Privileged session management is a crucial IT security procedure that enables administrative users to gain granular control over critical assets, such as databases, servers, network devices, and so on, which provides greater accountability over privileged user accounts and systems. In addition, session management controls must include privileged session monitoring, which encompasses monitoring session and user activities in real time, identifying and terminating anomalous sessions, and enabling playback options for period forensic and organizational audits.
That said, privileged access management (PAM) solutions should employ standard privileged session management and monitoring controls to centralize and secure remote access to privileged systems that are initiated through RDP, SSH, VNC, HTTPS, and more, so as to prevent unauthorized access to critical information.
ManageEngine PAM360 offers cutting-edge features to monitor, record, and archive privileged sessions, which are established via PAM360's web interface. PAM360's real-time session monitoring capabilities aid in detecting and terminating suspicious user sessions spontaneously to minimize any potential risks of a data breach, thereby helping security teams prevent any possible unauthorized use of classified accounts. Further, session recordings and logs are available on demand for periodic audits, which not only offers options to revisit and review old sessions, but also aids in complying with regulatory standards, such as SOX, HIPAA, PCI DSS, and more.
PAM360 provides a central web console to establish privileged sessions via Windows RDP, SQL, VNC, and SSH/Telnet, and helps admins achieve high-level control and governance over user activities. In addition, admins have the options to define user roles, specify appropriate access and privileged tagged to these roles, and distribute this information across all the devices and assets that exercise such privileged access rights within the organization.
PAM360 provides advanced customizations to tailor-fit your SSH, RDP, and VNC connections, including changing the SSH terminal type, modifying the composition for RDP connections, and altering the encoding type of VNC connections. It also offers centralized configurations to unify the functions of SSH, RDP, and VNC for easier use. Furthermore, the configurations made to these connections will be applied locally to the corresponding remote resources as well. read more
PAM360 provides easy options to record and archive privileged sessions and user activities pertaining to privileged remote sessions launched via its web console. PAM360's built-in session recording option aids in forensic audits and caters to organizations' compliance and regulatory requirements, which require extensive and timely monitoring of user activities. PAM360 enables administrators to delve into the who, what, and when of privileged remote sessions.
PAM360 includes a browser-based remote login mechanism for recording highly secure RDP, SSH, and Telnet sessions without requiring third-party agents or plug-ins. Remote sessions are tunnelled via the PAM360 server and offer one-click access to remote hosts without mandating users to enter passwords manually to launch their sessions. Apart from session recordings, PAM360 also offers archival of activity and chat logs.
Administrative users have the option to enable session recording by default for both specific and global sets of resources, based on the session and session type (RDP, SQL, VNC, SSH/Telnet). Recorded sessions can be archived in external directories, and users can set up additional storage locations for backup purposes.
PAM360 lets security teams monitor live and concurrent sessions initiated via RDP, SQL, SSH/Telnet, and VNC connections. With exclusive session shadowing capabilities, PAM360 enables admins to join live sessions, monitor user activities, and terminate all suspicious and unauthorized sessions. Additionally, admins can offer support to users when monitoring their activities during troubleshooting sessions.
PAM360 provides the option to join users on parallel active sessions, and perform the same operations as the users who initiated their respective sessions. Unauthorized remote sessions can be terminated instantly only by administrators.
Session recordings and logs can be accessed almost instantly upon the completion of every remote session. The session details include Connection Name, Connection Type, IP Address, Timestamp, and user who operated the session. PAM360 provides the playback option to revisit previous sessions, which provides support for security and regulatory audits. Session recordings can be played either directly on the PAM360 console or by using the Remote Spark player. Supported video formats are: RDPV, SSHV, VNCV, and TELNTEV.
PAM360 provides the option to split large SSH/Telnet session recording files into smaller fragments to ensure smooth and uninterrupted playback. By default, files that exceed a size limit of 10MB are split into 10MB files for storage and encryption, and then are stitched together into a single file during playback.
Users can also delete session recordings and logs from the local storage as and when required. However, in order to delete recorded sessions from the PAM360 database, there should be at least two active administrators to approve the operation. In other words, the deletion of session recordings will be based on the consent of at least two active administrators (including yourself).