Spectra Privileged Access

Management
Tech Overview
Tuesday, November 17, 2020
Agenda for next 30 mins

• Sectona Snapshot
• How Sectona is disrupting a large market-space
• Use-cases we focus on
• What sets us apart
• Who we have worked with

CONFIDENTIAL 2
we deliver
modern + integrated + full stack

Privilege Access Management Platform

Cyber & Risk Asia & EMEA 2016 40+

FOCUS AREA REGIONAL PRESENCE STARTED IN STAFF

100 + Partner Led

INSTALL BASE INDUSTRY EXPERTISE SALES APPROACH GROWTH NETWORK

CONFIDENTIAL 3
Why Legacy Privileged Access has Failed to Deliver
Problems we help enterprises with

Ongoing PAM Operations

are Resource Intensive Remote User Access Privileged Account API Audit
User Access Review Lifecycle Access Review

Organizations Struggle to Keep Assets Library

& Privileged Account in Sync with PAM

Securing Infinite Ways of

Privileged Access

External User Access is Becoming a

Starting Point for Privileged Access
Automate Policy Assignment with Hybrid Discovery
Discovery
Run automated privileged
account discovery

Discover assets across

onprem & cloud

Dynamically profile user,

accounts & assets

Attribute
Groups

USER ACCESS
Static
Rules

Sync Active Directory User

Policies

REDUCE TIME FOR INTEGRATION MANAGE DEPENDENT SERVICES LEVERAGE CONTINOUS DISCOVERY AT SCALE
With auto-onboarding capabilities and modular Don’t limit account onboarding, dynamically Leverage deep AD integration capabilities to
discovery settings, onboard assets & accounts onboard dependent services & manage work with assets & users managed via Active
based on pre-defined schedule. passwords on dependent windows services. Directory.

CONFIDENTIAL 5
 How Cross-Platform Session Management Works
Session Management

HOW IT BENEFITS
Monitor Sessions from all sources

SECURE PRIVILEGED ACCESS.

Authenticate from any MANAGE SESSION IN USE TOOLS YOU HAVE
EVERYWHERE
Browser or OS or SECURE
Sectona client
CONNECTIONS WITH With our approach of integrating &
ON PREM
BROWSER supporting privileged access across range
Jump
WINDOWS / RDP
Servers of protocols, utilities & secured with
accessibility from browsers & clients
CLIENT
Located provides unmatched security.
SSH Secured Anywhere
Proxy

LAUNCHER
ISOLATED PRIVILEGED SESSIONS
CLIENTS
Web Proxy
Use our virtual RDP & SSH technology
DIRECT
CONNECTIONS combined with support for terminal server
WEB APPS
integrated be assured of end points
PRIVATE CLOUD
isolated from critical environment.
SECTONA CROSS-PLATFORM BRIDGE
SCALE & GROW
PASSWORD VAULT SESSION LOGGING & RISK SCORING
Scale more privileged sessions capacity
using integrated proxies across sites or in
same zone and not your PAM infrastructure.

CONFIDENTIAL 6
Bye Bye VPN. Hello Smart Privileged Access
Remote Access Management

Support Partner

SPECTRA

On – Prem / Cloud Hosted PAM

Business Partner

INVITE REMOTE USER EFFORTLESSLY INTEGRATED MFA & 20 + OTB CONNECTORS SECURE BY DEFAULT
VPN –Less Privileged Access for users over hybrid Enforce MFA policy for users inside & outside Extend more than RDP & SSH and even business
cloud environments with support for Sectona MFA and including applications.
Google Authenticators
CONFIDENTIAL 7
Smart Collaboration Based Privileged Access
Remote Access Management

PRIVILEGED USER SESSION COLLABORATING USER

GET RID OF THIRD-PARTY SCREEN SHARING AUDIT LOGS OF EXTENDED ACCESS EMBEDDED SECURITY
Secure privileged access environment by Record every access extended to users within or No agents needed and data sharing is enabled in
reducing internet access of privileged access outside the environment. the sessions
workstation and inviting external users
CONFIDENTIAL 8
Reduce Risk with Embedded Session Analytics & Risk Scoring
Don’t stop and just recording privileged session. Analyze threats based on user behavior for all privileged activities

REVIEW SUSPICIOUS SESSION WITH INTELLIGENT

RISK SCORING
98%
Analyze session risk combined with user behavior with
our packaged library of risk-based threat models
targeted for privileged account activities to score SESSION RISK SCORE

anomalous session events

USER
Jane.Doe
ANALYZE PRIVILEGED USER BEHAVIOUR
SESSION START TIME
In depth analysis of privileged user behavior linked 20 July 2019, 18:04:20
to individual privileged session based on the type of
access and asset accessed. Monitor risk with built USER
20 July 2019, 18:34:05
libraries for Abnormal User Activity, Unusual
Account Activity, Data Theft and Exfiltration & USER
Privilege Account Abuse & more 10.10.1102

INTELLIGENT SESSION REVIEW

• Review sessions by intelligent activity-based
risk scores, suspicious activity or even LEAPFROGGING ABNORMAL USER ACTIVITY
activity analysis. User Jane has attempted to connect a Attempted session collaboration with
new SSH from existing session external user
PRIVILEGED ACCOUNT ABUSE
• Tag Sessions for review or re-review and User Jane has attempted a restricted
demonstrate compliance with confidence. privileged activity

CONFIDENTIAL 9
Actionable Insights for Managing Privileged Password Compliance
Be in control of password compliance with continuous verification and reconciliation

