Timothy Keeler, Founder & CEOAfter a long stint in the security consulting space, Timothy Keeler wanted to use his knowledge and experience to fill the gaps prevailing in the industry. One of these gaps was the lack of understanding of damages caused by internal threats among enterprises, which involved compromised administrative login credentials—privileged access—that gave attackers access to the data on the servers. Keeler decided to approach these security loopholes in a different manner to protect organizations from the theft of administrative credentials and hence found Remediant.
“Over the last few years, 81 percent of cyber attacks were caused by stolen administrative credentials,” mentions Keeler, the founder and CEO at Remediant. These figures highlight the varied instances when unsupervised access to the servers for indefinite time period was allowed. With several employees that have admin access, having just one employee account at stake is enough to launch a full-scale attack. In such a scenario, the use of password vaults can solve merely 10 percent of the impediments with regard to privileged access management. In a pursuit to curb the situation, Remediant’s privileged access management solution, SecureONE, is focused on principles such as zero-trust and just-in-time administration to assure complete privileged access security.
SecureONE brings the ease of an agent-less and vault-less approach, while also delivering continuous detection of new privileged access across the enterprise. The solution ensures that every system login goes through an unbiased multi-factor authentication, and with the involvement of just-in-time administration, the users are given access to the servers for a specific duration. The user, whose identity is temporarily saved on the SecureONE backend, is locked out of the system after the stipulated usage time ends. SecureONE sets itself apart from other solutions with an agent and deployment-free usage policy as both these elements act as a barrier for customers when they have to migrate from legacy systems. With the ability to add enforcement layers to the server and existing environment, SecureONE tracks any violation that triggers an attack, thereby initiating an immediate system lockdown.
In each of its associations with clients, team Remediant assesses their network and scans all the systems to understand the administrative privileges.
Over the last few years, 81 percent of cyber attacks are caused by stolen administrative credentials
After comparing the network against the active directory systems, the team creates a well-defined report that informs the client about the administrators. After providing this transparency, SecureONE makes it possible for privileged accounts to request system access only when essential, thereby keeping it inaccessible at other times. Rather than controlling access among the users, the solution empowers the IT team to add security controls to the user accounts and obtain increased visibility into insights. To assist the clients further in change management, team Remediant trains the users at clients’ end to make the best use of SecureONE’s interface and gain a better understanding of how it works.
Remediant’s solution eliminates the need for any infrastructural changes, proving significantly beneficial for businesses. This can be illustrated with Remediant’s association with a U.S.-based aerospace and defense company that needed to abide by specific defense regulations around the Defense Federal Acquisition Regulation Supplement (DFARS). However, implementing a new solution would have required a complete system overhaul at the client’s site. Thus, they brought Remediant on board to deal with the situation at hand. Today, Remediant’s SecureONE not only allows them to comply with DFARS regulations but also manage administrative privileges through two-factor authentication. Additionally, the platform enables the client to enhance operational security.
Looking at the road ahead, Remediant aims to add new features such as identity and access management to SecureONE. Keeler points out that they are currently working on large-scale integration strategies in collaboration with other key security platforms and players. He also plans to expand SecureONE’s API to other platforms. “We go by the principle of just-in-time administration, which we envision expanding to other segments that have privileged access-related challenges such as databases and software cloud control panels,” adds Keeler.