North American Energy Provider

Implementing CyberArk's Privileged Access Management Solution

A North American leader in delivering energy. They also have an increasing involvement in power transmission.
Client requested RAAH services to enhance the security of its service accounts and better leverage its existing investment in its CyberArk deployment.

Problem Statement

Many service accounts were found to be over utilized and insecure
Need for a thorough Application Discovery
No Highly-Privileged Accounts (HPA) and Service Account Lifecycle Framework
Need to mitigate external and internal risks
Lack of detailed monitoring and recording of privileged sessions
Need for securely Store and rotate Application Credentials

Technology Used

CyberArk Discovery & Audit (DNA)
CyberArk Privileged Account Security

Implemented Solution

RAAH consultants identified as many applications owned accounts as possible. Identified if leveraging a script or an application will be more suitable for the following tasks:
Aid in deploying the script or the application
Identify existing shared service accounts and determine whether they need to be separated
Identify service account job assignment
Identify application owned accounts
Identify application owned account job assignments
Defined new repeatable methodology for managing new and existing privileged accounts (i.e. human – DBA, system admin, workstation admin) and service accounts (machine accounts) in CyberArk with specific emphasis on the following use-cases:
Legacy service accounts
New Highly Privileged and Service Accounts
Provided configuration of a sampling of privileged accounts
Reviewed the existing CyberArk deployment and determined any changes or additional configuration items that may be necessary
Defined windows based service accounts
Defined Unix / Linux service account
Defined network device administrator account
Defined application owned account

Benefits of the Solution

Better management and control of the privileged accounts and services accounts
Detailed Application Discovery uncovered security gaps and threats
Password credentials rotation helped to eliminate the need for password reset and sharing of privileged accounts passwords
Highly privileged accounts and service accounts framework was put in place for easier administration and automation

Have a question? Give us a shout, we would love to answer!

Get in touch

North American Energy Provider

Implementing CyberArk's Privileged Access Management Solution

A North American leader in delivering energy. They also have an increasing involvement in power transmission.

Client requested RAAH services to enhance the security of its service accounts and better leverage its existing investment in its CyberArk deployment.

Problem Statement

Many service accounts were found to be over utilized and insecure

Need for a thorough Application Discovery

No Highly-Privileged Accounts (HPA) and Service Account Lifecycle Framework

Need to mitigate external and internal risks

Lack of detailed monitoring and recording of privileged sessions

Need for securely Store and rotate Application Credentials

​

Technology Used

CyberArk Discovery & Audit (DNA)

CyberArk Privileged Account Security

Implemented Solution

RAAH consultants identified as many applications owned accounts as possible. Identified if leveraging a script or an application will be more suitable for the following tasks:

Aid in deploying the script or the application

Identify existing shared service accounts and determine whether they need to be separated

Identify service account job assignment

Identify application owned accounts

Identify application owned account job assignments

Defined new repeatable methodology for managing new and existing privileged accounts (i.e. human – DBA, system admin, workstation admin) and service accounts (machine accounts) in CyberArk with specific emphasis on the following use-cases:

Legacy service accounts

New Highly Privileged and Service Accounts

Provided configuration of a sampling of privileged accounts

Reviewed the existing CyberArk deployment and determined any changes or additional configuration items that may be necessary

Defined windows based service accounts

Defined Unix / Linux service account

Defined network device administrator account

Defined application owned account

Benefits of the Solution

Better management and control of the privileged accounts and services accounts

Detailed Application Discovery uncovered security gaps and threats

Password credentials rotation helped to eliminate the need for password reset and sharing of privileged accounts passwords

Highly privileged accounts and service accounts framework was put in place for easier administration and automation

​

Have a question? Give us a shout, we would love to answer!