Privileged Session Management
What is Privileged Session Management?
Privileged session management allows security administrators to monitor, control, and audit work sessions of privileged users. The session manager provides proxy-access to all critical resources and therefore prevents direct access to those resources. A session manager is central to privileged access management (PAM) and is generally integrated with an access manager and a password manager.
Privileged session management allows you to identify suspicious or unauthorized actions and stop them in their tracks. What’s more, session management provides an unimpeachable audit trail that allows for compliance and incident investigation.
The key features of a privileged session management solution include:
- Real-time monitoring and alerting.
- Real-time control systems.
- RDP / SSH access control.
- Authorization workflow.
- Compliance and audit systems.
Real-time monitoring and alerting
Security teams and administrators need to be able to monitor privileged user sessions, be alerted when suspicious activity occurs, and immediately terminate any session if needed.
Real-time control systems
Of course, you need to go beyond manual monitoring and mitigation. A good privileged session management solution provides ample opportunity for security teams to define forbidden actions for each privileged user account. If a user attempts these high-risk actions, they are automatically blocked, the account in question can be disabled, and security teams are alerted.
RDP / SSH Access control
It’s imperative that access control is maintained through native RDP / SSH tools. This control is ideally structured around a series of rules defined according to specific criteria such as e-mail, log-in, IP address, authorized time frames, type of session (interactive, file transfer, clipboard etc.), protocol, etc.
A large organization has numerous requests for critical resources on a fairly constant basis. In order to ensure the orderly and expedient flow of these requests, it’s critical for a good session management solution to provide a simple and scalable workflow for both permanent and temporary access requests. Otherwise, the PAM system will become a bottle-neck and either slow down critical work or, even worse, be sidelined if the security team allows one-off exceptions to direct access to critical resources and applications.
Compliance and audit systems
A primary function of any session management system is to provide an unalterable and unimpeachable audit trail of every action taken. This is required both for incident response and to prove regulatory compliance. A good system will provide a DVR-like recording that captures everything on the screen from mouse movements to text commands. Ideally, the session manager will include an optical character recognition (OCR) system so that every action is completely searchable—as well as available to real-time systems such as security information and event management (SIEM).
Session Management: Why do you want it?
Privileged session management will allow security teams to:
- Monitor, audit, and control privileged sessions across on-premises and cloud-based applications and resources
- Prevent insider attacks, privileged account escalation, and third-party access problems.
- Prove regulatory compliance for HIPAA, GDPR, PCI, SOX, NYCRR 500, and other regulations.
- Provide an easy-to-utilize workflow that enables the easy provisioning and de-provisioning of privileged credentials while creating 100% accountability for those privileged users.
- Revolutionize incident response by enabling both automatic response and mitigation while at the same time providing a searchable database and video record that allows for a start-to-finish post-mortem analysis.
Session Management: See it in Action
Want to know more about privileged session management and how it interplays with an overall privileged account management (PAM) solution?
The WALLIX Bastion is a highly scalable enterprise-ready PAM solution that includes a world-class privileged session manager. It’s easy to deploy and maintain and is on duty at hundreds of locations around the world. It earned a five-star review from SC Magazine and was even named a “Best Buy”.