We have Got You Covered

Like many of us, our team is constantly monitoring the evolving situation of Covid-19. While the current situation remains uncertain, we persistently continue to take assertive actions to help ensure that our employees and key partners remain healthy and strong.  Here at Sectona, safety and health of our customers, our employees & those we serve is paramount. I want to assure you that as an organization, we are doing everything we can to take necessary precautions and ensure safety of our employees. With that said, our operations have not been impacted or stopped and you can continue to rely on us for technical support in these times.   Our professional services and support teams are working round the clock and you can reach us anytime by writing to your customer success lead or to [email protected] or through your dedicated support contact. Alternatively, you may already have a support ID created on the Sectona Support Portal, you may raise your concern or query over the same and our support team will connect with you for assistance. We understand that many users might be accessing your IT systems from home. Should you require any assistance that can secure their access further, we are happy to help and advice. We hope for things to return to normal soon, until then, please follow health and safety measures for yourself and your loved ones including personal hygiene, social distancing, work from home options and travel restrictions. Our hearts go out to all affected individuals and families around the world.
Avatar March 19, 2020

Clearing the air around false allegations on Sectona

Over the past few weeks, it has come to our attention via prospective customer and partner network about fake claims spread by competitors and/or unidentified sources regarding Intellectual Property Rights (IPR) issues against Sectona. Please note this is a hoax and there is absolutely no truth to it. Misleading allegations like these from leading players in the kind of mature industry segment that we operate in is deplorable. Unambiguously setting our stand here, we would like to assure customers evaluating our products and partners working with us that there are no IPR issues ever recorded against us in any country. We are committed to building a long-lasting and innovation centered company driven to securing enterprises against advanced attacks with our next-generation privileged access approach. Such propagandized tactics only further reinforces our belief in building a dignified and value-driven security company. Over the past two years, Sectona has achieved unprecedented growth and customer adoption across multiple geographies becoming a fast-growing product company. Enterprises are witnessing a transformation wave in security adoption and our innovation-driven approach is creating a new product experience that is being widely appreciated and embraced. Despite these rumors, we are thankful to all our customers and partners for standing by us and for showing faith in Sectona as well as fostering our ethical journey focused on customer success. Before signing off, I would like to sincerely thank the rumor-spreading sources for the publicity, we do appreciate the attention. :-)
Avatar November 12, 2019

Mitigate the Risk of Credential Theft Arising from Emotet Malware

The Emotet banking Trojan works to steal vital and highly sensitive customer information by targeting banks and financial databases. Later versions are known to be introduced with spamming and malware delivery capabilities including other banking Trojans. Emotet has therefore been labeled as one of the most expensive and destructive malwares that can affect local and national governments in addition to private organizations. The malware has cost governments up to 1 million dollars per incident to combat its infectious after-effects. The Emotet Trojan uses email spamming to spread and establish itself. Emotet works by downloading or dropping other banking Trojans; it can easily pass undetected through signature-based detection systems as well as various security layers, thanks to its polymorphic nature. It utilizes modular Dynamic Link Libraries (DLLs) to update its capabilities, making it destructive and difficult to detect. It also is aware if it's running in Virtual machines and will become dormant to avoid detection within sandbox environments. It proliferates through many ways such as auto-start registry keys and services. The attack spreads through malspam. Emotet will hijack your mail contact and distribute itself to those on your contact list via mail. Once the receiver downloads the infected files, the Emotet will spread. In networks that are connected, Emotet will spread by making use of common passwords saved by search engines such as Internet Explorer, Mozilla Firefox. Researchers find that Emotet uses the EternalBlue exploit to proliferate rapidly across the network. Emotet hits multiple targets, individuals, companies and governments in the US and Europe and steals logins, financial information and crypto wallets. As the current version delivers other banking Trojans, its target audiences seem to have grown wider, infecting organizations across Canada, UK and US. An important Emotet attack was on Allentown city, PA, the cleanup of which required assistance from Microsoft’s incident response team and cost the city more than 1 million dollars. Awareness about how the Trojan spreads is key to its prevention. You can also follow certain best practices to limit the effect of Emotet and other malspams, such as: Keeping computers updated with the latest MS windows patches. Refraining from any suspicious downloads or clicking suspect-looking links. If you stop Emotet at this stage itself, then it has no chance of gaining control over entire systems or networks. Learning and teaching about the importance of a strong password and using multiple factor authentications is extremely necessary. Organizations and banks can protect themselves and customers by having a robust plan and cybersecurity program with multiple layers of protection. Such a system is essential for real-time detection and remedy of Emotet attacks. In cases of an existing infection, you first need to isolate the infected computer if it is connected to a network, then patch and clean it. Then move clean-up the other computers within the compromised network, one at a time. Lastly, even if such a malware attacks your system, you can mitigate the risk of a deeper impact by having a controlled layer of user access privileges & password management in place. Here comes into play, Sectona’s Spectra Privileged Access Management solution which manages the passwords, does the timely rotation and reconciliation as per the pre-defined password policy and controls the access privileges given to users. Also, it enables the use of Multi-Factor Authentication (MFA) while granting access to your IT infrastructure for multiple sets of users.
Shruti Kulkarni August 30, 2019

