sb-eu logo
Story image

Thycotic acquires Onion ID, launches new access management products

Thycotic has acquired Onion ID, a privileged access management (PAM) solutions provider, and has added new products to its PAM portfolio to protect enterprise cloud apps and better enable remote workers.

The three new products are Thycotic Remote Access Controller, Thycotic Cloud Access Controller and Thycotic Database Access Controller.

These products focus on PAM use cases protecting access to SaaS applications, IaaS infrastructure, and ensuring remote workers stay productive and secure, the company states.

One key focus for the new products is a Zero Trust security approach for remote employees and third parties who need access to corporate resources.

Zero Trust describes the principle of least privilege when it comes to remote access channels, ensuring that third parties have access to only those resources required to do their jobs.

In this scenario, security teams must control who can access what and when, in order to protect corporate resources and comply with regulatory mandates.

Thycotic Remote Access Controller automates the management of remote workers accessing the IT resources. The Controller uses multi-factor authentication (MFA) and session recording, without requiring software or browser extensions, to enforce corporate security and compliance policies.

The API suite that can be integrated into automated workflows and ticketing systems, Remote Access Controller streamlines access grants for contractors within a centralised web portal.

Thycotic Cloud Access Controller, on the other hand, ensures that administrators accessing IaaS platforms such as Amazon Web Services (AWS) and SaaS applications like Salesforce and Twitter maintain appropriate Role Based Access Controls (RBAC).

This dictates what each user can click, read, or modify within any web application. Administrators also have a centralised dashboard which displays what applications have been accessed, access removal, audit report production and more, for tighter security and streamlined compliance.

KuppingerCole founder and principal analyst Martin Kuppinger says, “Cloud Management consoles, like those on Azure, AWS, and GCP, pose significant security risks to every company.

“Over-privileges are a common fact and most organisations lack granular visibility into whether privileged users have unnecessary entitlements and provisions.”

Finally, Thycotic Database Access Controller enables enterprises to adopt modern cloud databases from AWS (RDS), Google, Azure, Oracle, Redis, and others, while still enforcing appropriate access levels, MFA, and complete reporting and auditing workflows.

With this product, customers can record entire database access sessions, provide just-in-time access, report and log actions, generate alerts and cut off connections in an automated manner.

This simplifies privileged access and compliance requirements for security teams, and protects databases containing sensitive employee and customer PII, the company states.

Thycotic president and CEO James Legg says, “With the sudden growth of remote workforces across the globe, privileged access security controls must also account for ordinary business users, like those in finance and marketing, who are accessing sensitive and privileged corporate data from untrusted devices on untrusted networks.

“With the addition of Onion ID, we are now able to implement fine-tuned Role Based Access Controls across any web-based application, IaaS console, and cloud-hosted database, while providing flexible multi-factor authentication that gives security leaders a significantly easier way to ensure secure access paths for remote employees.”

Onion ID CEO and founder Anirban Banerjee says, “By joining forces with Thycotic, we are enhancing our commitment to delivering user-friendly authentication, authorisation and auditing to cloud servers, databases and applications.

“We are launching a diverse set of next-generation PAM 2.0 offerings in the market which will enable enterprise customers to elevate their security controls above and beyond current best of breed solutions and reduce costs with secure remote access.”

Thycotic vice president of product management Jai Dargan says, “The very definition of privileged access has undergone a paradigm shift due to the changing landscape of work - from central offices to personal residences on the edge.

“Legacy appliance-based PAM solutions have not been effective in extending privileged access controls to cloud environments and are simply unusable as password vaults for business users.

"This acquisition extends Thycotic’s security umbrella over every user, application, and secret, securing high-risk cloud resources that have historically been the domain of conventional IAM vendors.”

Financial terms of the Onion ID deal have not been disclosed. As part of the transaction, Onion ID will operate under Thycotic brand and leadership.

Story image
Cyber attacks keeping business leaders up at night, new research finds
Data breaches and insider threats are keeping organisations up at night, according to new research from KnowBe4, the security awareness training and simulated phishing platform.More
Story image
HackerOne launches penetration testing to empower digital transformation
“In today’s agile environments, pentest platforms should seamlessly integrate with every aspect of the software development lifecycle so that findings are quickly pushed to the right developer and vulnerabilities are fixed faster."More
Story image
Bitglass deepens integration with MFA vendor Duo Security
Bitglass has announced a deepened integration with Duo Security, now part of Cisco, as it looks to strengthen security for the modern workforce.More
Story image
54% rise in gaming-related cyber attacks recorded in April
Social isolation measures, widely implemented throughout the world during March and April, has been linked to both the increase in engagement for gaming and a corresponding boom in game-related cyber attacks.More
Story image
Cyber threat intelligence reaching maturity in organisations worldwide
Cyber threat intelligence is reaching a state of maturity and integration in organisations across the globe, according to a survey by the SANS Institute and ThreatQuotient.More
Story image
Oracle combines cloud automation with comms security in new solution
The Oracle Communications Security Shield (OCSS) Cloud is built on the company’s cloud infrastructure, and uses AI and real-time enforcement to combat the heightened risk of infrastructure attacks presented to contact centres and enterprises.More