CyberArk Software Ltd. (CyberArk)develops, markets and sells software-based identity security solutions and services.
CyberArk’s AI-powered Identity Security Platform applies intelligent privilege controls to every identity with continuous threat prevention, detection and response across the identity lifecycle. With CyberArk, organizations can minimize operational and security risks by enabling zero trust and least privilege with complete visibility, empowering all users and identities, includi...
CyberArk Software Ltd. (CyberArk)develops, markets and sells software-based identity security solutions and services.
CyberArk’s AI-powered Identity Security Platform applies intelligent privilege controls to every identity with continuous threat prevention, detection and response across the identity lifecycle. With CyberArk, organizations can minimize operational and security risks by enabling zero trust and least privilege with complete visibility, empowering all users and identities, including workforce, IT, developers and machines, to securely access any resource, located anywhere, from everywhere.
By further expanding the CyberArk Identity Security Platform to include a modern IGA offering based on the innovative and transformative capabilities from the company’s acquisition of Zilla Security Inc., it will offer the most complete identity security platform for securing all identities, including human and machine.
When the company looks at all identities that need to be secured across a typical organization, the company sees that there is a spectrum in four key groups: workforce, IT, developers and machines. Each of these secured identity groups has a different level of risk and complexity associated with their access based on their target resources and typical activities.
The company has modernized and extended its Privileged Access Management (PAM) capabilities beyond traditional IT users to cloud operations and third parties who need flexible access controls to all their target resources. The company has invented new, secure technologies based on its foundation of privilege controls to enable developers to securely work at the speed of their developments.
Growth Strategy
The key elements of the company's long-term growth strategy include strengthening its Identity Security leadership position by delivering ongoing innovation; extending its global go-to-market reach; growing its customer base; expanding its relationships with existing customers; and driving strong adoption of its solutions and retaining its customer base.
Solutions
The company’s solutions consist of:
Workforce
The CyberArk Identity Security platform ensures a security-first approach to giving users seamless access to the right resources at the right time. The company’s workforce solutions not only reimagine what it means to protect users beyond legacy access management capabilities like Multi-factor Authentication (MFA) and Single Sign-on (SSO), but also add additional, modern access management capabilities like secure browsing and workforce password management. The company also layers in the right level of privilege controls, like endpoint privilege security and secure web sessions, because privileged users are no longer just IT administrators. While performing their duties, members of the workforce travel the risk spectrum, moving between typical and high-risk access throughout the day depending on the tools they access and the tasks they are performing.
IT
The CyberArk Identity Security Platform provides end-to-end security for IT administrators, third-party vendors and cloud operations teams across hybrid environments with the company’s PAM capabilities. The platform secures high-risk access used to migrate, scale and operate applications on-premises or in the cloud. The company supports shared or federated access for customer-facing or internal applications. The company layers the needed access management capabilities with the right level of PAM and governance across the various types of identities. Additionally, the Platform offers role-specific least privilege, just-in-time and Zero Standing Privilege workflows.
Developers
The CyberArk Identity Security Platform provides extensive controls to secure native access to every layer of a cloud environment – from Cloud Native services to dynamic workloads running on the cloud, to lift-and-shift workloads and SaaS applications. The solution helps organizations to better control and secure multi-cloud environments, elevating just-in-time access with Zero Standing Privileges. By taking this approach, developers receive the permissions they need to do their job, while reducing risks of credential theft by removing excessive access and unnecessary entitlements. Developers retain their native user experience without impacting their productivity.
Machine Identities
Credentials in application code and across the software supply chain are increasingly being targeted for cyberattacks. With CyberArk, organizations can establish strong machine authentication, provide secure standing access or just-in-time access, and centrally rotate and manage credentials. By replacing hardcoded and static secrets with rotated and dynamic secrets, the platform dramatically increases security while avoiding significant change to developer workflows.
Capabilities
The company’s Identity Security Platform provides a complete and flexible set of Identity Security capabilities across four main areas: Contextual Discovery of Risk, Automated Lifecycle, Automated Policy, and Privilege Controls and Compliance.
