Hello, good afternoon or good morning, depending on way or listening or viewing from today. Welcome to our latest webinar where we'll be looking at the business value of PAM in what we're calling the work-from-anywhere world. Very pleased to be joined by Oleg Shomonko from Ekran, who we'll be talking later on the webinar. I'm Paul Fisher and I'm a senior analyst with KuppingerCole. So before we get into the webinar itself, a little bit of information about some KC events coming up. We have June 23rd, which is, I believe tomorrow managing digital workflows with service now, which is a specialist KC live event, real wealth catching. You can still register for that. We also then have on July 7th cloud strategy optimization, ensuring efficient and secure collaboration on the cloud. And then finally, July 21st, another case he live the access management playbook, securing today's organizations. So three for your diary, that little housekeeping you are muted.
So no need to worry about that. We will be recording this webinar and it will be available very shortly in the next few days so that you can either watch it again or get some of your colleagues to have a look at it. And we'll also give you the slide decks for download there's a Q and a session, right? At the end of both our sessions, you can enter the questions into the go to webinar control panel, which is, should be to your right as you view this. And then we'll read out the questions and myself in the leg. We'll do our best to answer them so quick. Look at the agenda. First up, I'm going to explain some of the complexities of modern access management and some of the challenges why CSOs and vendors need to up their game. Excuse me, why Pam must be integrated into any it infrastructure and then, oh, well give us some demonstrations of how organizations can defend against cyber attacks and meet compliance requirements without the need for a complex and expensive Pam solution, all in the, on your working well, which is working from anywhere.
And then as I said, the ability questions announces. So Pam and identity in modern it environments, I've just started this with a quote, which is one of the problems is that it, innovation is as soon as someone in a business, as soon as the business benefits become clear, someone's going to point to the security risks and say, we shouldn't do it. Usually though, the business arguments when becoming a, not have both well, that's hopefully where we're leading to not necessarily we're going to achieve that in this webinar, but I think that's where we are trying to add to, and as analysts and also as vendors in that we can have security and we can have the best. It that's possible at the moment, we seem to be the, to slightly adrift. And of course, new challenges such as the working from home. And then the shift to working from home has happened in the last year, has accelerated changes in how we access and how identities are able to get the student, the things they need to do their jobs.
And I think it's true to say that for after the pandemic for users, as in employees, administrators, and CSOs, and actually everyone is involved in a business, nothing's going to be the same again. I put up there a recent headline from the financial times, which shows that there's two schools of thought about what's going to happen when the pandemic is finally over, which hopefully will, will be soon. Some people seem to think that we may be continue to work from home others, that there'll be eventually a mass return to offices. But what seems to be happening is that, but probably have a mixture of both. And particularly those workers that have perhaps more power in the workplace, as it says, white collar workers. And they tend to be the people that we're talking about, users of it, et cetera. They're increasingly demanding more flexibility on how they work and they want the opportunity and the freedom to work from home or work from their office and for work from anywhere. So that means, you know, working perhaps in a cafe or another location that wouldn't normally be used for work. And also what this means for us in, in the industry is that we know need to deliver regular access from all these places, from home, from office and from anywhere. And the access has got to be secure and it's got to match the identities, the right identities with the right tasks and the right services that they would need to do their job.
And more particularly, we need to deliver privilege access. Cause that's what we're talking about here today. Privilege access, as we know, is now a much more wide ranging form of access privilege access. Isn't just about giving admins access to do various administrative task or various maintenance tasks. Project size is now almost for anyone that's involved in a business. And a privileged user can be someone that needs access to certain files and services or certain perhaps pieces of code if they work in dev ops and things like that. So we're seeing a massive shift in the way people are working at the moment. I think that it, it has done a great job of managing that sudden change it and most companies. And I think though that for the future, we're going to have to find a way of managing different types of working for different people.
