With the evolving threat landscape and growing complexities and reliance on IT systems in the financial sector, the Monetary Authority of Singapore had unveiled an expanded set of Technology Risk Management Guidelines, which includes several requirements related to privileged account security. Against this backdrop, CyberArk has released a new whitepaper “Addressing the Monetary Authority of Singapore (MAS) Technology Risk Management (TRM) Guidelines with CyberArk Solutions”. CyberArk’s comprehensive approach to help banks and financial institutions address the MAS TRM guidelines and the whitepaper is being shared at the Asian Financial Services Congress in Singapore, where CyberArk, a sponsor, is located at booth #2 – 3.
The MAS TRM guidelines have been extended to a broader set of systems, including all IT systems, not just internet-facing systems and across all financial institutions, not just banks. Also there are added legal implications with a new set of twelve “notices” related to technology risk management. The guidelines include several requirements related to privileged account security since privileged accounts exist in all IT systems thus making it imperative to secure these critical accounts.
“Securing privileged accounts should be a critical strategy for organisations because if left unprotected they can enable attackers high levels of access and allow them to conduct malicious activities such as information theft, deleting audit logs and altering transactions, and can even give them control over an organisation’s infrastructure,” said Dan Dinnar, vice president of Asia Pacific for CyberArk. “The latest whitepaper highlights that protecting privileged access is essential not only for organisations to address the MAS TRM guidelines but also to avoid costly data breaches.”
The fourth version of the MAS TRM guidelines bring to fore the importance of securing privileged accounts, which consist not only of IT administrator or superuser accounts but also hard-coded, embedded credentials found in virtually every piece of hardware and software across an organisation. CyberArk provides a comprehensive approach to help organisations achieve secured privileged accounts.
With CyberArk, organisations can implement effective security controls to:
- Locate, manage and control all privileged accounts
- Ensure only authorised users have access to privileged accounts
- Track, monitor and record all privileged access – to sensitive servers, databases or virtual machines by internal users, system resources, and third-parties
- Uniquely identify all administrative users and restrict their use of privileged accounts to necessary job functions
- Ensure vendor-supplied default passwords are changed, and automate password changes for all privileged accounts
- Eliminate hard-coded credentials, including passwords and encryption keys, from applications, service accounts, and scripts without impacting application performance or business processes
- Analyse, detect and alert on anomalous privileged user behaviour to enable quick response by incident response teams
To download the whitepaper, “Addressing the Monetary Authority of Singapore (MAS) Technology Risk Management (TRM) Guidelines with CyberArk Solutions,” please click here
At the Asian Financial Services Congress, CyberArk will be participating in a focus group discussion on security on March 5 from 10:30am to 12:35pm, on the topic of ‘Securing Remote Vendor Access.’ Andrey Dulkin, senior director of cyber innovation for CyberArk will be one of the two leaders driving this roundtable dialogue.
On March 6, Dulkin will be making a plenary presentation titled, “Highway to Hell or Stairway to Heaven? The privileged pathway of targeted attacks,” from 2:55pm to 3:20pm. The presentation will showcase how by focusing on the privileged activity in the network, protecting the privileged accounts and detecting their abuse, it becomes possible to mitigate targeted attacks and minimise the damage to an organisation.
At the booth, the CyberArk will be showcasing CyberArk Discovery & Audit (DNA), the first tool on the market to identify and map exposed privileged password hashes and all related vulnerable machines on a network. CyberArk experts will also offer tips on how retailers can comply with the latest Payment Card Industry Data Security Standard (PCI DSS) regulations and provide details on the CyberArk Privileged Account Security Solution and Privileged Threat Analytics.