Cyberark Tutorial |Learn cyberark from Scratch | Cyberark for beginners |
so hi team good evening hope I'm audible okay hi I'm Raj uh I work as a Freelancers training and I am providing training on corporate office also so so today topic we'll discuss about the Pam and on that year we'll discuss about the Cyber AR and other tools and give the more updates okay so please pause me whenever you request any help any you know confirmation any clarification so and this session yeah mostly will not only one-sided we need to you know make as you know live session we need to cross check if need any help we need any clarification yeah we can go through that okay so yeah without wasting time let me start let me once able to see my screen team can anyone confirm yeah not it just uh it's processing thank you okay let me know on you to see my screen yeah sure yeah okay it's not dist started one second hope I think you yeah okay thank you yeah so today's session is a privilege access management and uh what is mean for privilege access management and why we are you know the meeting header I can say the Cyber okay why the Cy name came okay so before going to that okay let me admit someone is waiting okay before admit uh proceeding further first we need to know what is the privilege access over what is the term why why the Pam name came okay and let me know my voice is audible okay if you need more piece yeah uh I can you know engage voice but if it's fine thank you so much your voice is perfect and we can able to hear you clearly perfect thanks NE so moving to the next slide and and this is the agenda we are going to cover and this is the details so so Pam and and see if you are if you work as in a cyber security domain if you not work as cyber security domain okay so let me give you the few criteria okay what all the domains will come under the cyber security so first in IM IM domain so what is the IM identity access management under the identity access management we have three major you know category that is called for identity access management inside the again the privilege access management another is access management that's for the authentication and all so we are going to talk about to the Pam is a privilege exess parement on that Pam what all the tools what all in the market current situation is there what are the market share for the different different tools is there okay so we'll discuss about that part okay so the as I said you know cyber security so what is cyber security so any of the you know if you go for any of organization okay if the any of the user you know how to manage the user in the organization okay you should have some you know process some tool tool okay some meth already defined by the you know different different vendor and tools okay so for that we are talking about the privilege access management this is cyber security practice okay and set of Technology you know designed to secure how to secure exess how to monitor your exess okay and what all the exess what is the mean for exess okay suppose you are logging to your system and all that is also called excess correct but we are not going to talk about the normal access you know if are loging you are using your bank account you're using your you know log to the system you're using your Mobile password and all this exess we are talking about the very very privilege exess means like Bank Locker okay you can't share your bank local password to other and all if you share maybe someone can you know install something you know from your locker and all okay so same thing in the cyber security if you talk about the access the S ad active directory in active direct a domain controller domain controller domain admins and so many things is there okay so if you get the higher privilege for that one so if someone unauthorized person got the access he can delete all your files you can delete the complete you know information about company and the data and Records okay that will be very very know uh loss for the company data also going to loss and brand also going to to lose okay so think about that so why the company is investing a lot of money on this this type of tools to secure their data to make the good you know um uh reputation in the market without any cyber threat and so all because once your data brid okay you are out of the market anyone can see your data and all so this is the privilege access management and what all you know the it privileges it infrastructure so mostly for know the it admins and all those who are logging to your system in office you know office Enterprise admins and all they have the higher privilege why because they need to do some certain action you know which normal user day-to-day activity he don't required correct so in that case that is called the privilege exess means higher privilege when you can do all set of work without any extra uh priv access required now coming to the next slide uh this is just a privilege access overview and this is the on one second so Pam tools so this is not the first time concepting the pams and in the markets okay the 18 20 already tools is there okay Pam tools there but what is the current trends in the markets okay not cyber is not only one TR cyber available in the market if you see the this side this is the Gartner report 2023 okay so if you see the leader who is the leader cyber second beond trust this centrify C so these all the product name okay and we are and if you see the you know the market share for cyber AR around 60 to 70% markets are across the globe okay so except uh Gulf country UA you know I if said major area the Cyber are expl and if you talk about the gulf country about you know uh so they