There’s a series of TV commercials that advertise home security systems – they highlight how pointless it is to invest in something that only monitors, but can’t help you do anything to protect your home. When it comes to privileged session monitoring I bet IT teams can relate. Monitoring sessions to check for suspicious activity is a valuable feature, but what can you do when you see something suspicious and need to take action?
Many session management solutions allow you to terminate a live session if you see something suspicious. But the problem is that termination is destructive. While an RDP session may sometimes be reconnected, an SSH session is killed — and so are any processes or scripts that were running.
So, if watching isn’t enough, but killing everything is – overkill – what’s an IT pro to do?
BeyondTrust PowerBroker Password Safe has the unique capability to safely LOCK an administrator out without destruction– in fact it is currently the only product on the market with this capability. It does this by preventing the admin from interacting with their active session. A customizable message can be displayed to the admin, informing them that the session is locked – you might even add text to suggest the user calls a number for assistance. In this manner, there is no risk to blocking suspicious activity.
If the activity is deemed to be correct, the security manager simply selects an unlock option to allow the user to resume their session. Of course, there is also the option to terminate the active session, as well as terminate any active session the user may have started.
PowerBroker Password Safe provides secure session management, with the ability to proxy access to RDP, SSH and Windows, Unix & Linux Applications. Dynamic assignment of just-in-time privileges, via Adaptive Workflow Control, allow organizations to lock down access to resources based upon the day, date, time, and location. By limiting the scope to specific runtime parameters, it narrows down the window of opportunity where someone might be exploiting misappropriated credentials.
With PowerBroker Password Safe, administrators can:
- Request RDP/SSH access to authorized systems only
- Start sessions instantly, or via workflow
- View any active privileged session, and if required, pause or terminate the session
- Use keystroke indexing and full text search to pinpoint data, and then log an acknowledgement of the review for audit purposes
- Blacklist and alert when SSH commands are invoked, even on network devices such as routers and firewalls
- Avoid Java – Password Safe is a client-less solution with no agents required on the server
- Fully integrate with native tools (MSTSC, PuTTY, MobaXterm etc.)
- Gain full video recording with 100% accountability
- Realize greater flexibility – deploy as a hardened appliance, virtual appliance, as software or in the cloud via Amazon AWS, Microsoft Azure, or Google Cloud