Okay. So finding our way around the access management problem is not easy, but it's not impossible. And I think that's something that we need to think about more. I don't think that we can just use existing Pam technologies and make them somehow work for remote access. I think we need more innovation from Pam vendors and we need more innovation from those within organizations who are responsible for deploying perm and they need to look at what the business wants and they need to look at what users once and IM and employees what they want. And increasingly you'll find the, one of the things that has happened a lot, especially in the last year is that Pam vendors have really upped their game on user experience and user interface. And the idea that Pam should be a kind of a specialist tool for specialists, people is shifting a little into what it should be a access tool that gives employees the tools and the services and the files that they need to do the job. And it shouldn't, it should also be managed by people that wouldn't traditionally be seen as administrators, but people that perhaps working in a different line of business wish to have the tools at their disposal to give their colleagues access to certain things. So where we're seeing the shift in things like just in time access, federal access, the reduced use of passwords, but also a greater emphasis on ease of use. And that's a great thing in my mind.
Yeah. So what are the, some of the issues that are around managing the increased number of users and identities? Well, one thing that we can't do is stop users and identities from multiplying. That's just the reality as organizations become more complex, as infrastructures become more hybrid, as more stuff goes to the cloud, as more data gets produced every single day, the number of identities and users that want to access stuff is multiplying. And on top of that, we also have different types of entities. It's not just about human users anymore. It's also about machines, it's about applications and IOT, where you might find in manufacturing that a, a so-called robot device will need privilege access to something that previously was not thought needed. So how do you classify identities? You can't just say that they're all users.
Should we give everything privileged status? Probably not, because then you would have probably overload in the business. So we need as part of a rethink about privileged access management in this new environment, we need to think about how and what justifies privileged status. And that is possibly moving more to the user from the user to the task and the risk of what would happen if that task was carried out by someone that was not allowed, or shouldn't be allowed to do that. And if a risk analysis comes up and says the task, while if, if, if, if a malicious actor did that task, maybe the damage wouldn't be so great. So we need to think more about privileged task, less about privileged users. We could move everything to just in time access, which is kind of the way some prom platforms are going, which does a way with standing privileged, having privileges, or you probably know is a risk for any business because existing privileged accounts, if they get hijacked can be used by malicious actors to get inside the organization.
So if he moved everything to a, just in time process or femoral access, we wouldn't have standing privileges and we wouldn't have standing passwords, but to get the, to that sort of promise, land is a not very easy. And B it's not actually perhaps desirable for all, all organizations, some organizations do prefer to use passwords and they do prefer to have a bolt. And that is why most Pam vendors will still supply a volt and most Pam vendors supply a very good volt. Should we remove all standing access again, I've kind of dealt with that. That again would be a nice thing to do, but not necessarily easy or necessarily desirable. And we should match privilege identities to tasks. We're seeing some trends in, in, in the vendor market where we are seeing integration of modules and a simplification or of portfolios that the prime vendors have instead of having maybe six or seven modules. I'm thinking more now about an integrated platform, which then allows a scalability and also allows the customer to pick and choose those Pam modules they need as their needs change. And as the business scales, and we are seeing the start of identity and access management and privilege access management coming together into what a code identity platforms and at least two or three vendors are starting to look at that.
So identity Pam working with cloud infrastructure as a service and network service is another complication w w we're seeing, you know, more and more organizations changing to infrastructure as a service and moving stuff to the cloud that has the, the, the effect of expanding the number of endpoints and identities even more. And then once we bring in those I, that IOT machines, privileged access management, can't manage this growth challenge on its own. And what we find in, in many organizations is that privilege account management and identity governance and administration often operate, operate in silos and even have, you know, different administrators, different platforms to run things, and each admins on each of those have no real oversight over the other platforms. And I think it's up to not necessarily the vendors, the vendors are starting to think about how they can bring in this triangular format or matrix, which brings in identity access management governments and privileged access management better together.
But there are gaps still in organizations, security settings that are inevitably arise from what I call 24 7 change within organizations changing on a daily basis. When you have organizations creating applications and releasing new versions of one application, several versions in a single day, this is going to have a knock on effect in the security posture of the organization. And it's very difficult to keep up with that. And it's very difficult for the CSO. It's so difficult for the CIO to keep up with the pressure when other lines of business want people to have access to things that they consider to be privileged, and that results in a limited visibility in how identities move across privilege accounts. And that's something else that we need more of in privileged access management systems. We need better analysis analytics, and we also need better reporting and real time inventing, I guess you could call it of what's happening to the organization in real time.
