---

As a Solutions Engineer at CyberArk Singapore during my final year of studies, I embarked on an ambitious project to supplement CyberArk’s robust Privileged Access Management (PAM) solutions. This project not only showcased the potential for innovation in cybersecurity but also highlighted the importance of automation, efficient data handling, and user engagement in enhancing security tools. Here’s a detailed look at what I developed, how I approached it, and the outcomes achieved.

Understanding CyberArk and Privileged Access Management (PAM)

CyberArk is a global leader in cybersecurity, specializing in securing organizations against threats targeting critical internal systems and sensitive data. A key component of this protection is PAM, which focuses on automating password changes, monitoring user activities in sensitive sessions, and discovering and managing new high-privilege accounts.

The diagram represents CyberArk’s PAM Customer Lifecycle, a structured approach to implementing and maintaining a Privileged Access Management (PAM) solution. Here’s what each stage signifies:

1. Requirement Gathering: This initial phase involves understanding the customer’s specific needs for PAM, including security policies, compliance requirements, and infrastructure specifics.
2. Design: Based on the requirements, a tailored design is created to address the customer’s privileged access management needs, ensuring compatibility with their existing systems.
3. Install & Configure: Implementation of the designed solution, which includes installing and configuring the CyberArk PAM components, such as password vaults, monitoring tools, and access controls.
4. Onboard Accounts Automatically (Discovery): This step focuses on automating the process of discovering and onboarding privileged accounts into the PAM system to ensure comprehensive coverage.
5. Regular Patching & Updates: Continuous maintenance of the PAM solution through updates and patches to ensure the system remains secure, functional, and aligned with evolving security threats.
6. Support Issues (Troubleshooting): Providing ongoing support to address any operational issues, such as troubleshooting errors or refining configurations, to maintain optimal performance.

This lifecycle ensures that CyberArk’s PAM solution is effectively implemented, maintained, and supported, meeting customer needs and adapting to security challenges over time.

Project Structure and Goals

The project was designed to complement CyberArk’s PAM Customer Lifecycle and was divided into three main components:

1. PAM Implementation – Designing, installing, and configuring the lifecycle.
2. Discovery Tool – Automating the onboarding of accounts in the lifecycle.
3. Log Analyst Tool – Supporting lifecycle issues by analyzing logs.

Part 1: PAM Implementation

The first phase involved deploying a robust infrastructure to support PAM. This included:

• Procuring and configuring eight virtual machines (four Windows and four Linux).
• Implementing network connectivity and hardening the systems.
• Conducting rigorous manual testing to ensure security requirements were met, as external testing tools were not allowed.

The successful implementation laid the foundation for secure and efficient PAM operations.

Part 2: Discovery Tool

While CyberArk’s existing discovery tools were effective, they were limited to Windows and Linux environments and lacked automated offboarding for inactive accounts. To address these gaps, I developed a Discovery Tool with features like:

• Bulk onboarding and offboarding of accounts.
• Refreshing and deleting cached data.

This tool was built using Python Django, with extensive use of JavaScript and Ajax for dynamic REST API interactions. A JSON-based database was implemented to cache and manage data efficiently, enhancing the tool’s scalability and responsiveness.

Developed with Python Django while JavaScript & Ajax was extensively used across the project. 

REST API to ServiceNow and CyberArk PAM to pull data. 

JSON File used as Database to cache data

Depicts Data is being read and subsequently new data is being written.	Depicts JSON file being accessed to retrieve information.

Part 3: Log Analyst Tool

Analyzing logs to resolve password rotation issues was another challenge, as identifying specific error codes in massive log files was time-consuming. The Log Analyst Tool tackled this with:

• A dashboard showcasing error trends, problem areas, and frequent issues.
• Integration of regex for cleaning and organizing log data.
• The inclusion of CyberSage, an AI-powered chatbot, built on OpenAI’s DialoGPT. The chatbot provided:
  • Real-time error solutions based on user queries.
  • Adaptive learning to improve over time.
  • Context-aware, engaging conversational interactions.

Quick look at how the web interface looked like

Implementation

Data is transmitted in CSV format

Json Array containing multiple JSON objects utilized 

Regex used to clean data from the logs 

Code Snippet Demonstrating Storing Information Using JSON Object and JSON Array	Regex Codes used to clean data

Implementation of AI Chatbot in Log Analyst Tool

1. Introduction of DialoGPT:
   • Brief Overview: DialoGPT is a cutting-edge language model developed by OpenAI, specifically tailored for generating human-like conversational responses.
   • Significance: Its unique training on diverse conversational data makes it ideal for realistic and engaging chatbot interactions.

2. Integration with Our Chatbot:

• Application: In our AI chatbot, DialoGPT serves as the core engine, enabling nuanced and context-aware conversations with users.
• Benefits: This integration results in a more natural and satisfying user experience, with improved understanding of user queries and dynamic response generation.

Advantages of DialogPT:

• Adaptive Learning: DialoGPT adapts to conversation topics seamlessly, providing relevant and coherent responses.”
• Scalability: “Its scalable architecture allows our chatbot to handle a wide range of conversational scenarios, maintaining performance and reliability.
• User Engagement: Enhanced by DialoGPT, our chatbot achieves higher user engagement through personalized and interactive dialogues.

Function for Retrieving Solutions Based on User-Entered Error Codes	Handling Unrecognized Error Codes: Locating the Closest Match within the AI’s Knowledge Base	Implementing Conditional Logic to Return the Most Similar Answers

Methodology and Tools

Adopting a Scrum methodology ensured efficient project management:

• Bi-weekly meetings with my supervisor acted as feedback loops.
• Rigorous whitebox and user acceptance testing (UAT) validated each deliverable.

Technological highlights of the project included Python Django for backend development, REST APIs for data integration, and regex for log file optimization.

Outcomes and Reflections

This project was a comprehensive learning experience, blending technical development with problem-solving and user-centric design. By addressing real-world challenges faced in PAM solutions, I contributed to improving automation, data management, and user engagement for CyberArk’s ecosystem.

Through this journey, I gained deeper insights into cybersecurity challenges and honed my skills in software engineering and AI integration.

Closing Thoughts

The tools and solutions developed during this project are a testament to how innovative thinking and technical expertise can augment even the most robust cybersecurity frameworks. As I look forward to new challenges, I’m excited to explore more opportunities to make a meaningful impact in the field of cybersecurity.