ekran system forensic monitoring tool -businesstovirtual italy partner
TRANSCRIPT
Ekran System 4.2
Contents• About the program
• Ekran Server & Management Tool
• Database Management
• Licensing
• Client Installation
• Monitoring Parameters
• Client Protection
• Notifying Users about Being Monitored
• Viewing Sessions
• Alerts & USB
• Dashboards
• Reports
2
About the program
3
Ekran System
Smart user activity videorecording system
4
Privileged Identity Management
• Ekran Systems allows to create indexed video records of all concurrent Windows, Citrix and Linux terminal sessions on your servers and also record remote and local sessions on workstations.
Employee Work Control
• Are you interested in your company's security?
• Do you want to know what your employees do during their working hours?
• Do you want to control sensitive information use?
Cost Saver on the Market
• Ekran System provides all popular segment features while offering much more beneficial pricing than ObserveIT or Citrix Smart Auditor.
Ekran System
5
Ekran System is an affordable user monitoring solution for enhanced cyber security.
You can record all terminal, remote, and local user sessions and alert security personnel to suspicious events.
Ekran System components
Ekran Management Tool
GUI part used for system management
& session viewing
Ekran Server
Main component used for storing data obtained from Client
computers
Ekran Clients
Windows/Linux/Citrix
Components installed on the target computer to
monitor user activity and send it to the Server
Ekran System Structure
6
Ekran Server & Management Tool
User management, permissions, Management Tool settings
7
Management Tool
You can manage the whole system via the Management Tool in your browser
8
User & User Group Management
• Create two types of users: Internal or Active Directory (Windows domain users)
• Use groups for easier user management
• Define permissions for users
9
User & User Group Permissions
10
Customizable permissions allow you to define user access to
• selected Clients/Client Groups (Client permissions) • whole system (Administrative permissions)
Management Tool Log
11
Audit all user activities performed in the Management Tool via the Management Tool Log with the detailed information on all changes.
Database ManagementDatabase configuration & cleanup
12
Database Configuration
13
Database Cleanup
14
Automatic cleanup settings One-time manual cleanup
LicensingTypes of licenses & serial key management
15
LicensingEkran System is licensed by the number of Ekran Clients, end-points to be monitored. All management components, including Server and Management Tool, are provided for free with any deployment.
16
Types of Ekran Client licenses:
Windows workstation license
Windows server license
Linux machine license
Serial Key & License Management
To use Ekran System permanently, license it by activating the serial keys on the computer with the installed Ekran Server.
17
Request a trial serial key for 30 days to deploy the system and review its basic features with a restriction of 5 workstation licenses, 1 server license, and 3 Linux licenses.
Client Installation
18
Installing Ekran Clients
19
Convenient Ekran Client installation:
• Local:
• Linux Clients (via tar.gz file)
• Windows Clients
• using installation file with default parameters
• using generated package with customized parameters
• Remote (for Windows Clients)
Remote installation
Select computers to install Clients on
Customize installation parameters
The Clients are successfully installed!
Target Computers for Remote Installation
20
• Scan your local computer network
• Define a range of IP addresses to search the target computers
• Simply enter target computer names
Monitoring Parameters
21
Client Monitoring
22
The data the Client sends is stored in the form of deltas (differences between a newer
screen capture and an older one) to minimize storage space
Recorded information is saved in easy-to-review and easy-to-search form:
The name of the launched application
The title of the active window
Entered URL
Text entered via user’s keyboard (keystrokes)
Commands executed in Linux (both from user input & by running the scripts)
The information on plugged-in USB devices
Screen Capturing
23
Ekran Client screencapture creation is event-triggered by default.
URL Monitoring
24
Ekran Client monitors URLs entered in web-browsers.You can configure the Client to monitor full URLs or domains of top and second level only.
Keystroke Logging
25
Ekran Client captures all text entered from the user’s keyboard and adjusts it for better comprehension.
SIEM Integration
26
Ekran System integrates with your SIEM system using log files.
Application Filtering
27
Ekran System allows you to define the filtering rules for websites/applications to adjust the amount of monitored data and exclude the areas where personal information can be observed to comply with corporate policy rules and country regulations related to user privacy.
Privileged User Monitoring
28
Monitor the activity of users logging in under privileged user accounts.
Client Protection
29
Protected Mode
30
Ekran System allows you to protect the Client and its data by enabling the Protected Mode.
