BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Session Monitoring Provides Context Aware Security for Windows

Posted May 23, 2013    Morey Haber

The Windows world is about to get a long overdue lesson from Unix. Privilege Identity Management does not stop at just logging that an application gets launched with elevated privileges; administrators need to know what the user does with that application, as well.

Did they use the program within the guidelines of company policy or use it for some intentional or unintentional malicious activity? PowerBroker for Windows 6.0, which is due for general availability in a few weeks, has expanded its capabilities to capture processes, mouse clicks, keystrokes, and screen captures for elevated applications based on Rules.  And, to make it simpler, any rules including the ones you have deployed within your organization can be enabled for Session Monitoring:

PBW-Default-CricklewoodPolicy

After a session is captured, the data is compressed, encrypted, and securely transferred via policy to the Retina CS Threat Management Console. This data can be viewed, searched, and filtered to see exactly how privileged activity is used within your environment. Below is a sample from Retina CS 4.5 of what this looks like to an authorized administrator trying to change VMware workstation adapter settings:

PBW-session-viewer

The Unix world has known for a long time that recording these activities is critical for application security. PowerBroker for Unix & Linux does this natively and now with Retina CS 4.5 allows this data to be presented alongside its Windows counterparts in a single threat management console.  Regardless of platform, session and keystroke monitoring can be presented in one system. And, with the rest of BeyondTrust’s capabilities, full Privilege Identity and Vulnerability Management solutions are available as optional add-on modules.

BeyondTrust is redefining traditional security and helping companies understand the risk to users and assets. PowerBroker for Windows 6.0 allows Session Monitoring of user activity to identity the risk to applications running with elevated privileges. The art of measuring your information technology risk by user and application just got easier with BeyondTrust’s PowerBroker for Windows.

Launch a free evaluation today.

Tags:
, , , , ,

Additional articles

Dark Reading

2014: The Year of Privilege Vulnerabilities

Posted December 18, 2014    Chris Burd

Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of “least privilege” could limit the impact of malware and raise the bar of difficulty for attackers.

Tags:
, , , , ,
dave-shackleford-headshot

Looking back on information security in 2014

Posted December 16, 2014    Dave Shackleford

Dave Shackleford is a SANS Instructor and founder of Voodoo Security. Join Dave for a closer look at the year in security, and learn what you can do to prepare for 2015, with this upcoming webinar. 2014 has been one heck of an insane year for information security professionals. To start with, we’ve been forced…

Tags:
, ,
patch-tuesday

December 2014 Patch Tuesday

Posted December 9, 2014    BeyondTrust Research Team

This month marks the final Patch Tuesday of 2014. Most of what is being patched this month includes Internet Explorer, Exchange, Office, etc… and continues a trend of the greatest hits collection of commonly attacked Microsoft software. Probably the one thing that broke the mold this month is that for once there is not some…

Tags:
,