Access Control Solutions for Your Secure Shell Environment
SSH Access Controls Shouldn't Keep You Up at Night
With GCM's SSH Access Control Module you can eliminate the risk of stolen SSH passwords and compromised SSH keys for both human and machine users -- All while creating a frictionless experience for your developers and system administrators
Secure Credential Issuance
All credentials issued by GCM, including SSH credentials, are issued from GCM’s secure enclaves and have been tested for thousands of hours by highly skilled security researchers. No one, including Gradient staff, can access the secure enclave ensuring that the credential issuing process can never be compromised.
SSH users typically meet the criteria for privileged users and can quickly login to critical assets across the organization. This makes credential rotation a critical security capability for any organization leveraging SSH. GCM can rotate credentials in minutes, limiting attacker dwell time to a level well below the minimum required to defeat advanced malware and other fast acting and automated TTPs.
GCM’s ability to bind identities to devices ensures that identities are who they say they are. GCM leverages Trusted Platform Modules (TPMs) and other embedded security hardware to create an unbreakable link between an identity and the device to which they have authenticated. GCM issues ultra-short lived SSH credentials only when identities are anchored to trusted devices.
GCM uses platform configuration registers (PCRs) to ensure that a device is not compromised in some way. PCRs are designed to eliminate spoofing and validate certain conditions at system boot and during specified events on the machine. In the event that a PCR hash value changes in a manner that indicates a device is compromised, GCM will not issue new credentials on that device and any existing credentials tied to that identity and anchored to that device will stop working.