Enhancing Privileged User Experience with Version 3.7
Sectona release new version 3.7 of Privileged Access Management components with host new Enhancements, performance improvements, and new features to create a scintillating user experience, and here are the Highlights listed:
Enabled Just-In-Time Access feature:
We have included a feature of Just-in-time (JIT) to support customers programs of implementing Zero Standing Privileges. Now with this feature, customers have an option to enable with JIT accounts.
Just-In-Time policy management feature allows a combination of Least Privilege approaches by removing standing privileges and granting scope-defined access to an asset for a defined period only.
Once an asset is enabled for JIT access, a policy can be enabled to Enable/Disable accounts, Provisioning Access using ephemeral accounts at run time or elevating an account at run time. A combination of this allows you to customize policies based on business needs.
To implement this feature, refer to Asset Management settings.
RDP File Transfer Support:
With the onset of the Pandemic, more organizations have shifted their workforce to a remote environment. Many of them adopt a Remote Desktop Protocol where a user connects to another device remotely using a graphical interface. Earlier, Sectona supported Secure File Transfer from one device to another only during Launcher-based RDP Sessions. Sectona now supports File Transfer Over Browser-based RDP Sessions with a comprehensive enhancement and extensive support, ensuring a seamless and enhanced experience.
Enhanced Security with Password Notification:
As a critical parameter to gain access to organizational resources, Passwords have to be safely guarded and protected against humane errors like enforcing a simple password, using the same password for multiple resources, or sharing it with others. Prompting a weak Link exploitable by cyber attackers, these mishaps can be avoided by frequently changing the password ensuring effective Password Management. And the user receives a notification whenever there has been a password change on his account accordingly in the following two instances:
- An Administrator can change the user’s password on his profile, prompting a notification.
- Apart from the Change Password workflow, an administrator can change the password manually on the User Account’s profile, prompting a notification.
User File Sharing Permissions:
Sectona has adopted the principle of Least Privileged Access, confining the users’ access to a minimum and restricting their permissions to gain access only to the required resources required for their task. Following the same principle, Sectona has added two new permissions permissible for all session types, “Allow File Upload” and “Allow File Download”, respectively, in the user access policy. An Administrator can control access permissions for a users’ session by configuring the user access policy and ensuring that the user’s confinement to necessary permissions only.
Reporting & Dashboards:
Governing access and monitoring the session activities can be a daunting task. An Intuitive and Simplified User experience created through Analytical Dashboards and Custom Reports helpful during analysis and auditing processes, which an administrator can export in an Excel or a PDF file. Adding onto the existing list of reports and Dashboards, below are a few more that’ll help safeguard and secure the access Paradigm in the network infrastructure.
- An Administrator tasked with governing the access entries into the network has it simplified with the help of a new Report “List of users logged (last 24 hours) in PAM, who can easily audit these entries and blacklist any suspicious or unauthorized access.
- When a user moves into another department, receives a promotion, or leaves the organization temporarily or permanently, they receive new account credentials and permissions, leaving the existing account credentials of little or no use.
- Identify these user accounts, and disable/delete them depending on their contextual application to the user. With the ever-increasing Infrastructure, the number of users in the organization keeps increasing, making it challenging to identify these specific accounts. With the help of the new report “Accounts never Accessed” in PAM, an administrator can identify the accounts that have been created but have not been utilized and take necessary action after analyzing each account’s case.
New System Default Additions:
System Defaults are pre-defined values of the configurations of Application Services that define the workflow/operability, which the user can modify. Sectona has added few improvements to the system defaults, detailed below:
- Parameters “AutoStart AppService – SystemCache” and “TriggerInterval AppService – SystemCache” with Default and Configured Values to immediately start the System Cache service after the PAM server starts or not and how often you want the service to store the system data in a cache for faster operability.
- The parameter “Process Runs Every Days – SystemCleanup” for cleaning the system regularly and resetting primary key values in Database tables for a defined Interval of days.
- The parameter “Use ProcessService for AppService” to run several applications services in a separate process reduces the load time and improves the performance of Sectona Launcher, thereby enhancing the user experience.
AWS Token SSO using Microsoft Edge browser:
AWS Token Based Authentication is an encrypted and secure form of authorization, accommodating two types of users: Root user and IAM user, to work on their specific tasks. They are solely responsible for safeguarding their secrets for access to the AWS Management console. With Sectona facilitating AWS Token-Based SSO support in Built-in Browser, a new system-defined access type has been added, connecting to the Microsoft Launcher and opening AWS Token-Based SSO in Microsoft Edge Browser.
Improved Session Video Log Player Functionality:
Sectona’s Video Session Logging records activities across different sessions from RDP, SSH, Telnet, Browser-based to Thick-Client based session activities, RDP & SSH-based browser sessions over the internet or via jump host at different capacities. This functionality provides granular visibility into the activities to perform a detailed analysis and design risk mitigation strategies by auditors and administrators. Adding into the existing functionality, Sectona has introduced a video playback speed feature in session video log player that gives the auditors to go through files of enormous length at a faster speed up to 32x or accommodate a slower speed of 0.5x for a detailed analysis of an event.
Improved App Service Configuration Settings for Ad-hoc Operations:
Application Services are a pool of services interacting and adapting with the environment around the application, ensure the performance and security of the applications they support by driving the traffic in response to the environmental stimuli. To enhance the Application Service user experience, Sectona has added two new options in the App Service Configuration UI.
A “Settings” option next to the log option associated with an application service shows configuration Information of related application services and System default values like auto start and trigger Interval. And a “Run Now” option that Triggers the application service immediately if it takes time to run after starting or is not running, thereby improving the performance and operability of the Application Service.
Reinitiate Vault Replication with Fallback and DR:
Sectona has adopted a series of best practices to achieve High Availability service with minimum downtime and maximum potential uptime, ensuring the system is always accessible by its users without any interruption. Sectona PAM offers multiple High Availability scenarios and options to design a strategy for your solution, comprising Fallback and DR Instances. Acting as a Failure Response Mechanism, HA prevents systems from going down when a component or server fails on the Primary Node and recover Normal operations with minimal or no data loss with other nodes by replicating the Primary vault.
If there is any interruption or outage during replication, the whole synchronization process starts again by erasing the data and replicating it from scratch, which becomes a tedious process. Sectona has added a new action option, “Re-synchronize Now”, to the vault nodes except Primary Node, that helps reinitiate vault replication from the point of interruption, ensuring an optimal HA strategy implementation for your environment.
Satellite Vault Real-Time Synchronization:
A standalone module of Sectona PAM platform, synchronized and securely replicated in real-time with the Sectona ‘Password Vault’, activating passwords and secrets of accounts in case of unavailability of the Password Vault, ensuring business continuity. Whenever the server starts, only secrets of existing assets in the Satellite Vault are updated. Sectona has enhanced this feature
that allows synchronization of existing and new assets and their secrets in real-time, ensuring the user has the necessary access to carry on his daily routine by maintaining the latest copy in the Satellite Vault.