Privileged user monitoring

SHELL CONTROL BOX

Shell Control Box is a user monitoring appliance that controls privileged access to remote IT systems, records activities in searchable, movie-like audit trails, and prevents malicious actions. SCB is a quickly deployable enterprise device, completely independent from clients and servers – integrating seamlessly into existing networks. SCB is a core component of the Contextual Security Intelligence Suite. It captures the activity data necessary for user profiling and enables full user session drill down for forensic investigation in CSI.User.

CENTRAL POLICY ENFORCEMENT

SCB acts as a centralized authentication and access-control point in your IT environment which improves security and reduces user administration costs. The granular access management helps you to control who can access what and when on your servers.

ADVANCED PROTECTION OF SENSITIVE DATA

SCB perfectly isolates your sensitive systems from unknown intruders or from non-authorized users. In addition, it tracks all authorized access to sensitive data and provides with actionable information in the case of human errors or unusual behavior.

privileged-activity-monitoring-409x460

PREVENTION OF MALICIOUS ACTIVITIES

SCB monitors privileged user sessions in real-time and detects anomalies as they occur. In case of detecting a suspicious user activity (for example entering a destuctive command, such as the “delete”), SCB can send you an alert or immediately terminate the connection.

TIGHTER EMPLOYEE & PARTNER CONTROL

SCB audits “who did what”, for example on your database or SAP servers. Aware of this, your employees will do their work with a greater sense of responsibility leading to a reduction in human errors. By having an easily interpreted, tamper-proof record, finger-pointing issues can be eliminated.

FASTER, COST-EFFECTIVE SUPERVISORY AUDITS

SCB makes all user activity traceable by recording them in high quality, tamper-proof and easily searchable audit trails. The movie-like audit trails ensure that all the necessary information is accessible for ad-hoc analyses or custom activity reports.

LOWER TROUBLESHOOTING & FORENSICS COSTS

When something wrong happens, everybody wants to know the real story. Analyzing thousands of text-based logs can be a nightmare and may require the participation of external experts. The ability to easily reconstruct user sessions allows you to shorten investigation time and avoid unexpected cost.

privileged-access-management-477x440

PRODUCT FEATURES AND BENEFITS

GRANULAR ACCESS CONTROL

SCB acts as an application level proxy gateway. The transferred connections and traffic are inspected on the application level (Layer 7 in the OSI model), rejecting all traffic violating the protocol – an effective shield against attacks. This high-level understanding of the traffic gives control over the various features of the protocols, like authentication and encryption methods used in SSH connections, or channels permitted in RDP traffic.

  • Support for SSH, RDP, HTTP(s), Citrix ICA, Telnet, TN3270/TN5250, VNC, X11 and VMware View protocols
  • Control protocol specific channels, such as terminal sessions, disk-mapping or file sharing
  • Audit SCP, SFTP and HTTP(s) based file transfers
  • Detailed access control based on time and user group policies

remote-access-control-477x243

STRONG AUTHENTICATION AND AUTHORIZATION

SCB can enforce the use of two-factor authentication methods and also verify the public key of the users. SCB has a built-in capability to verify the SSH host keys and certificates identifying the servers, preventing man-in-the-middle attacks and other threats. This authentication is completely independent from the authentication that the user performs on the remote server. To avoid accidental misconfiguration and other human errors, SCB supports the 4-eyes authorization principle as well.

  • Gateway authentication
  • Integration with authentication databases (for example, Microsoft AD, LDAP or RADIUS) and multifactor authentication backends
  • User-mapping policies – describe who can use a shared user (e.g. “root”) to access the remote server
  • Password vaulting – use the built-in Credential Store, or integrate with a third-party password management system
  • Server-side auto-login with SCB impersonating the authenticated user on the server
  • “4 eyes” authorization – the authorizer can allow, track, and even terminate the administrator’s access to the server

4-eyes-authorization-narrow-465x246

HIGH QUALITY AUDIT & FORENSICS

SCB operates transparently and extracts information directly from the communication of the client and the server, providing reliable, easy-to-access metadata and content. SCB records all sessions into searchable audit trails, making it easy to find relevant information in forensics or troubleshooting situations. Audit trails can be browsed online, or followed real-time to monitor the activities of the privileged users. The web-based Audit Player application replays the recorded sessions just like a movie – all actions of the administrators can be seen exactly as they appeared on their monitors. The Audit Player enables fast forwarding during replays, searching for events (for example, mouse clicks, pressing Enter) and text seen by the user.

