Enterprise-Grade Privileged Access Management Platform

Enlight Nandi secures and governs privileged access across critical systems, preventing unauthorized access, reducing cyber risk, ensuring compliance and protecting against insider and external threats.

Every Trusted Identity Can Become An Attack Path

Employees, vendors, service accounts, applications and administrators all need privileged access to keep the business running. Without governance, each becomes another opportunity for attackers to move unnoticed.

Employee

Employee

Vendor

Vendor

Service-Account

Service Account

Application

Application

Administrator

Administrator

One Privileged Session Is All It Takes

Most attacks don’t happen in a single step.
They escalate through unmanaged privilege until complete control is achieved.

Identity

Identity

(Employee • Vendor • Service Account)

Privilege Granted

Privilege Granted

Privileged Session

Privileged Session

Unmonitored Activity

Unmonitored Activity

Security Incident

Security Incident

The Gaps Nobody Talks About, Until the Breach

Most organizations don’t lose control because of one major failure. They lose control because of dozens of overlooked privilege gaps hiding across identities, sessions, credentials and governance.

01
Who has access?

Standing Privileges Dormant Accounts Vendor Access

02
What happens after login?

Unmonitored Sessions Excessive Privileges No Session Recording

03
How is access protected?

Shared Credentials Static Secrets SSH / API Keys

04
Can you prove control?

No Approval Workflow Weak Audit Trails Compliance Gaps

Enlight-Nandi

Zero Trust. Full Audit. Made In India

Built on Zero Trust principles, Enlight Nandi transforms privileged access into a continuously governed control layer. By securing credentials and monitoring privileged sessions, it ensures every privileged action is verified, visible and accountable

Five Security Pillars, Immutable Control

Credential Vault & Auto-Rotation

Keep privileged credentials out of human hands.
Encrypted vaulting with automated password rotation and policy-based access controls.

  • Password Vault
  • Automatic Password Rotation
  • Dynamic Credentials
  • Service Account Management
  • SSH Key Management

Zero-Trust Session Manager

Grant access only when it’s needed.
Just-in-time access, MFA enforcement and least-privilege policies for every session.

  • Just-in-Time Access
  • Approval Workflows
  • Mobile Approvals
  • Break Glass Access
  • SSH Certificate Authority
  • Endpoint Privilege Management
  • Command Policies
  • Cloud PAM
  • Kubernetes PAM
  • Vendor Access Management

Session Recording & Full Audit Trail

Know exactly who did what.
Tamper-proof session recording with searchable logs and forensic-grade audit trails.

  • Session Management
  • Session Recording
  • Live Session Shadowing
  • Forced Termination
  • Immutable Audit Trails
  • Privileged Account Discovery

Behavioural Analytics & Real-Time Threat Detection

Spot threats before they escalate.
UEBA-driven anomaly detection with continuous monitoring and real-time alerts.

  • User & Entity Behaviour Analytics
  • Unified Security Dashboard
  • Access Certification

Compliance Reporting

Be audit-ready at all times.
Pre-built evidence and reporting aligned with RBI, SEBI, PCI DSS, ISO 27001 and NIST CSF.

  • Compliance Reporting
  • SIEM Integration
  • ITSM Integration
  • PAM-DAM Correlation

Enterprise Readiness by Design

Enlight Nandi is engineered with the depth, flexibility and governance required for large-scale privileged access environments

29

Enterprise Modules

Complete lifecycle coverage

292

Ready APIs

Seamless enterprise integration

118

Core Components

Built for resilience

7

Compliance Standards

Audit-ready by design

The Outcomes That Matter Most

Enlight Nandi doesn’t just secure privileged access. It reduces operational risk, strengthens governance, simplifies compliance and gives security teams complete visibility over every privileged identity, credential and session.

Reduce-Attack-Surface

Reduce Attack Surface

LLM-based requirements, automated architecture, compliance validation, deployment and cost visibility.

Protect-Critical-Credentials

Protect Critical Credentials

Secure passwords, secrets and privileged identities from misuse.

Gain-Complete-Visibility

Gain Complete Visibility

Monitor, record and audit every privileged session

Accelerate-Secure-Access

Accelerate Secure Access

Enable policy-driven, just-in-time privileged access.

Simplify-Compliance.png

Simplify Compliance

Generate audit-ready evidence for regulatory frameworks.

Scale-with-Confidence.png

Scale with Confidence

Govern privileged access consistently across hybrid and multi-cloud environments.

