High Risk Users

By: Packetmotion  09-12-2011
Keywords: Audit Trail, Policy Enforcement

Privileged Users – IT Administrators, third-party consultants, external support teams and managed service providers are granted very broad access to IT systems, including critical infrastructure and sensitive data repositories. These “high-risk” users require administrative access to sensitive assets in order to perform their essential job functions, however too often their activities go unmonitored. This activity creates serious risks, mainly due to the potential for unauthorized data access or alteration, or for corruption of system integrity and availability. Compromising these accounts is also a common objective of targeted attacks or “spear fishing.” Monitoring and controlling privileged user activity is an essential requirement for compliance and security.

PacketSentry includes a broad range of unique capabilities for managing the risks from high-risk user accounts. PacketSentry supports both monitoring activity, and real-time policy enforcement to limit access to sensitive data and protect management interfaces. Collectively, the controls from PacketSentry provide a robust solution for auditing and managing the activity of these accounts in a cost effective, manner - requiring minimal operational overhead.

PacketSentry’s architecture is based on network-based deep packet inspection and identity correlation at the Active Directory domain, database, and application levels. No agent software or heavy logging requirements support easy, low-risk integration. As an independent physical or virtual appliance, PacketSentry supports segregation of duties audit requirements.

  • Provides a granular audit trail of high-risk user activity including file access, direct database queries, web, RDP, SSH, i/zSeries, and more
  • Real-time alerting and policy enforcement to limit admin access to data and protect management interface
  • Active Directory administration activity auditing, password lock-outs, login failures, and more.
  • No agent software or in-line appliances; limited or no logging requirement
  • Reporting or blocking of “leap-frog” attempts between servers in the data center
  • Baselining and excess access tracking to identify administrator access to unusually high volumes of data
  • Identity correlation between shared administration accounts and actual user
  • Segregation of Duties – IT administrators cannot access/modify PacketSentry’s audit trail

Keywords: Audit Trail, Policy Enforcement

Other products and services from Packetmotion


File Share Activity Monitoring

Unlike other solutions on the market, PacketSentry accomplishes these tasks without the use of agents or in-line appliances, allowing you to integrate PacketSentry into your network in a matter of hours, without the possibility of affecting production data or taxing system resources.


Database Activity Monitoring

Stringent compliance reporting requirements from an array of mandates such as SOX, PCI DSS, ISO2700x and HIPAA/HITECH require comprehensive database monitoring solutions, and strong access controls to combat fraudulent activities. PacketSentry provides a granular identity-based audit trail of all database activity – down to specific instances, tables and queries – without agents or heavy logging.


User Activity Management

Built on a robust, yet easy to use rule engine, PacketMotion’s UAM system enables organizations to “blacklist” or “whitelist” specific user behaviors, create alerts based on access levels and known or anticipated behaviors, and block user actions that are identified as being suspicious or out of the norm.