Explore the essential CyberArk components and architecture, detailing how administrators connect to laptops and target systems, followed by a hands-on demo to connect to CyberArk and administer a target machine.

Access CyberArk via a web interface to learn the login workflow, using LDAP and Active Directory, then connect to a target server with an RDP file in a safe.

Choose between SSH and Winscp for target server access, try file transfer with Winscp and RDP, and learn secure password retrieval and temporary display from CyberArk's password safe.

Explore the seven core components that power CyberArk, comparing on premise and cloud architectures, and learn how installation, maintenance, and updates shape a secure privileged access management infrastructure.

Secure the digital vault, the core of CyberArk, storing passwords, logs, and configurations; enable high availability with vault clusters and disaster recovery via backup vaults, accessible via PWA web interface.

Discover how the disaster recovery vault replicates data to a standby vault in a second data center, enabling automatic failover and secure cryptographic protection through intermediary bricks for access.

PVWA, the password vault web access, serves as the main entry point for end users and admins, enabling account access, session launches, rule configuration, and report monitoring with vault encryption.

Explore the Privilege Session Manager (PSM) and the PSM for SSH proxy, detailing session isolation, monitoring, and recording stored in the vault to protect privileged access in CyberArk PAM.

Understand how the central policy manager (CPM) verifies and automatically rotates passwords per vault policy, reconciles passwords with CyberArk, and connects via plugins to platforms for SSH or key-based access.

Discover how privileged threat analytics (PTA) in CyberArk monitors privileged accounts by collecting vault and server logs to detect behavior, alert security teams, and automate session shutdowns to contain attacks.

Explore the four core CyberArk objects and the data model that drive privileged access, learn how master policy, platform safe, and accounts relate, and preview their logical setting.

Govern the master policy as CyberArk's central rule for privileged accounts, enforcing global security across all systems and accounts, with four configuration areas: workflow, password, session, and audit.

Explore the master policy in CyberArk, defining corporate level rules for managing privileged accounts and sessions, with platform-specific exceptions and settings like dual control, exclusive access, and one-time password.

Explain the master policy in CyberArk, including password rotation and verification frequency, reconciliation, session management options, and audit retention, as well as policy by platform.

Learn how CyberArk defines platforms as tailored security rules and configurations for passwords, credentials, and sessions across systems, including plugins, password rules, linked accounts, and ticketing integration.

Learn to create and configure platforms in CyberArk, review password verification and rotation frequencies, workflows, PSM assignments, and onboarding fields for target machines.

Explore platform level privileged session management, including recording sessions to safes, configuring safe patterns, and notification policies, plus connection components, password generation, and per-platform customization.

Define safes as secure storage containers within the vault for passwords, credentials, and ssh keys in CyberArk, and outline safe design—naming, members, and permissions—for auditability and maintainability of pam deployments.

Explore safe design in privileged access management with cyberark, applying best practices to model safes and permissions that limit access and enable auditing and automation.

Explore how centralized pam solutions create per-subsidiary safes to restrict access to windows, linux, and databases, enforcing least privilege across production and non-production environments.

Learn to design effective safe naming conventions for CyberArk PAM by encoding asset type, environment, team, region, user type, application, and compliance with three-character codes for quick identification and auditability.

Master naming conventions for CyberArk safes by applying multi-criteria rules in a precise order, using hyphens or underscores to encode server type, location, environment, user, criticality, tier, and business line.

Design safes with granular permissions in CyberArk, defining rights to list, use, retrieve, add, update, unlock, and delete accounts. Manage safe members, monitor audits, and configure approval workflows.

Examine how CyberArk PAM defines roles for system admins, administrators, managers, and security teams, assigns safe and account permissions, and enforces password viewing, logs, and approvals.

Understand how privileged accounts (credentials, usernames, passwords, and keys) are stored in safes and governed by platform-specific policies for secure access. Learn naming, tagging, and cross-team account management.

Identify CyberArk accounts using a prefix tag, a production server ending in prd, and a trailing number; view username, address, platform id, and safe, and practice creating a CyberArk safe.

Create a safe in CyberArk and assign a CPM. Define membership with Active Directory groups and apply predefined permissions like connect only, approval, and view audit logs.

Define the master policy, create platform-specific rules with exceptions, and build safes with access-controlled accounts. See how platforms, safes, accounts, and rights interact within Cyber Ark's architecture to enable PAM.

Explore core PAM capabilities in CyberArk, including credential management, session management, workflows, and audit and compliance, with alerting to detect and respond to risk events.

Explore credential management in CyberArk PAM, covering password policies, verification against target systems, automatic password rotation, reconciliation, password complexity, account integration, and automatic account discovery into safes.

Cyberark enables multiple password policies to meet operational and security needs, enforcing length, complexity, rotation frequency, and usage restrictions to protect privileged accounts and mitigate unauthorized access.

The lecture explains password verification in CyberArk PAM, where the CPM verifies vault passwords against target system logins to ensure synchronization, alerting on non-compliance.