FAQs

01

What exactly is Enlight Nandi and why did ESDS build it?

Enlight Nandi is ESDS’s enterprise-grade Privileged Access Management platform, developed in India for deployment within an organisation’s own infrastructure. While many PAM solutions are designed to address enterprise requirements across multiple markets, Enlight Nandi is built with the needs of Indian enterprises in mind, including governance, auditability and regulatory frameworks such as the RBI IT Framework, SEBI CSCRF and the DPDP Act. It enables organisations to retain control over privileged credentials, session records and audit logs within their chosen deployment environment.

02

Can Enlight Nandi actually demonstrate RBI, SEBI and PCI-DSS compliance?

Enlight Nandi is designed to support organisations in meeting regulatory and compliance requirements through built-in governance, audit and reporting capabilities. Access approval workflows, session recordings, credential rotation logs and risk reports provide evidence to support audit and incident reporting processes. The platform includes dashboards aligned with frameworks such as the RBI IT Framework, PCI-DSS v4.0, SEBI CSCRF, ISO 27001:2022 and NIST CSF, with exportable reports in HTML and PDF formats. While Enlight Nandi facilitates compliance readiness and audit preparation, compliance, certification and regulatory adherence remain the responsibility of the organisation and the applicable assessing or certifying authorities.

03

What stops a privileged user or a rogue admin from doing damage inside a session?

Enlight Nandi applies multiple layers of control to help reduce the risk of unauthorised or inappropriate privileged activity. First, privileged access is governed through access requests, approvals, MFA and time-bound policies, with sessions ending when authorised access expires. Second, command control policies enable administrators to define permitted and restricted commands for specific systems, with policy violations generating alerts and configurable response actions. Third, built-in User and Entity Behaviour Analytics (UEBA) continuously analyses user activity to identify anomalies such as unusual access times, unfamiliar targets, large data transfers or concurrent sessions from multiple locations. Based on defined risk thresholds, organisations can trigger additional verification, alerts or administrative intervention, including session termination where configured.

04

Where do the session recordings go and how do we know they have not been tampered with?

Session recordings and audit data are stored within the organisation’s designated deployment environment, in accordance with the selected deployment architecture. SSH sessions can be captured as indexed, replayable asciicast files, RDP sessions as screen recordings and database activity as query logs. To support integrity verification, a SHA-256 hash is generated for each recording at the end of a session and retained for validation. Any subsequent modification can be identified through hash verification. The platform also incorporates controls to help protect audit records from unauthorised modification or deletion, supporting evidentiary integrity during security investigations and audits.

05

How does this integrate with our existing Active Directory, SIEM and ticketing systems?

Enlight Nandi is designed to integrate with existing enterprise identity, security and IT service management environments through standard protocols and APIs. It supports Active Directory integration via LDAPS for user synchronisation and Single Sign-On using OIDC and SAML 2.0. Privileged access events can be forwarded to SIEM platforms for monitoring and reporting, while integration with ServiceNow enables access request and change management workflows. The platform also supports SMTP-based notifications for approvals, alerts and operational communications, allowing organisations to integrate Enlight Nandi with their existing security and IT operations processes.

06

What is the deployment model and what does it cost to run at scale?

Enlight Nandi supports multiple deployment models, including on-premise, private cloud and a managed PAM-as-a-Service offering from ESDS. The platform is designed on a three-tier architecture comprising application, session gateway and database components, with documented infrastructure requirements for deployment on supported environments such as Ubuntu 22.04. Licensing and deployment are structured to provide flexibility based on organisational requirements, with managed service options available for customers who prefer ESDS to operate and maintain the platform. Total cost of ownership will vary depending on deployment model, infrastructure and operational requirements.

07

ESDS is known for data centres, why should we trust you on a cybersecurity product?

ESDS has over 20+ years of experience in managing critical IT infrastructure for organisations across BFSI, Government & PSUs and enterprises in India. Enlight Nandi builds on this operational experience to deliver an enterprise-grade Privileged Access Management platform. The current General Availability (v1.0) release includes 29 functional modules, 292 API endpoints, 55 user interface screens, 118 database tables and support for privileged sessions across SSH, RDP, relational databases and network devices. The platform has been designed for deployment in enterprise environments with a focus on governance, security and operational reliability.

Secure the Access That Secures Everything Else

📄 How Sovereign Is Your Cloud? Get Your Sovereign Assessment Report