CyberARK PAM

Module 1: Introduction to CyberArk & Privileged Access Management (PAM)

  • Definition of Privileged Access Management (PAM):
    • Explanation of what constitutes privileged accounts and why they require special management.
    • Types of privileged accounts: local admin, domain admin, application/service accounts.
  • Importance of PAM in Cybersecurity:
    • How privileged accounts are targeted in cyberattacks.
    • Real-world breach examples (e.g., Target 2013) highlighting the impact of compromised privileged credentials12.
    • Regulatory and compliance drivers for PAM (GDPR, SOX, PCI DSS, etc.).
  • Overview of CyberArk as a PAM Solution:
    • Introduction to CyberArk’s product suite and core capabilities.
    • Key differentiators of CyberArk in the PAM market.
  • Risks of Unmanaged Privileged Accounts:
    • Insider threats, lateral movement, and privilege escalation.
    • Potential business and operational impacts of credential misuse.

Module 2: CyberArk Architecture

  • Core Components:
    • Vault (Digital Vault): Secure storage for privileged credentials.
    • PVWA (Privileged Access Security Web Access): Web interface for user access and administration.
    • CPM (Central Policy Manager): Automated password management and policy enforcement.
    • PSM (Privileged Session Manager): Session isolation, monitoring, and recording.
    • PTA (Privileged Threat Analytics): Real-time threat detection and analytics.
  • Component Communication:
    • How components interact securely (protocols, authentication, encryption).
    • Data flow diagrams and typical communication scenarios.
  • Typical Deployment Architectures:
    • Single-site vs. multi-site deployments.
    • High availability and disaster recovery considerations.
    • Network segmentation and security best practices.

Module 3: Installation & Setup Basics

  • Installation Overview and Prerequisites:
    • Hardware and software requirements for each component.
    • Network, firewall, and port configuration guidelines.
  • Vault Server Setup:
    • Step-by-step installation of the Digital Vault.
    • Initial configuration, hardening, and backup strategies.
  • PVWA, CPM, and PSM Configuration:
    • Installing and configuring each component.
    • Integrating components for seamless operation.
  • Active Directory Integration:
    • Connecting CyberArk to AD for user authentication and group management.
    • Mapping AD groups to CyberArk roles and permissions.

Module 4: Account Onboarding & Management

  • Account Discovery:
    • Automated scanning for privileged accounts across the environment.
    • Manual discovery techniques and best practices.
  • Manual vs. Automatic Onboarding:
    • Step-by-step onboarding of accounts into CyberArk.
    • Bulk import and automation tools.
  • Safe Creation and Permissions:
    • Creating safes (logical containers) for organizing credentials.
    • Assigning granular permissions to users and groups.
  • Password Policy and Rotation:
    • Defining password complexity, rotation frequency, and compliance requirements.
    • Automated password change and reconciliation processes.
  • Secure Privileged Account Management:
    • Workflow for requesting, approving, and accessing privileged credentials.
    • Monitoring and auditing account usage.

Module 5: Privileged Session Management (PSM)

  • Session Monitoring and Recording:
    • Capturing and storing session activity for privileged users.
    • Reviewing and searching session recordings for audit and forensics.
  • PSM for Secure Remote Access:
    • Enabling secure, brokered access to target systems without exposing credentials.
    • Configuring jump servers and session isolation.
  • Real-Time Session Control:
    • Live monitoring of active sessions.
    • Terminating or pausing suspicious sessions in real time.
  • PSM Connectors and Protocols:
    • Supported protocols: RDP, SSH, Telnet, web consoles, etc.
    • Adding and configuring new connectors for different platforms.

Module 6: Security & Compliance

  • Audit Trails and Session Recording:
    • Maintaining immutable logs of all privileged activity.
    • Configuring retention policies and secure storage.
  • Alerts and Notifications:
    • Setting up automated alerts for suspicious or policy-violating activities.
    • Integration with email, SMS, or other notification systems.
  • SIEM Integration:
    • Sending CyberArk logs and events to Security Information and Event Management (SIEM) solutions.
    • Use cases for threat detection and incident response.
  • Compliance Reporting:
    • Generating reports for auditors and compliance teams.
    • Customizing and scheduling regular compliance reports.

Module 7: CyberArk Admin Console

  • Admin Interface Overview:
    • Navigating the CyberArk administrative dashboard.
    • Overview of available tools and settings.
  • User Roles and Permissions:
    • Role-based access control (RBAC) principles.
    • Creating and managing custom roles.
  • Backup and Restore:
    • Procedures for backing up CyberArk components and data.
    • Restoring from backup in disaster recovery scenarios.
  • Common Troubleshooting:
    • Diagnosing and resolving common issues.
    • Accessing logs, support resources, and community forums.

Module 8: Use Cases & Demos

  • Real-World PAM Scenarios:
    • Case studies of PAM deployments in various industries.
    • Lessons learned and best practices.
  • Demonstrations of Secure Access:
    • Live walkthroughs of privileged account access, session monitoring, and password rotation.
  • Common Attacks and CyberArk Defenses:
    • Simulated attacks (e.g., credential theft, privilege escalation) and CyberArk’s mitigation strategies.
  • Use Case: Secure DevOps:
    • Integrating CyberArk with CI/CD pipelines and DevOps tools.
    • Managing secrets and credentials in automated workflows.