MasterSAM provides a range of PAM solutions to help organizations building up effective strategies to enforce stringent policy and control over privileged access, as part of the cybersecurity management plan.
360 Total Surveillance
Visibility & accountability is the core fundamental for all security standards. Without full visibility and complete picture of your privileged access, you are always in a guessing mode. When a gateway/proxy approach is deployed as a centralised access point for privileged access, there is a risk of no visibility on console access or even leapfrog (multiple servers’ hops) that possibly bypass the gateway/proxy!
MasterSAM offers a complete mechanism to give you full visibility – doesn’t matter they login from remote, leapfrog or even console – none can escape! MasterSAM provides the capability of 360° surveillance technology to capture all user activities with the option of color/grayscale in screenshot & text, with real time transmission to centralised log repository server, which allows immediate remote monitoring & playback. Visibility is the Power!
Flexible Deployment Options
It is commonly understood that security measures are perceived to be stifling to the operational efficiency. It is quite usual to find an organization being caught in a hot spot of how to best balance the security measures vs. operational efficiency.
MasterSAM offers the most flexible & effective deployment options to cater for different needs of customers and strive to achieve a perfect balance between security needs vs. operational efficiency. MasterSAM offers various deployment options – agent, agentless/gateway, and combination of both. MasterSAM is a software based solution, hence it eases the deployment and supports many hosting options such as virtualization, on-premise, hardware, public cloud or split-tier architecture.
Privileged Password Management
Privileged credential is always the critical IT asset for an organization. Studies show that majority of data breaches reported today are related to compromised credentials. Password is always the hacker’s best friend. Hackers may take times to crack the password, depending on its complexity and algorithm. But, the fact is that, once compromised, they could access your network and critical data freely. Without proper control in place, organizations are exposed to high risk of attack surface.
MasterSAM provides secure password vault to store and manage privileged credential from a complete lifecycle perspective. It’s equipped with the capability to allow automated or manual password management with strong complexity and policy. It supports wide range of systems and has ready API for integration and customization. Password verification and reconciliation are available to ensure managed credentials are always in-sync. MasterSAM also provides split password capability to help you manage the non-resettable credentials in a more effective way.
Least Privilege & Zero-Trust Principles
Many security compliance standards have emphasized about least privilege principle as recommended best practice. But, the question is - is this something can be adopted easily? The moment you start taking away the privilege that your administrators used to have, they will start making complaints that they couldn’t work anymore. The key for the success of this adoption model is that, you must find out what are the minimum privileges they require in order to perform the daily operation sufficiently, including how they operate the task. From there, you could perform further analysis and assessment study before deciding what would be the least privilege for the individual or team, and be ready different roles may define different least privilege term based on their job scope and responsibility. At Zero-Trust principle, it emphasizes about trusting nobody by default, means that nobody should have the access to the system, until they are granted with proper authorization.
With MasterSAM, you could easily adopt Least Privilege and Zero-Trust principles. MasterSAM allows you to associate the least privilege to the respective user role, pre-authorized them to perform daily operation activities without interruption. You could also setup a policy to restrict no access for some critical systems by default. All privileged access must be granted with authorized approval and based on need-to-know basis only.
It is important to know that securing a system with just the password itself, is no longer a good protection strategy anymore in today’s technology era. Password is always the hacker’s best friend. Hackers may take times to crack the password, depending on its complexity and algorithm. But, the fact is that, once compromised, they could access your critical data freely. There is a need to build an extra layer of protection for privileged access in order to reduce the attack surface. Many security compliance standards have emphasized the needs of multi-factor authentication in their regulatory guidelines, as part of the best security practice today.
MasterSAM offers various ways to fulfil 2-Factor Authentication - username & password, AD/LDAP, One Time Password solutions such as MasterSAM OTP mobile apps, Google Authenticator, SMS, email, RADIUS and integration with enterprise 2FA solution.
Granular Access Control
In a typical server environment, once you are granted with administrator or root privilege, you are the KING of the server! You could perform anything you want on the server, without any restrictions. Despite you have a fancy detection system in place, the moment you receive the alert, this also means that the incident has occurred. Should you be also considering a proactive prevention strategy besides just having a good detection system?
