the ability to identify and map access levels across the IT estate, organizations can build an effective plan to reduce risk measurably.
2. Rapid Risk Detection and Reduction
Mars Security Engineering Leader Anderson Viotti says, “With CyberArk’s discovery features, finding unvaulted privileged accounts went from daunting to effortless. Now we can track them down fast, lock them up and boost our security game—making us more efficient than ever.”
By conducting a thorough discovery, organizations can identify overprivileged accounts, dormant accounts and misconfigurations that pose significant security risks. With these insights, they can focus efforts on implementing controls to shut down the privileged pathway.
“CyberArk provides a comprehensive and detailed discovery and view of privileged accounts, enabling the identification of vulnerabilities and the implementation of effective security measures,” says Moisés Almeida, an IT System Administrator at Porto Editora.
3. Continuous Monitoring
Continuous monitoring is critical in today’s complex digital environments. Implementing continuous discovery mechanisms allows organizations to stay current on changes in their environment, such as new accounts being created or existing ones becoming inactive. This ongoing process is vital for maintaining an up-to-date inventory of privileged accounts.
“CyberArk offers cutting-edge discovery features that promise to elevate security and visibility across the cloud environment,” says Derryl Smalley, Senior IT Security Analyst at Veritiv. “We’re excited to see how it can transform the way organizations manage and protect their digital assets.”
Achieving Full Scale and Speed Visibility and Access Control
Discovery is fundamental in starting, managing and scaling an effective privileged access management (PAM) program as part of a broader identity security strategy. But trying to find everything on your own is like trying to count the stars. Don’t go it alone. We’re here to help you see problems and fix them—fast.
Lilach Faerman Koren is a senior product marketing manager at CyberArk.
