Telecommunication

Written By The Printer's Son

Summary

Major US telecom partners with PRESIDIUM Solutions to integrate its PAM solution with Splunk to monitor, report and alert on system health and privileged account activity.

Company Profile

3rd largest wireless network operator in the United States.

Employees: 71,000

Challenges

This telco has a large CyberArk Privileged Access Manager vault environment deployed on premise with over 60 production servers and 10K PAM end users. The CyberArk infrastructures spans across multiple data centers consisting of large PSM and PSMP farms to ensure high availability and scaling for privileged session management which is heavily utilized for accessing critical telecom equipment.

They struggled with having a ‘single pane of glass’ view of the system health and privileged session activity for the CyberArk servers and services. In addition, lack of real time health-checks and alerting left the operations team in the dark and slow to react when servers and services went down or were degrading.

CyberArk Vault, being a tier zero application, requires maximum uptime and optimal performance at all times to avoid impact on end user’s ability to access privileged assets.

Results

PRESIDIUM Solutions recognized the power of integrating CyberArk with Splunk to provide the ‘single pane of glass’ required to support its PAM infrastructure. Presidium’s expertise in CyberArk aided in ‘customizing’ and ‘tuning’ the metrics sent to Splunk to achieve the key objects for monitoring, alerting, and transactions visualization across all CyberArk components.

PRESIDIUM Solutions developed and deployed the following solution:

  • Monitoring scripts to capture both server and CyberArk services state and health deployed on all CyberArk components, forwarding logs to Splunk in syslog format.

  • Custom scripts to capture current active privileged sessions running on both PSM and PSMP session manager components

  • Splunk dashboards showing overall system status as well as individual component server and CyberArk services status

  • Splunk dashboard displaying vault performance statics and trends

  • Splunk dashboard displaying current PSM/PSMP privileged sessions per server and trends over time

  • Splunk alerts to notifying PAM operations team when server and CyberArk services health hit certain thresholds

Key Benefits

  • CyberArk infrastructure and services are now being monitored and alerted on 24x7

  • The PAM operations can now see consolidated and detailed views of current state of CyberArk environment instantly with intuitive and easy-to-interpret Splunk dashboards

  • Proactive alerting sent in real-time, notifying the PAM operations team when CyberArk services are approaching thresholds that may require intervention

  • Leveraged existing Splunk solution to realize greater ROI on its SIEM investment

  • Provided management the ability to demonstrate to the lines of business CyberArk’s tier zero designation is supported through high-availability, monitoring, and alerting

The Printer's Son

A UK based creative that designs, develops, and styles websites for individuals and small businesses.

http://www.theprintersson.com
Next

Financial / Banking