Privileged sessions are sessions initiated by privileged accounts with administrative access to critical systems and corporate data in the IT infrastructure.
Granting employees, system administrators, third-party vendors, or contractors uncontrolled access to critical systems poses potential security risks. Enterprises need to go beyond manual monitoring and traditional privileged session management workflows to gain proactive insights into all privileged activities, and minimize threats.
Privileged session management is a crucial IT security procedure that enables administrative users to gain granular control over critical assets, such as databases, servers, and network devices, providing greater accountability over privileged user accounts and systems.
ManageEngine Access Manager Plus offers cutting-edge features to monitor, record, and archive privileged sessions established through the web interface. Real-time session monitoring capabilities aid in detecting and terminating suspicious user sessions spontaneously to minimize any potential risk of a breach, helping security teams prevent any possible unauthorized use of classified accounts.
By default, Access Manager Plus records all Remote Desktop Protocol (RDP), Virtual Network Computing (VNC), SSH, and SQL sessions launched from the application. You can also customize the external storage location to store the recorded sessions. The recorded sessions can be traced using any detail, such as the name of the connection, the user who launched the session, or the time at which the session was launched. If a privileged attack should occur, you can easily filter and review past session recordings to uncover the source, and adjust policies to prevent another attack. The recordings also aid in complying with regulatory standards like SOX, HIPAA, PCI DSS, and more.
Access Manager Plus includes a browser-based remote login mechanism for recording highly secure RDP, SSH, VNC, and SQL sessions without requiring third-party agents or plug-ins. Apart from session recordings, Access Manager Plus also offers archival of all activities.
Administrative users have the option to enable session recording by default for both specific and global sets of resources based on the session and session type. Recorded sessions can be archived in external directories, and users can set up additional storage locations for backup purposes.
Session recordings and logs can be accessed almost instantly upon the completion of every remote session. The session details include the name of the connection, its type, IP address, timestamp, and the user who operated the session. Access Manager Plus provides a playback option to replay recorded sessions, which provides support for security and regulatory audits. Session recordings can be played either directly on the Access Manager Plus console, or by using the Remote Spark player with RDPV, SSHV, VNCV, or TELNTEV video formats.
Access Manager Plus provides the option to split large SSH or Telnet session recording files into smaller fragments to ensure smooth and uninterrupted playback. By default, files that exceed a size limit of 10MB are split into 10MB files for storage and encryption, and are compiled together into a single file during playback.
If your organization is large and has a comprehensive range of resources for which session recording is enabled, the recorded sessions will naturally grow at a faster rate. You can purge recordings that are older than a specified number of days to keep disk space free, or store these recordings in the local drive so they can be moved elsewhere. You can delete a selective session or the chat history of a particular session. Users can also delete session recordings and logs from local storage as and when required.