Latest Posts

Mapping Sectona PAM To Help Banks Comply With Swift CSP Framework

The cyber-attack threats are ever increasing. There have been recent incidents of payment frauds in customer’s local environment. SWIFT’s payment community continues to suffer from numerous cyber-attacks and breaches. For year 2020, SWIFT promoted 2 existing advisory controls to mandatory and introduced 2 additional advisory controls resulting in 21 mandatory and 10 advisory controls in the CSCF v2020. The SWIFT has launched a CSP (Customer Security Programme) which aims to improve information sharing throughout the community. Through the programme, it also shares best practices for fraud detection and enhance support by third party providers. The clause 1 of SWIFT CSP framework speaks about restrict internet access and protect critical systems from general IT environment. The framework speaks about the SWIFT environment protection i.e. the protection of user’s local SWIFT environment from potentially compromising elements of general IT environment and external environment. The framework states that there should be complete isolation of the SWIFT user’s environment. There should be complete control and access restrictions over OS Privileged accounts. It also emphasizes on securing the virtualization platforms. All the virtualization platforms and virtual machines (VMs) which are hosting SWIFT related components should be secured to the same level as physical systems. The Spectra Privileged Access Management (PAM) Solution by Sectona with its hybrid access mechanism, ensures secure access to critical systems, including SWIFT infrastructure for users to accessing from internal or external environment. Spectra allows for privileged sessions to be accessed over browser to ensure true session isolation while also allowing direct client-based access without need for agent on the target device. There is also provision for access to be enabled through a secure Jump Host as well for session isolation.  Spectra is a true cross platform capable solution which allows users to take access from any OS, any browser without any need for plugins. Spectra PAM has strong server privilege management & access control capabilities that allow for user access to be segregated based on workforce roles & responsibilities. Unauthorized access is eliminated by way of this capability. Spectra has strong integrations with Virtualization platforms & VMs and access to these can be secured with the same effect as for physical systems. The clause 2.6 of this framework states that surface attacks and vulnerabilities should be reduced. There should be complete operator session confidentiality and integrity to be maintained. The interactive operator sessions connecting to local SWIFT infrastructure should be protected from surface attacks and vulnerabilities. Sessions taken to the SWIFT infrastructure through Spectra PAM will be completely secured, controlled & monitored through a secure mechanism, and ensures protection of the confidentiality & integrity of sessions. Along with MFA to access any interactive session of SWIFT via PAM. In addition, the threat analytics engine within Spectra PAM calculates a composite risk score for each privileged session that helps with auditing and forensics much easily and faster. The clause 2.8 of this framework speaks about the outsourcing of critical activities. It states that the local SWIFT infrastructure should be protected from the risks exposed by the outsourcing of critical activities. Spectra can enable workflow-based access for outsourced activities to ensure that access to the SWIFT infrastructure is granted only after review & approval from authorized personnel. For any critical activity wherein the session may need to be shared over the internet with outsourced or third party vendors, Spectra enables a highly secure way of collaborating without revealing credentials and generating collaborative logs identifying and logging the activities that happened during the session. The clause 2.9 of this framework states that all the business transactions should be controlled. All the business transactions taking place in the environment should be validated and authorized by the respective counter parties. In Spectra PAM, time-based access can be provided to users taking access to SWIFT infrastructure. This ensures that the user access to SWIFT infrastructure is authorized at pre-decided time frame. In addition, workflow-based access can also be enabled to ensure users are given access only after review & approval. Multiple levels (up to 15) of approvals can be configured in Spectra. The clause 4 highlights the prevention of credential compromisation. The clause 4.1 states that the effective password policies should be in place. The passwords should be resistant enough against common password attacks. Spectra PAM has a robust password vault that supports customizable password change policies enabling password complexities and rotations with a wide range of combinations. Multiple Password Policies can be created, and they can either can be applied to an asset or group of assets. Spectra’s Password Vault can help schedule password changes on a regular basis & help set password complexities as desired. The vault is highly secure & passwords are encrypted with either AES 256 encryption or RSA 2048 encryption. The clause 4.2 is about the multi-factor authentication. It requires prevention of compromised single authentication factor for allowing access into SWIFT environment. Spectra is engineered to readily integrate with MFA providers such as RSA, Vasco, Safenet, Okta, OneLogin, Duo or Google Authenticator. Alternatively, it provides proprietary in-built Mobile OTP or Push Authentication and SMS or Email OTP options for multi factor authentication. 