Gaming

Written By The Printer's Son

Summary

A Canadian provisional lottery organization engaged PRESIDUM Solutions to provide a health check and current assessment of its PAM adoption across the enterprise. Determining that the current usage of PAM was very low, PRESIDIUM Solutions devised and executed on a road map which expanded the PAM footprint to secure mission critical gaming systems, network infrastructure, endpoints, and 3 rd party vendors.

Company Profile

A Canadian non-profit organization which operates lottery and gaming-related activities for its government members in Western Canada.

Employees: 250

Challenges

The lottery organization had CyberArk Privileged Account Management installed for years but was not utilizing the solution. There were a small number of users fetching static passwords occasionally and no in-house CyberArk or PAM expertise. With little to no ROI being realized, there were discussions to discontinue the solution altogether.

Results

PRESIDIUM Solutions was brought in to assess the current system architecture and overall usage of CyberArk. Recommendations were made and implemented by Presidium to improve the operational readiness and high availability of CyberArk PAM.

Once there was confidence in the overall solution readiness, PRESIDIUM Solutions teamed up with the gaming infrastructure team to define and implement use cases for securing privileged accounts with the CyberArk vault and utilizing CyberArk Privileged Session Manager (PSM) to control access to all gaming endpoints. The gaming systems in scope included Linux local accounts and SSH keys, Oracle Database accounts and Window workstations.

PRESIDIUM Solutions also partnered with the server and networking teams to define and implement uses cases for securing accounts and access to Checkpoint firewalls, Cisco Firepower, Windows servers and Microsoft SQL Server databases. This effort included building custom password change plugins and PSM connectors for web apps, thick clients, Oracle SQL Dev and Window Server MMC snap-in tools like Active Directory Users and Computers (ADUC).

PRESIDIUM Solutions then designed and implemented CyberArk Endpoint Manager (EPM) to all workstations to manage the local administrator password within the CyberArk Vault. EPM agents were deployed and incorporated in the workstation ‘gold-image’ and SCCM process to ensure all future endpoints are covered. Auto-detection processes were configured to discover and on-board new endpoints into CyberArk Vault automatically.

Lastly, with usage of PAM expanding rapidly within the organization, PRESIDIUM Solutions architected and deployed CyberArk Vendor PAM solution. This solution allows vendors to access privileged accounts and sessions using Vendor PAM’s Biometric, ‘VPN-less’ authentication. All vendor access goes through Privileged Session Manager (PSM) and is monitored and recorded. Vendors no longer need to have domain accounts or VPN access provisioned/de-provisioned.

Key Benefits

  • Password management, secure session monitoring and auditing for privileged access covering all critical gaming Linux servers and Oracle databases

  • Password management for 50+ high privileged domain accounts, 500+ Windows Servers, and administrative accounts for routers and firewalls

  • Able to satisfy requirements for Cybersecurity insurance renewals

  • Closed numerous internal audit findings surrounding privileged access

  • Automatic management of local administrator accounts on 600 Windows endpoints

  • PAM users jumped from 2 to 50+

  • Implementation of additional PAM solutions, expanding protection for endpoints and 3rd party vendors

The Printer's Son

A UK based creative that designs, develops, and styles websites for individuals and small businesses.

http://www.theprintersson.com
Previous

Financial / Banking
Next

Utility