they are in the beond trust most out of 10 you'll get the nine nine customers using the beond trust but all the tools have the same same features okay but the why the difference okay maybe the support maybe they you know the license cost maybe they the very good in the market this is very easy you know user standpoint of view So based on that certain factors okay these all the whatever the leaders and Challengers is doing it's defined by The Gardener okay so what are the tools available so I just randomly I picked few name okay so first the Cyber AR then is tyo secret server beond trust password say centrify one identity ship cardi ID wellex Aon so Aon and all mostly you'll see in the Australian CL using okay wellx is is very old Legacy tool I can see okay but first three yeah first three in the team please be on mute for if you Jo the call okay if you're not speaking if you have any question yeah please let me know okay so uh Team if any question till now yeah uh I can take question if you need conf yeah push I have cyber so cyber we have two two two kinds of interactive type right cyber a and cyber WCS right so uh here my doubt is in future are we going to replace the uh a with WCS I mean web based credential service yeah so we based cred in future maybe you can do but as of now currently cyber are making the you know you heard about the privilege Cloud also correct because currently cyber are having two solution one is the on Prim solution another is the privilege Cloud so they are migrating their solution in the cloud but not in very fast Bas okay so whatever you say the a currently using the web like you know Windows based and all but yeah in future definitely they have the plan and as of now I can see the customer transforming from core pass to privilege Cloud not in that you know that fast mode okay so yeah definitely maybe in future 5 to 10 years later yeah you can see that you know uh that process will come I hope you got your answer correct thank you thank you yeah haraj AIT yeah AIT yeah so Raj uh in terms of that like Market capturing uh about these tools uh how we can uh see that cyber for that next Futures me I'm just asking you in the point of comparisons as well as like how that really that cyber will be the leading tool we can say that in in market for that next all the it hubs and all how yeah correct that's a good question so cyber if you see the components modules I I I'll show in some different slide So currently cyber having the different different modules okay and different solutions for different different purpose so now I'll just give you example so cyber AR having the core pass that's normally your password manager and everything is going to come under okay and next will come the L so L one of the you know just company they required why we requireed l because some the you know suppose you have the manufacturing company most most of the vendor you know subcon ventor is coming to your you know premises they want to log in they need to use your you know other facilities your machine and all so how you can manage that kind of user okay it's a temporary it's a one time user maybe it's a three six month you know the person is coming that call just in time exess is itself you know currently the core pass the just in time exess but yeah for that is separate kind of things you know that cyber has you know acquired other company that is the product called the another called the EPM interp your system apart from the conure if you know the conjure conjour is you know very fast growing because most of the depths of application and all contain and all how to you know manage their password and all the consumer is coming correct so instead of you know depends on Market to Market Val the tools and you know the technology keep changing so the Cyber are keep keep updating self the product okay and you know based on that whatever the I mention here the list of uh product name it's always give the A and reason for is you know they have the uh plugins available in the most of the IM tools okay s Point entry now CN and I know whatever the tools leading to the IM currently okay why because they are very good in managing the user management your license management okay and it's a different flavor you'll get you know the plugins and you know uh reports kind of thing pass report and all you'll get the different kinds of reports and the very vast Community for the Cyber you'll get n number of question any number solution for you know the community all the community is very rich compared to the all so that's the reason they are into the market as of now I can see and down the line yeah they are already started the cloud as I said earlier uh Cloud migration privilege cloud and all and out of 10 current solutioning is happening out of 10 two to three customer is going to privilege Cloud why the privilege Cloud because if you don't have the complex integration okay you just manage your password management and few only few selected future you can go for the pr Cloud but the customer who has very fast integration very you know uh different different you know domain controller different different place uh they the teams and you know different integration for that you know core pass still is the best solution yeah so that cyber AR is also available in like modules correct so yeah yeah yeah yeah C Mod you can take that only PM or something yes yes yes yes yes I I'll discuss that next um but thanks thanks thank you if someone is talking to is anyone any question now yeah uh again Bush here yeah yeah actually uh what I'm understanding cyber is a passwort management system so we here I have one doubt one more tool we have right to sale