CyberArk-Led Alliance Unites Security Around Privileged Accounts

A new nationwide cybersecurity industry partnership led by CyberArk Software underscores the sector’s increased emphasis on collaboration and unifying software security measures as threats mount around the world.

CyberArk (NASDAQ: CYBR) today announced the launch of the C3 Alliance, a group of cybersecurity, enterprise software, and other service providers who will integrate into their offerings more security measures for so-called “privileged accounts.” Such credentials enable access to an organization’s software systems for tasks like implementing updates or managing devices on the network. They’re meant for a company’s IT staff or other managers, but also provide a juicy target for hackers or “malicious insiders” because they provide the keys to the IT infrastructure, CyberArk has said.

Beefing up privileged account security and thwarting cyber attacks that infiltrate an organization’s network are the main focuses of CyberArk, which is based in Israel and has U.S. headquarters in Newton, MA. Through the C3 Alliance, members will be able to more easily meld CyberArk’s privileged account security tools with their own products and services, and members will gain access to CyberArk data that could provide better insights and help respond more effectively to software threats.

The alliance’s initial group includes 15 companies from coast to coast. They hail from the Boston area (CyberArk, Rapid7); the San Francisco Bay Area (FireEye, ForeScout, Intel Security, Qualys, Symantec); Austin, TX (SailPoint Technologies); Ann Arbor, MI (Duo Security); Boulder, CO (LogRhythm); New York (Varonis); and elsewhere.

CyberArk already links its products with other vendors’ tools at times, but those situations normally involve simpler integrations with “the basic plumbing” of an organization, like IT ticketing systems, said Adam Bosnian, CyberArk’s executive vice president of global business development. The alliance’s partnerships will go deeper than that and encompass a wider range of technology connections, with more data sharing between cybersecurity companies, Bosnian said.

“We’re working with partners not just in a unidirectional way, but [in a] bidirectional, very symbiotic relationship,” he said in a phone interview. “It’s more looking at use cases of what’s going to solve customers’ headaches and problems in their environment.”

One example could be fusing identity access management systems that didn’t previously talk to each other, such as one that manages end users and one that oversees privileged accounts, Bosnian said. “Bringing those two together, now you have a unified system where you have one view of all the users, their capabilities, and what they’re doing.”

The alliance partners are already using the promised interwoven capabilities and data sharing as selling points to customers, Bosnian said.

The partnership “fills a critical gap in the market by bringing vendors together to address privileged account vulnerabilities across the enterprise,” Pedro Abreu, chief strategy officer of alliance member ForeScout Technologies, said in a press release. “With the CyberArk integration, we can securely store and manage [administrative] credentials, ensuring our customers’ most privileged user accounts have around-the-clock protection.”

The C3 alliance fits into a couple of emerging trends in cybersecurity. Companies like Cybric, Raytheon, IBM, and Komand are also trying to unify their customers’ security tools and strategies. And Komand and others say they want to provide ways for cyber professionals to share best practices and collaborate more.

“I think the industry in general struggles with having point solutions at the customer [level] and not having those solutions really talking together and becoming what I like to call a ‘security fabric,’” Bosnian said. “Anybody who’s out there saying, ‘All you need is us to fix your problems,’ is somebody you need to run away from.”

Rather, companies and organizations should seek the best options in security analytics, threat response, and other tools, Bosnian said. “What we’ve been saying for many years is, one of the common areas that brings them all together is the privileged account side of it.”

Trending on Xconomy