2FA mechanism ensures additional layer of security & control. The clause 5 of this framework is speaks about managing identities and segregation of privileges. The clause 5.1   is about the logical access control, i.e. access should be provided on need-to-know basis, and duties for operator accounts should be segregated. Spectra PAM follows the principle of least privileges and segregation of duties adding value by providing attribute-based grouping or AD grouping that can help reduce human effort involved with user mapping based on roles & responsibilities. The clause 5.4 speaks about the protecting the logically and physically stored passwords in the SWIFT environment. Spectra PAM has a robust password vault that supports customizable password change policies enabling password complexities and rotations with a wide range of combinations. Multiple Password Policies can be created, and they can either can be applied to an asset or group of assets. The vault is highly secure & passwords are encrypted with either AES 256 encryption or RSA 2048 encryption. The clause 6 speaks about detection of anomalous activities to system or transaction records.  The clause 6.4 states that all the security events should be recorded and detect anomalous actions and operations within the local SWIFT environment. Spectra's Session Recording module completely captures logs of all privileged sessions across target system sessions including access to SWIFT environment. In addition, the threat analytics engine within Spectra PAM calculates a composite risk score for each privileged session that helps with auditing and forensics much easily and faster. Spectra has an in-built Risk Scoring engine with a list of predefined plausible high-risk scenarios. The risk levels for these scenarios can be configured to incorporate desired risk levels of the organization. This Risk Scoring engine will help calculate composite risk score for each user session based on the activities in the session that thereby helps assess the access behavior. Spectra PAM has alert and notification engine to ensure to ensure timely alerts are sent to concerned personnel on execution of pre-defined critical commands or activities. SWIFT has included an extensive list of best practices to be followed, the latest version of compliance document is available here. For those starting out with their privileged access security programs, start by targeting and identifying all privileged accounts. Leverage this list here  to start your privileged access security program. Sectona team has come up with an interesting article about why running isolated privileged sessions for remote users is important, read it here.
Shruti Kulkarni May 27, 2020
Shruti Kulkarni
May 27, 2020

Sectona Recognized By KuppingerCole As A Maturing Challenger

PAM Market Overview KuppingerCole, a leading analyst organization headquartered in Europe, announced public availability of its Leadership Compass report for Privileged Access Management.  The report suggests that PAM has become one of the “fastest growing areas of cybersecurity and risk management solutions”. KuppingerCole estimates the PAM market is a $2.2bn market by revenue with a growth of up to $5.4bn expected by 2025. The reports states how credential vaulting, password rotation, controlled elevation and delegation of privileges, session establishment and activity monitoring are now almost standard features of any PAM solution. More advanced capabilities such as privileged user analytics, risk-based session monitoring, advanced threat protection, and the ability to embrace PAM scenarios in an enterprise governance program are becoming the new standard for PAM solutions to protect against today’s threat. Sectona Strongly Recognized as Challenger Sectona has impressively surpassed several competitors in this report to make its way as a strong Challenger to look forward to. Among a competitive space of 25 vendors recognized in this report, 80% of whom have been in the industry for over a decade, Sectona in a short span of just over 3 years has shown immense growth and earned an admirable spot as a strong Challenger in the Overall rating. The lead analyst Paul Fisher highlights “Given how the short time that has elapsed since the company was founded, it is maturing at an impressive rate”. Speaking about some key innovation and strengths, the report also rates Sectona a respectable Challenger in the Product and Innovation Rating sections. This has been a noteworthy feat for the company considering how it has quickly graduated from being a Follower in the previous report to a Challenger this year. Feature-rich, the KuppingerCole analyst also rates Sectona’s PAM solution Spectra as a ‘positive’ when it comes to Interoperability, Usability and Deployment. Sectona PAM Analysis in the Report Considering Sectona is a young company, analysis of its PAM product involves mostly hits especially for the key aspects with little misses. Hits - Easy to understand and use dashboard, PDK (Plugin Development Kit) does not need coding - Access from wide range of platforms without agents or plug-ins - Strong support for cloud-based services to onboard assets - A collaborative, cross-platform approach allows for integrations offering desired flexibility - Despite its relative youth, the company has done well to present some advanced ideas on PAM and application integration Fisher specifically calls out Spectra’s PSM (Privilege Session Management) strength stating that it “offers access to privileged sessions over any HTML5 supported browser from any platform without the need of agents or plugins to be installed”. This aligns with not just the core PSM capability but also covers needs of advanced requirements including secure remote access for users, especially in today’s digital environments. Misses - While undoubtedly innovative, Spectra needs to offer more capabilities to succeed in Europe and North America - May struggle to fund the marketing it deserves - Functionally limited to PSM with lack of proven AAPM (Application to Application Password Management), CPEDM (Controlled Privilege Elevation and Delegation Management) capability Primarily