Services and Information

Discovery and Audit (DNA) Workshop

Description:
A review of organizational requirements and drivers to identify objectives, success criteria, priorities, and use cases of a privileged access security solution. With CyberArk, customers will conduct an in-depth review of critical controls and timelines using recommended CyberArk frameworks such as SPRINT and the Privileged Access Security Cyber Hygiene Program.

Approach
1. CyberArk will Assist customer in executing CyberArk Discovery & Audit (DNA) tool to generate a DNA report on discovered privileged accounts and credentials based on access
2. Based on report from DNA, CyberArk and the customer will:

  • Review privileged credential usages and risk management analysis with Customer, which may including any applicable on-premise/hybrid/cloud credentials and secrets such as root accounts and access keys
  • Provide guidance for onboarding, securing, isolating, and monitoring critical credentials, from pilot, test groups, to standardization for production roll-out
  • Provide guidance for developing advanced use cases, workflows, and solution design in securing privileged credentials
  • Review roll-out strategy and process and identify potential issues and risks
3. Lead discussions on roles and responsibilities for management and administration of a privileged access security solution, based on CyberArk experience and industry best-practice
4. If applicable, recommend the number of additional services days, scope, and licensing needed to assist with deploying the proposed solution
5. CyberArk to draft and review the following documentation
  • DNA Report
  • Detailed Onboarding Plan

CyberArk Red Team Engagement – Tools, Tactics and Procedures (TTP)

Objectives

  • Understand different tactics, techniques and procedures utilized by attackers
  • Understand the operational consideration of targeted adversaries
  • Learn how to test security products by executing custom attacks
  • Develop skills to better identify indicators of malicious activities

Topics

  • Code Execution 
  • Covert Channels
  • Persistence 
  • Privilege Escalation
  • Lateral Movement

Two Phase Approach

  • Provides interactive hands-on training to introduce your Blue and Red-Teams to common TTPs utilized by adversaries
  • The first phase of training focuses on TTP lecture, labs and demos with an emphasis on real life, adversary simulation scenarios and experiences from the CyberArk Red Team
  • The second phase of TTP training is tailored to each customer, based on unique elements of each customer’s security posture and environment
    • Using the customer’s network or a custom lab environment, trainees will run red team activities 
    • The goal of phase two is to utilize current defensive solutions to identify and mitigate adversaries in real life situations
  • This training emphasizes CyberArk’s investment in nurturing stronger and more confident blue teams and security programs

Intended Audience

  • Security Operations Center (SOC) personnel and leadership
  • IT and Security professionals interested in offensive security
  • Blue-Teamers / Threat Hunters
  • Red-Teamers / Penetration Testers

CyberArk Program Development Engagement

Description
CyberArk industry-leading advisors help plan and develop a privilege access security program. This package accelerates the formulation of a privilege access security plan, saving time and money while slashing the development cycle from months to weeks.

The CyberArk Program Development Engagement would include:

  • Live data collection using field-proven discovery and assessment tools

  • In-depth interviews with tech and business team members

  • Interactive workshops to review results and recommendations

  • Executive presentation to discuss findings and strategic impact

  • Summary report with conclusions and recommendations

  • Comprehensive technical report detailing tests performed, vulnerabilities discovered, and risks identified


For more Information