BalaBit Shell Control BoxNew Concept for Privileged User Monitoring

Agenda

Market challenges

User Monitoring by BalaBit

Conclusion

BalaBit IT Security„The syslog-ng company”

• 2011 revenue: $10.3 M (35% annual growth)

• Number of employees: 120

• Number of customers - global:

– commercial customers: 800

– open source users: 850.000

• 12 years experience in IT Security

• Global partner network, 80+ partners in 30+ countries

• Awarded to Deloitte Technology Fast 500 and Fast 50 Lists (2010)

External Challenges:Security Breaches

External Challenges:Compliance Pressure to Monitor Users

IT Staff

Outsourcing partners

Managers

SSH

RDP, VNC

Citrix

• Firewall,• Network devices,• Databases,• Web/file servers, • Citrix server…

VDI users

HTTP, Telnet

Internal Challenges:Uncontrolled „Superuser” Access

UNLIMITED AND UNCONTROLLED

ACCESS!!!Control

limitations of FWs

Too complex environments

Internal Challenges: „Superuser” Fraud

Source: BalaBit IT professionals survey, 2011

Logging is not enough…

1. Several security events are not logged!2. Logs typically do not show what was done.3. Logs often show only obscure techn. details.

Key questions to answer…

IT Staff

Outsourcing partners

Managers

SSH

RDP, VNC

Citrix

Citrix

RDP, VNC

SSH

• Firewall,• Network devices,• Databases,• Web/file servers, • Citrix server…

Privileged Activity Monitoring by Shell Control Box

VDI users

HTTP, Telnet HTTP, Telnet

Privileged Activity Monitoring by BalaBit Shell Control Box

Shell Control Box (SCB) is an appliance that controls privileged access to remote systems and records the activities into searchable and re-playable movie-like audit trails.

Authentication

Security & compliance benefits:

•Integration with user directories (AD, LDAP, etc.)•Shared account personalization•Strong, central authentication•Password mngmt•Independent auth. of SCB admins and auditors

Access Control

Security & compliance benefits:

•Central access control gateway•Multi-protocol support - SSH, RDP, VNC, Telnet, Citrix, etc.•Sub-channel control (e.g. file transfer)•Access by time policy•4-eyes authorization•Real-time access monitoring

Real-time alerting (& blocking)

Security & compliance benefits:

•Alerts for monitoring tools•Alerts for supervisorsComing in Q4 2012:•Terminates session if risky action•Risky actions are customizable (e.g. failed login, program execution, credit card number…)

Audit & Forensics

Security & compliance benefits:

•Real-time activity monitoring•Tamper-proof, HQ audit trails•Movie-like playback & search•File transfer audit•Independent, transparent audit device

Reporting

Security & compliance benefits:

•Activity reports (e.g. failed logins, admin commands, etc.)•Customizable reports•Advanced statistics•Compliance reports (PCI)(coming in Q4 2012!)

SCB in the Compliance & Security Environment

•Exact name to generic admin users•Password mgnmt

Password Mgmt API:

• integration with 3rd party applications • remote search and management

•Augmented logs•Better sec. investigations•Better Reporting

SIEM / Log Mgmt

•Encrypted traffic analysis

IDS

• Alerts• Central mgmt

Systems Mgmt

Market drivers – Use cases

References

Licensing and Implementation

• Host based licensing• Provided as appliance

or virtual image• Scalable up to 10TB for auditing

„unlimimited” hosts• HA option • Implementation and training:

2-4 days• 7/24 vendor support (option)

ConclusionBenefits for business

Faster ROI• Faster and higher quality audits• Lower troubleshooting and forensics costs• Centralized authentication & access control• Complete solution for user monitoring

Lower risk•Improved regulatory and industry compliance•Better employee/partner control•Improved accountability of staff•Bullet-proof evidence in legal proceedings

Thank You!