ekran system forensic monitoring tool -businesstovirtual italy partner
TRANSCRIPT
Contents• About the program
• Ekran Server & Management Tool
• Database Management
• Licensing
• Client Installation
• Monitoring Parameters
• Client Protection
• Notifying Users about Being Monitored
• Viewing Sessions
• Alerts & USB
• Dashboards
• Reports
2
Ekran System
Smart user activity videorecording system
4
Privileged Identity Management
• Ekran Systems allows to create indexed video records of all concurrent Windows, Citrix and Linux terminal sessions on your servers and also record remote and local sessions on workstations.
Employee Work Control
• Are you interested in your company's security?
• Do you want to know what your employees do during their working hours?
• Do you want to control sensitive information use?
Cost Saver on the Market
• Ekran System provides all popular segment features while offering much more beneficial pricing than ObserveIT or Citrix Smart Auditor.
Ekran System
5
Ekran System is an affordable user monitoring solution for enhanced cyber security.
You can record all terminal, remote, and local user sessions and alert security personnel to suspicious events.
Ekran System components
Ekran Management Tool
GUI part used for system management
& session viewing
Ekran Server
Main component used for storing data obtained from Client
computers
Ekran Clients
Windows/Linux/Citrix
Components installed on the target computer to
monitor user activity and send it to the Server
User & User Group Management
• Create two types of users: Internal or Active Directory (Windows domain users)
• Use groups for easier user management
• Define permissions for users
9
User & User Group Permissions
10
Customizable permissions allow you to define user access to
• selected Clients/Client Groups (Client permissions) • whole system (Administrative permissions)
Management Tool Log
11
Audit all user activities performed in the Management Tool via the Management Tool Log with the detailed information on all changes.
LicensingEkran System is licensed by the number of Ekran Clients, end-points to be monitored. All management components, including Server and Management Tool, are provided for free with any deployment.
16
Types of Ekran Client licenses:
Windows workstation license
Windows server license
Linux machine license
Serial Key & License Management
To use Ekran System permanently, license it by activating the serial keys on the computer with the installed Ekran Server.
17
Request a trial serial key for 30 days to deploy the system and review its basic features with a restriction of 5 workstation licenses, 1 server license, and 3 Linux licenses.
Installing Ekran Clients
19
Convenient Ekran Client installation:
• Local:
• Linux Clients (via tar.gz file)
• Windows Clients
• using installation file with default parameters
• using generated package with customized parameters
• Remote (for Windows Clients)
Remote installation
Select computers to install Clients on
Customize installation parameters
The Clients are successfully installed!
Target Computers for Remote Installation
20
• Scan your local computer network
• Define a range of IP addresses to search the target computers
• Simply enter target computer names
Client Monitoring
22
The data the Client sends is stored in the form of deltas (differences between a newer
screen capture and an older one) to minimize storage space
Recorded information is saved in easy-to-review and easy-to-search form:
The name of the launched application
The title of the active window
Entered URL
Text entered via user’s keyboard (keystrokes)
Commands executed in Linux (both from user input & by running the scripts)
The information on plugged-in USB devices
URL Monitoring
24
Ekran Client monitors URLs entered in web-browsers.You can configure the Client to monitor full URLs or domains of top and second level only.
Keystroke Logging
25
Ekran Client captures all text entered from the user’s keyboard and adjusts it for better comprehension.
Application Filtering
27
Ekran System allows you to define the filtering rules for websites/applications to adjust the amount of monitored data and exclude the areas where personal information can be observed to comply with corporate policy rules and country regulations related to user privacy.
Privileged User Monitoring
28
Monitor the activity of users logging in under privileged user accounts.
Protected Mode
30
Ekran System allows you to protect the Client and its data by enabling the Protected Mode.
The usage of Protected Mode has the following advantages:
• Prevention of Client uninstallation.
• Prevention of stopping Client processes.
• Prevention of editing Client system files and logs.
• Prevention of editing Client settings in the registry of the Client computer.
• Prevention of modification, removal, and renaming of Client files.
Local Client Uninstallation
31
Users, including privileged ones, are not able to stop Client working on their machines, as well as
remove Client locally without the Administrator assistance.
Only Ekran System Administrator knows the uninstallation key defined prior to Client installation and
necessary for local removal.
Advanced User Authentication
33
Advanced user authentication allows you to achieve two goals: • Monitor users’ activity on the computer when multiple users use the same credentials to log in.• Improve your security by limiting the access to the specific users who know secondary
authentication credentials.
Advanced User Authentication
34
The Ekran System Client requests entering credentials before allowing a user to work with Windows Server.
Notifying User about Being Monitored
35
To follow the security policy of your company or your country regulations, you can enable displaying:
• an additional message on user logging in to notify that user that his or her session is being monitored.
• a Client tray icon with the notification about monitoring
Searching Data (Session List)
37
Ekran Management Tool allows searching in the recorded sessions.Search is performed by different parameters:
• for Windows Clients: active window title, application name, user name, Client name, visited URL,
entered keystrokes, USB device information
• for Linux Clients: commands and command parameters
Viewing Live Sessions
38
Ekran System allows you to perform monitoring of user activity in real time.You can connect to a Live session and observe the activities a user performs at the given moment.
Magnifying Glass
39
You can enlarge certain parts of the video in the Session Player by using the Magnifying glass.
Forensic Export
40
With Ekran System Forensic Export, you can:• Export a monitored session or its part to a securely encrypted file.• Investigate the recorded user activity in the in-built offline session viewer.• Present evidence in forensic format to the third parties.
Setting Up Alerts
42
Ekran System allows you to enable quick incident response using alert notifications:• Set up alerts about suspicious user activity on the Client computers. • Specify individuals to receive instant alert notifications via email or in the Tray Notifications
application.
Alerts in Session Player
43
Monitored data associated with alert events is highlighted and marked with a special icon in Session Player.
Setting Up USB Rules
44
Ekran System can detect USB devices connected to a computer, alert you on device plugging in, and block their usage (either all devices of a certain class or all except the allowed devices) on a Client computer.
USB Rules in Session Player
45
Screencaptures created on USB devices being plugged in or blocked are highlighted and marked with a special icon
Receiving Alerts
46
Receive alert notifications in real-time, review them in the Ekran System Tray Notifications journal, and open the session with the alert-related data in Session Player.
Dashboards
48
The dashboards offer a convenient real-time view of the most useful data grouped in one place.
Customize the dashboards on the Management Tool Home page by adjusting their look and settings.
Dashboard Types
49
There are three main types of Ekran System dashboards:
• System State Dashboards
• Licenses
• Clients
• Database Storage Usage
• Monitoring Dashboards
• Recent Alerts
• Latest Live Sessions
• Threat Detection Dashboards
• Computers Used out of Work Hours
• Rarely Used Computers
• Rarely Used Logins
Threat Detection Dashboards
52
Rarely Used Computers
Computers Used out of Work Hours
Rarely Used Logins
Reports & Statistics
54
Ekran System Reports provide the full overview of the time spent in applications and on websites visited
on the user’s machine.
Generate a highly customizable report ad-hoc or schedule sending reports to your email on a daily,
weekly, or monthly basis.
The reported activity can include alerts, launched applications, visited web-sites, plugged-in/blocked
USB devices, and executed Linux commands.
Scheduled Reports
Reports & Statistics
55
The reports can be generated manually at any time for any time period.
Manual report generation