These capabilities are delivered by the company’s CyberArk Identity Security Platform across the following categories:
Privileged Access Management
CyberArk’s PAM solutions can be used to secure, manage, and monitor privileged access. Privileged accounts can be found on endpoints, in applications, and from hybrid to multi-cloud environments.
Privileged Access Manager
CyberArk Privileged Access Manager and CyberArk Privilege Cloud include risk-based credential security and session management to protect against attacks involving privileged access. CyberArk’s self-hosted Privileged Access Manager solution can be deployed in a self-hosted data center or in a hybrid cloud or a public cloud environment. CyberArk Privileged Cloud is a SaaS solution.
Remote Access
CyberArk Remote Access is a SaaS solution that integrates with Privileged Access Manager or Privilege Cloud to provide fast, easy and secure privileged access to third-party vendors who need access to critical internal systems via CyberArk, without the need to use passwords. By not requiring VPNs or agents, Remote Access removes operational overhead for administrators, makes it easier and quicker to deploy and improves organizational security.
Secure Infrastructure Access
CyberArk Secure Infrastructure Access is a SaaS solution that provisions just-in-time (JIT), privileged access to infrastructure. The solution leverages attribute-based access control and full session isolation to drive measurable risk reduction. Secure Infrastructure Access allows organizations to unify controls for JIT and standing privileged access across public cloud and on-premises systems, enabling operational efficiencies while progressing towards Zero Standing Privileges and zero trust initiatives.
Endpoint Privilege Security
Endpoint Privilege Manager
CyberArk Endpoint Privilege Manager is a SaaS solution that secures privileges on the endpoint (Windows servers, Windows desktops and Mac desktops) and helps contain attacks early in their lifecycle. It enables revocation of local administrator rights, while minimizing impact on user productivity, by seamlessly elevating privileges for authorized applications or tasks.
Secure Desktop
CyberArk Secure Desktop is a solution that lets businesses protect access to endpoints and enforce the principle of least privilege without complicating IT operations or hindering user productivity. The unified endpoint multifactor authentication and privilege management solution helps organizations strengthen access security, optimize user experiences, and eliminate the manually intensive, error-prone administrative processes that can lead to overprovisioning and privilege abuse.
Workforce & Customer Access
The company delivers robust IDaaS which provides a comprehensive, security-first approach to managing identities that is both adaptive and context-aware. CyberArk Identity includes capabilities to secure both workforce and customer identities.
Workforce Identity Security Capabilities:
Adaptive MFA
Adaptive MFA enforces risk-aware and strong identity assurance controls within an organization. These controls include a broad range of built-in authentication factors such as password less authenticators like Windows Hello and Apple TouchID, high assurance authenticators like USB security keys, and the company’s patented Zero Sign-on certificate-based authentication.
Single Sign-On
SSO facilitates secure access to many different applications, systems, and resources while only requiring a single authentication. The company’s SSO capability offers a modern identity provider supporting popular SSO protocols to any system or app that supports SAML, WS-Fed, OIDC and OAuth2, as well as an extensive application catalogue with out-of-the-box integration for thousands of applications.
Secure Web Sessions
Secure Web Sessions records, audits and protects end-user activity within designated web applications. The solution uses a browser extension on an end-user’s endpoint to monitor and segregate web apps that are accessed through SSO and deemed sensitive by business application owners, enterprise IT and security administrators.
Workforce Password Management
CyberArk Workforce Password Management is an enterprise-focused password manager providing a user-friendly solution to store data from business applications -like website URLs, usernames, passwords and notes, in a centralized vault and securely share it with other users in the organization.
Application Gateway
With the CyberArk Identity Application Gateway service, customers can enable secure remote access and expand SSO benefits to on-premises web apps, like SharePoint and SAP, without the complexity of installing and maintaining VPNs.
Identity Lifecycle Management
This module enables CyberArk Identity customers to automate the joiner, mover, and leaver processes within the organization. This automation is critical to ensure that privileges do not accumulate, and a user’s access is turned off as soon as the individual changes roles or leaves the organization.
