SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Secure management digital machine identities servers certificates padlocks
#
DevOps
#
Supply Chain
#
APM

CyberArk unveils enhanced tools to protect growing machine identities

Wed, 8th Oct 2025
Author image
By Melania Watson, Interview Editor

CyberArk has announced new features for its Machine Identity Security portfolio, providing security teams with enhanced capabilities to discover, interpret and control machine identities across enterprise IT environments.

An increase in machine identities, estimated to outnumber human identities by 82 to 1 due to the adoption of artificial intelligence and cloud-native technology, has resulted in a higher prevalence of machine identity-related security incidents. According to research from CyberArk, 72% of security leaders reported experiencing certificate-related outages, and 50% encountered security incidents or breaches related to compromised machine identities.

The company stated that manual processes are proving insufficient for managing this proliferation of machine identities, necessitating solutions that emphasise automation, discovery and contextual analysis to address security challenges and compliance requirements.

Portfolio enhancements

The updated Machine Identity Security portfolio introduces centralised visibility, automated policy enforcement and insights driven by context. These features aim to support organisations in monitoring and managing every machine identity-covering certificates, keys, secrets and workloads-across all environments.

Key additions include new tools within the CyberArk Secrets Hub, such as Discovery and Context for HashiCorp Vault, which provides visibility into distributed HashiCorp Vault installations and helps to ensure policy compliance across the enterprise without disrupting developer workflows. A Risk Management and Remediation Dashboard has also been introduced to centralise observability across various secret vaults and incorporate third-party scanner data to identify and prioritise areas of high risk.

CyberArk Certificate Manager, provided as a SaaS solution, now offers a CA/B Forum TLS Certificate Dashboard, which gives real-time visibility into certificate expiration timelines, projections for renewals and certificate authority usage. This feature is designed to help organisations prepare for forthcoming reductions in TLS certificate lifespans-set to decrease from 398 days to 47 days by 2029.

Other newly detailed features include Code Sign Management, Policy Enforcement and deeper integrations with DevOps tooling, focused on automating and enforcing standards for signed code and certificate lifecycle management. These functions are intended to reduce overhead, facilitate compliance and accelerate the adoption of secure software development practices.

Additionally, CyberArk SSH Manager for Machines offers new authorisation and policy controls that facilitate real-time authorisation tracking and discovery, aiming to improve visibility, reduce risk and support audit compliance related to SSH key use.

Industry context

Kurt Sand, General Manager of Machine Identity Security at CyberArk, commented on the context and necessity of the new capabilities.

"Implementing machine identity security programs has become increasingly complex as organisations grapple with shrinking certificate lifespans, the rise of AI agents, vault sprawl and vulnerable software supply chains. With these new discovery, context and remediation capabilities, customers gain the visibility and control they need to tame sprawl, enforce policy and secure their environments more efficiently. This milestone, just one year after our acquisition of Venafi, marks a significant step forward in our commitment to delivering the industry's most comprehensive, end-to-end machine identity security solution."

Industry experts note that the rapid expansion of automated and non-human digital entities in enterprise environments heightens the risk of mismanagement and unauthorised access, especially as certificate lifespans continue to decrease and the use of multiple software supply chains becomes more common. Automated discovery and remediation tools are increasingly viewed as crucial for securing these environments and ensuring regulatory compliance.

Market implications

The features in the expanded portfolio are positioned as instrumental in helping enterprises address the challenges brought on by the rapid growth of machine identities. Automated discovery against dispersed vault instances, continuous visibility into evolving certificate requirements and policy-based controls for sensitive operations such as code signing and SSH key management are all factors highlighted by CyberArk as essential for maintaining robust security postures.

CyberArk's updates to its Machine Identity Security platform are available now and are slated for further enhancements over the ensuing year. The company has said that the upgrades will support organisations as they face ongoing changes in machine identity management requirements and industry compliance standards.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
DE-CIX predicts AI revolution in finance, healthcare & industry by 2026
CrowdStrike & CoreWeave unite to secure advanced AI cloud workloads
CrowdStrike expands Falcon with mission-ready agents for AI security
SquareX wins SINET16 Innovator Award for browser security
CrowdStrike unveils Falcon XIoT for unified OT & IoT security

Top stories

Check Point scores 99.59% in top firewall security report by NSS
Fortinet unveils Secure AI Data Centre to boost AI security & speed
Retailers hit by ransomware face higher USD $2 million demands
Contrast Security integrates with Microsoft Sentinel for real-time app defence
Cloud breaches driven by identity failures & process flaws