Tenable and CyberArk Integration
Tenable integrates with CyberArk to simplify privileged access to hosts for vulnerability and compliance scans enabling improved scan accuracy and performance.
The integration combines CyberArk’s Application Identity Manager with Tenable’s vulnerability management and continuous network monitoring solutions to enable organizations to perform credentialed scans of hosts and reduce complexity and exposure by centrally managing and storing privileged account access.
Conducting credentialed network vulnerability assessments requires privileged access to target hosts. However, maintaining privileged accounts across throughout the organization poses the following challenges:
- Individually managing and updating privileged access across all hosts can be difficult and time-consuming
- Privileged access needs to securely managed to avoid abuse
- Deploying agents locally on hosts is not always possible
- Accounting of organizational credentials is required to meet regulatory compliance
Many organizations implement password vaults to ensure that privileged accounts are regularly updated and consistent across the organization.
Integrating CyberArk Application Identity Manager with Tenable solutions allows a customer to retrieve privileged credentials from the CyberArk Secure Digital Vault for use in security and compliance scans.
This centralizes and automates the process of managing and updating privileged access to hosts. By integrating with CyberArk, customers can easily perform credentialed scans across their environment to identify vulnerabilities, misconfigurations, and non-compliance.
How It Works
- Configure the scan policy on Tenable solutions to query CyberArk for privileged access to target host
- Tenable then requests privileged account access from CyberArk to scan target host
- CyberArk provides privileged scan credential for security scan
- Tenable solution uses the provided credential to log into the target machine and read configuration data to identify vulnerabilities and misconfigurations
The integration between CyberArk Application Identity Manager and Tenable allows customers to:
- Leverage existing CyberArk Application Identity Manager to support credentialed scans without the need to store credentials within Tenable solutions
- Simplify security scanning by centrally managing and storing privileged credentials within CyberArk Secure Digital Vault
- Reduce the attack surface, as customers no longer need to individually manage privileged scanning accounts across all of their assets
- Ensure full accountability and traceability of all privileged account activity and avoiding privileged account abuse
- Enable faster and more accurate vulnerability scans with deeper analysis