What is Excalibur
Excalibur utilizes the user’s smartphone to act as a secure hardware token for any and all authentication and authorization needs. The ultimate goal is to move all forms of authentication and authorization away from passwords, replace them seamlessly with smartphone-based strong but user friendly multi-factor authentication. Excalibur's unique value is in providing backward compatibility with all the applications, Operating Systems (OS) and services used today thus creating a bridge between the password-based present and password-free future.
One of the core innovations of Excalibur is its ability to defeat all attacks on credentials as Excalibur is able to automatically change a password on each login. In the Excalibur user flow – the password is no longer entered by the user – the user never even knows the password, it is just a random string used in the background, seamlessly injected into the login process by Excalibur. The user instead just interacts with the smartphone – using it to provide various authentication factors as required by the defined security policy.
Precise geolocation
On-device biometry
PIN code fallback
Ownership factor
Our Mission
Everything that is connectable is hackable.
The bigger the attack surface the more statistically probable to occur. Attack surface is already not manageable, think of what will happen once truly everything is connected (5G).
Cyber security is a rocket science, so just hop on and enjoy the ride.
Our Vision
The only solution is eliminating direct end-to-end connectivity.
Hide everything behind dedicated always updated continuously audited strongly authenticating cloud service with minimal attack surface and complete auditability of every interaction
Welcome to Cyber-Security as a Service!
Our Plan
Privileged Access Management ( PAM )
By utilizing and expanding concepts known and used by Enterprise grade PAM systems
Excalibur PAM connects to targets over the SSH tunnels ( Excalibur Cloud Tunnel )
Status Quo
Problems
Gateway problem
- Exposed resources
- Exposed services are protected by firewalls / WAFs / rule based IPS etc
- Security is provided by filtering networ traffic which is like trying to find the needle in a haystack
- The exposed gateway must be always updated, but because it is on-premise there always will be delays
VPN problem
- Exposed resources
- Exposed services are protected by firewalls / WAFs / rule based IPS etc
- VPN servers are continuously hammered by attacks, exploits and thus security updates are never ending
- Once VPN is breached, internal resources are immediately exposed
Solution
Cloud tunnel + PAM
Excalibur Cloud Tunnel
- Topology independent
- SSH tunnel
- TRESK
- PAM ( Privileged Access Management )
Connecting from inside out thus able to connect thru any NAT or most firewalls
SSH is well known and trusted Strong mutual authentication Exposes only specific application ports
Tunnel Resolver Component takes care of orchestrating tunnels in a cryptographically safe way so that only the right user can connect to the right target
Excalibur utilizes and expands concepts known and used by Enterprise grade PAM systems Excalibur PAM connects to targets over the SSH tunnels
No more direct connectivity
- No more exposed company resources
- In cloud protocol termination
- Minimal attack surface
- No more attacks on your infrastructure
- Access streaming
Protocols used to connect to protected resources are terminated in cloud. Vulnerabilities are thus hidden
It is our attack surface now not your problem anymore
Your firewall can now block all incoming connections as no resources are exposed anymore
Users are strongly MFA authenticated. Access to tunneled resources is provided via fully interactive streaming directly to the user browser All sessions are by default recorded and indexed by user activity for full auditability Can't hack a protected resource thru "pictures" :)
Features
Unique value proposition
Dynamic passwords
Complete legacy compatibility with every system you use today, if Excalibur does not directly integrate the given system user is able to temporarily show password on his token after authentication factor verification. Password gets automatically changed after a short time period.
- Random password
- Changed before each authentication
- No expiration
- No regular manual changes required
- Users do not interact with passwords anymore
Passwords are automatically changed by Excalibur before each authentication and subsequently injected into authentication process.
Geolocation
Excalibur as a home-office enabler
- Extra security binded to location
- Self registration from home
- Precise micro-granular geolocation
- Secure work from home
Sensor fusion geolocation used as another authentication factor.
Self-service home geofence registration - powered by peer verification.
Unique home address(es) for each employee.
Location access controlled per user down to building level precision.
Recording
Excalibur indroduces "Streamed access management" ( SAM ). It's just like Privileged Access Management but for ALL access!
All user activity is monitored, recorded and indexed, fully searchable with zero deniability of actions.
- All activity is recorded
- Access resources behind any firewall / NAT via tunnel
- HTTP / HTTPS, RDP, SSH, VNC, TELNET
- Access to resources is streamed directly to web browser
- Resources are no longer exposed, no way to attack protected resources
Peer verification
Any Excalibur authenticated action can be configured to use 4-eye verification aka peer verification .
- 4-eye principle anywhere you need it
- Extra security
- Fully configurable
Require confirmation by additional individual on any action such as login to a sensitive system, registration of a new user etc.
The action can be verified by any colleague or a manager of the given user or service desk.
Remote Peer verification
Peer verification supports also remote scenarios. User requesting access (peer verification) and the user confirming access can be on physically different locations.
- Remote 4-eye principle
- Detailly Logged
- No more human element risks
Every verification is logged - it is clear who confirmed what request, thus managers and/or the security operation center can keep track of them.
References
Our Clients
Tatrabanka
Tatra banka was founded in 1990 and since then, it has won more than 130 awards granted by 30 awarding authorities.
Statistical office
The Statistical Office of the Slovak Republic is central body of state administration of the Slovak Republic for the branch of statistics.
Slovak National Bank
National Bank of Slovakia is the central bank of Slovakia, which is a member of the European Union and the European System of Central Banks.
Soitron
We believe that companies can gain a competitive advantage thanks to our technological innovations.
RECOGNITIONS
Contact
Contact Us
Our Address
Hraničná 12, 05801 Poprad, Slovakia