oneidentity spsWith One Identity Safeguard for Privileged Sessions, you can control, monitor and record privileged sessions of administrators, remote vendors and other high-risk users. Content of the recorded sessions is indexed to make searching for events and automatic reporting simple so you can easily meet your auditing and compliance requirements. In addition, Safeguard for Privileged Sessions serves as a proxy, and inspects the protocol traffic on the application level and can reject any traffic that violates the protocol – thus it is an effective shield against attacks.

With One Identity Safeguard for Privileged Analytics, you can know who your high-risk privileged users are, monitor questionable behaviors and uncover previously unknown threats from inside and outside of your organization. By using user behavior analytics technology, Safeguard for Privileged Analytics detects anomalies and ranks them based on risk so you can prioritize and take appropriate action -- and ultimately prevent data breaches.

 

 

Full session audit, recording and replay

All session activity – down to the keystroke, mouse movement, and windows viewed – is captured, indexed and stored in tamper-proof audit trails that can be viewed like a video and searched like a database. Security teams can search for specific events across sessions and play the recording starting from the exact location the search criteria occurred. Audit trails are encrypted, time-stamped and cryptographically signed for forensics and compliance purposes.

Real-time alerting and blocking

Monitors traffic in real time, and executes various actions if a certain pattern appears in the command line or on screen. Predefined patterns could be a risky command or text in a text-oriented protocol, or a suspicious window title in a graphical connection. In the case of detecting a suspicious user action, Safeguard can log the event, send an alert or immediately terminate the session.

Two modes of operations

Choose which mode suits your needs.

Workflow Engine – A workflow engine that supports time restrictions, multiple approvers, reviewers, emergency access, and expiration of policy. It also includes the ability to input reason codes and/or integrate directly with ticketing systems. A password request can be automatically approved or require any level of approvals.

Instant On - Deploy in transparent mode so that no changes to user workflows are necessary. It can act as a proxy gateway operating like a router in the network – invisible to the user and to the server. Admins can continue to use familiar client applications, and can access target servers and systems without any disruption to their daily routine.

Proxy access

Since users have no direct access to resources, the enterprise is protected against unauthorized and unfettered access to sensitive data and systems. Safeguard for Privileged Sessions can proxy and record to many target resources, including UNIX/Linux, Windows, network devices, firewalls, routers and more.

Full-text Search

With its Optical Character Recognition (OCR) engine, auditors can do full-text searches for both commands and any text seen by the user in the content of the sessions. It can even list file operations and extract transferred files for review. The ability to search session content and metadata accelerates and simplifies forensics and IT troubleshooting.

Command and application control

Safeguard for Privileged Sessions supports both black listing and white listing of commands and windows titles.

Wide protocol support

Full support for SSH, Telnet, RDP, HTTP(s), ICA and VNC protocols. In addition, security teams can decide which network services (e.g. file transfer, shell access, etc.) within the protocols they want to enable/disable for administrators.

Instant off

By acting like a virtual firewall, One Identity Safeguard increases protection of your servers by terminating questionable or malicious accesses nearly instantly. In addition to avoid accidental misconfiguration and other human errors, the solution supports the four-eyes authorization principle under which the monitoring admin can terminate the session at any time.

Secure access to legacy systems

Use smartcard, 2FA or other strong authentication methods to gain secure access to systems. Because Safeguard acts as a proxy gateway to the system, it enables strong authentication to targets that cannot or do not support those methods natively.

 

Identify risky users

No place to hide. You can now evaluate entitlement grants against risk-classification rules to identify high-risk accounts. Notifications are automatically sent when changes to entitlement grants move a user’s profile into a high-risk status. This eliminates risk from unnecessary or dormant entitlements before someone can abuse or exploit them.

Detect threats in real-time

Rules-based security will fail to detect new external attack methods or malicious insiders. Safeguard for Privileged Analytics tracks and graphically represents user activity in real-time for a clear understanding of what is really happening in your IT environment. No need for pre-defined correlation rules; it simply works with your existing session data.

Pattern free operation

Instead of using pattern-based matching to detect ‘known bad’ behavior – which is often incorrect -- Safeguard for Privileged Analytics creates a baseline of ‘normal’ behavior via data collected from your IT environment. It then uses that data to detect deviations by using 13 different machine-learning algorithms.

Screen content analysis

By analyzing the screen content of privileged sessions, issued commands and window titles, Safeguard for Privileged Analytics can enrich the baseline-behavior profile of your privileged users by noting commonly used commands and applications. This granular analysis identifies ‘typical’ behavior and can help detect theft and misuse of privileged identities.

Behavioral biometrics

Each user has an idiosyncratic pattern of behavior, even when performing identical actions, such as typing or moving a mouse. The algorithms built into Safeguard for Privileged Analytics inspect these behavioral characteristics (captured by Safeguard for Privileged Sessions). Keystroke dynamics and mouse movement analysis help identify breaches and also serve as a continuous, biometric authentication.

Reduce alert noise

Privileged Analytics reduces alert noise generated by SIEMs by categorizing user events based on risk and deviation levels, and highlighting the most suspicious events. Alerts can be sent to SIEMs, or your security analysts can view a prioritized list of events on the intuitive user interface, enabling them to focus on the most important events.

Automated response

In most attack scenarios, high-impact events are often preceded by a reconnaissance phase. So, detection and response during this phase is critical to preventing damaging activity. Seamless integration with Safeguard for Privileged Sessions enables automated session termination whenever a highly suspicious event occurs, or malicious behavior is detected.

Active Care Support Service Overview

Health Check

We proactively perform periodic health checks in your environment

Virtual Replication

We replicate your environment for troubleshooting and reviewing changes

Remote Support

Our engineers connect remotely to your system for immediate support

Support engineer

You have your own personal support engineer

 Copyright © 2019. All rights reserved. Designed & Built by Inter Engineering.