NEWTON, Mass.--(BUSINESS WIRE)--CyberArk (NASDAQ: CYBR), the company that protects organizations from cyber attacks that have made their way inside the network perimeter, today announced that it has achieved Common Criteria Evaluation Assurance Level EAL 2+ for its comprehensive CyberArk Privileged Account Security Solution. The certification underscores CyberArk’s commitment to helping federal organizations and global enterprises secure privileged accounts – the “keys to the IT kingdom” – before cyber attackers can steal and exploit them to gain access to sensitive data and systems.
As reported in the cyber attack on the U.S. Office of Personnel Management (OPM), attackers exploited privileged credentials to move laterally across networks, conduct reconnaissance without detection, and exfiltrate critical data. In response, the U.S. CIO Tony Scott called for a 30-Day Cybersecurity Sprint – which includes a directive for Federal agencies to focus on tightening policies and practices for privileged users and credentials across networks.
The CyberArk Privileged Account Security Solution helps government organizations prevent the theft, abuse and misuse of privileged credentials in advanced cyber attacks, while better containing threats, and limiting damage.
“In the face of repeated cyber attacks, the U.S. government is rightfully scrambling to tighten policies and practices for privileged accounts to prevent another OPM-style breach,” said Eric Noonan, CEO of Virginia-based CyberSheath Services. “CyberArk is the first company to offer a fully certified and comprehensive privileged account security solution. We look forward to continuing to work with CyberArk, combining its government industry expertise and ability to quickly address high demand, as more organizations work to evolve their cyber security strategies.”
Common Criteria is an internationally approved set of security standards that provides a clear and reliable evaluation of the security capabilities of IT products. This framework provides confirmation that the development, evaluation and validation of an IT product has met specific security standards in accordance with an independent assessment accepted by the most security-conscious customers, such as federal governments. The international scope of Common Criteria, currently adopted by 25 nations, allows users from other countries to purchase IT products with the same level of confidence, due to the recognition of the certification across the complying nations.
“We fully understand and support the urgency in which federal agencies are seeking to secure and protect their privileged account controls. The 30-Day Cybersecurity Sprint puts a spotlight on this critical cybersecurity issue,” said Roy Adar, senior vice president, product management, CyberArk. “The Common Criteria certification further validates CyberArk’s privileged account security capabilities. We are committed to helping organizations be more responsive to emerging cyber threats and launch proactive controls around privileged accounts and users to protect their most valuable assets.”
This certification was conducted by EWA-Canada, one of the accredited Common Criteria testing laboratories, which conducted product testing and evaluated remediation policies, secure delivery process and configuration management process. Virginia-based Corsec was CyberArk’s strategic advisor in this certification process. The CyberArk Privileged Account Security Solution v9.1 is a complete solution to protect, monitor and alert on privileged accounts across the enterprise, cloud and SCADA/OT environments.
“The Common Criteria certification of the CyberArk Privileged Account Security Solution is an important step because CyberArk has now achieved an internationally recognized standard for protection of privileged credentials,” stated Erin Connor, director of the EWA-Canada Common Criteria Test Lab (CCTL). "Achieving this certification demonstrates CyberArk’s commitment to providing high quality security solutions to its customers.”
To learn more about securing privileged accounts and credentials in the public sector, download these resources:
- Webinar: 30 Day Cybersecurity Sprint - Tightening Privileged User Policies
- White Paper: Privileged Account Security in U.S. Federal Agencies – Addressing the Department of Homeland Security Continuous Diagnostics and Mitigation Program
- White Paper: NIST SP 800-53 Revision 4: Implementing Essential Security Controls with CyberArk Solutions
About CyberArk
CyberArk
is the only security company focused on eliminating the most advanced cyber
threats; those that use insider privileges to attack the heart of
the enterprise. Dedicated to stopping attacks before they stop business,
CyberArk proactively secures against cyber threats before attacks can
escalate and do irreparable damage. The company is trusted by the
world’s leading companies – including 40 percent of the Fortune 100 and
17 of the world’s top 20 banks. CyberArk’s dedicated team based in
Washington, D.C. works closely with many U.S. Federal agencies to help
protect their highest value information assets, infrastructure and
applications. CyberArk’s U.S. headquarters are located in Newton, Mass.
To learn more about CyberArk, visit www.cyberark.com,
read the company blog, http://www.cyberark.com/blog/,
follow on Twitter @CyberArk
or Facebook at https://www.facebook.com/CyberArk.
About Corsec Security
Corsec Security is the global leader
in providing access to new markets via IT security validations. With the
largest staff of experts in the industry and a comprehensive solution
that spans consulting, documentation, testing, managed lab services, and
strategic product roadmap planning, Corsec has secured more than 350
FIPS 140-2, Common Criteria and UC APL certifications for hundreds of
organizations on five continents over the last 15 years. For more
information, visit www.corsec.com.
Forward-Looking Statements
This release may contain
forward-looking statements, which express the current beliefs and
expectations of CyberArk’s management. Such statements involve a number
of known and unknown risks and uncertainties that could cause the
Company’s future results, performance or achievements to differ
significantly from the results, performance or achievements expressed or
implied by such forward-looking statements. Important factors that could
cause or contribute to such differences include risks relating to:
changes in the new and rapidly evolving cyber threat landscape; failure
to effectively manage growth; fluctuations in quarterly results of
operations; real or perceived shortcomings, defects or vulnerabilities
in the Company’s solution or the failure of the solution to meet
customers’ needs; the inability to acquire new customers or sell
additional products and services to existing customers; competition from
IT security vendors and other factors discussed under the heading “Risk
Factors” in the Company’s most recent annual report on Form 20-F filed
with the Securities and Exchange Commission. Forward-looking statements
in this release are made pursuant to the safe harbor provisions
contained in the Private Securities Litigation Reform Act of 1995. These
forward-looking statements are made only as of the date hereof, and the
Company undertakes no obligation to update or revise the forward-looking
statements, whether as a result of new information, future events or
otherwise.
Copyright © 2015 CyberArk Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.
