The Cyber-Ark product line is based on the vendor's vaulting technology, which allows for the secure storage of data on a dedicated server. As of this writing, individual products are provided supplying secured storage of data for internal access through a LAN, external (remote) access through Internet connections, and the secure storage of password data.

The vendor's vaulting technology is software that is installed on a dedicated Windows (2000/2003) server, providing a secure area into which sensitive data can be stored. The technology separates the data storage from the data access mechanism; specifically, the Storage Engine itself allows access to stored data only through a single data access protocol; while a System Gateway provides multiple access interfaces (CIFS, FTP, etc.) which are converted/converged into the vendor's Vault Access Protocol for actual access to the stored data. The vendor notes multiple forms and layers of authentication as supported by the vault protocol, including Windows-based, two-way challenge and response mechanisms based on passwords, PKI, Cyber-Key, RSA SecurID, and smart cards. After authenticating, an access control mechanism, which can include dual controls (confirmation from another individual), time delays, geographical limitations, or time limited accesses, manage the actual individual "Safes" (separated data storage areas) that the individual can see (only those safes that are accessible by the user are displayed).

Data stored in the safes are not overwritten; instead, each new change is written as a new copy of the document and therefore users have access to past versions of documents. Audit controls are provided allowing designated users to see the past history of accesses and changes to an object. When an item is accessed, the safe, folder(s), and individual items are marked with a blue dot--when they are updated the dot is red, and new items are marked with a green dot--for the visual scanning of activity. All data within the safe is stored encrypted (via AES with SHA1 hashes; 3DES, IDEA, Blowfish, RC2, RC4, RC5, RSA, MD5 are also available); and when users connect to the safe their communication tunnel is also encrypted so data in transit is protected.

Three separate products are currently offered by the vendor.

The Network Vault is for internal secure data access, and runs on a dedicated Windows 2000/2003 server with access allowed from Windows (95/98/NT4/2000/XP) clients.

The Inter-Business Vault provides for access to secure data from remote locations over the Internet. The Inter-Business Vault provides file system access (CIFS), E-mail access (SMTP), or file transfers (FTP) via a two component platform: the main component resides on a dedicated Windows server and lives at the corporate site providing the access; while remote sites access the server through an on-site Connector (Red Hat Linux) component and their Windows (95/98/NT4/2000/XP) clients. Alternately, an HTTP(S) Web interface is exposed, providing basic client access to the server through a Web browser (no Connector is required for the basic HTTP access).

Finally, the Enterprise Password Vault allows for the storage of key, sensitive passwords to be looked up by designated individuals as allowed and necessary. The Enteprise Password Vault includes a Central Password Management component that can automatically and periodically reset key passwords on designated systems or devices and store the new password in the vault (supported systems/devices include Windows, multiple UNIX flavors, and AS/400; Checkpoint firewalls, Cisco routers, and any other device supporting SSH or Telnet; and databases including Oracle, DB2, MS SQL Server, Sybase, and any other ODBC-compliant DB). Additionally, the Enterprise Password Vault Toolkit provides a programmatic interface such that scripts and applications can retrieve needed passwords for service accounts from the vault. The toolkit supports Java, C/C++, CLI and COM interfaces.

New to Enterprise Password Vault is "Super Plug-In" technology, which, according to the vendor, "... enables password management for practically any new device with no need for code development or software upgrades...". In addition, the vendor notes, the new technology was designed to allow for adaptability to new technologies as they appear.

The Cyber-Ark Vaults are available now. Contact Cyber-Ark for further information.