I’ve heard many war stories of critical systems going berzerk, network devices being hijacked, and sensitive data being culled from servers and databases in the data center. Most I can’t recall, since they were shared in a pub over a firkin of ale. But there are many.
Can you relate? Do you have firsthand experience of wading through the vast corpus of system logs trying to find out how it happened? Remember the frustration with cryptic audit entries spread across multiple logs and multiple systems — or no log entries at all, from home grown or legacy apps.
This is the third blog in a series of 3 that explores key capabilities of our Centrify Privileged Service (CPS). In the other two we looked at emergency “break glass” scenario, and a more general remote login without password reveal. In this one, we take a look at CPS’ session recording capability.
Session recording is a centralized function that lives on the Centrify Cloud Connector — a lightweight windows box that acts as a gateway between the remote user and your resources (servers, network devices, legacy apps, shared social network accounts). It performs the actual session management — setting up and tearing down the privileged sessions. As such, this is an ideal place to record every action the user performs when using CPS.
CPS nicely complements its sister product, Centrify Server Suite (CSS). While CSS provides best practice “least privilege” + privilege elevation for the vast majority of privileged login use cases, CPS handles the exceptions, governing access to privileged account passwords where we have no choice but to login as (e.g.) “admin” to a Cisco router. Because it is specifically designed as a SaaS app for the modern hybrid enterprise, it goes much further than traditional on-premises SAPM offerings. It’s designed for scenarios where your infrastructure may be in the cloud as well as on-premises. It also caters for a fractured IT where you have both internal administrators as well as external (e.g., outsourced IT).
So why is session recording so important? Remember CPS is controlling remote access to privileged accounts — accounts that can expose the user to sensitive applications and data such as personally identifiable information (PII), credit card data, protected health information (PHI), your next game-changing drug formula…
So, session recording brings the following benefits:
- Improving compliance and reducing audit findings by maintaining a detailed forensic recording of shared privileged account sessions
- Reducing costs by streamlining root cause analysis, breach investigations, and audits
- Reducing operational overhead by collapsing silos of log events into a centralized view and enabling more rapid analysis with video recordings that are indexed with a list of searchable commands entered by the user
- Improving security by deterring abuse of privileged accounts (i.e., if a user knows they’re being recorded and their activities are tied back to a real user account, they will be more inclined to behave)
See the video demonstration of CPS session recording below. It also includes a walk through of the CPS configuration to set that all up. If you haven’t already, please check out the prior two blogs (here and here) and accompanying video demos in this series, where I walk through other CPS use-cases — remote server login without password reveal and emergency “break glass” scenario.
You can learn much more about the Centrify Privilege Service here. Take it for a test drive and see how easy it can be achieve that balance of strong security with ease of use.
Secure Thinking by Tom Kemp