Point actually I'm not aware about the tool I'm just asking about the tool it is a uh user manage uh use I mean uh uh user managed Service uh cyber is a password manager service so what is the difference between C point and Cy cyber can correct yes yes yes definitely it's a good question so as I said earlier so in imem identity access management we have the three track broadly okay one is the identity user access user management one is privilege access management another is for the access normal access management okay what while you are talking about the sale P sale P what will say sale P you'll do in sale P you do the user management how the user management once a user is on board suppose I'm just giving the Layman language okay how you join suppose you join capj okay your account your user account should be you know user should be onboard to the capj database okay like when you join who is your manager what is the department okay who will be your project manager which project you are going to work okay so that kind of setups if you want to somewhere store you need some system correct that system called salpo identity Saleo IQ identity now whatever thing okay so what the system will do when you join the organization your all the details is going to fulfill there once you you know suppose any apprisal happening what kind of things so we what all the details you're going to submit okay it's linked to the HR System okay HR System is nothing but the work day I just give you one more example for the work day from there all your information pushing to the sale pint and salale pint what will do it will take care all your data stor into the sale pint uh you know sale pint system and in case if you suppose you know your department changing something happening it is going to capture each and everything s but this is just for the user management and your exess management what access management you can do suppose you have you know multiple system of exess suppose you have the ad accs you have you know cyber access other access so how your access is going to certify who is going to certify your exess suppose your user manager yeah your application manager and all project manager for that certification campaign will create inside the Saleo system there your data will going to certify but how the data is going to certify your data is going to push from cyber push from the workday push from the ad and going to store in the sale point so sale point just for the user management and user review purpose user access review this two is the broadly used for and also use for the exess request suppose you need an exess any of the application exess that you can configur in the Saleo system yeah just one doubt hello yeah yeah so user Administration is the one which you're talking about Sal s point is normally done for the user Administration correct correct yes yes yes yes okay so the entire life cycle joining correctl provisioning jml correct yeah so one point uh so in the market which is more in deand when it comes to see there are two types of one is the users which are internal to organization other one is external to the organization correct right uh we call it as c c correct yeah yeah consumer identity and which is mainly targeted for external users right yes yes yes so uh what is the can that part be handled by cyber no so cyber you know user management is not going to take care by the Pam and all reason is that yeah it is a privilege only for your accounts correct pimpam basically P correct so there is no module that that I'm aware of it but there is no mod module that has come with regards to uh the CIA the Cyber people have not come up with that right no no no no no so okay so coming maybe you know down the line OCTA and Pam Oka and cyber they are the market container for the user management also because OTA already came to the market for the user management as well now Pam cyber also coming to that phase but as of now they don't have any plan okay with C who are the market leaders apart from OA uh apart from OA I can see that ping ID ping fed is there also ID so these two are you know I can see as of now both are upper and G but in Octa having the AG compared to the Ping but recently there was a hack on the OCTA right there was Cyber attack C and due to which that trust with OCTA has decreased in the market that is what I am seeing now true true true so after that every 15 days uh if you have the partner partner in of the organization you'll get the alerts okay you need to do some you know changes maybe vity port scan kind of thing so that kind after that now I can see the major communication came from Oka as of now but ping why why the Ping I'm just telling because earlier ping is you know the onframe solution not the Cloud solution but yeah they came to that P know now they are migrating they you know existing customer to cloud and all but Oka from the beginning is a cloud 100% s product Oh after his completely s product and was normally for on yes yes yes but you know they have also started the cloud two years back only they started uh but it is not so much absorb I mean no market share true true true so is there is there any solution which is addressing all three area Pim Pam identity access management and your uh uh priv uh your sorry Administration part of it all three area MH as of now I I not SE any any tools one one one no no uh that is that is another big complexity in an organization corre because we have to depend completely on two separate and integration and manageability becomes a challenge organiz so as of now I can see if you're looking for the IM user management sale uh aviant is market leader compar to S Point identity now