Directory Services
Allows customers to use identity where they control it. In other words, the company do not force its customers to synchronize their on-premises Active Directory implementation with the company’s cloud. The company’s cloud architecture can work seamlessly with existing directories, such as Active Directory, LDAP-based directories, and other federated directories. CyberArk Identity also provides its own highly scalable and flexible directory for customers who choose to use it.
Customer Identity offers authentication and authorization services, MFA, directory, and user management to enable organizations to provide customers and partners with easy and secure access to websites and applications.
Secure Browser
The CyberArk Secure Browser is a hardened and purpose-built technology that further extends the CyberArk Identity Security Platform to the web browser. It provides enhanced security, privacy and productivity across the enterprise, while delivering a familiar and customized user experience. The CyberArk Secure Browser minimizes the risk of unauthorized access by helping to prevent the malicious use of compromised identities, endpoints, and credentials both at and beyond the login stage. It provides secure access to sensitive data for the complete workforce across the complete identity journey. By providing a centralized, consistent and secure launchpad to every resource and application across the enterprise, it can help safeguard the most sensitive and valuable resources while increasing productivity and privacy.
Identity Management
The company’s capabilities in Identity Management include Lifecycle Management, Identity Flows, Identity Compliance and directory services. The company’s Identity Management solutions are designed to provide a single view of who has access to what, ensuring that the right access is granted for the right amount of time to the right people. CyberArk Lifecycle Management streamlines provisioning and management of entitlements throughout a user’s employment, including approval workflows, access certifications and providing and revoking access. CyberArk Identity Flows is a no-code identity management workflow solution that reduces complexity and manual tasks to easily create workflows and automate business processes. As of February 12, 2025, the company completed the acquisition of Zilla, a leader in modern IGA solutions. Zilla’s innovative, AI-powered IGA capabilities will expand the company’s industry-leading Identity Security Platform with scalable automation that enables accelerated identity compliance and provisioning across digital environments, while maximizing security and operational efficiency.
Cloud Security
Secure Cloud Access
Secure Cloud Access is a service provided from the Identity Security Platform, offering secure, native access to cloud consoles, native services and workloads with zero standing privileges. This service addresses the needs of developers, site reliability engineers and administrators accessing services in their cloud environments via the console or command line interface (CLI). Secure Cloud Access greatly reduces the risk of compromised access in the public cloud, while providing native user experiences for the Cloud Engineering and DevOps teams leading digital transformation.
Machine Identity Security
The company’s machine identity security capabilities provide comprehensive solutions for securing and managing machine credentials, keys, secrets and certificates that are essential for establishing trusted communications between machines, applications, and digital services. With advanced automation, the company helps organizations discover, manage, and rotate machine identities across hybrid and multi-cloud environments to prevent unauthorized access and reduce the risk of data breaches. The platform integrates seamlessly with existing DevOps tools and CI/CD pipelines, such that security does not compromise speed or agility in modern development workflows. By enforcing consistent policies, reducing certificate-related outages, and enhancing visibility into machine identity usage, the company delivers significant value by strengthening overall security posture, mitigating operational risks, and ensuring compliance with regulatory requirements.
Machine Identity Security Capabilities:
Secrets Manager Credential Providers
Credential Providers can be used to provide and manage the credentials used by third-party solutions, such as security tools, RPA, and IT management software, and can also support internally developed applications built on traditional monolithic application architectures. Credential Providers works with CyberArk’s on-premises and SaaS-based solutions.
Conjur Enterprise and Conjur Cloud
For cloud-native applications built using DevOps methodologies, Conjur Enterprise and Conjur Cloud provide a secrets management solution tailored specifically to the unique requirements of these environments delivered either on-premises or in the cloud. The company also provides an open-source version to better meet the needs of the developer community.
Secrets Hub
CyberArk Secrets Hub enables security teams to have centralized visibility and management across secrets in native vaults, such as AWS Secrets Manager and Azure Key Vault, without impacting developer workflows.