So this is a kind of what I call a, a schema of really everything I've just been talking about at how all the millions of digital identities that are now being created across. I mean, we, we, we, we talk about organizations that have, you know, millions, literally millions of users just for a single organization. And those identities are coming from things like cars. They're gonna come from obviously mobile devices, IOT, robots, the cloud, not to mention legacy systems DevOps. And then we have identities from third-party vendors, customers, et cetera. And all of that is feeding into what you call traditional Pam. But what we're talking about today, or is part of what we talking today, when we have these identities need to be managed at the end point, and they need to have privileged access from the end point and not necessarily from what you might call a traditional endpoint, which is, you know, a PC in the workplace.
So EPM endpoint management is, is suddenly become endpoint privilege management, I should say, has suddenly become almost top of the agenda in the way that we manage privilege access and giving people remote privilege access. So we've always given people, admins the ability to do servicing on an endpoint, but we're talking now about people using an end point to get the access they want in the first place. And that means that they'll also be looking, working within new types of infrastructure, but everything is kind of mixed up with the applications and data. We got microservices and containers and everything connected by API APIs. And then we've got stuff outside the business, running in the cloud. And all of that means that you have what looks like on paper. Something quite are manageable, but it does mean that we need better solutions, particularly at the end point, particularly in identity management, that can deal with this new reality.
So just to close my part of today's webinar, I'll just give you some full takeaways from what I'd be talking about. Number one, we cannot stop identities and privileges for multiplying. That's the reality of today's it infrastructure. And it's just going to go on like that securely matching identities to task will be a major challenge. And I think that if you take anything away from this, that is something that we really do think about how do we match identities to tasks when we're talking about privileged access management and identity access management, number three, it innovation we'll just carry on it. I think we're seeing more ITM innovation in businesses than any time in the last 30 years. And some of the innovation is coming within organizations themselves driven also, obviously by changes in the, the, the vendor landscape at, for when you're thinking about Pam for this new environment, you've got to think about whether it's going to be scalable, adaptable cloud-native and connectable within that. You've got to think about where your users and your identities are going to be aware. They're going to be trying to access networks services, et cetera, to do that jobs. So that's the end of my, part of the presentation. I will now hand over to Alec for part two.
Hello everybody. Thank you very much for joining this webinar and thank you very much for, for, for S park. And I hope you can hear me. You can see my screen. I, I really, I will try to make this presentation interesting for you and the second and the I'm not going to repeat the problem. Y Y our customers use slash solution. Why our customers need Pam solution, because Paul already explained as this, the bar. And if we, if we are talking about our activities several years ago, we, we, we had to explain, we had to educate people why they have to manage system administrators, why they have to monitor system administrator. So for example, sub-contractors, but now our customers are educated. Thank you very much for analytic flagpole. They provided idea why, why complex infrastructure should be covered by pen solution. And again, I assume you already know why pan solution like how exactly Pam solution can reduce security and compliance risk.
And so we are talking about, we have many customers who do monitoring of not only privilege account, but also sub-contractors. And especially with COVID situation, they have to monitor remote employees. We are talking not about only privileged accounts and any access to sensitive information to you company, any critical information, critical data, especially with COVID sedation is remote work and has to be managed by security department. And again, I assume you already know what Penn solutions should provide to company. There are many or already, there are many security regulations, pretty strong security regulations for Penn solutions. Just wanted to highlight some of them. First of all, you should do full monitoring or of privilege accounts of a system, administrator, subcontractor, remote employees, what happens and what going on on your critical infrastructure, you have managed access to your infrastructure. We are not so you can believe to your employees, but you can believe accounts.
You know, zero trust subject is very popular now and the just-in-time approach. And when we have several cases from our existing customers, when crunch our product help it, this data leakage when privilege account was credentialed to, to the environment and after penetration to security perimeter, our product protected environment from penetration. So we are talking not only about inside the threat protection, but also power for external threat protection. And of course we are talking not about not only about people send tricks about human, to manage credential for people, but also for a robot for different devices, services, et cetera, a Pam solution also can help you, is this okay? So let me introduce our company. We started our sales and marketing activities eight years ago, mostly from Europe and Asia. And, but right now our headquarters in the United States, but I am from Ukraine. We have R and D department and support department in Ukraine.