because s point idty now is just true s you can't do the must customiz and all and you have the complex integration don't go for the sale P know it's my personal how about how about micro micro Focus uh which open text yeah open text B and all so micr focus is also good but you know the problem is that most of the plugins and you know connector is still not you know sustainable but if you go for you know s point sorry save and S now you'll get the lot of connector without you know you need to do the scratch from the development and all plugins is available okay Savant why because Savant is not true SAS but yeah I can see that you know they have the upper hand because you need to do a lot of customization with the help of their um Team okay and one more thing now nowadays people are offering ass a service uh providers cor platform as a service on the platform you offer these solution to the End customer correct correct yeah but uh then uh do you think any challenges there offering the Identity On A Cloud environment currently with the security concerns do you find that is a still concern yeah so I can see as of now uh in my knowledge uh capj is wrting the P pass service platform service and they will you know give the uh why you go for indirectly AWS and you know separate uh agreement where we can give the complete monitoring and installation the platform and all you can use but still I can see that you know the trust and all if you're big Brands and all uh still the cloud you should have the proper you know security and control Cloud security should be in place okay you should be the uh review and audit and purpose every 6 month okay that platform as a service you can see the Amazon and whatever the other Cloud providers the Google Google and Azure they have they know the complete from the basics but if you go for the subcon kind you know whatever I give the they they will take the Amazon as a service but you know put our name their name and sell as a service and platform as a service kind of thing but that hardly out of 10 I can say two to three client will go only due to the budget concern someone has the budget con but if you're looking for the security and other features yeah it's still the main vendor is know in the market okay uh Tim is that clear can I proceed further next okay so uh now I'm coming to the Cyber AR so as I discuss cyber AR is one of the pan tool okay this only give the your privilege access how to you know the manager privilege know how to store your password how to record your session how to you know detect the threat management if somebody is misusing your account if someone is you know High PRI account using some different time zone and all yes different you know unusual behavior so that all the you know facility and features AV in the Cyber art okay so we'll discuss what all the modules which all the component is going to capture the X which all the models com the s Management which all the install you know store your vaults so this is the Cyber uh as a Pam tool it's a one of the Pam product a lot of tool is there but yeah cyber we are discussing today and we are moving next so yeah talking about the Cyber component so this is the 10 components based on my understanding I just put this is if you if you're using the core pass you're using the Cyber AR you know the Cyber this all 10 components you should be aware of that okay or by work or by interview s by your knowledge s these all the terms will come when when you are handling the Pam related work and all so now coming to the first part The Vault so what is the Vault and all okay we may we can discuss those so Vault so vault is a tool that cybar will provide that will store all your data information your account your safe you you know user details also inside the world okay and why the Cyber is more secure and you know uh uh you can't you know uh use the attack and all reason is that when you you are going to install the Cyber you should remove know as for the Cyber guide uh guiding and you know installation document you should remove all the service all the you know whatever the default window services will be there based on their only you know few of the services you need to keep that's the reason you can't you know uh take the you can't you know the again you know hit the Vault and other things no uh just one question MH uh so when you are storing this uh key uh what do you say uh the password credential correct correct user credential and usern name and everything is it in an encrypted format stored in a vault or is it in a different form no it's a encrypted form it's encrypted form but you know this data this all the component whatever I'm talking nowhere interrelated so you can't you know think about the once you enter into the PBW page and all and try to hit the you know PSM server and all and try to hit the other server and all all are completely inter inter you know dependent no no what it is kept in the vault as an encrypted form yes yes yes correct okay and when you need it it is decrypted and yes yes yes yeah B yeah so this is the VA and other and all suppose this all the component whatever I'm talking about the Cyber all the windows based okay it's a Windows Server itself so PV is a separate Windows Server PSM is a server itself we can run PM is for you know that is the lanux server okay CPM this all the but how that inder is going to use the Cyber he should some you know that web browser should be there he can enter the password login all then he can face the password uh you know screen and then do the work correct that is called the pbwa the privilege Vault exess so there you'll get so let me go to the last page and show how the