MANAGE PRIVILEGED USER COMPLIANCE

Manage privileged user compliance INSTANTLY by
status, role, authentication types or based on security
policies in a single view

VIEW PASSWORD COMPLIANCE ON DEMAND

Manage privileged accounts discovered across
infrastructure with auto verification and reconciliation
features

GOVERN POLICIES FOR NEWLY DISCOVERED ASSETS

Manage discovered assets from all sources from a
single dashboard and apply standard policies with
single click

CONFIDENTIAL 10
Leverage Modern Service Based Architecture
Reduce resource overheads for deployments
CLIENT ACCESS
LAYER NATIVE RDP NATIVE SSH BROWSER CLIENT

WEB SERVER LAYER Highlights

PASSWORD SESSION MANAGER ENDPOINT PASSWORD PRIVILEGED ACCESS
MANAGEMENT SERVICE MANAGEMENT GOVERNANCE
Simplify operations via single policy for hybrid
privileged access
DISCOVERY REPORTING & SYSTEM THREAT ANALYTICS
ENGINE NOTIFICATION SERVICES ENGINE

AUTHENTICATION EVENT LOGGER

MANAGEMENT & SATELLITE VAULT Reduce PAM deployment resources by
ENGINE VAULT APIS SYNCHRONIZATION
leveraging services based architecture

PROXY VAULT LAYER STORAGE LAYER

Leverage inbuilt vault with replication
SSHD PROXY PASSWORD ENCRYPTED
STORAGE VIDEO LOG

WEB SESSION
PROXY
CONFIGURATION JUMP SERVER Extend PAM policy by leveraging self managed
DATA
Terminal Servers
JUMP HOST
SERVICE
SESSION REPLICATION
PROXY SERVICE

SATELLITE VAULT
RDP DIRECT
PROXY
SATELLITE
VAULT SERVICE

CONFIDENTIAL 11
What Makes Us Different
Our PAM solution is modernly architected with technical & operational considerations to ensure signification resource reduction

Cloud Scale & micro services-based architecture Simplified Licensing Model with flexibility to add
delivered in collaboration with Oracle Embedded unlimited assets reducing future purchase cost for
Version licensing
TECHNOLOGY OPERATIONAL

Cross platform technology which supports Session Support in technologically feasible integration of
management using Direct Connections, Over applications’ privileged user monitoring as part of
Browser and Jump Server & Virtual Browser Session standard support cost
TECHNOLOGY OPERATIONAL

Integrated Proxy & Gateway Server for Session Automation Focus on Discovery of Asset & Accounts
Management which eliminates need for requirement with tighter Active Directory Integration allowing
of additional server) significant reduction on manual activities.
TECHNOLOGY OPERATIONAL

Extensive set of APIs to allow integration with Integrated solution for password Vault & session
complementing technologies recording based on micro services architecture &
embedded database.
TECHNOLOGY OPERATIONAL

CONFIDENTIAL 12
Implement Privileged Access for New Age Infrastructure in Consideration
Solution purpose built to secure hybrid and public cloud infrastructure & workloads

On-Prem / Private Cloud DevOps

Cloud Workloads

PROTECT
CREDENTIAL FOR

PASSWORDS SSH KEYS SECRETS MANAGEMENT

ACCESS KEYS SECURITY KEYS

Planned for Q2-2020 Release

MANAGE ACCESS
FOR
WINDOWS / RDP SSH CLIENTS WEB APPS AWS Console Azure Console

SECURE CLOUD MANAGEMENT CONSOLE MANAGE API ACCESS KEYS & SECRETS DISCOVER CLOUD ASSETS
Protect AWS cloud console logon for root logon Manage & rotate Access keys & security keys Leverage deep integration with AWS and Azure
and IAM users securely and protect with Spectra Digital Vault APIs for discovering cloud workloads and auto
onboarding in PAM

CONFIDENTIAL 13
According Our Customers
Our PAM solution is modernly architected with technical & operational considerations to ensure signification resource reduction

• Coherent & isolated access for users to RDP and SSH Sessions
over browser
'Easy to implement solution with • Higher control over remote user access with actionable
increased visibility & manageability dashboard & insights into all IT assets, accounts, & users of PAM
around internal & external user access' system for better governance
• Customizable & automated password management as per desired
requirements

• Secured critical user access to AWS workloads

‘Well rounded & integrated PAM suite
• Monitored & controlled access to third party vendors while
with easy adaptability to support critical
accessing critical resources anytime from anywhere
user access across AWS resources’
• Secured SSH key based access authentication

• Easy-to-use interface with embedded database that is tamper

‘Good cross-platform capabilities proof for built-in replication & higher security
allowing users access to critical business • Monitoring of internal users and third-party vendor access to
applications from any IT device without critical AWS resources
browser dependency’ • Secured remote access to the critical business applications over
browser

CONFIDENTIAL 14
We are trusted by

TELECOM BANKING INSURANCE GOVERNMENT DEPARTMENT CAPITAL MARKETS FINANCIALS ERVICES

BANKING TRADE EXCHANGE MANUFACTURING IT / ITES FINANCIAL SERVICES GOVERMENT

GOVERMENT FINANCIAL SERVICES REAL ESTATE & INVESTMENT BANKING INSURANCE FINANCIAL SERVICES

CONFIDENTIAL 15
 Defining new definition of “EASE OF USE”
Sectona is redefining the way you can secure modern privileged access

Access from Integrated Leverage Browser- Automate & Modular Micro-

Anywhere Privileged Account First Approach to Integrate More. Services based
Advantage Analytics for enable Anywhere scalable architecture
tracking suspicious Privileged Access
activity
Breach No More.