Orchestra’s Purple integration with CyberArk Privileged Access Manager,
simplifies and secures credential management. IT and security personnel no longer need to
store and manage credentials (passwords, etc.) within the Harmony Purple platform to perform scans. Leveraging CyberArk’s centralized PAM significantly reduces the complexity of conducting scans and helps ensure scans are completed without interruption.
Vulnerability assessment requires network-wide scans of sensitive assets and critical infrastructure. Accessing these diverse assets seamlessly and securely whilst assuring a smooth fast scan is not simple.
Orchestra Purple, together with the CyberArk Core Privileged Access Security Solution, provides an all-in-one secure vulnerability management solution with centralized credential management. This enables security personnel to run scans without needing to know or configure credentials for multiple, disparate systems. All privileged access to target systems being scanned is through the CyberArk PAM.
About CyberArk Application Access Manager
CyberArk Application Access Manager is designed to provide comprehensive privileged access, credential, and secrets management for widely used application types and non-human identities. For example, Application Access Manager secures credentials for commercial off-the-shelf applications, traditional internally developed applications, scripts, as well as containerized applications built using DevOps methodologies
How both systems work together:
The integration allows our users to choose before each scan if they wish to use a Privileged Access Manager agent or not. To take advantage of PAM access, simply enter the credentials in the credentials page. This integrates the solution for all future scans, promising they generate a new secure password whenever they need to authenticate
The architecture in a nutshell:
The bottom line:
With Privileged Access Management, Orchestra’s Purple benefits from providing even more secure scans, using a simple one-time process which only requires entering credentials (and even uploading a certificate if the client desires to do so)