Basic info on enterprise solution

Cyberark offers a wide array of solutions for delivering and securing application credentials.

Credential Provider (CP):

  • Agent on application server
  • Recommended for highly critical applications since it caches credentials on the application server
  • Attribute based authentication includes: OS user running the application, application hash, application path, CIDR restrictions.
  • More information can be found here

Application Server Credential Provider (ASCP)

  • Agent on application server
  • Similar to the CP however it is created specifically for application servers that connect to databases.
  • Supported application servers are: JBoss, Weblogic, WebSphere and Tomcat
  • More information can be found here

Central Credential Provider (CCP):

  • Agentless solution
  • Authentication methods include: Client Certificate, Certificate Serial Number, CIDR restriction and OS User for Windows
  • REST API request to fetch needed credentials.
  • Recommend for scripts, non-critical applications, and dynamic applications.

Dynamic Access Provider (DAP - Formerly known as Conjur)

  • Agentless solution
  • Authentication Methods: Kubernetes, IAM role, OIDC or API key.
  • Highly scalable solution for dynamic applications across cloud providers, hybrid environments or container orchestration tools.
  • REST API request to fetch needed credentials.
  • Security as code via YAML files.
  • Integrates with all your favorite DevOps tools: Jenkins, Ansible, Terraform, Puppet, Kubernetes, Openshift and PCF.
3 Likes