Privileged Access Management for Finance and Banking

Version 3.9.0 – Better Functionality, More Convenience

Password Management in Network Security:

What is it? Why is it Crucial?

Going beyond the conventional PAM approach and constantly augmenting the Sectona Security Platform with new updates is something the company strives to do. With that in mind, Sectona has rolled out the new Version 3.9.0 with better functionality and more convenience. Here are some of the key features:

Managed Service Provider (MSP) License

Version 3.9.0 comes with a Managed Service Provider license empowering MSP customers with easy-to-deploy, flexible, and comprehensive PAM services. The MSP license is a streamlined offering that enables MSP customers to efficiently track and monitor multiple child instances.

Application Proxy Node

High Availability ensures sustained functioning of PAM systems even when some of the components fail. It is indispensable as service disruption may lead to adverse data and financial losses. The new version ensures high availability by enabling you to deploy Application Proxy Nodes corresponding to priority servers.

Application Proxy acts as a proxy node to an application node (server). With the Application Proxy Node(s) functionality, the system extends its capabilities to support more than 2 active application nodes at a live site (Primary OR Fallback OR DR). It can then be used for end-user login and asset sessions (either launcher-based, browser-based, or via jump server). The 2 application nodes are assigned priorities P1 and P2. The Application Proxy will always point to the master application node, i.e., P1.

If one of the servers is inaccessible accidentally or due to maintenance, there is a fail-over between P1 and P2. The Application Proxy Node then gets updated (and consequently imitated) according to the latest application P1 node, which is now the master node.

Correct Asset Status Functionality

Currently, the system uses the asset port to initiate any session, except for sessions pertaining to an Access Type (with “Browser” being the Base Access Type). The asset port is configured to “0” when the system uses an Access Type port for the session. There are scenarios where one asset is being used for multiple Access Types having different ports. In such cases, the asset port needs to be configured as “0“. As a result, the status of the asset always shows RED (not reachable).

To overcome this challenge, a new option, “Enforce Default Port” can be configured in Access Type. When “Enforce Default Port” is configured in Access Type, the system uses the Access Type port for the session regardless of whether the asset port is 0 or not.

Password Updating Option for the End-User

In some cases, the end-user may require changing the account password and updating the same in the vault. Version 3.9.0 comes with the functionality to do so depending on the User Access Policy – to allow/restrict said user to update accounts’ password. The User Access Policy acts based on the following password update conditions:

0= Deny password update for all accounts
1= Allow for named accounts in entitlement
2= Allow for all accounts in entitlement

In-app Notifications

Currently, if there are any changes made pertaining to any aspect of the software (provisioning, deprovisioning, password change, etc.), the configured user would be notified about those via mail. This can get tricky as the user may or may not check their emails and miss out on important notifications.

In order to make sure the relevant user gets notified at all times, the in-app notifications feature has been added in this new version. Post login, the functionality enables a bell icon to appear at the top right corner, next to the username. All notifications mailed to said user will be reflected here.

Four-Eyes Principle

In order to tighten the security around privileged accounts, a split password technique has been introduced. The concept being 4 eyes (2 users = 4 eyes) must be involved to verify the password checkout activity.

Let’s say a user checks out the password for an account; if the Enforce Four-Eyes Principle option is enabled (with at least 1 Paired User configured), one half of the account password will be displayed to the user (who wants to check it out) and the other half will be sent over to the paired user via email/notification.

Permanent Deletion of Accounts, Assets, and Users

Currently, the system does not allow the permanent deletion of assets, accounts, or users. The new version has the option wherein the admin can permanently delete all three along with their corresponding trails, logs, sessions, and residual data. This functionality comes in handy when getting rid of irrelevant datasets of misconfigured information and purging data in bulk amassed in the system.