2020 was an unprecedented year. We faced a pandemic, shutdowns, remote working, increased security threats, and (for many) remote learning. Through it all, the Xton development team was busy enhancing and adding new features to XTAM.
With everything going on in the last six months, you may have missed some of our weekly release notes and product updates. Since my last recap on the XTAM features added in the first half of 2020, we’ve added several new enhancements. Did you know that we added features designed to help customers implement zero trust or just-in-time privileged access strategies? Or that we continue to update our reporting and auditing capabilities? We’ve also launched a new XTAM Help Center for all product documentation.
Below is a quick recap of the Top 7 features added to XTAM in the second half of 2020.
Ephemeral Accounts and Just-In-Time Permission Elevation
Back in September, we added an ephemeral account option and a just-in-time (JIT) permission elevation option designed to promote increased security using the principle of no standing trust. Ephemeral accounts are one-time use accounts created on the host at the time of approval and are subsequently deleted upon expiration. JIT permission elevation can take an existing account with limited permissions, temporarily elevate using the principle of least privileged, and de-escalate when its use has expired.
Why this is important: Security and risk management leaders are moving towards a zero standing privileges strategy using a just-in-time model. A just-in-time privileged access model is designed to limit the time a privileged account exists on a critical system, especially with enabled special access. It is not just about limiting time. The goal is to have zero standing privilege strategy on users and servers. Ephemeral accounts and just in time (JIT) permission elevation help customers implement these strategies and reduce the number of privileged accounts in their network and controls access to active privileged accounts. Learn More
XTAM now includes a Transparent Perimeter deployment option. This provides access to closed isolated networks behind a firewall based on a reverse tunnel architecture.
Why this is important: Using the Transparent Perimeter option improves the security of an isolated network by allowing external access to internal resources without requiring additional open ports in the firewall. This can be useful for all deployments including Cloud deployments with access requirements to multiple (or hybrid) datacenters. It is especially helpful for MSPs looking to manage their client networks without reconfiguring firewall rules. Learn More
Amazon AWS CLI Proxy
You can now configure XTAM to support zero trust connections for the Amazon AWS command line tool. Additionally, the XTAM AWS CLI Proxy respects role-based permissions, configured access request workflows including time-, location- and approval-based access as well as API Token expiration and location validation for greater control and auditing of its use.
Why this is important: This new proxy allows for the secure sharing of privileged access to an AWS infrastructure without sharing the AWS keys. Learn More
Temporary Amazon Web Services API access keys
XTAM can now generate AWS STS Temporary AWS API access keys (Access Key Id and Secret Key pair) for a specified duration based on the provided superuser access keys, those of which are stored safely in the XTAM Identity Vault.
Why this is important: The option enables Just-in-Time access for users, applications, command line utilities and automation software to communicate with Amazon Web Services with least possible standing privileges. Learn More
RDS Farms for RDP Proxy
Easily access Remote Desktop Services (RDS) farms using native desktop or mobile RDP clients. RDS Farm is a method to deploy shared Windows Server resources in high availability configuration.
Why this is important: By extending the application of native RDP clients to connect to RDS Farms, XTAM is enabling the efficient implementation of best Privileged Access Management practices while allowing IT administrators to continue using familiar tools and workflows. Learn More
System Administrators and Auditors can now access a Dashboard screen featuring visual representations of aggregated key metrics about assets, sessions, jobs, and user activity. System dashboard displays hourly or weekly aggregated statistics by day of the week.
Why this is important: The Dashboard allows Admins and Auditors to quickly evaluate how users interact with XTAM and how it maintains privileged credentials and access throughout the network. Learn More
New Online Documentation and Help Center
As part of our quest to provide more, easily locatable documentation on the features and options in our products, we are released a new online Help Center in October. This new Help Center serves as the central hub to find all documentation, guides, FAQ articles, and PDFs related to Xton products.
Why this is important: Having one place to access all valuable resources is critical to any software implementation. The new Help Center makes it easy to find XTAM documentation and information on installation, using specific features and PAM best practices. We plan to continue adding to the resources found in the Help Center with new guides, screenshots, and videos. Bookmark the XTAM Help Center today at https://help.xtontech.com
While we closed the door on 2020, this new year holds a lot of promise and hope. At Xton, we will continue to bring you weekly product releases which you can follow on our blog every Monday morning. We have an exciting product roadmap for 2021 that supports Just-in-Time Zero Trust access to servers using SQL and PowerShell protocols, advanced distributed deployments and further simplifications in system maintenance. Our hope is to empower more IT groups to use best security practices with fewer resources to manage the security infrastructure.
As always, we welcome customer feedback on the releases and PAM features. If you want to see a demo of XTAM or any questions on any of the features listed above, use our online scheduler to book a demo with one of our experts.