application looks like one question is here so basically we can say that session management as well as the password management also correct correct correct correct yes we'll discuss thatment so first this is the way P once you log in you know when organization Lo to cyber you will get you know this page B based on this you know authentication you'll get that you you can see the option okay someone is the SML someone is AD someone is the radius integation and once you log in successfully you'll able to see this screen means your account what all the accounts and then you can take the password into the work this is the you know first glance you able to see your cyber application so cyber having that access management capability as well access management the sense you know one for authentication we are using for that we are not using yeah so here if you see the radius yeah radius is cyber know authentication mechanism M yeah but mostly you nowadays the customer using with the saml because you why you need to use the different different access management Authentication Protocol for you know the different application if you're using OCTA ping whatever thing you can use the same thing with canl correct you're using the adlb mostly you're configuring the ADB so very rare the user in the customer will go for the different authentication cyber so most of the requirement is the ad integration has to happen right correct correct I mean l integration where true authentication will happen with the uh ad ad ad correct so see finally the background is the ad itself correct so if you if any of the user is you know need access and all you need to be part of some group so where that group is managing ad itself correct if you're getting any exess and all you need to Wi part of the ID and cyber itself is managing the all the access your you know group access by the ad itself okay so while configuring yeah is there a Linux version to it because one of the customer requirement was that Windows based uh they needed Windows based I solution uh and P and Pam solution and sorry not Windows or Linux based uh solution so here in Pam you can configure the Linux server as well how to authenticate who are going to authenticate that one you can do that yeah that's the reason but ultimately ad is yes yes yes yes ad ad is the course so you can't you know the Linux and all someone can you know manage your ID group in the Linux system and all no you need to yeah ultimately everything is correct so that is a PBW P that the IND user is going to hit the URL and use the Cy web page into credential and then able to log into the Cyber account page and there you can use the you can take the password you can access the server while using the option whatever the Cyber app now com to the next one the PSM so what is the PSM this is all one of the compon important comm c that is know it will monitor your session okay so what what monitor because if want to know because some you know major activity happening on the domain level okay someone is doing what activity if you want to audit if you if something happened you know by by mistake some user has done but after that he's saying no no I didn't do that kind of thing so in that case you can able to see who has done what even one click where he done done the click everything will monitor okay so that's the reason it will make the you know the easy to track very you know high level privilege exess if someone is doing okay so you can monitor any any point of time okay and next we are going to psmp psmp is nothing but it's a Linux server whenever you want to use a Linux server you require the psmp you know that connection proxy server connection okay to access the party and all next we are going to the CPM this is also one of the major component so it's the CPM autom made the management privilege account credential so means once you onboard your account in cyber from that time you need to Define as a you know as a client okay I need 8 digit password and few lower case few special character kind of thing once they it will sit in the Cyber and you need to decide okay after 60 days yeah after you know uh one week this password is going to change that is taken care of the CPM okay and next so till now we have discussed one 125 so one 125 is the mandatory component to install any of the core pass okay if you need the Cyber AR this five is mandatory to be there in this component in the system then one is going to work R after five 6 7 8 9 10 it's a optional if you required then only you're going to use but one to5 is mandatory you need to be then when your system is going to work cyber solution is going to work now I'm going to aim okay so Aim U so why you require the application ID management so suppose you know I'm using the uh I'm from savan system application and I want you know the savan system password needs to be changed automatically without admin intervention anyone intervention my intervention so for that cyber will going to provide the password you update the password directly in the savian system without any user intervention based on that you know uh user input like 60 days you need to change the password your service password most of the company I think 365 un need to change the password correct so that is the mandat I know I think the practice across the uh mostly you know customer using the 365 password for the service account so in that case you need to use the a component so now coming to the PTA so why they required the PTA so as I discuss in the Cyber you know the description so how to detect the abnormal behavior okay so that case the PT will come so suppose I'll tell you I'm using one of my server from a particular