being a non-funded company, Sectona has grown its revenue 300% YoY. This is testament to the fast-growing business and financial stability of our company. Sectona has a strong foothold thus far in India, Middle East and East African countries and have aggressively begun adequate marketing initiatives to penetrate and sustain newer markets including Europe. From a technology standpoint, Sectona’s Spectra PAM solution has proven Application to Application Password Management capabilities. This is highlighted in the report by Fisher where he mentions “It’s up to speed with features such as application to application password management by using APIs and SSKs (Software Support Kits) for many platforms”. Spectra also has built-in Privilege Elevation and Task Automation capabilities. This is also rightly mentioned in the report stating Spectra “offers some degree of automation with Privileged Task Management”. Where We are Headed Our commitment to innovate and address more genuine and practical areas of concern around privileged access has never ceased. We continue to develop and enhance our PAM product capabilities to make it a more value-driven offering for organizations. Some of our innovative capabilities for the near future include: DevOps – Secrets Management Sectona is currently working towards making its DevOps secrets management module available by the 3rd quarter of this year. Sectona has always believed in a future vision and had started developing around DevOps secrets management last year. This thought process is also validated by KuppingerCole where they identify DevOps in organizations as one key contributor to the growth of the PAM market. To add to it, Paul Fisher highlights that Spectra “is well positioned to manage DevOps and containerization demands in the future”.  Privileged Account Governance While Spectra has taken care of the customizable reporting and dashboard part in its current version, roadmap includes a dedicated PAG (Privilege Account Governance) module providing privileged access certifications and valuable insights related to the state of privileged access. This again is in line with some of the advanced capabilities that PAM solutions will be expected to have, as stated in the report.
Vishal Thakkar May 10, 2020
Vishal Thakkar
May 10, 2020

Strengthening Core Security To Achieve Compliance With SAMA Cybersecurity Framework

Safeguarding the sensitive data of your digital society is one of the prime requirements for any nation. Online services are becoming strategically important for both public and private sector organizations, helping them grow a digital economy. And Kingdom of Saudi Arabia is not immune to this growing change. They proactively explore and implement a strong, immune, system which can safeguard sensitive data, transactions and most importantly confidence in the entire Saudi Finance Sector. The financial sector in Saudi recognized the rate at which technology is changing, and the cyber threats always loom large in any given situation along with evolving risks. Saudi Arabia Monetary Authority (SAMA) came up with cyber security framework in May 2017 to enable financial institutions to effectively identify and mitigate the cyber risks.  The main objective of this framework is to: To create a common approach for addressing cyber security within member organizations To achieve appropriate maturity level of cyber security controls within member organizations To ensure cyber security risk are properly managed throughout member organizations The requirements of this framework does not just encompass best practices suggested across various industry cyber security standards like PCI DSS , NIST, ISF, ISO, BASEL but also mandates adherence to some. The framework mandates and defines principles, and objectives for initiating, implementing, maintaining, monitoring and improving cyber security controls in member organizations. The SAMA Guidelines are very crisp and clear regarding cyber security principles and objectives. Those are broken down into four domains of cyber security: Leadership and Governance, Risk Management and Compliance, Operations and Technology and lastly Third-Party Security. [caption id="attachment_23026" align="aligncenter" width="503"] Figure 1: SAMA Cyber Security Framework Structure Source: Cyber Security Framework, Saudi Arabia Monetary Authority, Ver 1.0, May 2017[/caption] It is well known that regardless of the source of a cyber-attack, compromised credentials eventually lead to cathartic damages in any cyber-attack. Identifying the root cause for this spot on, SAMA suggests stringent measures around User Privileges, Identities & Access Management. They have laid down a comprehensive list of control consideration policies for member organizations around providing need-based and controlled access to critical IT systems, discovering & vaulting critical IT systems and privileged accounts, comprehensive monitoring and logging and multi-factor authentication enablement for all privileged users including internal staff and third-party vendors. Sectona PAM is Aligned with SAMA Best Practices Sectona, with its modern and next generation Privileged and Remote Access Management (PAM) Suite helps organizations achieve compliance with confidence. Business Requirements for Access Control The guidelines state that all the users’ access must be on need-to-have and need-to-know basis to avoid unauthorized access and (un)intended data leakage. With Sectona’s Spectra Privileged Access Management, access can be controlled, defined and managed on a need-to-know and need-to-have basis. Depending on the users’ roles, responsibilities and need to access critical IT systems, access policies on a granular scale can be defined and password-less transparent access to IT systems such as RDP, SSH and others can be enabled. This ensures that only designated users access with their authorized named user IDs and passwords of these privileged accounts are not shared among