Venafi TLS Protect
Venafi TLS Protect allows security teams, application owners and developers to effectively keep up with the rapid growth of transport layer security (TLS) machine identities to prevent outages, while also improving security by minimizing risks introduced by humans and manual processes. TLS Protect identifies all TLS keys and certificates, continually validates that they are installed and operating properly and automates the TLS machine identity lifecycle.
Venafi TLS Protect for Kubernetes
Venafi TLS Protect for Kubernetes helps organizations easily and reliably manage their machine identity security infrastructure in complex multicloud and multicluster environments. It provides the enterprise with discovery, observability, control and consistency of cloud native machine identities (e.g., TLS, mTLS, SPIFFE).
Venafi Zero Touch PKI
Venafi Zero Touch PKI is a SaaS-based service with effortless onboarding provided by Venafi experts. A modern PKI is built to customer specifications, leveraging the certificate authorities, roots and intermediaries needed by a customer’s business. Each customized PKI is designed with current best practices for design, deployment and security in mind, so that the PKI leverages the latest capabilities and protocols.
Venafi SSH Protect
Venafi SSH Protect discovers SSH host and authorized keys throughout a customer’s infrastructure and adds them to a continually updated inventory. In this database, the type of key, location of all copies, public and private components, algorithm and key sizes are routinely assessed and tracked.
Venafi Firefly
Venafi Firefly is a workload identity issuer to give cloud security and information security teams superior governance, compliance and consistency for authenticating all types of workloads across clouds, platforms and application environments. Firefly bootstraps ephemeral trust anchors for issuing validated short-lived identities in the environment in which the workload is running. This provides a developer-friendly, enterprise-scale trust root system with security governance, providing consistent and compliant workload authentication.
Venafi CodeSign Protect
Venafi CodeSign Protect secures enterprise code signing processes by providing centralized and secure key storage along with role-based policy enforcement. Providing code signing-as-a-service reduces the burden on development teams by integrating with the tools and processes they already use.
Core Technology
The company’s platform provides a comprehensive and flexible set of Identity Security capabilities that leverage the following core technologies:
CORA AI
CyberArk CORA AI provides identity security focused AI embedded across the CyberArk Identity Security Platform, making organizations more secure, efficient and effective. CyberArk offers detection and response-focused capabilities to increase a customer’s security levels and time saving capabilities with ease-of-use assistance powered by generative AI. By fundamentally transforming how users interact with and get insights from the Platform, CyberArk CORA AI boosts security, productivity, and time to value.
Secure Digital Vault Technology
The company’s proprietary Digital Vault technology provides a highly secure, isolated environment, independent of other software, and is engineered with multiple layers of security. The company’s on-premises and SaaS PAM offerings use the highly secured Digital Vault to safely store, audit and manage passwords, privileged credentials, policy information and privileged access session data.
Privileged Session Recording and Controls
The company’s innovative privileged session recording and control mechanisms provide the ability to isolate an organization’s IT systems from end-user desktops, while monitoring and auditing privileged session activities. The architecture blocks direct communication between an end-user’s desktop and a target system, thus preventing potential malware on the desktop from infiltrating the target system. This architecture further ensures that privileged credentials will remain protected and will not be exposed to the end-user or reach the desktop. CyberArk session monitoring solutions support native connectivity, whether from browser, native remote desktop protocol or SSH tools, and via the CLI.
Secure Remote Access
The cloud-based, multifactor authentication provided with Remote Access leverages the biometric capabilities from smartphones which in turn allows authorized remote vendors simple just-in-time secure privileged access. Once authenticated, all privileged sessions are automatically recorded for full audit and monitored in real-time.
Strong Application Authentication and Credential Management
The Secrets Manager architecture allows an organization to eliminate hard-coded application credentials, such as passwords and encryption keys, from applications and scripts. The company’s secure, proprietary technology permits authentication of an application during run-time, based on any combination of the application’s signature, executable path or IP address, and operating system user. Following application authentication, the authenticated application uses a secure API, to request privileged account credentials during run-time and, based on the application permissions in Privileged Access Manager, up-to-date credentials are provided to the application.
