All eyes on us: 4-Eyes Session Monitoring

IT security has never been so important, as hacks and data breaches are at an all-time high (and climbing). When it comes to the security of your data and infrastructure, visibility and control are paramount. You can put in place all manner of corporate policies and password rules, but oversight of administrator actions and the ability to review past activity are paramount for both peace of mind and compliance with stringent cybersecurity regulations.

What is Session Monitoring?

Have you ever wondered what exactly people have done when working hard on your IT infrastructure? Have you been suspicious that someone changed something but won’t fess up? Have you ever wished you could see exactly what your external service provider has implemented?

That is precisely what session monitoring is for. Session management provides complete oversight of all privileged session activity across all your critical assets, from command line entries to mouse clicks. A Session Management tool worth its salt offers complete, video-like recordings of all sessions for automatic monitoring and after-the-fact auditing.

                        Session Monitoring makes visible who did what, when, and where.

Session Monitoring with 4-Eyes Mode

In controlling privileged access, many solutions lean heavily on password vaults, when in fact, session management is the more powerful and useful technology.

A vault just stores and rotates passwords. Session monitoring allows for in-depth analysis of who does what and when, as it happens (in real-time) or after the fact. The session is the core of what we do. WALLIX was founded on a session-focused background, making for a more robust, stronger approach to PAM.

Session management enables valuable capabilities, including:

  • Real-Time Monitoring: Track all privileged sessions in real-time
  • Automated response:
    • Block commands to prevent certain actions from being taken if ever attempted
    • Terminate a session based on activity triggers
    • Alert an admin if actions seem suspicious
  • Audit Logs: Unalterable logs of activity to audit — (activity: typed, clicked, any)
  • Session Replay: Watch an entire session video to see every action a user took, whether typed or clicked
  • Proof of Compliance: Respond to a wide array of cybersecurity regulation requirements

What’s more, WALLIX 4-Eyes Mode goes beyond standard session monitoring to the next level: live-monitoring of ongoing sessions. When you need a two-handed (or four-eyed) approach to system modification or just need to oversee a remote employee or subcontractor’s actions, 4-Eyes Mode allows you to tune in live to an ongoing session. Watch every action your team member takes, or terminate their session if the activity seems ill-intentioned.

  • Watch ongoing sessions in real-time
  • Oversee remote connections
  • Terminate suspicious connections
  • Modify connection privileges with immediate effect

Regain full visibility over users’ activity in real-time with 4-Eyes Mode – the session monitoring and audit tool in the WALLIX Bastion.

Use Case for 4-Eyes & Session Monitoring: A Missing File Mystery

Say a system administrator logs into a server and, when looking for a file, finds that it’s missing. Why? Where did it go? How did it get moved or deleted, and by who? The admin can dig into the details to solve the mystery of the missing file, and with 4-Eyes mode, can stop malicious activity in its tracks.

Follow the audit trail

In the Audit tab, the admin can see precisely who was active in the server in question and watch the automatically-recorded session to see what this employee did, thus following the thread to find the missing file.

Mystery solved: our super admin now knows that the file was deleted by his employee, Joe, a few days ago. Whether it was done with malicious intentions or was an innocent mistake remains to be seen, but the first step to recovering after an IT breach – figuring out who did what and when – is resolved.


With complete video recording of session activity, down to command line and mouse clicks, it’s easy to see where things went wrong or simply to review team members’ actions for training or audit purposes.

Enter, 4-Eyes Mode

Our super-admin doesn’t stop there. He has a sneaking suspicion that the deleted file was no accident, so he decides to use his super-admin powers to log in as Joe to dig a little deeper. Through 4-Eyes Mode, he notices that Joe is currently connected to the server, and tunes in to watch his session as it happens.


Sure enough, the super admin sees Joe access another critical file, and move to delete it. Right away, he puts a stop to Joe’s session to save the critical file and prevent any further damage from being incurred.

Next-Level Session Monitoring with 4-Eyes Mode

True, comprehensive Privileged Access Management controls not just login credentials, but actions taken in critical targets as well. Session Monitoring is a crucial aspect of preventing malicious activity from occurring, not to mention proving compliance with access control criteria of IT regulations. 4-Eyes Mode takes session control to the next level. Not only can you follow the trail of past activity and review recorded privileged sessions to ensure you know just who did what in your infrastructure, and when, but you can also watch live connections to keep an eye on current activity.


Interested to learn more about the WALLIX Bastion PAM solution to see how Session Management with 4-Eyes mode can take your privileged user oversight to new heights? Get in touch.