Delinea has announced new enhancements to the Secure Shell (SSH) Cipher Suite and Secure File Transfer Protocol (SFTP) tunnelling of Secret Server, its PAM solution. Further additions to disaster recovery capabilities help ensure Secret's data and permissions are available even during a disruption, the company states.
In 2021, 82% of breaches involved the human element; including the use of stolen credentials, phishing, misuse, or just error, according to the 2022 Verizon Data Breach Investigations Report. By centralising privileged credentials in an encrypted password vault, organisations can significantly reduce human-centred risk, Delinea states.
Additional layers of security for a stronger enterprise vault
Enhancements to the SSH Cipher Suite provide customisation of the ciphers used when making SSH connections for various tasks such as credential discovery, password changes, or heartbeat. Heartbeat provides up-to-the-minute monitoring of passwords and credentials, and triggers alerts if they are changed outside of the vault or without knowledge.
The new SSH Cipher Suite features allow users to set availability and application order for key exchange, MAC address, and encryption algorithms, allowing organisations to tailor ciphers to meet their best practices and increasing the security of the connections made through the vault.
Admins can also remove old or non-approved ciphers and avoid remediation work should those ciphers be highlighted in a vulnerability scan. The introduction of a new option for using SFTP tunnelling with Filezilla and WinSCP clients now enables administrators to transfer files to target machines using either client, while credentials remain safely in the vault.
This feature increases security when transferring files, as it avoids direct access to privileged credentials and offers admins additional flexibility without disrupting normal workflow.
Enhanced disaster recovery for Secrets resiliency
Expansion of high availability and disaster recovery (HA/DR) features focus on providing availability of access and permissions during an outage.
These enhancements include the ability to replicate local and domain users, groups, file attachments, and Secret/folder permissions, providing a standby vault with all permissions in place. HA/DR functionality supports all types of scenarios - cloud-to-cloud, on-premises to on-premises, cloud to on-premises, and on-premises to cloud.
Jon Kuhn, SVP of Product Management at Delinea, says, "This Secret Server release continues to demonstrate our commitment to providing the most secure and flexible enterprise access controls.
"Features like SSH Cipher Suite, SFTP tunnelling, and enhanced HA/DR further our promise to customers of reducing their risk of a cybersecurity breach without impacting the productivity of their teams."
This release also includes enhancements to the advanced session recording agent, advancements in the user interface (UI) to improve ease of use, and customised internal communication options through the UI via a configurable global banner.