Strong Endpoint Security
The company’s endpoint agent technology provides policy-based privilege management, application control and credential theft protection capabilities. The agent detects privileged commands, and application installation or invocation on the endpoint to validate whether it is permissible in accordance with the organization’s security policy, otherwise blocking the operation or allowing it to run in a restricted mode.
Distributed Workload Identity Issuance
The company’s innovative workload identity issuance technology allows modern and legacy workloads to obtain trusted and verifiable machine identities to enable secure access between workloads in multi-platform environments. This technology is highly embeddable and provides development teams with the freedom of choice and agility they need while also providing security teams the control and governance they want.
SaaS Extensibility & Cloud Service Provider Integration
Developer Central provides all the essential resources (APIs, SDKs, Recipes) that developers require to efficiently build, integrate, and customize solutions that enhance the security and management of machine identities. CyberArk integrates seamlessly with all major cloud service providers in an agent-less manner to secure machine identities within those environments, simplifying machine identity security across all cloud service provider environment.
Customers
The company’s customers include leading organizations in a diverse set of industries, including financial services, manufacturing, insurance, healthcare, energy and utilities, transportation, retail, technology, and telecommunications, as well as federal and local government agencies.
Go-to-Market
Marketing
The company’s marketing strategy focuses on further strengthening its brand and market leadership position, communicating the benefits of its solutions to its target audiences, driving market engagement, and creating a pipeline with prospects, resulting in an increase in sales to existing and new customers. The company is uniquely positioned as the global leader in Identity Security, trusted by organizations around the world to secure human and machine identities in the modern enterprise. The company’s AI-powered Identity Security Platform applies intelligent privilege controls to every identity with continuous threat prevention, detection and response across the identity lifecycle.
The company executes its strategy by leveraging a combination of internal marketing professionals and a network of channel partners to communicate its value proposition and differentiation for its solutions, generating qualified leads for its sales force and channel partners. The company’s marketing efforts include global inbound and outbound demand generation campaigns, account-based marketing, highly targeted brand awareness campaigns, public relations in multiple geographies, analyst relations, and the publication of a broad array of content made available through its website. The company also participates in key industry events around the world, engaging with audiences through exhibits and demonstrations, speaking sessions and executive meetings.
In May 2024, the company hosted its 18th annual CyberArk IMPACT Conference for customers, partners and prospects in Nashville, TN. In addition, the company executed a series of IMPACT World Tour events in 20 other cities around the globe, with hundreds of customers, partners and prospects attending at each location.
Sales
The company’s hybrid sales model, which combines the leverage of high-touch, channel sales with the account control of direct sales, has played an important role in the growth of its customer base to date. The company maintains a highly trained sales force that is responsible for developing and closing new business, the management of relationships with its channel partners and the support and expansion of relationships with existing customers. The company’s sales organization is organized by geographic regions, consisting of the Americas, EMEA, Asia Pacific and Japan. As of December 31, 2024, the company’s global network of channel partners consisted of more than 1,500 global system integrators, managed service providers, solution providers, strategic outsourcers, advisories and distributors, as well as global and regional marketplaces. The company’s channel partners generally complement its sales efforts by helping identify potential sales targets, maintaining relationships with certain customers, introducing new solutions to existing customers, and offering post-sale professional services and technical support.
In 2024, the company generated approximately 19% of its revenues from direct sales from the company’s field offices located throughout the world. The company works with many global systems integration partners and several leading regional security value added resellers, such as Optiv Security Inc., Merlin International, Computacenter United States Inc., Netpoleon, SHI, M.Tech and GuidePoint Security. Further, the company works with advisory firms, such as Deloitte, PricewaterhouseCoopers LLP, and KPMG in co-marketing and co-delivery of its solutions and providing implementation services to the company’s customers.
Through CyberArk’s C3 Alliance, the company’s global technology partner program, it brings together enterprise software, IT, Security, and cloud providers to build on the power of Identity Security to better protect customers from cyber threats. The company’s CyberArk Marketplace provides a trusted platform for customers to easily find and deploy integrations from the C3 Alliance, partners, and community members.