defined IP okay suppose 34 IP know I'm using some work from home some from my office but sometime you know I system cyber detect you know some different IP is coming from the particular cyber you know some account is using someone yeah you using your day to-day office time in 9: to 6 but sometime you're using you know 12:00 night sometime using 2:00 morning and all okay in that case that kind of alert will take in cyber yes this us are using this particular account in that time that is very unusual behavior and it will create one you know ticket inside the Cyber it will trigger the mail to the admin whoever the owner for the par account that's make the you know the tracking okay who is used then you need to give justification why is happened and all so that kind of you know uh alerts and C St in the Cyber now we talking the conure the conure is nowadays most of the tools in the kubernetes and you know de op public application is there in there you need to enter the password and doing all the kind of work for that also the new tool called in cyber conure that you can manage the password without storing hardcoded value password anywhere it will integrate cyber will taken care con is taking going Care by adding the passw in the cloud level you know infrastructure in the communities and containers kind of thing now we're coming to the EPM so EPM is only for you know desktop laptop whatever know end user you know system you know end user is using day-to-day life there you can't install any software without you know that um someone should you know check okay which software you're going to install in your system yeah what level of you know very minimum set of access because we cannot give everyone the their laptop and all they can install anything they can do whatever they want to do okay to restrict the that kind of risk and security threats Ino solution is going to help you need to Define yeah B you don't need to do any kind of extra software to be install in the system very predefined software defined by organization you need to manage if you need the extra you need to raise the request for the local admin rights to install any of the software with approv by infra team it team now the last Point are DNA so DNA is a discovery so why require DNA and all suppose I have the organization I bought the Cyber tool few teams I have oned their accounts and all but still I don't know how many privilege exess account there in the system my organization okay that also required to onboard new Cyber that required the discovery this a separate tool this a Windows based tool and you need to Define all the your cmdp what are the server available in your server in your in organization you need to put all the server details your server name IP that accounts and all okay the Cyber will going to just run in that all the server and find out the privilege exess account and giving the report yes these all the accounts are you know not cyber and its password is not changed for so so long time and for that report you need to analyze and you know need to plan when you are going to onboard that server that account into the Cyber so this is the main component and overall component for the Cyber oide so team any question yeah I'll just take a pause and we can discuss one by one give any question no okay let me proceed next now we can see the uh we are talking for from that and PR account privilege account what all the what what what all the account how you define the the privilege account is all so you can see the types of account so this is the privilege account you know the privileg account means you need the extra privilege High higher level of exess to do some certain action correct yeah anyone want uh no one question uh there is a little uh I mean the customers would not like to go with a cloud-based solution when it comes to especially for the pimp Pam solution I have yeah there is a little Hance because anyway it is a privileged access and correct privileged access you bringing on to the cloud is something that the customer is hesitant to do that they want to keep it on Prem in their internal DMZ Z true true that's the reason if you see if you see most of the bank customer they're not in the cloud at all most of the bank correct and that's the reason cyber has two solution one is the Onre core pass that is cyber for the privilege Cloud so privilege Cloud most of the you know that e-commerce other company will go okay but still I can see 70% is still customer is there on PR itself because as you said most of don't want to go in the cloud and all they don't want to store any creden in the cloud correct that's the reason Kure came okay that's to this conjure they have and now I can say 2024 and 2025 if you see this two year most of the company the service provider this kind of project you know in their account is more cons related because everyone has c corre c true because everyone has a core pass but you know they want to explore something different correct so C said you know conure the D Ops container communi kind you know that tools and all how to store how to make the secure and all that's the reason you know this Con is going to uh play major Ro yeah so Raj we can say that here that cyber cyber also having that the capability to onboard that on premises servers on premises applications as well as that application yes yes yes we have we have we because see Windows Windows account Windows server and all all of the on PR only correct instead of you can do the the SAS like Salesforce and all you can do the Cisco and all yeah yeah Fusion yes yes yes srms and all we have done the integration with the Cyber okay yeah so it visibility is there yeah so