So we are working in the same time zone. These many hours. You have repeat customers at the moment. We have totally thousand about thousands of customers, worldwide, most different financial institutions, government, military, et cetera. We are listening in and NIST national Institute standard report for the recommendation for privileged account management for financial institutions. We are in the trust at least offer Microsoft partners to monitor the future windows, virtual desktop environment and the, because our solution we provide, we provide to our customer to comply with different security regulations. Of course, our company has to be also certified. So our company has ISO certification to Osos certifications, and we are working to, to obtain more security certifications for our product and our company.
We just few words about our product. We provide pure web management panels, so you can manage everything is out additional deployment of any components on your computer or from any browser on windows, PC from my costs, et cetera. And what is the unique approach of our product possibly, you know, many different vendors based on cost, proxy based solutions, but our approach is agent based solution. So yes, we provide agents for, we provide our customers with different agents, for windows, environment, server, Linux, environment, Citrix and Unix. And on the after deployment agents do monitoring of user activities. And of course, agent can manage access to endpoint and do a recording of all user activities and send monitoring information to application servers. And the security department can work via management tool to manage all user activities, to manage access, to manage passwords, et cetera. We support different types of databases.
We support Microsoft sequel database, which is our requirements from different financial institutions to support commercial that the base, we also support a free PostGrest opensource database. So our customers shouldn't pay for third party licenses for this. All our components support do chill environment. We have, and the very important we provide on pen solution. So we don't have any access to monitoring information. You can our solution on your dedicated servers on hybrid environment or cloud environment, private cloud environment, but we don't have any access to monitoring information to your passwords and et cetera, even more, each deployment has unique master certificate. And we do encryption. We use ISA encryption of all monitoring information, password, et cetera. And even the database, a system administrator doesn't have access to monitor information.
As I mentioned, we provide agent-based solution, but we are very flexible with deployment. And very often we have questions. Okay, guys, we need adjunct list solution. So how you agent based solution can cover my requirements. So it is simple. There is, there is very simple answer. You can deploy just windows server, these native tools to manage remote that the basis to manage your data center, to manage your productions environment service. And in case you deploy our agent on this windows environment, we optimize convert the server to chance server. So you can monitor all user activities via jump servers, and we can also manage access to John server and production environment. We are this machine. So again, you can deploy adjunct on any endpoint, including John server, including users, laptops, including infrastructure server in a production environment. In this, you deploy our on production environment. We can get much more information about style application, about connection, the connected USB devices, et cetera. So we can get much more information in this case. I hope this scheme is clear again, this is like agent less deployment with our agent-based solution.
As I told you before, with John's server deployment, we can manage access to jump server environment. You, I already mentioned about just-in-time approach and you can manage, for example, this system administrator can connect to John server only in work in time and not in working time with your Santee modification to security department, for example, and we can manage further connection from John server to production environment. You can manage what user to which environment can connect each account. And this user will not know a root password. Again, if we are talking about a deployment on a virtual environment on our station laptops, we can, we, we started our solution from all did functionality and we covered, we can cover very big. A large deployment solution can monitor simultaneously about 10,000 sessions simultaneously from different environment. And, and even more in case you deploy our solution in different locations in different countries, investigator can work in one single panel.
This is a distributed deployment. It could be a United state could be Germany. It could be Singapore and an instigator can manage and review sessions and manage system via single panel. So let me show you, our protocol works. As I mentioned, your, we provides a pure management panel in this panel. You can see already monitored sessions. You can see, we did monitoring from a different environment, virtual environment, server Linux, even my course. And we would deport our agent on servers on workstations. And the, let me show you, for example, who use work, edit, we can use our powerful search engine with different search criteria, and you can see user activities with rip edit of on infrastructure server or John's sugar. And it could be your minimum deployment, just monitoring is out additional additional management functionality. You can just simple review sessions and with our video prayer on any environment and the, for many customers it's enough.
