1.0 Introduction
This article describes the CyberArk connection (SaaS and On-premises) concepts and supported features in Fortanix Key Insight. Fortanix Key Insight integrates with CyberArk to provide centralized visibility, governance, and lifecycle management for certificates managed by CyberArk.
2.0 Concepts
The following table summarizes the CyberArk connection concepts used in Fortanix Key Insight:
CONCEPT | DESCRIPTION |
|---|---|
CyberArk Platform | CyberArk is an enterprise identity security platform that includes capabilities for managing machine identities such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS) certificates, keys, and secrets. It provides centralized visibility, policy enforcement, and lifecycle management for certificates across cloud, on-premises, and hybrid environments. Fortanix Key Insight integrates with CyberArk (SaaS and On-premises) to scan and analyze certificates managed by the CyberArk platform. |
CyberArk Certificate Management | For on-premises deployments, CyberArk Certificate Management may utilize Venafi Trust Protection Platform (TPP) as the underlying certificate lifecycle management engine. It centrally manages certificate discovery, issuance, renewal, revocation, and policy enforcement across enterprise environments. Fortanix Key Insight connects to the Venafi Trust Protection Platform (TPP) to discover and scan certificates for compliance assessment and cryptographic posture analysis. For on-premises deployments, Fortanix Key Insight establishes a secure connection to the customer-hosted Venafi TPP instance, operating within defined network boundaries, firewall rules, and enterprise security controls. |
CyberArk Applications | Applications (or policy objects) in CyberArk represent logical groupings of certificates associated with a specific workload, service, or application. They define policies for certificate issuance, key size, algorithms, and validity periods. Fortanix Key Insight scans certificates across CyberArk applications (both SaaS and On-premises) to assess compliance and cryptographic risk. |
Certificates | Certificates are digital credentials used to authenticate machines, applications, and services using SSL/TLS. CyberArk manages the full lifecycle of certificates, including discovery, issuance, renewal, and revocation. Fortanix Key Insight scans these certificates to identify expiration risks, weak algorithms, and non-compliant configurations. |
CyberArk Scan | The process of connecting to the CyberArk platform to retrieve certificate inventory, metadata, and policy information for analysis in Fortanix Key Insight. |
CyberArk Sync | The process of synchronizing certificate metadata, cryptographic attributes, and compliance status from CyberArk into Fortanix Key Insight so that Key Insight reflects the current state of certificates managed by CyberArk. |
3.0 Supported Features
The Fortanix Key Insight CyberArk connection (SaaS and On-premises) supports the following features:
Supports regional deployments for CyberArk connections in the European Union (EU) and North America (NA), enabling region-specific data processing, reporting, and visualization. Users can switch between regions, and the user interface (UI) automatically updates to reflect the selected region. This helps organizations meet compliance, governance, and data sovereignty requirements.
Allows users to scan all certificates within a CyberArk certificate management environment, including certificates managed through CyberArk SaaS offerings and customer-hosted Venafi Trust Protection Platform (TPP) deployments.
Generates reports on CyberArk certificates.
The assessment report shows the following information:
The risk score
Certificate by violation type
Certificate expiry by issuers
Provides a dashboard view of certificate discovery.
The dashboard shows the following information:
Scanned CyberArk certificates
Cryptography Bill of Materials (CBOM) export
Certificate by status
Certificate by algorithm types
For every CyberArk certificate in a region,
Provides a tabular view that shows the certificate details, with filtering capabilities to narrow results based on specific requirements.
Displays a map of the certificate compliance status.
Detects non-compliant certificates based on the applied policies, with vulnerability alerts generated in accordance with NIST standards.
Provides detailed certificate information such as certificate properties, owner(s), domain name, Subject Alternative Name (SAN), and associated policy violations.
Allows users to export all scanned certificates in CBOM-compliant JSON format to track post-quantum readiness and cryptographic risk.
Allows users to export all scanned certificate data in comma-separated values (CSV) format and provides the ability to track export activities.
Supports secure secret-based access for CyberArk connections (SaaS and On-premises), enabling centralized identity management without exposing long-lived credentials.
Allows users to create and manage user-defined policies, duplicate and modify system-defined, Fortanix DSM, or existing user-defined policies, and automatically retrieve cryptographic policies from Fortanix DSM to apply them to scanned connections.
Provides a dashboard for assessing CyberArk connection Post-Quantum Cryptography (PQC) readiness, featuring a sunburst chart layout that simplifies the visualization of certificate data points, and includes drill-down capabilities for deeper insights.