AvailabilityGuard can utilize various enterprise access control solutions for authenticating and collecting configuration data from scanned systems. If your organization is using access control solutions for password management or for privileges management, AvailabilityGuard can be configured to seamlessly use them as part of the standard scan. This article describe several common integration points with enterprise access control solutions.
CyberArk
AvailabilityGuard integrates with the following components of the Privileged Account Security Solution Suite:
- Enterprise Password Vault
- Application Identity Manager
Once configured, AvailabilityGuard can will CyberArk Java API to obtain on-demand the credentials for a target system in scope. The credentials are queried only when the scan is triggered and are never saved to the file system.
To configure AvailabilityGuard to use CyberArk:
- Install the CyberArk Application Password Provider (AIM) agent on AvailabilityGuard master server.
- Create AvailabilityGuard Credential objects with the Cyber Ark type.
More details could be found in this article - AvailabilityGuard Integration with CyberArk
CA Privileged Access Manager
AvailabilityGuard can integrate with the Password Manager of CA Privileged Access Manager. Once configured, AvailabilityGuard can will CA Java API to obtain on-demand the credentials for a target system in scope. The credentials are queried only when the scan is triggered and are never saved to the file system.
To configure AvailabilityGuard to use CA Privileged Access Manager:
- Install the CSPM client on AvailabilityGuard master server.
- Create AvailabilityGuard Credential objects with the Cloakware type.
NOTE: This product is also known as Cloakware Password Authority / Xceedium Xsuite.
One Identity Privileged Access Suite for Unix
AvailabilityGuard can use One Identity Privileged Access Suite for Unix to run required read-only commands with elevated permissions.
To configure AvailabilityGuard to use One Identity Privileged Access Suite for Unix:
- Configure One Identity Privileged Access Suite for Unix to allow the scan user account to run the required commands.
- Create an AvailabilityGuard sudo object with the appropriate pmrun path, and include the sudo object in the connectivity policy that will be used for scanning.
NOTES:
- This product is also known as Quest Privilege Manager for UNIX / PassGo UPM.
- Similarly, AvailabilityGuard can also be integrated with BeyondTrust Powerbroker, FoxT BoKS ServerControl (Keon), Centrify DirectAuthorize (DZDO) and other commercial tools for privilege management.
Linux / Unix sudo
AvailabilityGuard can use the free Unix / Linux sudo program to run required read-only commands with elevated permissions.
To configure AvailabilityGuard to use sudo:
- Configure the sudoers file on the target host as appropriate. Refer to https://support.continuitysoftware.com/hc/en-us/articles/360003179391 for additional information about the recommended sudoers configuration.
- Create an AvailabilityGuard sudo object with the appropriate sudo path, and include it in the connectivity policy that will be used for scanning. If the requiretty option is enabled on the target host sudoers file, set PTY to Yes.
NOTES:
- AvailabilityGuard has pre-configured sudo objects for Linux and Unix configured with the default sudo paths.
- Similarly AvailabilityGuard can be integrated with other native tools such as super, Solaris pfexec, RBAC and more.
Comments
0 comments
Please sign in to leave a comment.