uh can we proceed next uh te any question have okay so we talking about the privilege account so privilege account you know so if you see here what all the privilege account root account if you the Linux admission root is the highest privilege sudo command you can do any kind of thing administrator account in the windows and all correct domain admin server and server admin and all okay service account if you in the application use the service account if you use the service account you can do any kind of you know you can stop the services you can remove the account you can delete the data DB account and this one so this this all this all kind of accounts you store in the CRA that's the reason know not your normal user account is going to store the password Ser what is the use for the normal login password and all for you're using your laptop and all okay your you know uh system desktop and all whatever using no for that not this is specific for the higher per that will going to impact the measure the a level if something is going to happen that's the reason this credential is very very sensitive and critical for the business now we are going to discuss the what is the credential management so credential management you know it's nothing but you know like a CP CCP credential provider you know that a term is going to use in that case that's reason we are using the credal management to without you know the password the tool is going to change the password in the system even you should know what is the password ideally the non interactive accounts called service account that service account used by the application itself S no one us also not going to use that one it's a kind of non interactive account in that case you don't need to know the password why you requir password to know about that account so in that case am will play into the role and change the password act in the system and why we are talking about the account privilege account credential management and why it's important it's nothing but just one line it's a security it's a compliance okay it's a your integrity it's because it if you're working as a very brand good brand you already made the good brand but yeah you need to carry that name correct so how the people is going to trust like someone said in ear OCTA OCTA is lo because you know some happen but still if you are going to buy the OCTA product you have to think 10 times okay what happen maybe something going to happen if they not going to take care the you know that uh security and risk compliance so that's the reason nowadays why this all the tools is coming to the picture because socks because multiple kind of you know that audit is happening if the financial you to the socks if Healthcare you to the Hippa and all correct so due to the compliance you need the you meet the compliance U guidelines you need to follow some certain standards that's the reason nowaday you can see most of the most of the company using the tools still I can see few of the company Philips Philips using not using any of the tools and all they have the in-house tool identity management tool they're not using saleb saviant and all is still few company using their tool because they are not at all comfortable to you know share their data into their you know database and you know so that's the reason uh but yeah down the line maybe uh most of the companies going to use the vend weic tool for the imem access management PR access management because due to the compliance if you're using the internal tools you'll not meet all the compliances in all that is the major challenge if you me the major challenge then you need to invest lot so Roi whatever you going to store that's not going to make the sense now coming to the next point so suppose if I want to suppose as a artech as advisor someone can ask okay I want to implement the Cyber solution in my organization what all the component what all the decision I need to make to you know going to implement a solution so this is the first point you need to think about the accessment and planning so what all the first of all you need to say assessment okay why you required the Cyber okay how many servers are using in your server in your applic you know organization 10,000 20,000 why you are not going to use for the manual and all so that kind of thing you can ask the first in the beginning phas only correct so in first planning you need to understand why is someone require the Cyber okay is it really worth for them to use the Cyber okay then come to to use the choose problem solution now you need to based on that you need to see what all the license and you know the is going to make the profitable for the you know that client you know it's a cyber is going to meet all the use cases so the criteria for choosing the Pam solution first you need to identify how many you what is the percentage for used cases is going to cover in that tool I think cyber beond and all suppose someone is covering the 60% 80% So based on that some customer okay I need features not the use case and all okay sometime okay uh forget about the few I need you know license should be called So based on the client you know demands and you know that discussion they will see okay if the use is covering this but you know few you know uh is not covering that is not to have kind of features okay I'm fine for that so then you need to decide what all the spam solution you going to use then you see the installation configuration okay suppose you use the cyer all how much time you know is your team is capable to do the installation configuration or you need the you know the Professional Service from the Cyber to install the component complete