Presentation on theme: "BalaBit Shell Control Box New Concept for Privileged User Monitoring."— Presentation transcript:
BalaBit Shell Control Box New Concept for Privileged User Monitoring
Agenda Market challenges User Monitoring by BalaBit Conclusion
BalaBit IT Security „ The syslog-ng company” 2011 revenue: $10.3 M (35% annual growth) Number of employees: 120 Number of customers - global: – commercial customers: 800 – open source users: years experience in IT Security Global partner network, 80+ partners in 30+ countries Awarded to Deloitte Technology Fast 500 and Fast 50 Lists (2010)
External Challenges: Security Breaches
External Challenges: Compliance Pressure to Monitor Users SOX → COBIT DS5.5 Security monitoring DS9.2 Config.changes DS11.6 Securing Data PCI-DSS Chapter 7, 8 Implement Strong Access Control Chapter 10 Audit Access to Cardholder Data Chapter 12 Maintain sec.policy for personnel ISO27002 A.10.2 Third-party service mngmnt A Monitoring user activities A.13.2 Mgmt of Security Incidents HIPAA, Basel II, GPG13… Similar requirements!
IT Staff Outsourcing partners Managers SSH RDP, VNC Citrix Firewall, Network devices, Databases, Web/file servers, Citrix server… VDI users HTTP, Telnet Internal Challenges: Uncontrolled „Superuser” Access UNLIMITED AND UNCONTROLLED ACCESS!!! Control limitations of FWs Too complex environments
Logging is not enough… 1. Several security events are not logged! 2. Logs typically do not show what was done. 3. Logs often show only obscure techn. details.
Key questions to answer… Can you ensure the accountability of your IT staff? Can you monitor the actions of your „superusers”? Can you reliably control your outsourcing partners? Do you really know „who access what” on servers? Can you conduct quick and cheap audits at your company? Can you present bullet-proof evidence in legal proceedings? Are you sure you’d pass audits concerning user monitoring?
Privileged Activity Monitoring by BalaBit Shell Control Box Shell Control Box (SCB) is an appliance that controls privileged access to remote systems and records the activities into searchable and re-playable movie-like audit trails.
Authentication Security & compliance benefits: Integration with user directories (AD, LDAP, etc.) Shared account personalization Strong, central authentication Password mngmt Independent auth. of SCB admins and auditors Key Benefit: ADDITIONAL AUTHENTICATION LAYER!
Access Control Security & compliance benefits: Central access control gateway Multi-protocol support - SSH, RDP, VNC, Telnet, Citrix, etc. Sub-channel control (e.g. file transfer) Access by time policy 4-eyes authorization Real-time access monitoring Key Benefit: GRANULAR ACCESS POLICY ENFORCEMENT!
Real-time alerting (& blocking) Security & compliance benefits: Alerts for monitoring tools Alerts for supervisors Coming in Q4 2012: Terminates session if risky action Risky actions are customizable (e.g. failed login, program execution, credit card number…) Key Benefit: IMMIDIATE REACTION ON CRITICAL EVENTS!
SCB in the Compliance & Security Environment Exact name to generic admin users Password mgnmt Password Mgmt API: integration with 3rd party applications remote search and management Augmented logs Better sec. investigations Better Reporting SIEM / Log Mgmt Encrypted traffic analysis IDS Alerts Central mgmt Systems Mgmt
Market drivers – Use cases Compliance International standards Local legislationCompany policy Distrust Monitoring IT staff IT Outsource (SLA) control VDI user control Operational Efficiency Troubleshooting & Forensics Cloud services monitoring
Licensing and Implementation Host based licensing Provided as appliance or virtual image Scalable up to 10TB for auditing „unlimimited” hosts HA option Implementation and training: 2-4 days 7/24 vendor support (option)
Conclusion Benefits for business Faster ROI Faster and higher quality audits Lower troubleshooting and forensics costs Centralized authentication & access control Complete solution for user monitoring Faster ROI Faster and higher quality audits Lower troubleshooting and forensics costs Centralized authentication & access control Complete solution for user monitoring Lower risk Improved regulatory and industry compliance Better employee/partner control Improved accountability of staff Bullet-proof evidence in legal proceedings Lower risk Improved regulatory and industry compliance Better employee/partner control Improved accountability of staff Bullet-proof evidence in legal proceedings