So they prefer to use Samsung quite light pen solution, for example, to monitor sub-contractors. So you can play this session. Of course you can review on some information by monitoring the data you can expert the current session and provide to your manager, is this information or shares this, this some security department. And it's very simple. It's like YouTube, what can show you how it works on Linux environment? So I'm going to clean this session and a review session on for example, Linux environment. So in case we deploy our agent on Linux server, again, we can literally record all user system administrators, activities on Linux environment, on Linux infrastructure server, or even it could be John server when a sub-contractor can connect, or John's surely not space jump server and connect after this to production environment, to your data center, for example. And again, we can record every single, even without additional password management, even without deployment our agent on laptops or system administrator there resume is a monitored executive function call. We can record all function call it's like internal debugger in the Linux, and we can support live sessions. Of course, we have a lot of notification about connection to, to any environment. And you can see what's going on right now. And in case of any security issues you can automatically or manually work user activities.
Okay? And as I told you, we support not only server environment. We are only one solution worldwide, which can support a graphic interface of Linux sessions with, sorry, this is this wrong session. It should be, yes. This session should be a graphic interface because many companies, they move it infrastructure to cloud. And again, we are talking not about only system administrators. It could be just any user with access to very sensitive information from cloud, for example, so serum system, and it could be also monitored and managed by a current system. Okay? So as we told you, we are very strong in monitoring. We, additionally, we have alerting systems. This is configurable Tiggers on some potentially suspicious events you can on any end point on which you deploy a current system, you can manage by our rules. I learners you can create alerts by you according to your corporate policy.
And after this, you can provide different actions. For example, send them on notification to security, show warning message to user. For example, don't do this. Please follow corporate policy or even VOC, user key application, et cetera, very simple alert. Just for example, someone just connected to John Tolbert, your jump server remotely, or connected to your infrastructure server visit very critical server or very simple, your some not typical user just connected to the server and security department can immediately make attention to the server. Okay? So let's talk about access management on each end point, which view the boy Crohn's disease. Then you can manage access to each connection. You can manage access to use the devices to some operation. We are access requests for, for, for example, you can manage what users can connect to which corporate environment under which account. And in case we want to connect in not working time, we will automatically send email notification to two security department.
And only after the manual approval, such users will be able to connect to, to production environment. You can use our two factor identification. It's it's free because we use integration with two TP. You can use Google NTP case on defecate or, or Microsoft pontificator. So you can synchronize a mobile phone of a user of system administrator. Our system, enough disease on each connection. Our system will ask one, a one time password to connect to this environment. Of course we will. Our system support some additional altercation like email approval via email. So we can send a notification to the user in mail to approve his connection, email notification to security department. And this are the classic of course, password management. So you can vis a Cron system. You can manage passwords so you can manage access to you can access is active directory to windows, account dissolved, active directory to a Linux Unix account web account, Microsoft sequel.
And we are working to provide more application to manage password. We have basic affirmation. You can manage sharing of passport with different security permissions, and of course just-in-time approach. And so on each connection you can on each password using, you can validate this with security department, how it wards, unlike many applications, we use only native tools. So as I told you, we can do this via jump server. I have connections with John's server that has windows environments. I connect that via RDP session. You can see that we, we it's ultimately you can provide, we can provide the full desktop it's all application, or we can replace power shell by ground system. In this environment, I requested PowerShell by acronym system, connection management, and I can see shared password. This is me, I see windows account Linux account web accounts. And if I'm going to come back via RDP with windows account, we just can start remove this top connection. And after this use from John's server, I just connected to, to another environment. And again, we do monitoring of all user activities, including human certification, et cetera. So security department can replay any session. Again, we use only the native tool.
I think it's not about Pam solution because the food product presently presentation can take about one hour. I have very limited time for today. Pull our data just 20 minutes. We will be happy call security. Our sales team will be happy to provide you the full presentation and answer all your questions about this. And now I'm ready for your questions or questions from Paul. Yeah.
One thing that I, I like about your solution is something that I mentioned in my presentation was the easy use. And I think people can see the, from what you were showing, that it does have a very smooth and well-designed interface, so well done for that. And there's a lot more like you say, in, in the tool. So get in touch with Oleg if you want to have a more in-depth demonstration. Yeah, we do have some questions if you're ready. Or like if you, if you enable a key log logger feature, can aircraft system record keystrokes except passwords thereby preventing a very good point, very, very, very presenting the sensitive data from appearing in kilos, which of course creates a new security problem rather than, than preventing one.
