Health Service
2 Certified Professionals
216 Hours
The client needed a solution to onboard all the accounts in CyberArk behind an MFA to checklist the compliance requirement. In addition, the project had a one-month deadline to onboard and manage the accounts within CyberArk.
Challenge
- The client’s knowledge of the Privilege Cloud was limited, and they had limited time to finish the Compliance checklist
- The client lacked information regarding the total number of accounts and also had various OS, database, cloud, and LCD accounts
- The users had all privileges assigned on user’s login account(The administrator users’ logon accounts were given complete privileges; they did not have separate administrative accounts to do out responsibilities)
- The client had workstation accounts integrated with LAPS application
- The client had production Linux boxes with critical applications and also network accounts integrated with TACACs Authentication Protocol
- The client had different web applications accounts
Solution
After analysing the client’s use case and SOW, we proposed the following solutions
- The team recommended splitting the privilege account by creating new “a_” account and continuing to use the previous account for login purposes
- The team utilised DNA 8.3 not only to scan MSSQL accounts, but also to save them as reports for future filtering
- The “LAPS” application was replaced by CyberArk EPM LCD agents by the team.
- The team vaulted the UNIX accounts by creating RestAPI scripts and using CyberArk Account Discovery
- By manually performing the scripts and retrieving the privilege accounts, the team were able to resolve the CPM problem while scanning AIX systems(The team was able to fix the CPM issue while scanning AIX servers by manually running the scan commands and obtaining the privilege accounts)
- Network accounts were tied to TACACS, making Cisco platform reconciliation challenging. The team modified the Process and Prompt files with minor command changes to successfully complete the network account change process.
- Since the customer had numerous application accounts and a limited timeline to manage them, the team only vaulted the application account under a single safe.
- Because the team ran into a firewall issue while scanning DMZ accounts, the client’s internal team vaulted them in CyberArk (The internal team of the client vaulted the DMZ accounts in CyberArk due to an issue caused by the firewall while performing CyberArk Account Discovery)
Result
- We finished onboarding the accounts and partially managed them all within CyberArk
- We completed the project on schedule dates without leaving any errors unresolved
- Our assistance enabled the client to achieve the compliance requirement without any setbacks
How SecurDI can help
Aiding businesses towards a successful technical implementation with specifically curated solutions is our strength. We enable organisations to achieve their goals with best practices engrained throughout the processes. We at SecurDI with our team of seasoned professionals deliver secure and holistic solutions to make your professional engagement successful and your investments meaningful