Story image

CyberArk & Puppet take 'secret protection' to DevOps workflows

16 Oct 2017

CyberArk and Puppet are now Advanced Technology Partners and will strive to embed security modules into DevOps workflows.

The two companies announced the partnership last week, and say they will create supported modules that provide automated, enterprise-grade protection of ‘secrets’. They will also be integrated into Puppet’s configuration automation for secure DevOps workflows.

According to CyberArk, dynamic DevOps environments involve the creation, use and disablement of many tools, scripts and applications or services.

Each step requires secrets like SSH/API keys, passwords and certificates that are often unchanged or revoked. If they are not available, applications are unable to run properly.

The accounts also provide access to sensitive resources, which makes them sitting ducks for cyber attacks.

“The integrated solution provides security with a strong authentication mechanism for machines before granting secrets, as well as implementing least privilege for nodes,” comments Puppet’s vice president of business development, Tim Zonca.

CyberArk Conjur is a secrets-management platform architected for containerised environments and integrates machine identity security into projects.

It also allows DevOps teams to integrate security best practices into cloud-native application development projects while assuring security teams that best practices are being applied to dynamic environments.

“The CyberArk Conjur module for Puppet is designed with both DevOps users and security teams in mind. It provides visibility and flexibility for Puppet secrets workflows and users can view and manage host accounts maintained by Puppet,” comments CyberArk’s EVP of global business development, Adam Bosnian.

“The integration with Puppet furthers CyberArk’s commitment to automating secrets protection and makes it easier for organizations to recognize the benefits of using Puppet to improve productivity without changing the way developers work,” he continues.

CyberArk recently joined Puppet’s Technology Alliance Partner Program; while Puppet has now joined CyberArk’s global technology partner program.

CyberArk focuses on eliminating the most advanced cyber threats; those that use insider privileges to attack the heart of the enterprise and throughout the DevOps pipeline.

The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan.

New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.