BalaBit Shell Control BoxNew Concept for Privileged User Monitoring
Agenda
Market challenges
User Monitoring by BalaBit
Conclusion
BalaBit IT Security„The syslog-ng company”
• 2011 revenue: $10.3 M (35% annual growth)
• Number of employees: 120
• Number of customers - global:
– commercial customers: 800
– open source users: 850.000
• 12 years experience in IT Security
• Global partner network, 80+ partners in 30+ countries
• Awarded to Deloitte Technology Fast 500 and Fast 50 Lists (2010)
External Challenges:Security Breaches
External Challenges:Compliance Pressure to Monitor Users
IT Staff
Outsourcing partners
Managers
SSH
RDP, VNC
Citrix
• Firewall,• Network devices,• Databases,• Web/file servers, • Citrix server…
VDI users
HTTP, Telnet
Internal Challenges:Uncontrolled „Superuser” Access
UNLIMITED AND UNCONTROLLED
ACCESS!!!Control
limitations of FWs
Too complex environments
Internal Challenges: „Superuser” Fraud
Source: BalaBit IT professionals survey, 2011
Logging is not enough…
1. Several security events are not logged!2. Logs typically do not show what was done.3. Logs often show only obscure techn. details.
Key questions to answer…
IT Staff
Outsourcing partners
Managers
SSH
RDP, VNC
Citrix
Citrix
RDP, VNC
SSH
• Firewall,• Network devices,• Databases,• Web/file servers, • Citrix server…
Privileged Activity Monitoring by Shell Control Box
VDI users
HTTP, Telnet HTTP, Telnet
Privileged Activity Monitoring by BalaBit Shell Control Box
Shell Control Box (SCB) is an appliance that controls privileged access to remote systems and records the activities into searchable and re-playable movie-like audit trails.
Authentication
Security & compliance benefits:
•Integration with user directories (AD, LDAP, etc.)•Shared account personalization•Strong, central authentication•Password mngmt•Independent auth. of SCB admins and auditors
Access Control
Security & compliance benefits:
•Central access control gateway•Multi-protocol support - SSH, RDP, VNC, Telnet, Citrix, etc.•Sub-channel control (e.g. file transfer)•Access by time policy•4-eyes authorization•Real-time access monitoring
Real-time alerting (& blocking)
Security & compliance benefits:
•Alerts for monitoring tools•Alerts for supervisorsComing in Q4 2012:•Terminates session if risky action•Risky actions are customizable (e.g. failed login, program execution, credit card number…)
Audit & Forensics
Security & compliance benefits:
•Real-time activity monitoring•Tamper-proof, HQ audit trails•Movie-like playback & search•File transfer audit•Independent, transparent audit device
Reporting
Security & compliance benefits:
•Activity reports (e.g. failed logins, admin commands, etc.)•Customizable reports•Advanced statistics•Compliance reports (PCI)(coming in Q4 2012!)
SCB in the Compliance & Security Environment
•Exact name to generic admin users•Password mgnmt
Password Mgmt API:
• integration with 3rd party applications • remote search and management
•Augmented logs•Better sec. investigations•Better Reporting
SIEM / Log Mgmt
•Encrypted traffic analysis
IDS
• Alerts• Central mgmt
Systems Mgmt
Market drivers – Use cases
References
Licensing and Implementation
• Host based licensing• Provided as appliance
or virtual image• Scalable up to 10TB for auditing
„unlimimited” hosts• HA option • Implementation and training:
2-4 days• 7/24 vendor support (option)
ConclusionBenefits for business
Faster ROI• Faster and higher quality audits• Lower troubleshooting and forensics costs• Centralized authentication & access control• Complete solution for user monitoring
Lower risk•Improved regulatory and industry compliance•Better employee/partner control•Improved accountability of staff•Bullet-proof evidence in legal proceedings
Thank You!