multiple users. Spectra PAM also empowers you to automate discovery across accounts & assets for easy on-boarding of accounts reducing significant manual efforts for IT operations team. Furthermore, provisioning of privileged accounts adds another security layer for on-boarding additional users who need privileged access. Spectra PAM Account and Asset discovery provides an automated way of discovering IT assets across your IT infrastructure. With schedulers and automated on-boarding rules, obtain relevant asset information and reduce time for securing privileged accounts. Start on-boarding VMware ESX/ESXi managed guest OS Automatically retrieve and list OS linked to Active Directory Run network-based discovery for assets across on-premise locations Gain complete visibility into the privilege accounts & IT assets whether on-premises or in the public or private cloud User Access Management With Automation The guidelines states managing users with changing role or job positions, any change in external staff or third parties should be approved by accountable party.Spectra Privileged Access Management Solution is tightly integrated with Active Directory and it can allow access to users present on AD. Various roles and user access policy creation is possible for the users. Spectra has maker-checker facility wherein any changes or modifications to user roles can be validated and approved by authorized personnel. With Spectra’s Attribute based grouping policies, access provisioning to users can be automated while following attributes such as role, IT asset group, user band etc. This reduces manual dependence to map one-on-one access for each user to each IT asset and account. Centralization of Identity and Access Functions The guidelines state that all the functions of identity and access management should be centralized. Spectra PAM has a centralized web console that can be accessed from any platform & any HTML5 supported browser. Since Spectra works on micro-services architecture, all components are embedded into one web console which can be configured & controlled via central management console. This also helps at the time of upgrade of Spectra to control centrally with a single installer. Privileged and Remote Access Management with MFA The guideline states that all the users taking privileged access should have restricted use, MFA should be used for all remote users, MFA should be used for all privileged users taking access on critical systems with risk assessment, all the accounts must go through a periodic review, there should be individual accountability. Spectra Privilege and Remote Access Management Solution allows creating separate policies for remote users wherein, they have MFA enabled access. While defining user access policies, MFA can be enabled for all privileged users taking access. With Spectra’s cross-platform and browser-based access capabilities, all users especially remote user and third-party users can be enabled access to IT systems without VPN over browser ensuring restricted use over data movement and copy of data. Learn more about securing remote privileged access without VPN here. Spectra PAM allows creation of user policies where multi-factor authentication-based access can be enabled for user profiles handling critical and sensitive data. Spectra PAM suite is built with robust MFA authentication capabilities with easy to implement MFA for multiple sets of users. Solution provides a range of authentication methods covering: Adaptive authentication for enforcing MFA based on risk scoring for user access that relies on parameters such as time-based access, device fingerprinting and access criteria based on Geographic location Integration with leading Cloud Based MFA authentication providers such as Okta, One Login and Duo helping reduce time to implement and integrate Sectona Mobile which provides MFA based on Mobile based Soft Tokens (without internet connectivity), SMS Tokens, and Email Tokens. Out-of-the-box integration with hardware token providers such as RSA SecureID and Vasco Monitoring, review & accountability The guideline states that monitoring and review of privileged and remote accounts must be done while ensuring accountability.Spectra PAM has a robust session recording and session logging module that captures comprehensive details around which user accessed what system at what time from where among other details. This helps associate individual accountability of privileged and remote user access.Furthermore, Spectra has an in-built Threat Analytics and Risk Assessment Engine, which calculates a risk score for each and every session based on user profiling and the activities carried out in each session. The use of non-personal privileged accounts For this requirement, guidelines state that there should be limitations and complete monitoring of the privileged sessions, all the passwords must be confidential and all the passwords must be changed periodically and also at the end of each session.Spectra PAM enables administrators for live monitoring of the sessions and termination as well with complete audit. All the passwords are stored in robust Spectra Password Vault which does the complete management of passwords i.e. rotation, verification and reconciliation. Users can define the frequency for password change along with the desired complexities. Conclusion It would be safe to say that SAMA has laid down an extensive list for Identity and Access Management requirements taking into consideration complete security of the nation. The detailed framework document is available.Going one step further, we have also published a list of high priority use-cases that companies must take note of and protect when it comes to securing privileged accounts. Refer to this document here. Also, for those starting out with their privileged access security programs, start by targeting and identifying all privileged accounts. Leverage this list here  to start your privileged access security program.
