For privileged sessions it is best practice to audit everything. With a documented record of all actions performed it not only can be used in forensic analysis to find exactly the issue and attribute it to a specific user and session. Because these sessions are so critical it is also best practice to keep a video recording of the session that can be reviewed or used as evidence for your most critical assets or in highly regulated industries. With the Centrify Audit and Monitoring Service monitoring and session recording can be achieved through either a gateway-based and/or host-based technique. Advanced monitoring capabilities even allow for process launch and file integrity monitoring.
Session Recording & Auditing
Record and manage a holistic view of privileged activity across Windows and Linux servers, IaaS and network devices, establishing a single source of truth for individual and shared accounts. Prove compliance with reports on every user’s privileges and associated activity.
Gateway Session Monitoring & Control
Gain new levels of oversight for privileged sessions on critical infrastructure. Administrative users watch activity in remote sessions in real-time and can instantly terminate suspicious sessions through the Centrify Admin portal.
Host-Based Session Auditing, Recording & Reporting
Ensure session recording cannot be bypassed with host-based auditing. Discover rogue activity such as the creation and storage of SSH key pairs that would make it easy to bypass security controls, and attribute activity to the individual user. Audit all SSH session activity at the process level in forensic detail for security review, corrective action and compliance reporting.
There isn’t a regulation that Centrify hasn’t helped us to meet. Today, every time an administrator touches a server, I have a record of it. I can pull a report, print it, and hand it to the auditor., IT Specialist and UNIX Systems Architect, State of Michigan Department of Technology, Management and Budget