- March 8, 2017
- Posted by: admin
- Category: IT Security
The amount of insider-based attacks on corporate data and the resultant losses to affected businesses is continuing to rise exponentially. The negative effect on the victims makes recovery difficult and the impact long-lasting. In 2016, up to 90% of surveyed security specialists named “human behavior” as the biggest threat to their organizations. The insider threat landscape includes employees and third-party subcontractors accessing corporate infrastructure, users working with critical data, on-site and remote administrators.
Ekran System is an advanced software-based solution for corporate security monitoring that allows to record and analyze every user session on corporate servers, terminals, local PCs, and virtual machines, with support for Windows, Citrix, and Linux platforms. Based on the indexed video record format, Ekran System captures any user action on corporate end-points, from server configuration changes to sensitive data access, giving you all the details necessary to explore and document any incident.
Captured on-screen activity makes analysis easier and saves time, while synchronized log details such as entered commands or application names enable quick search and in-depth investigation. Real-time alerts on target events and rule-based USB device management assist your incident response team with timely threat detection. Various reports improve audit capabilities and allow cross-check.
How it works
Installed on a server or a workstation, Ekran Client records video of all logged in user sessions and accompanying metadata such as application name, entered Linux command, URL address, keystrokes, and connected USB device details. Ekran provides full-functional playback for all session records as well as easy search by metadata – all via a Web-based panel. Real-time alerts with direct links to the corresponding video episode and USB blocking make control even more proactive.
While the term “corporate infrastructure insider” is frequently used for company employees, there is one more category of such users – employees of various third-party organizations providing professional outsourcing services. Such organizations can be:
- IT outsourcing service providers, frequently referred as IT providers
- Remote third-party vendors
- Managed service providers (MSP), and in particular managed security service providers (MSSP)
- Independent auditors and experts
Those people can administer your databases, configure and maintain your servers and critical applications, monitor security perimeters, test system vulnerability, and perform other important tasks to ensure business continuity.
Due to their roles and tasks they have privileged access to critical end-points and are in touch with sensitive information.
Why you need third party monitoring and audit solutions
IT provider monitoring and remote third-party vendor management and audit are essential parts of overall risk management and industry regulatory norms compliance.
Outsourced administration service providers can change critical system configuration, and thus their actions need detailed monitoring. Outsourced security service providers have access to the enterprise security perimeter and, naturally, MSSP monitoring solutions are part of the company’s security strategy. As outsourced staff can access, modify, or even delete sensitive data, third party monitoring is crucial to ensure data security.
Get an efficient and affordable solution
Ekran System meets all company needs by setting up third party monitoring processes.
The solution can be easily deployed on critical end-points since that moment will provide a detailed video log of any outsourced staff session. You can configure Ekran System to record all or just a selected list of user names thus focusing on third-party provider monitoring.
Video format is integrated and easy-to-analyze. Real-time alerts and various general user activity reports make IT provider and remote vendor monitoring even more simple and efficient.
Due to the typically escalated privileges of such insiders, any MSP monitoring software or third-party vendor monitoring service must provide a comprehensive set of privileged user activity control features. Ekran System meets this requirement:
- User sessions with any level of privileges will be recorded
- Advanced client protection mode will prevent any unauthorized administrative attempts to block monitoring process
- There is a second layer of authentication to deal with shared logins like “admin” or “root” frequently used by remote administrators. Enterprise Edition provides even more access control options with one-time passwords
Combining a powerful set of MSP and third party vendor monitoring features, Ekran System offers the most flexible licensing scheme while remaining cost-effective for deployments of any size.
Supporting both MS SQL and free embedded Firebird database, Ekran System meets the needs of big enterprises and SMB segments.