Privileged User Monitoring

 

Privileged users, frequently they are system administrators or DBAs, are an essential part of any computer infrastructure configuring and supporting IT and business systems. Accounts with escalated privileges have access to the system configuration, user management and permission management; usually they have extended access to the critical applications, sensitive systems and data.

 

Compromised privileged accounts are named among the main security breaches of 2015. Other typical security threats and risk activities associated with privileged users are:

 

  • Internal fraud,
  • Backdoor account creation, software backdoor installation,
  • Critical infrastructure and software configuration changes,
  • Unauthorized privilege escalation or user password changes,
  • Malware installation, installation of software from untrusted vendors,
  • Sensitive data leakage.

 

Comprehensive privileged user monitoring and audit is an essential part of any corporate security best practice and overall privileged user management system. Monitoring and controlling of privileged user access and activity are required by various industry regulations.

 

Affordable privileged user monitoring with Ekran System

 

Ekran System is a universal solution to cover your privileged activity monitoring needs.

 

This tool performs any privileged session video recording on your Windows, Citrix, and Linux servers, and provides you DVR-like playback of all user actions within intuitive Web-based interface with multiple search tools. You can find and replay a key episode of working with a particular application, document, URL, sudo command (for Unix/Linux servers), or even typed keyword.

 

Real-time alerts of suspicious activity and various easy-to-use reports make your privileged account management and control efficient and simple. The forensic export feature for the selected user sessions gives you bulletproof evidences for the further incident response.

 

One of Ekran System benefits is monitoring, alerting, and blocking of connected USB devices. This is an important advanced functionality to guarantee account security as a plugged-in USB device may contain self-starting malware solutions, which do not require any user action to start intrusion.

 

Affordable and flexible subscription model of Ekran System is built only on the number of monitored end-points (without per-user fee or management console licenses) thus enabling cost-efficient deployments of any size.

 

Unambiguously assign privileged activity to a particular user

 

The typical problem of privileged user access management is shared “depersonalized” administrator accounts.

 

Many IT systems have generic privileged user credentials like “admin” or “root” usually shared between several administrators. It makes hard to assign a specific set of actions to a particular person, who has access to the shared credentials, and thus complicates identity management.

 

To make such administrative accounts monitoring more transparent, Ekran System provides the second layer of authorization for shared privileged logins. After you enable this option, users logging in with a generic privileged login will have to additionally provide their personal account credentials. Thus, any privileged user activity recording is unambiguously assign to a specific person and privileged user tracking is more precise.

 

Monitoring Only Privileged Users

 

While Ekran System allows you to monitor users with any level of privilege. As monitoring regular users may be unnecessary for your security tasks, using advanced monitoring policy rules, you can configure Ekran System Clients so that they monitor only users logging in under privileged accounts.