Shruti Kulkarni April 30, 2020
Shruti Kulkarni
April 30, 2020

Company Culture And Value System: Significant In Unstable Situations

“But in the midst of all that uncertainty and lack of clarity, there lies a wild beauty. A hope. Possibility. The promise of something bigger than us happening just beneath the surface that we can’t see.”  - Mandy Hale.  With this beautiful thought, we must learn to embrace each situation as it comes and persist through it by believing in our company’s value system. An organization aims to create a culture for employees to thrive, build a value system to function unanimously and a path that leads to company driven goals. Fundamentally, these are the pillars for a successful company to survive, grow and lead. However businesses are meant to be risky affairs, be it managing teams, tackling profits and losses and to add an element there are always a few unforeseeable situations that tend to disturb the normalcy. While in difficult situations naturally the competition to run businesses in an unaffected manner and constantly be at disposal of continuity pushes companies to focus on deliverables and expect employees to contribute to the best of their capabilities. During this process, seldom organizations waive out the importance of maintaining and managing culture for employees to be equally productive. There are various elements to this, naming a few would be: Need for Communication, Enhance Engagement Plans, Shaping and Adapting to changes in Culture, Importance of being Relevant and Curating Team Activities. Need for Communication Expectations, Functionality and Execution are bound to change during undetermined circumstances, how do we cope with this? Communication is the key! Managers, Team Leads, HR’s require to be vocal, clear and transparent about the situations, their effects on our organization and how we are planning to overcome this. Also, encouraging a two way communication is essential, hearing out employees, their problems, opinions and addressing them in a right manner boosts employee morale. Enhance Engagement Plans Seldom it has been observed, during unprecedented situations employee engagement process takes a backseat. It is beneficial to always keep employees involved and engaged irrespective of the ongoing state of affairs. Productivity is a result of highly engaged individuals and teams. Improving engagement plans is number-one step to help employees overcome any coercive situation stemmed out. It must be a collaborative effort within teams and their respective reporting managers to devise plans that works best for the team. Companies should revamp the engagement plans analyzing the need, requirement and abilities of their teammates as whole. Shaping and Adapting To Changes in Culture Company culture must top the hierarchy chart in any organization. Each company has its own unique way of setting up culture which caters to their teams and aligns with business values. There is no universally acclaimed rule to design culture, it is a collective endeavor between the leaders and teammates which define the organization in its truest sense. Every business venture starts with right set of values which is observed by individuals involved with a vision to create a harmonious culture and for teams to imbibe it. Undecided situations might hinder the regularity and ethnicity of culture, however as Leader/ Founder it is one’s obligation to mold the culture in a way that helps stimulate the business and employees to not lose out on the essence of being in a well-organized entity. Another perspective is that of considering steps to assist employees to accept and adapt to the changes made. Importance of Being Relevant All possible circumstances beholds unique challenges, identifying them makes it easier to subsist with the situations. Being vigilant of situations around, their effects across various sectors, curating some coping mechanism helps an organization to sail through. The need is to stay Relevant! For Example: Currently prevailing COVID-19, demands one to stay relevant and updated from a business standpoint. Recognizing the requirements which market commands, being technically sufficient will help companies to cater to those requirements. This arises a need for employees to be evenly relevant with regards to skills and Managers to guide them through this. Relevancy indeed becomes a crucial factor within productivity program. Curating Team Activities Following the above pointer, where relevancy is a necessity curating team activities that inculcate and involve employees to stay relevant seems favorable. Organizations should plan activities around informative topics and skills for mutual benefit of employees and company in common. One can always involve informal elements to it, to maintain a good balance of employee relationships. Team Sectona strides to hold up with present-day crisis through this astounding quote and sharing a link to exhibit how we do it!!  https://tinyurl.com/Sectona-Linkedinpost “Challenges are what makes life interesting. Overcoming them is what makes life meaningful.”
