SECRET SERVER FEATURE: Privileged Session Management
Record & Monitor Privileged Session Access, and Log Keystrokes
Overview of Privileged Session Management, Monitoring & Control:
Session management, monitoring, and control increase oversight and accountability so you can mitigate the risk of privileged account misuse. Even organizations with mature PAM programs don’t merely trust people are always doing the appropriate things with their privileged access. Privileged session management is used as a second pair of eyes to increase confidence that best-practice PAM policies are, in fact, being followed.
In privileged session management, the activities of every privileged user, which includes trusted insiders, third-party vendors, and connected systems, are managed, monitored, and controlled from the time they launch a privileged session to when that session ends.
One of the best ways to reduce privileged account risk is to reign in Domain Admin credentials, but this is hard to do unless you can take control of these accounts and limit how domain admins can connect. Delinea Secret Server provides a proxy capability that can be used to ensure the only way to access servers is by coming through the Delinea Secret Server vault. Direct access can be prevented at your firewall level, which forces administrators to use Delinea Secret Server to store their Domain Admin credentials and use the proxy to access servers.
All SSH sessions can be set up to proxy through Secret Server for greater control and logging capabilities. You can set up firewall rules to ensure that privileged account access only comes from the Secret Server machine.
With Session Monitoring, administrators have a real-time view of all privileged user sessions launched from Secret Server and can watch the live feed of an active session. You can quickly terminate risky or unauthorized sessions or send a message directly to the user. Secret Server’s Session Monitoring feature works with Remote Desktop, PuTTY, and custom launches
This feature provides a powerful tool for monitoring privileged sessions. For example, when an administrator is alerted of a new active session initiated on a critical SQL database server, they view the active SQL Management Studio privileged session, send a message to the user asking why they are accessing the database, and terminate the session if deemed necessary.
Recording privileged sessions results in an uninterrupted record of a user’s privileged access. You’ll know when the user checked out a Secret, what they did on the system, and when they logged off thanks to Secret Server’s audit trail.
Once a session is recorded, it can be stored on disk and archived based on your company’s retention policy.
Many organizations choose to use Session Recording in conjunction with SIEM or analytics to alert the SOC team on potential abuse or breaches. Secret Server can be configured to export events via Syslog to enrich network logon information with the actual user. That way, when an alert is generated you know which recorded sessions are relevant.
Learn more about Secret Server’s Session Recording feature.
Keystroke logging is available as an enhanced security option. All keystrokes during sessions can be recorded and available for quickly searching during playback sessions. Keystroke logging provides the ability to rapidly search for administrative commands, such as Sudo on SSH sessions, which may be important for your auditors to review. Any session that is proxied through Secret Server can be configured to record all SSH traffic, which can then be searched and analyzed at a later point.
Enhanced Session Playback
With Secret Server, administrators can quickly search for the exact session they want to review using a number of different filters as well as a cross-session search bar to quickly find the session they need, such as all sessions that had PowerShell running.
Once the session they would like to review has been found, they can open the recording in our enhanced web player. This player provides a lot of additional information and context to the administrator, such as an activity heat map, a list of processes that ran, keystrokes, and metadata on the session itself.
The Activity Heatmap on each session provides the process, screen, and keystroke activity across the entire session. Reviewers can quickly pinpoint moments of activity that they would like to review during the entire session.
Delinea Connection Manager helps you manage and interact with multiple remote sessions for both Remote Desktop Protocol (RDP) and SSH in a unified environment. From a single interface, you can manage and secure numerous sessions active at once, even when using different connection protocols and a variety of privileged accounts.