利用CyberArk存储目标主机密码，Tenable等第三方软件需要调用目标系统密码时根据权限由CyberArk自动授予密码。密码无需存储在Tenable本地，需要使用时再通过CyberArk进行调用。降低密码口令泄露可能性，也使得密码统一变更、管理变成可能。

不仅是Tenable，如Rapid7等众多合作伙伴均可以与CyberArk配合使用，即避免了用户密码存储在第三方软件/产品中的风险，又能够提供第三方产品扫描的正确性，大幅提高扫描精度。

How It Works
Step 1: Install your Tenable solution according to the instructions in
its Installation Guide. In addition, install CyberArk Secure Digital
Vault? and Central Credential Provider .
Step 2: Configure your Tenable solution to reach the CyberArk
Central Credential Provider, under “CyberArk Vault” authentication
method under “Credentials” configuration option within your
Tenable solution.
Step 3: Configure your CyberArk Vault and the Central Credential
Provider to allow credentials to be passed to your Tenable solution.
Step 4: When conducting a vulnerability or configuration
assessment, use a scan policy that uses the previously configured
CyberArk Digital Vault credentials from Step 2. Upon
authentication, Tenable’s solutions will query the CyberArk
Digital Vault for the credentials needed to successfully conduct
the assessment.

Joint Tenable-CyberArk
Deployment Benefits
? Securely store and rotate application credentials in
CyberArk’s Secure Digital Vault?; Credentials no longer
need to be managed and updated directly within a Tenable
solution
? Reduce the time and effort needed to document where
credentials are stored within the entire organizational
environment
? Automatically enforce security policies within specific
departments or for specific business unit requirements, which
simplifies compliance
? Reduce the risk of unsecured privileged accounts and
credentials across the enterprise
? Manage application authentication to ensure only authorized
applications can access required credentials
? Comply with internal and regulatory requirements for securing
and managing passwords and SSH keys