The usage of Protected Mode has the following advantages:
• Prevention of Client uninstallation.
• Prevention of stopping Client processes.
• Prevention of editing Client system files and logs.
• Prevention of editing Client settings in the registry of the Client computer.
• Prevention of modification, removal, and renaming of Client files.
Local Client Uninstallation
31
Users, including privileged ones, are not able to stop Client working on their machines, as well as
remove Client locally without the Administrator assistance.
Only Ekran System Administrator knows the uninstallation key defined prior to Client installation and
necessary for local removal.
Notifying Users about Being Monitored
32
Advanced User Authentication
33
Advanced user authentication allows you to achieve two goals: • Monitor users’ activity on the computer when multiple users use the same credentials to log in.• Improve your security by limiting the access to the specific users who know secondary
authentication credentials.
Advanced User Authentication
34
The Ekran System Client requests entering credentials before allowing a user to work with Windows Server.
Notifying User about Being Monitored
35
To follow the security policy of your company or your country regulations, you can enable displaying:
• an additional message on user logging in to notify that user that his or her session is being monitored.
• a Client tray icon with the notification about monitoring
Viewing SessionsReview the monitoring results
36
Searching Data (Session List)
37
Ekran Management Tool allows searching in the recorded sessions.Search is performed by different parameters:
• for Windows Clients: active window title, application name, user name, Client name, visited URL,
entered keystrokes, USB device information
• for Linux Clients: commands and command parameters
Viewing Live Sessions
38
Ekran System allows you to perform monitoring of user activity in real time.You can connect to a Live session and observe the activities a user performs at the given moment.
Magnifying Glass
39
You can enlarge certain parts of the video in the Session Player by using the Magnifying glass.
Forensic Export
40
With Ekran System Forensic Export, you can:• Export a monitored session or its part to a securely encrypted file.• Investigate the recorded user activity in the in-built offline session viewer.• Present evidence in forensic format to the third parties.
Alerts & USBAlert & USB monitoring/blocking settings
41
Setting Up Alerts
42
Ekran System allows you to enable quick incident response using alert notifications:• Set up alerts about suspicious user activity on the Client computers. • Specify individuals to receive instant alert notifications via email or in the Tray Notifications
application.
Alerts in Session Player
43
Monitored data associated with alert events is highlighted and marked with a special icon in Session Player.
Setting Up USB Rules
44
Ekran System can detect USB devices connected to a computer, alert you on device plugging in, and block their usage (either all devices of a certain class or all except the allowed devices) on a Client computer.
USB Rules in Session Player
45
Screencaptures created on USB devices being plugged in or blocked are highlighted and marked with a special icon
Receiving Alerts
46
Receive alert notifications in real-time, review them in the Ekran System Tray Notifications journal, and open the session with the alert-related data in Session Player.
Dashboards
47
Dashboards
48
The dashboards offer a convenient real-time view of the most useful data grouped in one place.
Customize the dashboards on the Management Tool Home page by adjusting their look and settings.
Dashboard Types
49
There are three main types of Ekran System dashboards:
• System State Dashboards
• Licenses
• Clients
• Database Storage Usage
• Monitoring Dashboards
• Recent Alerts
• Latest Live Sessions
• Threat Detection Dashboards
• Computers Used out of Work Hours
• Rarely Used Computers
• Rarely Used Logins
System State Dashboards
50
Clients
Licenses
Database Storage Usage
Monitoring Dashboards
51
Recent Alerts
Latest Live Sessions
Threat Detection Dashboards
52
Rarely Used Computers
Computers Used out of Work Hours
Rarely Used Logins
ReportsReport settings & generation
53
Reports & Statistics
54
Ekran System Reports provide the full overview of the time spent in applications and on websites visited
on the user’s machine.
Generate a highly customizable report ad-hoc or schedule sending reports to your email on a daily,
weekly, or monthly basis.
The reported activity can include alerts, launched applications, visited web-sites, plugged-in/blocked
USB devices, and executed Linux commands.
Scheduled Reports
Reports & Statistics
55
The reports can be generated manually at any time for any time period.
Manual report generation
Report Types
56
Alert grid report
USB grid report
Linux grid report
Report Types
57
Activity summary report
Activity chart report
Activity pie chart report
Report Types
58
URL summary report
URL chart report
URL pie chart report