Cyber security 101: Karate

Turns out Karate and cyber security had more in common than we thought. Principles that are followed in karate stay pretty damn relevant even when it comes to keeping your organization cyber ready. Here are some of the basic principles in karate. Let's see how they correlate so well with good practices as far as cyber security is concerned. Respect your enemy (rei) Breach of access, website defacement, denial of your service etc are just some of the outcomes of not taking cyber security seriously or in other words giving your enemy (cyber risk) the respect it deserves. Respect your enemy by understanding the level of damage it can cause. This should always be the initial step towards any fight. First, know yourself and then your enemy Its important to know where you stand before you start the fight. Know the strengths and weaknesses of your organization. Creating a checklist of things to be taken care of can give you an idea of what needs to be done. Firewall Cyber security policies Enforce safe password practices Regular data back up Anti-malware These are just some items that should be on that checklist. Identifying which out of these is taken care of and which still needs to be done can simplify your path of action forward. Calamity springs from carelessness Careless actions like we all know can lose someone a fight. Karate teaches us that taking care of these actions will keep us from losing. Some trivial easily avoidable mistakes like Clicking on hypertext links Usages of portable storage devices Transacting on unsecured websites Usage of pirated software Can prove to be of grave danger to any organization and can put your security at risk. Karate is like boiling water; without heat, it returns to its tepid state Karate says that its important to always stay on you’re A game. To keep the water boiling calls for practice and constant introspection. Just like this even cyber security practices need constant updates and support. Its also important to conduct drills where situations of cyber attacks can be simulated to teach employees how to respond. Making cyber security practices an essential part of timely employee evaluations can also be a good way to keep the water boiling. Adjust according to your opponents Karate teaches us that its important to be aware of the strengths of your opponent so that we can train ourselves to cope with their strengths. This helps us to adopt new methods, learning new techniques, basically doing what it takes to survive undesirable situations. Similarly, Staying updated about cyber security attacks happening world over and striving to incorporate the solution that will help us overcome such attacks becomes an essential preparation for the war against cyber risk. Be constantly mindful, diligent, and resourceful, in your pursuit of the Way Having an open mind towards new and better ways is very important because doing something over and over again in a similar fashion is only going to give us the same output. Need a different output? Try a better way! In this Volatile, Uncertain, Complex and Ambiguous world its only obvious that we reinvent methods and means to keep what we hold dear safe. Inducing habits of educating all stakeholders on cyber security and rewarding those who come up with innovative ways of staying safe needs to be imbibed into our systems.   Karate is a lifelong pursuit Pursuing karate is a process that consumes time and effort. It takes persistence to stay in the process. A secure organization too cannot be looked at an event, it’s a process just like the pursuit of karate. Locate a security partner who will be there by your side in this pursuit. A partner who knows what's going on and what needs to be done. Living on the edge is the key to survival. Because remember that the attacker has to be right only once but the defender must be right every time.  
Avatar March 9, 2019

Move aside Nintendo, PAM is here.

Its proven that what may appear as complex can easily be simplified when looked at as a game. Don’t believe me? Ask that 7-year-old who learned multiplication table the fun way. Can Privileged access management be looked at as a game? Let's break a game down and see what its made of. A game is nothing but a structured form of play. A game has various components like a goal, challenges, tools or enablers, skills required to ace it and of course competition. If we establish that PAM has these components, then we can conclude with certainty that it can be looked at as a game. Goal Goals can be on two types, long term and short term. A typical game would have both and so does PAM. Long term goals Secure your organization from cyber attacks by securing all the systems within the network To be compliant to the norms of regulators and scaling up sustainably without additional costs. Short term goals Rotating password Password encryption Increase automation Reducing human dependency Challenges Challenges in any game, are very important components. It's true that they do keep you from going to the next level, but once you figure out how to beat these challenges then nothing stops you from moving ahead. If it's Roadrash that you’re playing, then the cops that start to tail you become the challenge that you have to deal with. Even PAM has some challenges that will require us to bring in our A game. User awareness becomes the key challenge. It is essential that the user knows about the devices that he/she has access to and also about the PAM solution. Poor hardware on devices also becomes a challenge at times. Attaining the level of customization expected and defining user groups correctly are some challenges that PAM companies are still struggling with. Although developing empathy towards the client and understanding the what and why of his business can effectively dodge these challenges. Tools Dangerous dave had a jet pack, NFS requires you to collect NOS so that your car can zoom past others and get ahead in the race. PAM has some tools as well that enable you to get ahead in the race. Reporting forms an essential part of the tool kit. Easy to understand dashboards let you have a birds-eye view of everything that goes on within your network. Risk analyzer pushes you to be ahead on the curve by warning you about anomalies on basis of risk scores allotted to every activity. Automated asset and account discovery is also a tool that can exponentially ease PAM functioning. Remote access and activity trail being others. Competition In the case of PAM, defining competition can be tricky. It’s a long list if we go around looking. Competition can be classified as internal and external. Internal competition An employee gone rogue External competition A hacker sitting in a distant country. Ignorance towards cyber risk and internal resistance to transform and adapt better methods become competition too because when they win, you lose.   Skill Last but not least, developing the required skill because very important to win any game. In case of a computer game, it's mostly hand and eye coordination. When it comes to PAM, Its majorly about taking users from the low level of awareness to high. We could imagine the user awareness scale to range from 0 to 10 with three levels in it. 0-4 becomes level 1, 4-8 becomes level 2 and 8-10 becomes level 3. Level 1 Understanding PAM superficially without getting into the technicalities. Level 2 Understanding how PAM functions and the scope of it. It’s a stage where the user understands which business problem PAM solves. Level 3 Building a strong feedback loop with the users and customizing the PAM solution by keeping the user at the center. This loop requires users to participate actively resulting in the PAM solution to mature well. Coordination Just like a game that we play in teams, PAM requires high coordination among players/stakeholders. Now that we’ve established PAM can be looked at as a game, we have strong reasons to not do so. Unlike a game, PAM does not run in a simulated environment. Threats in PAM are not fictitious like in a game. It can be argued that games are unproductive in nature but PAM solutions unlike that has a very high ROI if we consider what’s at stake and are highly recommended by experts. You deserve this star if you think you understand PAM better now, just like the kid who now knows his multiplication. Thanks to games!
Avatar February 28, 2019
1 2 3