IBM Security Verify

 View Only

IBM Security Verify Privilege Vault - Part 4 - How to monitor and record privileged sessions

By Sivapatham Muthaiah posted Tue August 09, 2022 01:15 PM

  
Introduction - Why Privileged Session Recording needed?
PASM - Privilege Access and Session Management has two major functions; One is Privileged Access Management which focuses on discovering privileged accounts in organization network (discovery), securely storing admin secrets of those accounts into a Vault (vaulting) and controlling the access through approvals (access request workflows) etc. Another is Privileged Session Management which focuses on monitoring the active privileged sessions, recording the admin sessions and control the sessions through remote actions.

Why Privileged Session Recording needed?
    • Security team will have better control and oversight over all privileged sessions through session recordings; Session can be monitored LIVE or using Playback to check whether particular privileged access used for the purpose it was approved for or not.
    • While monitoring sessions live, Security team can quickly take actions like terminating session or locking down the account etc.
    • Recording helps to audit the privileged activities with used keystrokes, mouse movements and especially with all screenshots
    • Recording is must to meet some of legal and compliance requirements like HIPAA, SOX etc.
NOTE: If you are interested in knowing about the user story around this feature, please read our PAM Simplified - Blog Series - Part 4

How to record admin sessions using Privilege Vault?
  • Global Configuration


    1. Global recording to be enabled first
    2. Launcher icon will show recording indicator
    3. Session gets disconnected if it is inactive more than the timeout specified here
    4. Videos gets saved either to database or to filesystem
    5. Retention days of the recorded videos can be mentioned here


  • Secret-level Configuration



    1. Enable session recording needed or not at Secret-level here


How to monitor LIVE session or use Recorded Playback session later?
  • LIVE Monitoring and Terminate session
     
  • Recorded Playback and Audit
Advanced Session Recording using Verify Privilege Vault
Advanced Session Recording (ASR) is a licensed feature of Verify Privilege Vault that adds extra capabilities to those offered by basic session recording which are given below:
    • Screen Capture: The SS launcher records second-by-second screen images compiled into a playback video of the user’s session. This is essentially the same as basic session recording.
    • Logged Processes: The ASRA logs all processes started and stopped during a user’s session.
    • Recorded Key Strokes: The ASRA records all user keystrokes during the session, which can be disabled.

In addition to above, ASR includes these enhanced video playback features:

    • Searchable Video: You can search video activity to find locations where specific activities, such as specific keystrokes or ran processes.
    • Enhanced Playback: Sessions recorded using ASR display additional data on playback, such as the current active window, the used processes, and keystrokes in the session.
    • On-demand video processing
    • Recording all sessions
Details on setting up ASR available @ ASR Documentation


If you are interested on our next blog - how to protect Privilege Vault using MFA, click here

Learn More:
IBM Security Verify Privilege Vault Product Details
IBM Security Verify Privilege Vault Technical Documentation


For any queries, contact @Sushmita Das / @Sivapatham Muthaiah​​​​​​


​​
0 comments
111 views

Permalink