Data is power. Data generated at run-time data is even more powerful as it enables the CISO to make quicker decisions. Keeping that in mind, Sectona now provides a dashboard that gives a running information about all the assets, accounts and users that SpectraPAM manages. This also includes the session activity and the health of the PAM system.
The dashboard not only answers essential questions, but also reveals trends that let the PAM administrator gain important insights to analyze faster and make critical decisions.
You can quickly find answers to your most pertinent questions:
- Out of all the accounts that are managed, how many accounts are synced?
- How many accounts were accessed more than a month ago?
- How many users log in through Windows Authentication vs. Sectona authentication?
- How many workflow activities were approved vs. rejected?
Host header injection mitigation
When a browser sends a request to the web server, the request has a field named ‘Host Header’ in it which has the requested domain as its value. Many times the physical server which hosts this particular web application also has many other web applications running on it or it may have virtual hosts, some of which may be running web applications inside them. Host header makes it possible for this server to serve different content based on the domain inside this header.
If a user specifies an invalid Host Header, most web servers are configured to either return an error message or to pass the unrecognized host header to the first virtual host in the list. Therefore, it’s possible to send requests with unrecognized host headers to the first virtual host. Web cache poisoning and Password reset poisoning are two attacks that happen due to this Host Header injection.
SpectraPAM can now mitigate the Host Header injection attack.
Manually on-boarding accounts
When we run Account discovery, the accounts get on-boarded to PAM by having their passwords reset. For some administrative accounts it is not advisable to reset their passwords. For those cases, Sectona now gives the option to manually onboard the accounts. This gives the flexibility to the PAM administrator by letting the accounts be discovered by SpectraPAM yet the administrator has the option to add the discovered account to the PAM system manually.