THE CHALLENGE

Privileged accounts and the access they provide represent one of the largest security vulnerabilities UW-Madison faces today. These powerful accounts exist in almost every piece of hardware and software throughout IT environments. When employed properly, privileged accounts are used to maintain systems, facilitate automated processes, safeguard sensitive information, and ensure business continuity. But
in the wrong hands these accounts can be used to steal sensitive data and cause irreparable damage to the organization.

Privileged accounts are exploited in nearly every cyber-attack. Bad actors can use privileged accounts to disable security systems, to take control of critical IT infrastructure, and to gain access to confidential business data and personal information.

Departments at UW-Madison face a number of challenges protecting, controlling, and monitoring privileged access including:

• Managing account credentials. Many Departmental IT support organizations rely on manually intensive, error-prone administrative processes to rotate and update privileged credentials—an inefficient, risky and costly approach.
• Tracking privileged activity. Many Departments cannot centrally monitor and control privileged sessions, exposing the Department to security threats and compliance violations.
• Monitoring and analyzing threats. Many Departments lack comprehensive threat analysis tools and are unable to proactively identify suspicious activities and remediate security incidents.
• Controlling privileged user access. Departments often struggle to effectively control privileged user access to cloud platforms (IaaS and PaaS), SaaS applications, social media and more; creating compliance risks and operational complexity.
• Securing remote vendors. Most Departments have little-to-no visibility or control over remote access to privileged corporate IT systems and infrastructure.

THE SOLUTION

UW-Madison through the Office of Cybersecurity and Division of Information Technology have implemented the CyberArk Identity Security Platform, providing foundational controls for protecting, controlling, and monitoring privileged access across on-premises, cloud, and hybrid infrastructure. The solution helps teams and Departments efficiently manage privileged credentials with strong authentication methods, proactively monitor and control privileged account activity, intelligently identify suspicious activity and quickly respond to threats.

• Enable privileged access with modern Single Sign-On (SSO) and adaptive Multi-Factor Authentication (MFA). Access privileged resources with a single set of credentials to enforce stronger password policies, reduce the risk of poor password practices, and gain visibility into the access activities across the enterprise. Provide an extra layer of protection with adaptive MFA that leverages user-specific contextual attributes such as location, device, and network information to assign risk to each user login attempt and create dynamic access policies.
• Centrally secure and control access to privileged credentials based on administratively defined security policies. Automated privileged account credential (password and SSH key) rotation eliminates manually intensive, time consuming and error-prone administrative tasks, safeguarding credentials used in on-premises, hybrid, and cloud environments. Ensure Windows and macOS credentials that are not connected to the network are secured and rotated.
• Isolate and secure privileged user sessions. Monitoring and recording capabilities enable security teams to view privileged sessions in real-time, automatically suspend and remotely terminate suspicious sessions, and maintain a comprehensive, searchable audit trail of privileged user activity. Physical separation of user endpoints to critical target systems via a secure, hardened jump server, helps ensure that malware on an infected user device is unable to reach critical systems.
• Detect, alert, and respond to anomalous privileged activity. The solution collects data from multiple sources and applies a complex combination of statistical and deterministic algorithms to identify malicious privileged access activity. A bidirectional data feed enables the exchange of high-risk privileged access findings with common SIEM tools.
• Secure remote vendor access. Easily and securely authenticate external vendors accessing CyberArk with biometric multi-factor authentication that is VPN-less, agent-less and password-less. Simply provision authorized users with just-intime access to critical internal resources and enable automatic session isolation, monitoring and recording.

BENEFITS

• Defend against attacks. Strengthen privileged access security. Protect the access to privileged account passwords and SSH keys. Defend systems against malware and attacks. Efficiently detect and respond to suspicious activity and malicious actions. Protect against unauthorized privileged account access, impersonation, fraud, and theft.
• Drive operational efficiency. Eliminate manually intensive, time consuming and error prone administrative processes. Simplify operations and improve the efficiency of IT security teams. Free up valuable IT staff to focus on strategic tasks to support core business activities.
• Satisfy audit and compliance. Institute policy-based privileged access controls to ensure compliance with government and industry regulations. Easily demonstrate policies and processes to auditors. Produce detailed audit trails and access histories to exhibit compliance.
• Enable the digital business. Balance security with a frictionless user experience. Consistently enable seamless access for privileged users connecting to Tier0 assets, with centralized visibility and controls for privileged access management.