I used to feel like a voice in the wilderness when it came to convincing folks of the need to implement controls over privileged accounts. I often heard things like “Well, you have to trust someone!” But it’s not really about trust is it? Accountability is increasingly critical the more trust you put in someone because the more authority they have the more damage they can do whether inadvertently or maliciously. (A non-infosec case is the recent cruise ship disaster in Italy.)
Regardless where you stand on the philosophical side of privileged account control, I’m glad to say that the need for this control is becoming widely accepted as a critical piece of enterprise security.
I’m talking about something like the so called black box found on passenger jets and cruise liners that record every operation the pilot executes and other important telemetry from the craft.
In older command line based environments, like Unix, it was relatively easy to implement this level of auditing by simply echoing all shell activity to a log file. But in today’s GUI based operating systems that no longer works.
In the past, I’ve explored how you can use security logs to enforce accountability over administrators and other privileged accounts. I’ve also highlighted the need to maintain your log archives separate from the production environment to ensure the logs can’t be tampered with by the very people they are providing a control over.
However, audit logs provide only a hazy outline of privileged account actions. When we are talking about highly confidential data or mission critical systems supporting thousands of users what we really need is the equivalent of a digital security camera that records every move made on a system.
For information systems there is such a security camera/black box technology available today that records an actual video of privileged account sessions. With this technology you can call up any session from the archive and watch every mouse, keystroke and screen update as it happened – regardless of the application or interface being used.
In this next real training for free (TM) webinar I’ll be exploring this new technology for monitoring privileged accounts. I’ll discuss where the technology is today and where it’s going in the future. We’ll look at crucial issues such as indexing videos with meta data like window titles so that you can quickly find relevant pieces of video. We’ll also consider security of the recording process and video archive as well as storage considerations.
Then our sponsor, Centrify, will briefly demonstrate their DirectAudit solution which allows you to record and audit Windows, Unix and Linux sessions and I think you will be impressed with index and reporting capabilities that complement the core video recording capability.
Don’t miss this real training for free (TM). Please register now.