Business Solutions
Monitoring & Recording Privileged Activity
Challenge
Privileged access to enterprise resources raises many challenges, including control over “who” is entitled to access sensitive devices; “who” within and outside an organization can initiate privileged sessions, as well as “what” is being done during those sessions. Organizations must have the capability to audit all activities performed during these privileged sessions as well as protecting and managing the gathered audit information.
Solution
Cyber-Ark’s Privileged Session Manager™, part of Cyber-Ark’s Privileged Identity Management Suite, enables organizations to secure, control and monitor privileged access to network devices through:
- Recording and Monitoring Privileged Session Activities: Privileged Session Manager can record any activities that occur in the privileged session in a compact format and provide VCR-like playback. Recordings are stored and protected in the Digital Vault Server® and are accessible to entitled auditors.
- Secure Remote Access: Privileged Session Manager allows browser-based access to managed devices. This functionality is critical as privileged access is often required by external third party vendors who may need to conduct trouble shooting or device maintenance on a secure network. These users require extra care that is made possible through secure remote access and secure session initiation, without exposing credentials.
- Privileged Single Sign-On: To date, single sign-on solutions have not addressed the security vulnerabilities of privileged accounts. A single login to the Privileged Identity Management portal with optional 2-factor authentication allows connections to managed devices without knowing the connection passwords. This enables customers to enforce 2-factor authentication for sensitive device access without the need to deploy a complex single sign-on solution.
Benefits
Privileged Session Manager includes Cyber-Ark’s Patented Digital Vault Technology® with built-in and tamper proof storage for session recordings as well as other critical information related to sensitive network resources, such as identity lists, procedures and network diagrams. All of this is provided as a transparent solution that requires minimal user behavior changes, and no changes to the network architecture or existing IT infrastructure thus providing easier use and implementation. Additional benefits include:
- Secure Remote Access: Privileged Session Manager allows browser-based access to managed devices. The network traffic is sent over the HTTPS protocol which enables remote and cross-network access without the need to open the corporate firewall to native protocols such as SSH and RDP.
- Distributed, Highly Scalable Architecture: Cyber-Ark’s distributed architecture can locate multiple Privileged Session Manager servers on different network segments in a single product instance with centralized audit, access control and user management.
- Web Interface for Users and Auditors: Privileged Session Manager offers a flexible access control mechanism to create personalized views of managed devices. Auditors have comprehensive recordings retrieval and a reporting web application. A unique Dashboard presents important usage and audit statistics and an overview of the activity in the system.
