CyberArk introduced new discovery and context features within its Machine Identity Security portfolio, empowering security teams to automatically identify, analyze, and protect machine identities — including certificates, keys, secrets, and workloads — to minimize risk and streamline compliance at scale.
Machine identities outnumber human identities by an estimated 82 to 1, driven by increased AI adoption and cloud native growth. As a result, machine identity-related security incidents are on the rise, with 72% of security leaders reporting certificate-related outages and 50% experiencing security incidents or breaches from compromised machine identities, according to CyberArk research. Manual processes can no longer keep up, and organizations need an automated discovery and context-driven approach to stay ahead.
“Implementing machine identity security programs has become increasingly complex as organizations grapple with shrinking certificate lifespans, the rise of AI agents, vault sprawl and vulnerable software supply chains. With these new discovery, context and remediation capabilities, customers gain the visibility and control they need to tame sprawl, enforce policy and secure their environments more efficiently,” said Kurt Sand, GM of Machine Identity Security at CyberArk. “This milestone, just one year after our acquisition of Venafi, marks a significant step forward in our commitment to delivering the industry’s most comprehensive, end-to-end machine identity security solution.”
CyberArk’s expanded Machine Identity Security portfolio delivers centralized visibility, automated policy enforcement and context-driven insights to help organizations monitor and secure every machine identity, anywhere, across the enterprise. Key enhancements include:
CyberArk Secrets Hub
• Discovery and Context for HashiCorp Vault(1) – Helps address critical vault sprawl challenges by providing visibility into dispersed HashiCorp Vault instances and ensuring enterprise-wide policy compliance without disrupting developer workflows.
• Risk Management and Remediation Dashboard(2) – Centralizes observability across market-leading secrets vaults and integrates third-party scanner data to identify high-risk areas, enabling organizations to prioritize remediation and track compliance progress.
CyberArk Certificate Manager, SaaS
• CA/B Forum TLS Certificate (47-day) Dashboard(1) – Provides real-time visibility into certificate expiration timelines, renewal projections and certificate authority usage to help organizations prepare for reduced TLS certificate lifespans (from 398 days today to 200 days in 2026, 100 days in 2027 and 47 days by 2029), allowing them to easily manage renewals and prevent outages.
• Code Sign Management, Policy Enforcement and Deep DevOps Integrations(2) – Provide automated, policy-enforced code signing and governance alongside certificate lifecycle management to reduce infrastructure overhead, accelerate adoption and help ensure only trusted, compliant software is released.
CyberArk SSH Manager for Machines
• New Authorization and Policy Controls(1) – Grant real-time authorization tracking and discovery for centralized visibility, risk reduction and audit compliance to help better manage SSH key sprawl and unmitigated access.
To learn more about the new discovery and context capabilities, in addition to upcoming news and previews related to CyberArk’s machine identity security solutions, watch the keynote at CyberArk IMPACT World Tour 2025 in Long Beach for demos of the new features. (available live and on-demand)
Related News:
Arctic Wolf Expands AI Aurora Platform with New Security Integrations
Cloud Environment Advice for Cloud Security Day
1 Available now
2 Available by late 2025