Many people underestimate the value of these tools because they treat them as simple automated password management. Once you realize the volume of passwords in your organization and factor in nonhuman passwords, you realize its value. Last year, CyberArk Impact cited 45 nonhuman passwords for every human password. If you have 10,000 employees, you can imagine the number of passwords. There are also many other operations. For example, you have a Qualys scanner that needs to reach out and touch all your endpoints and scan them for vulnerabilities. They use an API call to CyberArk to pull out a Privileged credential that allows them to log in to that target. This is an automated machine call. It is tapping into CyberArk to get that credential. There can be hundreds of thousands of those operations a day. You do not want to manage those passwords by hand. Some people marginalize the significance of such a solution by saying that it is just a fancy password changer. It goes well beyond that, especially with API calls and automation. Its importance extends beyond merely changing passwords; it involves automation, API calls, and process integration, crucial in agile environments for standing up new Amazon servers or other processes needing privileged credentials. CyberArk can automate these tasks into their build processes. Another critical feature is the proxy service via Privileged Session Manager (PSM), providing not only a proxy between your user and the target servers, protecting against malware but also offering session recording. Many companies I have worked with implemented a PAM product as a knee-jerk reaction to SOX audit requirements. They discovered they needed session recording and retention for regulatory compliance. This has become a major factor for clients instituting CyberArk, so PSM is a big deal in addition to regular password rotation.
