Story image

CyberArk & Puppet take 'secret protection' to DevOps workflows

16 Oct 2017

CyberArk and Puppet are now Advanced Technology Partners and will strive to embed security modules into DevOps workflows.

The two companies announced the partnership last week, and say they will create supported modules that provide automated, enterprise-grade protection of ‘secrets’. They will also be integrated into Puppet’s configuration automation for secure DevOps workflows.

According to CyberArk, dynamic DevOps environments involve the creation, use and disablement of many tools, scripts and applications or services.

Each step requires secrets like SSH/API keys, passwords and certificates that are often unchanged or revoked. If they are not available, applications are unable to run properly.

The accounts also provide access to sensitive resources, which makes them sitting ducks for cyber attacks.

“The integrated solution provides security with a strong authentication mechanism for machines before granting secrets, as well as implementing least privilege for nodes,” comments Puppet’s vice president of business development, Tim Zonca.

CyberArk Conjur is a secrets-management platform architected for containerised environments and integrates machine identity security into projects.

It also allows DevOps teams to integrate security best practices into cloud-native application development projects while assuring security teams that best practices are being applied to dynamic environments.

“The CyberArk Conjur module for Puppet is designed with both DevOps users and security teams in mind. It provides visibility and flexibility for Puppet secrets workflows and users can view and manage host accounts maintained by Puppet,” comments CyberArk’s EVP of global business development, Adam Bosnian.

“The integration with Puppet furthers CyberArk’s commitment to automating secrets protection and makes it easier for organizations to recognize the benefits of using Puppet to improve productivity without changing the way developers work,” he continues.

CyberArk recently joined Puppet’s Technology Alliance Partner Program; while Puppet has now joined CyberArk’s global technology partner program.

CyberArk focuses on eliminating the most advanced cyber threats; those that use insider privileges to attack the heart of the enterprise and throughout the DevOps pipeline.

The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan.

Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.
Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.