user monitoring
Organisations have to balance the risks associated with the privileged accounts and the operational efficiency achieved through the use of such accounts.
General information

The solutions from the PIM/PUM/PAM area offered by APIUS enable to create a fully transparent and very friendly working environment for privileged users. Thanks to the technology we employ, administrators can use an intuitive and simple tool, while the security department has a powerful system for monitoring the work of IT personnel.

One of the biggest challenges related to IT security is to prevent privileged users (administrators) from performing unauthorised activities. While the rights of ordinary users of websites, business applications or operating systems are well defined and limited, the administrators are, unfortunately, often beyond any control and supervision. It should be remembered that the risk carried by privileged users accounts increases with the development of their rights in IT systems.

In general, system administrators and other privileged users have the option of establishing a remote connection to the administered systems by using their workstation in such a way that they can see the screen of the remote device/server as if they were actually sitting in front of a screen that is connected to it. In fact, the administrators are usually located even in another part of the world. Currently, large data centers are located in various regions of the world. Large companies also have many data centers and various business departments (IT, HR, customer service, sales department, financial department, etc.) that often operate in different parts of the world. Therefore, remote access to servers/devices is basically a normal part of the daily work of administrators.

Who are the privileged users? At first thought, the answer is simple – administrators. But in fact, the notion of privileged users covers not only administrators but also a much broader group of individuals within a company. They can be divided into the following types:

  • users that use shared administrative accounts – shared administrative accounts exist in almost every system, device or application. Selected examples: Administrator in Microsoft Windows or root in UNIX/Linux. There is a SYS account in Oracle and a SA account in Microsoft SQL Server. Such accounts have full authorisations and are generally shared by several people in IT departments,
  • users that use personal privileged accounts – i.e. accounts that are used by business users and IT employees. These accounts have a wide range of rights and their use (or abuse) can have a significant impact on the organisation's functioning. The access to these accounts is usually granted to IT managers or employees,
  • reak-glass accounts – special, emergency accounts with extended privileges, used in emergency situations, e.g. when it is necessary to fix a failure or when the basic authentication mechanism is not available. In general, using them requires special approval from management,
  • maintenance or technical accounts – special accounts, often with unlimited access to certain parts of the infrastructure, e.g. the financial database or the transaction system of a bank, which are used to launch services or to communicate applications with each other,
  • users that use sensitive business systems – in each enterprise, there are several "special" employees who have access to confidential data stored in key applications such as SAP or business applications. The examples of such users include accountants, HR managers or some customer service employees.

As we can see, apart from administrators, there are several other types of users in the IT environment who have considerable privileges. To complicate the issue, often several employees share access to such accounts, which makes it more difficult to track who actually used the account at the specific time when, for example, an event occurred.

The privileged users are a potential source of threat to safety in many different situations. In most enterprises, users at different organisational levels have the possibility to directly access and manipulate the most sensitive information such as CRM, HR data or credit card numbers. Among such users, there may be employees of legal departments, HR managers, accountants and a number of other people working for the organisation. By losing or causing leakage of data, business users can severely harm the reputation of the enterprise.

In addition to privileged business users, there are people who are IT administrators, external consultants or CxO level managers who often have almost unlimited and uncontrolled access to the enterprise's information resources. The majority of employees are trustworthy and honest, but there are always people in a large group who abuse the trust placed in them, and administrators are no exception. These users may deliberately – or accidentally – take harmful actions in information systems and thus cause huge damage to the enterprise.

What are the most important features that a mature and professional PIM/PUM/PAM system should have?

  • Control over the access of users to privileged accounts (user authentication, access restrictions based on time and other policies),
  • Management and control of privileged sessions (e.g. by limiting administrative access to servers),
  • Recording sessions that use shared accounts and super-administrators (e.g. root),
  • Collection of information that is useful from the point of view of computer forensics, compliance management, etc.

The solution offered by APIUS meets all the abovementioned features and is based on four basic elements:

  • Balabit ShellControlBox (SCB) – a tool for controlling remote access to administered resources,
  • Lieberman Enterprise Random Password Manager (ERPM) – software used to manage the accounts and passwords of privileged and shared users,
  • Splunk – software allowing to record events and incidents concerning security,
  • Apius App for Balabit & Liebsoft.

Our solution allows to efficiently supervise the work of super-users through:

  • monitoring and recording administrative sessions for privileged accounts,
  • control of access to the accounts and passwords of privileged users,
  • management of passwords to privileged accounts,
  • identification and detection of privileged accounts the existence of which is not known to the IT department,
  • management of access to the IT system for external consultants,
  • appraisal of the external consultants that provide IT systems administration services.
Our partners in the field of Privileged Users Monitoring
See also