Telecommunication
≡ Summary
Major US telecom partners with PRESIDIUM Solutions to integrate its PAM solution with Splunk to monitor, report and alert on system health and privileged account activity.
≡ Company Profile
3rd largest wireless network operator in the United States.
Employees: 71,000
≡ Challenges
This telco has a large CyberArk Privileged Access Manager vault environment deployed on premise with over 60 production servers and 10K PAM end users. The CyberArk infrastructures spans across multiple data centers consisting of large PSM and PSMP farms to ensure high availability and scaling for privileged session management which is heavily utilized for accessing critical telecom equipment.
They struggled with having a ‘single pane of glass’ view of the system health and privileged session activity for the CyberArk servers and services. In addition, lack of real time health-checks and alerting left the operations team in the dark and slow to react when servers and services went down or were degrading.
CyberArk Vault, being a tier zero application, requires maximum uptime and optimal performance at all times to avoid impact on end user’s ability to access privileged assets.
≡ Results
PRESIDIUM Solutions recognized the power of integrating CyberArk with Splunk to provide the ‘single pane of glass’ required to support its PAM infrastructure. Presidium’s expertise in CyberArk aided in ‘customizing’ and ‘tuning’ the metrics sent to Splunk to achieve the key objects for monitoring, alerting, and transactions visualization across all CyberArk components.
PRESIDIUM Solutions developed and deployed the following solution:
Monitoring scripts to capture both server and CyberArk services state and health deployed on all CyberArk components, forwarding logs to Splunk in syslog format.
Custom scripts to capture current active privileged sessions running on both PSM and PSMP session manager components
Splunk dashboards showing overall system status as well as individual component server and CyberArk services status
Splunk dashboard displaying vault performance statics and trends
Splunk dashboard displaying current PSM/PSMP privileged sessions per server and trends over time
Splunk alerts to notifying PAM operations team when server and CyberArk services health hit certain thresholds
≡ Key Benefits
CyberArk infrastructure and services are now being monitored and alerted on 24x7
The PAM operations can now see consolidated and detailed views of current state of CyberArk environment instantly with intuitive and easy-to-interpret Splunk dashboards
Proactive alerting sent in real-time, notifying the PAM operations team when CyberArk services are approaching thresholds that may require intervention
Leveraged existing Splunk solution to realize greater ROI on its SIEM investment
Provided management the ability to demonstrate to the lines of business CyberArk’s tier zero designation is supported through high-availability, monitoring, and alerting