Establishing visibility and control over remote sessions to critical systems
Despite enforcing fine-grained controls for remote access requests, it is a best practice approach to constantly monitor privileged sessions for suspicious activities. For instance, a third-party vendor accessing a critical asset with temporary administrative privileges should satisfy multiple criteria before his access gets approved. But once into the device, he is free to perform any activity with administrative access. In this case, the access is legitimate yet there is scope for misuse of privileges and hence the entire session needs to be monitored. Furthermore, it would be helpful for IT administrators to have the session recorded for forensic audits.
Monitor privileged sessions in real-time, record sessions, and play back on demand
Securden allows IT administrators monitor remote privileged sessions in real time, record and play back on demand as and when required. To set up session recording in Securden Unified PAM,
-
Configure a remote gateway to route all remote operations originating from Securden to target privileged assets via a dedicated, hardened server
-
Turn on session recording either at the account level or at the folder level
-
Choose the type of sessions to be recorded – RDP, SSH, SQL, or Telnet
-
Specify the path of a location in your device, network, or a shared drive where you want to store the video recordings. Ensure that Securden has access to that location.
Playback recorded privileged sessions on demand
When a suspicious activity is detected, IT administrators can rely on the recorded privileged sessions to find the extent of damage caused and can take immediate remedial action. These recordings also come in handy during forensic audits.
However, it can be daunting for IT administrators to go through hours and hours of recordings during forensic analysis. For this purpose, Securden provides options to filter and trace specific operations using text commands and keystrokes.
Since these video recordings take up a large file space, it might be necessary to delete recordings that are no longer required. In certain cases, recordings need to be deleted to delete personally identifiable information (PII) trail to comply with GDPR regulations. Securden allows you to delete sessions periodically using the ‘purge’ option. Specify a time interval and all the sessions recorded during that time window is automatically deleted.
Monitor remote privileged sessions in real-time and terminate sessions if fraudulent activity is suspected
Sometimes, administrators need to shadow sessions in progress to assist with operations. In other scenarios, visibility over active sessions is required to detect suspicious activities in real-time and cut down access by immediately terminating the session. Securden provides administrator users with visibility over sessions in progress and the controls to terminate sessions if any fraudulent activity is suspected. You also have provisions to record sessions launched outside Securden (for Windows machines) by installing a simple utility software on required endpoints.