“Wait… That’s Not How Susan Types. Kill that Session Now!”: 8 Ways to Analyze Privileged Sessions to Identify Your Most Suspicious Activity.

Webinar Registration

When a user logs into a privileged account, it’s like someone entering the core of a nuclear reactor with the ability to pull the control rods out of the fuel pile, turn off the cooling systems or otherwise sabotage or accidentally cause a major disaster. In the nuclear world, besides an array of fail safes and other controls, there are cameras everywhere – hopefully monitored by someone with enough knowledge to stop something like that happening.

In the world of IT, we would ideally have the same thing – every privileged session monitored in real time by another trusted and knowledgeable admin who would pull the plug or pause a session at any moment. 

Privileged session management products (or even Terminal Services and certain implementations of SSH) allow “over the shoulder” supervision, but obviously this is only something we can utilize in special cases or as a random sample control.

But in an exciting development in this space, technology is catching up to the potential that, in theory, has always been there. When you funnel all administrative sessions (think RDP and SSH) through a privileged session manager, new opportunities open up for automatically analyzing activity in real-time to detect rogue admins and hijacked accounts. 

In this webinar, we will look at 8 types of activity and other session data that can be analyzed for this purpose:

  • Biometric measure of typing style
  • Biometric measure of mouse activity
  • Unusual window titles
  • Unusual/forbidden/malicious commands
  • Time of login
  • Geo-location of login
  • Type and length of activity
  • Client network characteristics

Of course, any one of these data measured in isolation would yield too many false positives, so the right way to do this is to build an aggregate risk score. And if that score reaches a certain threshold, the PSM can flag the session for review, alert:

  • Flag the session for later review
  • Immediately alert a security analyst or account holder
  • Terminate the session in real-time
  • Suspend a compromised/malicious account

One Identity is our sponsor and we will demonstrate an actual implementation of all of this with the Privileged Account Analytics technology in Safeguard for Privileged Sessions. 

Please join us for this fascinating real training for free session.

First Name:   
Last Name:   
Work Email:  
Phone:  
Job Title:  
Organization:  
Country:    
Address:  
City:  
State:  
Zip/Postal Code:  
Organization Type :
 

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us.

 

 

Additional Resources