Privileged User Management
Privileged users often have the highest level of access to sensitive data of all employees. They hold the blueprint to the entire IT infrastructure and have 24x7 access to maintain it, alone and unassisted. Privileged access, while necessary, is most commonly managed on an ad hoc basis or not managed at all. One indication of this lack of management is the high level of administrator password sharing reported within companies in numerous surveys.
Serious security incidents are repeatedly linked to privilege. Large scale data theft, back door access to systems, planting malware to damage or delete data, as well as simply accessing highly sensitive information – such as payroll or HR data, or customer data in a SaaS environment – are all reported regularly.
A US Department of Defense CAT 1 Incident is described as ‘Unauthorized privileged access’ for a reason.
According to Verizon's 2010 Data Breach Investigations Report insiders were involved in 48% of all breaches - up from 26% the previous year. The report goes on to state that most insider cases involved misuse of privileges with employees often getting more privileges than they need to perform their job duties, with monitoring usually insufficient.
Outsourcing and cloud computing models increase the privileged user risk. IT administrators, no longer specifically employees of an organisation, have approximately the same access to the corporate network as if they were direct employees.
SIM/SEM and enterprise password management can help but they don’t provide comprehensive visibility, or protection, and leave significant risks completely unaddressed.
VigilancePro® complements log management systems and provides 360 degree visibility of all user activity, down to every administrator keystroke and mouse click if required, with real-time alerting to unusual, high risk, suspicious or malicious actions. The applications, utilities, commands, menu options, buttons and keystrokes available to users with administrator rights can all be managed, with access and use segregated to restrict which files can be opened, modified, renamed or deleted within sensitive folders and shares.
A comprehensive set of dashboards each with “Administrator user only views” highlights anomalies quickly with drill down to individual events with relevant attachments including desktop screen shots and CCTV images.
Solution Highlights:
- Full visibility of administrator activity
- visual pre-forensics audit trail
- real-time SMS and email alerts
- Ability to limit the administrator ‘role’
- restrict use of any button, menu option or keystroke in any application
- allow use of only specified commands at the command prompt
- protect files and folders regardless of permissions
- prevent log file tampering
- restrict certain actions to monitored / secure areas
- Segregation of duties through access and usage control
- access the CxO’s folders but not the content