The company’s sales cycle varies by customer size, the number of solutions purchased and the complexity of the customer’s IT infrastructure, ranging from several weeks for incremental sales to existing customers to several months for large deployments. The company also typically experience seasonality in its sales, particularly demonstrated by increased sales in the last month of a quarter and the last quarter of the year.
Professional and Support Services
Maintenance and Support
The company’s maintenance and support program provide all customers who purchase maintenance and support in conjunction with their perpetual licenses, and customers who purchase self-hosted and SaaS subscriptions, the right to software bug repairs, the latest software enhancements, and updates on an if-and-when available basis during the maintenance period or subscription term, and access to its technical support services. Customers who purchase maintenance and support in conjunction with their initial perpetual license purchase typically buy for one year or three years and can subsequently continue to renew maintenance and support for additional one- or three-year periods. These two alternative maintenance and support periods are common in the software industry. Customers typically pay for each alternative in full at the beginning of their terms. However, in select situations, customers can opt for annual payments.
The company’s technical support services are provided to perpetual and subscription customers via its online support center, which enables customers to submit new support queries and monitor the status of open and past queries. The company’s online support system also provides customers with access to its CyberArk Knowledge Base, an online user-driven information repository that provides customers with the ability to address their own queries. Additionally, the company offers email and telephone support during business hours to customers that purchase a standard support package and 24/7 availability to customers that purchase its 24/7 support or subscription package.
The company’s global customer support organization has expertise in its software and how it interacts with complex IT environments. The company typically provides all levels of support directly to its customers.
Professional Services
The company’s solutions are designed to allow for online trials, or to allow customers to download, install and deploy them on their own or with training and professional assistance. The company’s solutions are highly configurable, and many customers will select either one of its many trained channel partners or the company’s CyberArk Security Services team to provide expert professional services. The company’s Security Services team can be contracted to assist customers in planning, installing, and configuring its solution to meet the needs of their security and IT environment, and provide technical account management services. The company’s Security Services team provides ongoing consulting services regarding best practices for achieving Identity Security and recommends ways to implement its solutions to meet specific customer requirements. The company also have Red Team services, which specialize in adversary simulations to test customers’ and prospects’ cloud and hybrid environments, DevOps pipelines and processes to help make their environment more secure.
In 2022, the company expanded its professional services packages by offering outcome-based services that corresponded with each of the company’s SaaS solutions. This was done to complement the company’s existing professional services solutions, which are aimed at delivering faster time to value and helping customers streamline the deployment of certain CyberArk SaaS solutions, while providing a resource to help to implement a phased approach to a PAM program, from planning, to pilot, to production.
The most comprehensive program of its kind, CyberArk Blueprint is designed to help customers take a future-proof, phased and measurable approach to reducing Identity Security risks. The experience of the CyberArk Labs and Red Team (CyberArk teams involved in cybersecurity research) and incident response engagements shows that nearly every targeted attack follows a similar pattern of identity and privileged credential compromise. These patterns influenced CyberArk Blueprint’s three guiding principles, which are foundational to the program: prevent credential theft; stop lateral and vertical movement; and limit privilege escalation and abuse. The CyberArk Blueprint uses a simple, prescriptive approach based on these guiding principles to reduce risk across five stages of Identity Security maturity.
Research and Development
The company’s research and development expenses were $243.1 million in 2024.
Intellectual Property
As of December 31, 2024, the company had 189 issued patents in the U.S., and 46 pending U.S. patent applications. The company also had 92 issued patents and 13 applications pending for examination in non-U.S. jurisdictions, all of which are counterparts of its U.S. patent applications.
Competition
The company’s Identity Security Platform competes across a variety of markets and competitors, including, but not limited to: PAM, including Endpoint Privilege Management, such as Delinea and BeyondTrust; Access Management, such as Okta and Microsoft; Secrets Management, such as Hashi Corporation; Machine Identity, such as Keyfactor; and Identity Governance and Administration, such as SailPoint and Saviynt.
History
CyberArk Software Ltd. was founded in 1999. The company was incorporated in 1996.
