Session management is a comprehensive IT security process to control, monitor and record administrative access to servers, databases and network devices. Properly implemented RBAC controls should include lock down based on day, date, time and location. Monitoring and recording should be fine grained enough to capture keystrokes, text/graphical screen output and mouse movements.
Organizations use session management to improve oversight and accountability over privileged accounts and credentials. Privileged session management refers to the monitoring, recording and control over privileged sessions. IT needs to be able to audit privileged activity for both security and to meet regulations from SOX, HIPAA, ICS CERT, GLBA, PCI DSS, FDCC, FISMA and more. Auditing activities may also include capturing keystrokes and screens (allowing for live view and playback).
While you can manually implement some processes – such as screen recording – integrated privileged session manager solutions allow you to accomplish it seamlessly and at the scale of hundreds or thousands of concurrent sessions. Moreover, some third-party solutions can provide automated workflows giving IT granular control over privileged sessions, such as allowing them to pinpoint an anomalous session, and terminate it, or alternatively pause/lock it until a determination is made that the activity is appropriate.
Discover best practices for privileged password management and privileged session management in this guide: Privileged Password Management Explained.
Martin Cannard,
Martin has been helping organizations solve challenges in the privileged account management and identity and access management space for over 24 years. At Dell Software, Martin managed a team of Solution Architects, focused on designing and implementing solutions in the Privileged Account Management (PAM) space. Prior to joining Dell, Martin was Sr. Product Manager for Novell Privileged User Manager, a privilege management application acquired from Fortefi, an organization where he served as Vice President, Corporate Development. Prior to this, he was Program Manager of Client Technologies at Symantec where he was responsible for many ground-breaking field and channel enablement applications. Additionally, Martin managed the European QA group at Axent Technologies and has held various management positions in consulting, systems development, and operations. Martin is a regular speaker for security events, and webinars.
