High Risk Users
Audit Trail, Policy Enforcement
Privileged Users – IT Administrators, third-party consultants, external support teams and managed service providers are granted very broad access to IT systems, including critical infrastructure and sensitive data repositories. These “high-risk” users require administrative access to sensitive assets in order to perform their essential job functions, however too often their activities go unmonitored. This activity creates serious risks, mainly due to the potential for unauthorized data access or alteration, or for corruption of system integrity and availability. Compromising these accounts is also a common objective of targeted attacks or “spear fishing.” Monitoring and controlling privileged user activity is an essential requirement for compliance and security.
PacketSentry includes a broad range of unique capabilities for managing the risks from high-risk user accounts. PacketSentry supports both monitoring activity, and real-time policy enforcement to limit access to sensitive data and protect management interfaces. Collectively, the controls from PacketSentry provide a robust solution for auditing and managing the activity of these accounts in a cost effective, manner - requiring minimal operational overhead.
PacketSentry’s architecture is based on network-based deep packet inspection and identity correlation at the Active Directory domain, database, and application levels. No agent software or heavy logging requirements support easy, low-risk integration. As an independent physical or virtual appliance, PacketSentry supports segregation of duties audit requirements.
- Provides a granular audit trail of high-risk user activity including file access, direct database queries, web, RDP, SSH, i/zSeries, and more
- Real-time alerting and policy enforcement to limit admin access to data and protect management interface
- Active Directory administration activity auditing, password lock-outs, login failures, and more.
- No agent software or in-line appliances; limited or no logging requirement
- Reporting or blocking of “leap-frog” attempts between servers in the data center
- Baselining and excess access tracking to identify administrator access to unusually high volumes of data
- Identity correlation between shared administration accounts and actual user
- Segregation of Duties – IT administrators cannot access/modify PacketSentry’s audit trail
, Policy Enforcement