Absolutely. So we have a key organ in our product, so you can record all keystrokes activities with any user we enable. We can optionally, and they both this functionality or disabled for companies by the cause of a company policy. It's mandatory to not record any password. And, but it's definitely, we can do recording of some password and, but we have functionality to automatically detects or any, any passport. So we can set up this by your corporate policy. We can set up this by regular expression and any suspicious, any suspicious keystrokes, which we can detect as a potential password. We, we often medical and mask on agent side. And of course, additionally, we encrypt all data. As I mentioned to you before we, we saved every sync on our, in our database in encrypted way. So it isn't possible just certain users. You can read this much more information in our documentation because it's very frequently asked question. And in our website, we have separate article charts about key worker, because it's very sensitive question for, from Maine. Absolutely.
And another thing that I noticed, which we've talked about is user behavior, and you have a module dedicated to that. So maybe you could give a bit more details about the UVB, any module that you have within the, the, the platform.
Yeah, absolutely thought it's a very good market. It's very good from civility from marketing point of view, because you know, it's a hot topic now, artificial intelligence, which can very the books, some suspicious activities. So the problems that there is no any solution worldwide, which can automatically protect your company right anywhere you should manually review sessions. You can, you should manually analyze all sessions, but what our model can help you, we can provide you information about potentially compromise account. So we do recording based on baseline. So we do collection of user activities in our database. And after this weekend, otherwise some not typical activities for certain users. And we can provide this information to security department. This is a potentially compromised account. Please make attention to this.
Yeah, but automation is definitely something that needs to be use more in Pam, just to keep up with the demands that I was talking about. So what do you see as the future of privileged access management and what are your plans for, for aircraft to deal with this new environment?
You know, there are many, many security requirements for plan solution, but I'll go for next two years is to simplify our interface is simplify using our solution because many of many plants solutions are very complex. And even now we, we have a lot of different monitoring information. Even in the current system, we have many different alerts, different reports, but again, security department can work as sounds and sessions simultaneously to review because the same team they do monitoring user activities, did they do access management, they do identity management. So we want to simplify our solution and we decided not to not to add additional monitoring information. We, we, well, first of all, we want to meet all a stand up requirements or requirements from Pam standards. And we want to simplify more and more therapies to provide some additional dashboards about health of health, of our et cetera. Okay.
You, you also have the child, you have the challenge of securing your own company. So particularly off the things like solar winds, what, how do you address that challenge?
Excuse me, the question Paul,
You have, you maybe I'll make it easy. How do you secure at crown system? I mean your own company,
You mean how exactly we, we, okay. I see, first of all, we are working with a very big potential companies. You know, this is a problem in the insecurity. Everybody wants to have preference every about. Nobody wants to be a reference and not able to provide your names of such companies. But we, we passed many penetration testings from, from such companies from independence team and we provide constantly press released to our partners and the customers. What exactly security speed closed in new version. We are working with our, we, we have in our company in house dynamic and static code analysis to analyze our solution. And so this year we want to provide our solution for independent community to, to test our solution from security point of view, I hope we will get certification and we will be able to publish this certifications this year. And of course our company is I saw I saw certificates. So we, we, we use a current system in our company to, to manage system administrators, to manage access to our source code, our servers. So we, we, we protect our company as well by our current system.
Fantastic. So just around the office, someone's asked, what do you find the most challenging and actually let's put it the other way. What do you find the most enjoyable part of your job?
That's a good question. It's growing. I really love to, to robe is my company because our company has almost 100% growth annually. We have very good numbers and of course, big challenge for our, for us is still brand awareness, but we have grown and I really enjoy this door too. We have more and more customers.
Brilliant. Okay. Well that leaves me really to say that you can find out more from about Ekran because they will all in next privilege access management leadership compass, which will, should be published by the end of July this year. And we've got 25 vendors in there and totally, you know, 26, 26 vendors in that. So it's our biggest leadership compass on lb so far. So watch out for that. Also we do have research online related to BRCA statue privilege, access management. So that buys campuses and advisory notes, which you can find on our website and all of the research is available. I believe for one month free after which you can subscribe. So that really just leaves me to say thank you. Oleg very much for joining me today. Also more, especially to thank you for joining us, listening in and watching from wherever you were in wealth. And just say, thanks. And if you are a football fan and you do have a team left in the Euro championships, well, good luck to them as well. So for that bye now. Thank you. Bye.
