Real-time session monitoring by Cyber-Ark
Cyber-Ark Software announced real-time session monitoring capabilities that enable immediate termination of suspicious activity. With the recent release of its Privileged Session Management Suite (version 7), Cyber-Ark is unveiling enhanced capabilities to better isolate, control and monitor activity to protect databases, virtual environments, network devices and servers from insider threats and external cyber attacks.
Making the case for more granular, centralized session monitoring controls, the recent Trustwave 2012 Global Security Report found that the top three methods for propagating an intrusion in 2011 were: use of weak administrative credentials (80 percent); default hidden administrative shares (15 percent) and remote access solution credential caching (5 percent). According to Cyber-Ark, a Privileged Session Management solution is the key to ensuring secure access to sensitive systems while not exposing the privileged credentials to the remote vendor.
Cyber-Ark’s Privileged Session Management Suite provides the ability to protect against cyber attacks as well as isolate sensitive assets to prevent a malware-infected desktop from infecting sensitive target machines. It delivers continuous monitoring and compliance with detailed activity reports across all target systems, databases and virtual servers.
Additional enhancements focus on the following key areas:
- Web-based application access and monitoring: Using Privileged Single Sign-On capabilities, administrators can connect to sensitive web applications as well as manage access credentials and monitor and record privileged sessions, extending an organization’s ability to secure and control activity on enterprise web applications.
- Command level advanced forensics and audit proof: Users can record any activity that occurs in a privileged database session creating a highly compressed and searchable DVR recording. All recordings are stored in the tamper-proof Digital Vault Server and can be accessible for audits and reporting. With advanced forensic capabilities via command level search of SQL/SSH events in privileged sessions, administrators benefit from intuitive, icon-driven “Click to Play” capabilities, enabling point-in-time insight into specific events including privileged access to sensitive database tables.
- Quicker root-cause analysis: Through the ability to easily search, locate and alert on sensitive events, root-cause analysis can quickly be assessed, minimizing potential damage due to a security breach or human error. Moreover, DVR recordings help users gain a complete picture of what happened in a session, in a user friendly manner, versus filtering through an exhaustive and many times partial list of logs.
The suite can also be integrated with SIEM tools for real-time alerting including those from HP ArcSight, LogLogic, McAfee NitroSecurity, Q1Labs and RSA enVision. This benefits organizations from a security management perspective because administrators or auditors can receive an alert, immediately log into the session in question, monitor activity and even terminate if necessary.
Additional value for auditors is driven by Cyber-Ark’s forensic capabilities and full session DVR-like playback, which can be used to prove that appropriate controls around privileged access and accountability are in place to support compliance requirements associated with NIST 800-53, PCI DSS, SOX, HIPAA, Basel II and more.