Cyberark Integration

TCPWave

Enterprise organizations rely on TCPWave‘s modern DDI solution to make their network infrastructure agile and scalable across the traditional datacenters and hybrid clouds. Enterprises mandate numerous security and governance tools to protect their environments; the industry-leading CyberArk Privileged Account Security solutions often provide the required access control facilities. Securing the SSH keys for privileged accounts and building ’security up front‘ for network automation to function seamlessly is a common challenge in various Infrastructure and Operations organizations.

Many organizations rely upon a static password for a privileged functional account, which is insecure, however, the CyberArk + TCPWave integration mitigates this security concern using the CyberArk Privileged Account Security Solution.

Leveraging Enrichment & Automation

The CyberArk Privileged Account Security Solution is an enterprise-class, unified solution that manages and secures all privileged accounts. It secures credentials, including passwords and SSH keys, controls access to these accounts, isolates and records privileged sessions for auditing and forensics analysis. Built on a single platform, the solution centralizes all privileged activity and provides a single data source into the TCPWave solution. The Domain Name System (DNS) is mission-critical infrastructure that all enterprises use and cannot function without. When mission critical DNS services malfunction, it can result in catastrophic network and system failure. The TCPWave IPAM secures the critical core network services in the enterprises by leveraging the modern tools designed by the SecOps experts for product development. It assists in automating the enterprise‘s NetOps tasks using a rich set of APIs that are made openly available to the DevOps community. It provides powerful management interfaces and can manage millions of IP Addresses and the hostname mappings. It also provides high performance reporting, data management and advanced analytics and process optimization via automation.

Integrating CyberArk and TCPWave

To facilitate the integration between the two solutions, CyberArk is configured to login to the TCPWave Infrastructure as a privileged functional account (root). After a successful login, the CyberArk Solution takes over the root password management and changes the root password. The password is stored in a vault and rotated at regular intervals, and all the managed devices are kept in sync. The password is provided for a specified period to the authorized personnel of the enterprise on demand.

The privileged root password is secured and store on the CyberArk Password Vault after the initial login.

TCPWave
Joint CyberArk & TCPWave Solution
  • Prevent authorized users from mistakenly or maliciously executing damaging commands by limiting the scope of privileges to what is required.
  • Secure network automation and management with streamlined auditing and reduction of network vulnerabilities and exploits.
Business Advantage

CyberArk Enterprise Password Vault is a component of the CyberArk Privileged Account Security solution, a complete solution to protect, monitor, detect, alert, and respond to privileged accounts. The TCPWave IPAM is an enterprise grade DNS and DHCP management platform that is used by medium and large enterprises. The native root password on the TCPWave appliances is managed by CyberArk Password Vault. It can be used by the authorized uses to CyberArk to perform preventive and scheduled maintenance on the TCPWave DNS and DHCP appliances. The combined solution from CyberArk and TCPWave delivers enterprise- class security and allows customers to deploy and manage a global DDI (DNS, DHCP and IP Address Management) ecosystem and expand the solution to meet changing business requirements.

TCPWave