Priyanka Joshi April 22, 2020
Priyanka Joshi
April 22, 2020

Why Running Isolated Privileged Sessions For Remote Users Is Important?

More than 40 percent of top executives from the CNBC Technology Executive Council confirm that data and cyber-attacks have surged since the majority of their workforce is working from home. While many organizations are moving to define a new norm for Work from Home, most use a hybrid environment, and many of their on-premises components aren’t going anywhere soon. As CIOs and CISOs navigate these turbulent times, keeping employees safe and running business operations is of supreme importance currently. As millions of workforce now work from home including IT teams, mistakes and human errors are bound to open door to cyber attackers. As people continue to remain a perimeter control in an organization, hackers continue to exploit vulnerabilities and focus their efforts on compromising user credentials. IT teams have now been forced to run privileged activities outside the conventional IT setup. Some of these processes of remote access have never been stress-tested or risk-evaluated in the past. Protecting access to these technologies is critical, as VPNs and Virtual Desktops become the new attack vectors for cyber attackers, and the gateway to your internal networks. Considering the rapid surge of this pandemic, IT Teams were not completely prepared for a massive spike in work from home environments. Privileged users, developers, application team users have been accustomed to working from hardened, monitored and controlled office machines. However, this wave has forced organizations to ship desktops to allow employees work from home and sustain business as usual. Some organizations have allowed access from personal devices to office environments with/without normal VPN setups. Needless to mention, in such scenarios, employee access is susceptible to unknown environmental attacks like on Wi-Fi network. Organizations at the same time must evaluate risk of increasing cases of insider threats, data leakages and unmonitored access. VPN based access or Direct Access to Cloud Servers In normal scenarios, many internal IT users require a specific environment to operate and often access their workstations. In case of external users, a specific access is provided to RDP or SSH sessions via VPN. VPNs normally provide security of encrypting the traffic with some providers adding features for basic device health check and source country check. In a privileged access scenario, this normally means a user with a potentially unknown & possibly vulnerable machine eventually has high privilege access to your environment. This also means that normal controls of data movements, identity checks, audit logging are limited. Learn more on the vulnerabilities of a VPN based remote access here. Public cloud environment is susceptible to attacks where direct server access is granted to IT teams. While this is common scenario for test environments, a poor network configuration or misconfiguration could expose your network to a major breach hotspot. Isolated Privileged Sessions Isolating privileged sessions from the outside world or your trusted users accessing from anywhere is an ideal scenario for planning your privileged access strategy for work from home users. Provisioning Bastion Hosts to secure your production environment (on-premise, public or private cloud) without boundaries is recommended to withstand attacks while allowing access to critical applications & assets. Often managing Bastion hosts like Windows Terminal Servers require skills for specialized hardening parameters, network re-configuration & additional licensing issues & additional user access management (if managed outside your trusted windows domain). Sanitize your Attack Surface with Sectona PAM’s True Session Isolation Sectona Privileged Access Management is a quick to deploy solution with option for software defined proxies for RDP, SSH & Web Sessions with pre-configuration setup for allowing access using Windows Terminal Services. It has an advanced technology that seamlessly allows RDP, SSH, Web sessions over TLS on port 443 enabling you to traverse corporate firewalls easily. With added control of restricted movement of data and isolating the user machine to connect to your environment significantly reduces your attack surface. Know more about Sectona Privileged Access Management here.
Siddhesh Shetye April 16, 2020
Siddhesh Shetye
April 16, 2020
1 2 3 5