MasterSAM Granular Access Control module offers Whitelist & Blacklist capability to flexibly control privileged access over system objects such as file/folder, service, command, shared folder, registry, …etc. It allows you to go beyond the system native limits and apply stringent enforcement control e.g. deny admin to shutdown server or perform user management function despite having privileged access, allow operator to start/stop specific service without requesting for admin credential and deny SHELL access, etc. Centralised facility allows quick enforcement of policies and ensure administrative access is always restricted. With this capability, the preventive measure and role segregation stipulated in most compliance audit are now enforceable by MasterSAM.
Auto Login Technology
Ever worried of what could happen in the event that super user’s password is exposed? This means that someone could just use the password and login from anywhere that is allowed. Exposing password is always categorized as high security risk, and such process should only be triggered in the event of emergency break glass situation with proper control. Some organizations may have implemented the split password custodian policy, where password will be divided into two parts and hold by different parties. This is no doubt a secure approach but it brings down efficiency level when it comes to operation and maintenance.
MasterSAM Auto Login technology helps you to connect to the systems seamlessly without the needs to manually enter any administrative credential. MasterSAM can establish secure connection with auto login capability, supports wide protocols such as RDP, SSH, Telnet, VNC, HTTP(S) or client software. This could greatly reduce the risk of password exposure, at the same time improve the user experience in the aspect of assessing systems. It’s a WIN-WIN deal.
Centralised SUDO Management
In Unix/Linux environment, SU and SUDO utilities are popularly being used to facilitate the privileged operation and administration. Users would need to supply the root’s password during the switch of account and profile to root privilege. Thereafter, they will have full administrative rights on the operating system, they can even switch to any other privileged account without the needs to supply its password. It is always a nightmare for admin to maintain SUDO policies as deployment is performed at each server, a change of policy requires huge effort to deploy at all servers. Consistency is always a question.
MasterSAM provides centralised management facility to allow admin to maintain and enforce MDO (SUDO-like) policies easily via a single dashboard. This allows you to achieve rapid and massive deployment & enforcement with just few clicks away.
Having difficult time to answer your auditors? Well, you are not alone. This common challenge happens to most of the organizations. Some of the frequently asked questions from auditors – when was your last change of password, any proof? How do you audit their activities performed on the server? Do you restrict your administrators’ access? What is your approval process? And the list goes on… The information could be scattered around, sometimes may require you to spend extra effort to login to the respective server and capture the details, worse you may come across certain enquiries where you don’t have concrete report or convincing data to show.
MasterSAM provides comprehensive reports and audit trails that helps you to address your auditors easily. Implement MasterSAM today and starts fulfilling compliance standards such as ISO27001/27002, PCI DSS, MAS TRM, HIPAA, SOX404, APRA, COBIT, BNM GPIS, etc.
Application to Application Control
Hard-coded password in applications is widely occurred in typical IT environment. This usually happens to the script, configuration file, connection string, service, scheduler, windows applications, etc. The intention is to streamline authentication process between applications non-interactively, so that password is not required by human intervention during execution. However this always fails big time from security perspective. Putting the password in plain text also means that you are exposing the password indirectly. Any permitted users can easily re-use the credential to launch the direct connection to the respective systems, as they know that the password will not be changed most of the time.
MasterSAM provides secure API to allow real time password query at the moment application needs it. The API only allows authorized application or program from trusted communication. In this case, password is no longer required to be hard-coded and it can be rotated safely based on password policy and complexity without any interruption.
Remote Vendor Access Management
It’s always a big challenge to manage access for vendors especially when they connect to your network remotely. Undoubtedly, you need them to support and troubleshoot your system but is there a better approach to control them?
MasterSAM helps you to build a layered network to isolate the access between user and system. In order to access the systems, users must connect to the trusted gateway with proper control in place, and no direct access is allowed. With MasterSAM, you can restrict their access easily based on entitlement policy. Each vendor will be accountable for their own activities with complete audit trails and recording, access to your system can be enforced with 2-Factor Authentication for extra protection.
Desktop Application Monitoring
Wonder if any of your staffs are still using illegitimate application at their desktop? Interested to monitor specific or critical application at user’s desktop?
MasterSAM provides intuitive monitoring capability to track and record activities performed at the user’s endpoint/desktop, can be specific for certain application only.