Learn how password rotation forces regular changes on target systems, supported by CyberArk's CPM, vault synchronization, and reconciliation to ensure secure, policy-driven updates every 10–30 days.

Explore password reconciliation to align vault and target machine passwords after authentication fails or rotation, using the cpm and a reconcile account to generate, apply, and store new passwords.

Learn how CyberArk enforces platform-level password complexity, including length, character requirements, and reuse restrictions, tailored to target systems. See how automatic rotation and compatibility constraints shape strong passwords.

Configure and enforce platform password policies in cyberark by enabling periodic change, verification, and automatic reconciliation, set a 45-day rotation via master policy exceptions, and specify reconciliation accounts.

Learn how CyberArk account onboarding adds server accounts to the vault by defining access permissions, using manual web onboarding, bulk csv imports, api, or discovery.

Analyze access requests as security validates them, then the Windows team creates team-specific accounts and CyberArk support integrates them into the team X save.

Learn how to manually onboard a Windows account into a CyberArk safe, select the platform, specify address, account name, password, and domain, and verify automatic password rotation and reconciliation.

Automate account onboarding with the account discovery feature, scanning Windows, domain, local, Unix, SSH keys, and Mac OS accounts for privileged accounts and dependencies.

Automate onboarding of CyberArk accounts on production Linux servers using naming conventions and discovery rules; scan, relocate accounts to the security safe, and view results in the CyberArk web interface.

Explore automatic account discovery and onboarding rules for Windows servers, set scopes and platforms, then run discovery scans to auto-integrate accounts into a safe and rotate passwords automatically.

Learn how CyberArk connects to target systems using plugins, enabling session isolation and enterprise security, with rdp and ssh sessions and essential upstream workflows.

Enable session isolation with CyberArk's privileged session manager to proxy access and keep credentials from end users while blocking direct connections from user PCs via firewall rules.

Learn how CyberArk PAM uses PSM and CPM plugins to securely connect to targets—RDP, HTTPS, and databases—via a marketplace and customizable connectors.

Discover how CyberArk's PSM secures RDP sessions to Windows servers, generating downloadable RDP files or using connection managers to launch privileged access through PSM, with login syntax and target details.

Explore SSH as a secure, encrypted remote access protocol with authentication, confidentiality, and integrity, and practice connecting via PWA, a connection manager, or the command line.

Connect to a Linux server via SSH using a connection manager and Putty with CyberArk. Enter the vault password and reason, record the session, and save time.

Enable reason-for-access prompts, check-in and check-out, one-time password, and dual-control for auditable privileged access. Define platform-level predefined reasons to streamline logging and flag abnormal behavior.

Block an account on login to ensure exclusive access and password check-out, with four check-in options: manual web release, auto-release on logout, admin-forced check-in, and time-based release.

Enforce password changes after use through two workflows in CyberArk: manual check-in triggers immediate rotation, or automatic rotation after a configured inactivity window, reducing the attack window.

Activate dual control to require approval from authorized users before accessing critical accounts, using configurable approval levels and selective platform activation, with requester and approver rights on the safe.

Enable dual control in the master policy and designate a safe approver to validate access. Demonstrate the approval workflow with a request, email alerts, and an approved RDP connection.

Explore audit and compliance in privileged access management with CyberArk. Feature highlights include session recording, session auditing, session monitoring, and comprehensive reporting to ensure security and regulatory alignment.

Capture and review all privileged session actions with CyberArk's session recording. Store videos on the PSM server and upload them to a vault safe for secure, access-controlled review.

See how CyberArk's privileged session monitoring records RDP and SSH sessions, displays a timeline of actions, and provides the ability to download the video and the session timeline.

Explore how the session audit in CyberArk captures all administrator activities during privileged sessions, delivering real-time audit data to the PWA, PTA, and CM for analysis and risk monitoring.

Explore Cyberark's session monitoring to real-time supervise active sessions, end, suspend, or resume access for authorized users, including security teams and external providers, with PTA-driven self-remediation for abnormal behavior.

Explore how Cyberark pam reporting verifies compliance, ensures data quality, tracks sessions and actions, and provides preconfigured reports to support audits and license management.

Use CyberArk's reporting interface to generate inventory and compliance reports, export to Excel or CSV, and snapshot vault accounts for analysis. Detect expired passwords and anomalies to enable remediation.

Explore how privileged access management detects abnormal behavior and alerts security teams, highlighting four features: audit logs to a CRM, built-in alerting, risk scoring, and self-remediation.

CyberArk's PAM integrates with CRM solutions to centralize logs and events for SIEM-based analysis, enabling alerts for unusual activities like night logins and platform monitoring of CPU and memory.

Enable the PTA module to generate security alerts and detect abnormal behaviors, preventing security issues. Route alerts to the CM or issue prequalified events, consolidating notifications and supporting incident response.

Calculate risk scores with the PTI module to prioritize, monitor, and remediate high-risk privileged sessions by abnormal activity and configurable rules.

Integrate PTA and PSM to enable automatic remediation for high-risk privileged sessions, using the PTM module to trigger automatic onboarding, password rotation, and self corrective actions driven by risk scores.