The Windows world is about to get a long overdue lesson from Unix. Privilege Identity Management does not stop at just logging that an application gets launched with elevated privileges; administrators need to know what the user does with that application, as well.
Did they use the program within the guidelines of company policy or use it for some intentional or unintentional malicious activity? PowerBroker for Windows has expanded its capabilities to capture processes, mouse clicks, keystrokes, and screen captures for elevated applications based on Rules. And, to make it simpler, any rules including the ones you have deployed within your organization can be enabled for Session Monitoring.
After a session is captured, the data is compressed, encrypted, and securely transferred via policy to the Retina CS Threat Management Console. This data can be viewed, searched, and filtered to see exactly how privileged activity is used within your environment. Below is a sample from Retina CS 4.5 of what this looks like to an authorized administrator trying to change VMware workstation adapter settings.
The Unix world has known for a long time that recording these activities is critical for application security. PowerBroker for Unix & Linux does this natively and now with Retina CS 4.5 allows this data to be presented alongside its Windows counterparts in a single threat management console. Regardless of platform, session and keystroke monitoring can be presented in one system. And, with the rest of BeyondTrust’s capabilities, full Privilege Identity and Vulnerability Management solutions are available as optional add-on modules.
BeyondTrust is redefining traditional security and helping companies understand the risk to users and assets. PowerBroker for Windows 6.0 allows Session Monitoring of user activity to identity the risk to applications running with elevated privileges. The art of measuring your information technology risk by user and application just got easier with BeyondTrust's PowerBroker for Windows.
Morey J. Haber, Chief Security Officer, BeyondTrust
Morey J. Haber is the Chief Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored three books: Privileged Attack Vectors, Asset Attack Vectors, and Identity Attack Vectors. He is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud based solutions and regularly consults for global periodicals and media. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition where he served as a Product Owner and Solutions Engineer since 2004. Prior to eEye, he was Beta Development Manager for Computer Associates, Inc. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.