North American Energy Provider
Implementing CyberArk's Privileged Access Management Solution
A North American leader in delivering energy. They also have an increasing involvement in power transmission.
Client requested RAAH services to enhance the security of its service accounts and better leverage its existing investment in its CyberArk deployment.
Problem Statement
Many service accounts were found to be over utilized and insecure
Need for a thorough Application Discovery
No Highly-Privileged Accounts (HPA) and Service Account Lifecycle Framework
Need to mitigate external and internal risks
Lack of detailed monitoring and recording of privileged sessions
Need for securely Store and rotate Application Credentials
Technology Used
CyberArk Discovery & Audit (DNA)
CyberArk Privileged Account Security
Implemented Solution
RAAH consultants identified as many applications owned accounts as possible. Identified if leveraging a script or an application will be more suitable for the following tasks:
Aid in deploying the script or the application
Identify existing shared service accounts and determine whether they need to be separated
Identify service account job assignment
Identify application owned accounts
Identify application owned account job assignments
Defined new repeatable methodology for managing new and existing privileged accounts (i.e. human – DBA, system admin, workstation admin) and service accounts (machine accounts) in CyberArk with specific emphasis on the following use-cases:
Legacy service accounts
New Highly Privileged and Service Accounts
Provided configuration of a sampling of privileged accounts
Reviewed the existing CyberArk deployment and determined any changes or additional configuration items that may be necessary
Defined windows based service accounts
Defined Unix / Linux service account
Defined network device administrator account
Defined application owned account
Benefits of the Solution
Better management and control of the privileged accounts and services accounts
Detailed Application Discovery uncovered security gaps and threats
Password credentials rotation helped to eliminate the need for password reset and sharing of privileged accounts passwords
Highly privileged accounts and service accounts framework was put in place for easier administration and automation
Have a question? Give us a shout, we would love to answer!