Monitor and record privileged sessions for security and audit
Often it is vital to know exactly what has been done to a system from where and by whom. Unusual behaviour or audit purposes are perfect reasons for this.
Osirium PAM's Privileged Session Management (PSM) enables security managers to record, store and playback any activities that take place across their entire hybrid-cloud infrastructures. As a result, Privileged Session Management not only ensures full user access accountability but also acts as a unique deterrent against SysAdmin malpractice. In conclusion, this provides irrefutable evidence of their privileged activities.
All sessions can be recorded. A visual capture allows a video playback of each session along with a thumbnail layout to evaluate sessions at a glance. Because all sessions have to pass through Osirium PAM there is no way to bypass recording. Users never get access to the Privileged Credentials therefore they cannot make a session outside Osirium PAM's control.
Every session with Osirium PAM can be shadowed in real-time. This allows all admin sessions, including 3rd party service providers to be monitored as they happen. Session termination means that any session can be terminated immediately. This happens in Osirium PAM, and since the users have no alternate means of access, terminated stays terminated. If a session is deemed malicious there’s the one touch terminate and disable user button.
In addition to recording a video of a session, all keystrokes are also captured. Therefore, a SuperAdmin can search by all types of meta-information, including fuzzy keystrokes patterns.
Whilst sessions are recorded, a red border appears around the session application window, which provides a clear indication to the user that they are being either recorded or monitored. This reminds the user – and hopefully they take a bit more care with the commands and parameters they enter. When they fail, recordings are available to allow the next line of support to unwind their actions. Good session recordings can be made into mini training videos.
Device access reporting can search by a wide range of criteria. Which include date/time, user, device, access level, protocol and even window titles.
Additionally, as an option, all privileged users can be alerted that their admin sessions are being recorded. Typically, this is the most effective means of deterring privileged abuse.
Privileged session recording can act as an irrefutable change control record within an IT infrastructure, removing any doubt or ambiguity.
Key insight can be gained from session recordings as to why and when a device misconfiguration takes place. Consequently, this allows for the careful examination of changes and provides a quicker return to a stable and working environment.