Book Demo!

Your November 2019 XTON Access Manager Newsletter!

It’s been another busy month at Xton with a number of new XTAM product enhancements. This month our development team added:

  • support for SMS and TOTP based shared virtual MFA;
  • support single remote application sessions published on Windows RDS servers;
  • configurable Security Algorithms Parameters; and
  • SAML integration with WatchGuard AuthPoint.

Also, be sure to check out our latest post on the Challenge of MFA and Shared Accounts or download our KuppingerCole Executive View: Xton Technologies Access Manager. Details on all the XTAM updates are below.

We have made two new updates to our virtual MFA support. You now have an option to share the phone number to receive SMS notifications for the second-factor authentication. The option provides role-based access as well as just in time access to shared privileged accounts protected with the second-factor authentication. Additionally, it allows for enforcing MFA tokens for privileged accounts significantly increasing security of the IT infrastructure. The SMS access is logged in the system audit log to track the use of the service. The Virtual SMS MFA implementation is based on the Twilio service and requires Twilio subscription.
With TOTP support, you now have the option to store the Time-based One-Time Password (TOTP) secret key in a record with the option to generate RFC 6238 TOTP tokens on demand. The option enables multi-factor authentication for shared privileged accounts. Shared MFA token generation is granted to selected users using role-based access control as well as location, time and approval-based workflow. The TOTP generation is logged in the system audit log to track the use of the service.
Learn More
XTAM has long supported the use of Windows RDS RemoteApp functionality to launch and create high-trust sessions without disclosing sensitive information such as credential or application passwords. Now, XTAM can be used to support single remote application sessions published on Windows RDS servers including high-trust access as well as events and session recording. The option allows users to run published applications on an RDS server using RDP RemoteApp protocol while providing role based and just in time access to the application sessions using single-click action. The system establishes a session to a single published application without the option to see or interact with the rest of the desktop.
Learn More
To provide further configuration options and transparency, XTAM now adds the option to select specific Key Exchange, Message Authentication Code (MACs) and Cipher algorithms used by the SSH Proxy client connection. With this new software update the SSH Proxy server will only negotiate the algorithms defined in the configuration when negotiating the protocol with an SSH client. This improves security of SSH Proxy server by forcing it to only negotiate stronger algorithms. To keep up with security trends, it also removes the algorithms that are considered “weak” from the default out-of-the-box configuration. Together this update is designed to improve security of SSH Proxy server by forcing it to only negotiate stronger algorithms.
Learn More
XTAM supports integration with SAML providers to allow their unique multi-factor authentication (MFA) solution to handle the second authentication method, enabling even greater security for your XTAM deployment. This month XTAM added SAML integration with WatchGuard AuthPoint, an identity provider, to enable secure authentication.
Learn More
A new task event policy After Session was added to the Job Engine to trigger the task execution after session completion. This new policy allows for resetting the account password right after its use in an active session even in cases where the credentials were not disclosed to the user. The new policy also supports the option to defer the job until the last session completes for scenarios where the account is referenced by any other record.
Learn More
Additional XTAM Extensions and Enhancements
Over the past 30 days we have made a number of additional enhancements to XTAM. These include:

  • New Best Practices suggestions for System Administrators throughout the application
  • Added distributed HTTP Proxy chaining for WEB Portal record sessions
  • Updated the default Windows Dependency script to better support Windows 2008 native functions
  • Resolved native RDP screen resolution behavior
Read the Xton blog to stay up to date on all product enhancements.
RSA Conference 2020
Mark your calendars, Xton is headed to the RSA Conference in San Francisco, February 22-28, 2020. We will be exhibiting in the RSAC Early Stage Expo in Booth 42. We look forward to seeing everyone at the show next year. To schedule an appointment at the show contact info@xtontech.com.

 
 

Copyright © 2020 Xton Technologies, LLC. All rights reserved.