Reduce Attack Surface
LLM-based requirements, automated architecture, compliance validation, deployment and cost visibility.
Enlight Nandi secures and governs privileged access across critical systems, preventing unauthorized access, reducing cyber risk, ensuring compliance and protecting against insider and external threats.
(Employee • Vendor • Service Account)
Most organizations don’t lose control because of one major failure. They lose control because of dozens of overlooked privilege gaps hiding across identities, sessions, credentials and governance.
Standing Privileges Dormant Accounts Vendor Access
Unmonitored Sessions Excessive Privileges No Session Recording
Shared Credentials Static Secrets SSH / API Keys
No Approval Workflow Weak Audit Trails Compliance Gaps
Built on Zero Trust principles, Enlight Nandi transforms privileged access into a continuously governed control layer. By securing credentials and monitoring privileged sessions, it ensures every privileged action is verified, visible and accountable
Keep privileged credentials out of human hands.
Encrypted vaulting with automated password rotation and policy-based access controls.
Grant access only when it’s needed.
Just-in-time access, MFA enforcement and least-privilege policies for every session.
Know exactly who did what.
Tamper-proof session recording with searchable logs and forensic-grade audit trails.
Spot threats before they escalate.
UEBA-driven anomaly detection with continuous monitoring and real-time alerts.
Be audit-ready at all times.
Pre-built evidence and reporting aligned with RBI, SEBI, PCI DSS, ISO 27001 and NIST CSF.
Enlight Nandi is engineered with the depth, flexibility and governance required for large-scale privileged access environments
Complete lifecycle coverage
Seamless enterprise integration
Built for resilience
Audit-ready by design
LLM-based requirements, automated architecture, compliance validation, deployment and cost visibility.
Secure passwords, secrets and privileged identities from misuse.
Monitor, record and audit every privileged session
Enable policy-driven, just-in-time privileged access.
Generate audit-ready evidence for regulatory frameworks.
Govern privileged access consistently across hybrid and multi-cloud environments.
Enlight Nandi is ESDS’s enterprise-grade Privileged Access Management platform, developed in India for deployment within an organisation’s own infrastructure. While many PAM solutions are designed to address enterprise requirements across multiple markets, Enlight Nandi is built with the needs of Indian enterprises in mind, including governance, auditability and regulatory frameworks such as the RBI IT Framework, SEBI CSCRF and the DPDP Act. It enables organisations to retain control over privileged credentials, session records and audit logs within their chosen deployment environment.
Enlight Nandi is designed to support organisations in meeting regulatory and compliance requirements through built-in governance, audit and reporting capabilities. Access approval workflows, session recordings, credential rotation logs and risk reports provide evidence to support audit and incident reporting processes. The platform includes dashboards aligned with frameworks such as the RBI IT Framework, PCI-DSS v4.0, SEBI CSCRF, ISO 27001:2022 and NIST CSF, with exportable reports in HTML and PDF formats. While Enlight Nandi facilitates compliance readiness and audit preparation, compliance, certification and regulatory adherence remain the responsibility of the organisation and the applicable assessing or certifying authorities.
Enlight Nandi applies multiple layers of control to help reduce the risk of unauthorised or inappropriate privileged activity. First, privileged access is governed through access requests, approvals, MFA and time-bound policies, with sessions ending when authorised access expires. Second, command control policies enable administrators to define permitted and restricted commands for specific systems, with policy violations generating alerts and configurable response actions. Third, built-in User and Entity Behaviour Analytics (UEBA) continuously analyses user activity to identify anomalies such as unusual access times, unfamiliar targets, large data transfers or concurrent sessions from multiple locations. Based on defined risk thresholds, organisations can trigger additional verification, alerts or administrative intervention, including session termination where configured.
Session recordings and audit data are stored within the organisation’s designated deployment environment, in accordance with the selected deployment architecture. SSH sessions can be captured as indexed, replayable asciicast files, RDP sessions as screen recordings and database activity as query logs. To support integrity verification, a SHA-256 hash is generated for each recording at the end of a session and retained for validation. Any subsequent modification can be identified through hash verification. The platform also incorporates controls to help protect audit records from unauthorised modification or deletion, supporting evidentiary integrity during security investigations and audits.
Enlight Nandi is designed to integrate with existing enterprise identity, security and IT service management environments through standard protocols and APIs. It supports Active Directory integration via LDAPS for user synchronisation and Single Sign-On using OIDC and SAML 2.0. Privileged access events can be forwarded to SIEM platforms for monitoring and reporting, while integration with ServiceNow enables access request and change management workflows. The platform also supports SMTP-based notifications for approvals, alerts and operational communications, allowing organisations to integrate Enlight Nandi with their existing security and IT operations processes.
Enlight Nandi supports multiple deployment models, including on-premise, private cloud and a managed PAM-as-a-Service offering from ESDS. The platform is designed on a three-tier architecture comprising application, session gateway and database components, with documented infrastructure requirements for deployment on supported environments such as Ubuntu 22.04. Licensing and deployment are structured to provide flexibility based on organisational requirements, with managed service options available for customers who prefer ESDS to operate and maintain the platform. Total cost of ownership will vary depending on deployment model, infrastructure and operational requirements.
ESDS has over 20+ years of experience in managing critical IT infrastructure for organisations across BFSI, Government & PSUs and enterprises in India. Enlight Nandi builds on this operational experience to deliver an enterprise-grade Privileged Access Management platform. The current General Availability (v1.0) release includes 29 functional modules, 292 API endpoints, 55 user interface screens, 118 database tables and support for privileged sessions across SSH, RDP, relational databases and network devices. The platform has been designed for deployment in enterprise environments with a focus on governance, security and operational reliability.