from the beginning okay then then you need to find out okay what all the accounts I need to onboard to the Cyber okay first first phase in the pilot phase okay then you do the password vating then you okay what all the password completely I can put in the first pilot phase and all then you set the access control like you know what all the minimum set of access I give the enduser who can only log to the server but not view the password then you tode the monitoring aler like know suppose your services is running and all when Services stop and all how you can monitor that is there any comp is there any plugins available like spun plugins any other you know third party vendor you know that uh seam tool is available to monitor your alerts and all then you need to think about the education and Trend like you know suppose cyb is the first application you know solution in your company you need to train the resource you need to train the end user how to access the application at all what all the you know flow you need to Define what all this demo and you need to give okay then testing evation if you done the pilot phase you need to do the testing you have the first phase whatever you using the onboard of any account how we are using that indivual server team INF te able to you know using the Cyber solution and not or we need to get the feedback from them okay are they getting the more time to connect the server from the Cyber and then documentation for training documents and user access guide guide documents and then come to the maintenance and this is the major part maintenance update like you know in a year how many times you need to do the upgrade so this kind of question you to ask from the vendor what is your upgrade plan what is your update plans what is your maintenance plan suppose if you're buying any CB product okay till 3 years you have the you know maintenance free till three years update is free after that you'll support for you know the Professional Services so these all the things you need to think about to proposing any solution yeah working for you know suppose you take the Cyber only but yeah this all the mandator steps you need to think about that if you're working as a adviser you're working as a technical arct te any question okay moving to next point so this is the key based practice there I put the more but you know this is the key base practice for the Pam impation so comprehens Discovery Define access policy you need to ask the what is the privilege list of access you required password management okay what all the password manager requirement is there credential volting CST recording monitoring and the multiactor some sometime what happen if you're using S and all anyway you get the MFA and all details in your SSO uh application and all but yeah sometime you require the more U different kinds of MFA from mobile based yeah token based kind of things so that all the you can you can think about the keyb this time impation so Tim any question here one uh question when you're migrate migrating from one OEM to another OEM for identity access management assuming it's be the identity access that we are migrating M lot of customers doesn't prefer to do that uh even if it is a cost effective and more efficient solution because uh there are lot of integration that has already happened with application uh for authentication and stuff like that uh so that is one thing I have seen so customers don't migrate from one to another another thing so mostly know so here um I don't know your name can you just tell me your name so yeah uh uh yeah Jacob so see during the your you know Discovery phase yeah whenever you're going to give the presentation with the client first of all we need to understand why what is their pinpoint area if someone is not migrating no problem okay forget it's your business correct we are giving the just advisory if you know the pinpoint area suppose I I I just given an example for you know one of the client I worked okay that is the UK client and you know they are using the sap hrms there is very old old version but we we want to migrate them into sap IQ um sorry sale IQ but yeah we to see why why you are not you know why why you are still you know Rel to the sap and all sap grms they no no we are already used to that most of our you know team and you know indivual you know very used to do that that work and all then we Al then why you are doing the discovery phase then you know that is the compliance audit happened they ask know a lot of the things you know the access review is not up to Mark okay access granted you don't have the proper details okay when the person has got the exess when the user left the organization but still you don't have the rules you know it's going to remove the all the EX in in that day within 24 hours so so that's the reason they then then we that's when we need to give that kind of then they agreed okay yeah so yeah as you said you know most they are used to that that kind of work why why they change new appliation team please on mute not talking I don't know who is okay okay yeah so yeah so Jacob this is the thing okay maybe the customer already used to that kind of thing work and all lifestyle okay they don't want to change the different uh tools and all okay but yeah if you know the complete details yeah we have we need to give some a over the you know the Legacy tools regarding the upgradeing the a Soxs or you know compliance and all so that will make you know they can think about that okay so now this is the screenshot I already discuss and this is the last okay so team yeah uh I'm done from my side so if you need any discussion or confirmation something
2023-12-30 19:25