  • Complete documentation about ALL remote system accesses
  • Tamper-proof (encrypted, signed and time-stamped) audit trails
  • Movie-like playback of recorded sessions
  • Fast, free-text search in sessions
  • Custom activity and compliance reports

REAL-TIME ALERTING AND BLOCKING

SCB can monitor traffic in real time, and execute various actions if a certain, predefined pattern appears in the command line or on the screen. In the case of detecting a suspicious user action (e.g. a destructive command or an unwanted windows application), SCB can perform the following measures:

  • Send an e-mail or SNMP alerts about the event
  • Immediately terminate the connection
  • Log the event in the system logs
  • Store the event in the connection database of SCB

EASY-TO-USE GUI

SCB is configured from a clean, intuitive web interface. The roles of each SCB administrator can be clearly defined using a set of privileges – management of SCB as a host, management of connections to servers, viewing audit trails and reports, and so on.

  • Granular access control to SCB GUI
  • User-friendly, web-based search interface



Related Articles

DT Asia 企業IT安全解決方案概述

*****OneIdentity Syslog-Store Box – 集中日誌收集和管理解決方案 syslog-ng Store Box™(SSB)是一種高性能,高可靠性的日誌管理設備,它建立基於syslog-ng Premium Edition的優勢。使用SSB,您可以搜索日誌,透過細粒度資料存取策略保護敏感信息,提供報表以證明合規性並將日誌數據轉發到第三方分析工具。通過利用syslog-ng日誌處理和過濾功能,您可以通過減少數量並提高SIEM數據的質量來提高SIEM解決方案的性能。 syslog-ng Store Box™(SSB)主要特點: – 收集和索引 – 搜索和報告 – 存儲和轉發 – 保障日誌數據安全   ***** Fidelis網絡安全:威脅檢測和反應解決方案 ( Not for China Market ) Fidelis Network: 識別威脅和數據泄漏需要對所有形式的內容進行深入檢查和分析,包括解壓縮和提取深層嵌入的文件。 Fidelis Network可以雙向掃描所有網絡流量,無論任何端口或協議,都可以顯示網絡和應用程序協議,文件和內容。 通過進行實時網絡分析並識別indicate compromises的行為,Fidelis Network為主動發現攻擊者,可疑主機和惡意軟件提供自動檢測。 包括可以放置在整個網絡中的多個傳感器,以實施預防策略。這些傳感器可以根據您的網絡配置和預防容差放置在線或帶外。 Fidelis Network利用我們業界最佳的內容解碼和檢測引擎檢測並防止數據被盜。充分了解滲透嘗試並確保您的敏感數據安全。 Fidelis Endpoint: Fidelis Endpoint提供對所有端點活動的可見性,包括進程操作,登錄用戶,註冊表寫入,文件系統活動和內存。通過應用Fidelis了解威脅情報,自定義警報規則,YARA和OpenIOC格式來分析,警報和收集系統事件,從而檢測威脅。無論端點是在網絡上還是離線,Fidelis的可見性始終處於開啟狀態。 通過執行系統附帶的任務或為您的環境自定義的任務,自動響應任何檢測。響應任務包括端點隔離,創建和使用還原點,進程終止和文件刪除。您還可以快速啟動調查,包括內存分析,漏洞掃描和系統清單。通過與Fidelis Elevate整合,對網絡中檢測到的威脅執行響應操作。 Fidelis Endpoint可以通過Fidelis AV進行增強,因此您可以準確了解威脅的來源。 Fidelis AV提供傳統的簽證和基於啟發式的檢測以及端點上的威脅防護。進程掃描允許用戶通過雜湊或使用易於創建的YARA規則來阻止進程的執行。 Deception: 對所有網絡資產,通信路徑和網絡活動進行分類,以分析您的用戶,服務和資產。結果是包含所有資產的網絡配置文件,包括服務器,工作站,企業物聯網設備和影子-IT。隨著環境中發生的變化,配置文件會不斷調整。 從自動發現環境,利用準確的信息自動生成欺騙層的誘餌。誘餌具有與環境匹配的配置文件,服務和活動,以及用於放置在附近真實資產上的推薦面包屑,以作為誘餌的誘餌。配置選項可用於自定義欺騙層。 […]

Secured file transfer solution

GoAnywhere MFT™ is a managed file transfer solution which automates and secures file transfers using a centralized enterprise-level approach. Incorporating GoAnywhere MFT will save you time and money, improve security and help your organization to meet compliance requirements. Protecting sensitive data is of paramount importance in today’s environment. GoAnywhere MFT will provide a safe and audited method […]

Syslog Management Solution

SYSLOG-NG STORE BOX The syslog-ng Store Box™ (SSB) is a high-performance, high-reliability log management appliance that builds on the strengths of syslog-ng Premium Edition. With SSB, you can search logs, secure sensitive information with granular access policies, generate reports to demonstrate compliance, and forward log data to 3rd party analysis tools. COLLECT AND INDEX LOG […]

Advanced Threat Defense

General Dynamics Fidelis Cyber security Solutions provides organizations with a robust, comprehensive portfolio of products, services, and expertise to combat today’s sophisticated advanced threats and prevent data breaches. Our commercial enterprise and government customers around the globe can face advanced threats with confidence with our Network Defense and Forensics Services, delivered by an elite team […]