Before going on holiday, CIOs – just like every C-level manager – think about ongoing tasks and who will deputize during their absence. But how can they be sure about what is really happening in the IT system they are responsible for, during their holiday? Since compliance regulations must be met, this is not the question of trusting colleagues, but ensuring the company’s continuous business operation. By using an activity monitoring tool like Shell Control Box, developed by BalaBit IT Security, CIOs have the possibility to answer the question of who did what across the entire network at anytime. CIOs can even watch all activities as a movie or search for incidents after their holiday and use the audit trails as tamper-proof evidence in forensics investigations.
Server administration must be audited in order to record all important actions on a server. However, for security reasons, servers are almost exclusively administered using encrypted protocols, making system administration difficult to control and monitor. To achieve reliable auditing, data collection has to be transparent and independent from the client and the server. Shell Control Box solves exactly these problems by transparently monitoring the encrypted channels used in administration and introducing a separate auditor layer to oversee system administrators. Shell Control Box can be integrated smoothly and quickly, even in a few days into the existing infrastructure.
“Most CIOs wish to have 24/7 control over the IT system they are responsible for. In many cases this is not only a wish, but they are obliged to meet regulations, such as the Sarbanes-Oxley Act (SOX), Basel II, Health Insurance Portability and Accountability Act (HIPAA), or the Payment Card Industry (PCI). Organizations that outsource IT operations, offer remote management or use thin client infrastructures can also benefit from auditing the actions of administrators, which complements logs and reports from other applications” said Zoltán Györkő, Business Development Director at BalaBit IT Security. “BalaBit’s Shell Control Box is useful for any organization operating business critical systems and needing to control and audit privileged access on these systems. The latest release of Shell Control Box 3 F3 enables control of encrypted Telnet, TN3270 and VNC connections just like their unencrypted versions and also enables integration with third party tools to query the collected data and manage the appliance. Shell Control Box 3 F3 is the first client- and server-independent solution which can transparently control and audit Citrix XenDesktop and Citrix XenApp™ deployments” Györkő added.
Key new features of Shell Control Box 3 F3:
Support for Citrix XenDesktop: Shell Control Box (SCB) 3 F3 enables control and audit of connections accessing XenDesktop 5.0 and 5.5 running on Windows 2008 R2. XenDesktop is a comprehensive desktop virtualization solution that includes all the capabilities required to deliver desktops, apps and data securely to every user in an enterprise on any device. Controlling the activities of several hundreds or thousands of virtual desktop users on a wide variety of end points is made easier with SCB.
TLS support for Telnet and VNC: SCB 3 F3 enables control and audit of Telnet (even TN3270) and VNC connections that are encrypted using TLS or SSL just like their unencrypted versions. In addition, SCB is now able to encrypt the insecure Telnet communication as well. It even supports encrypted mainframe communication without the need to change any configuration on the mainframe side.
Web services based API for remote SCB access and integration: The RPC API allows users to access, query, and manage SCB remotely. Accessing SCB with the RPC API enables integration with third-party applications, such as ticketing systems or SIEM, and flexible, dynamic search queries and management from external applications. With this new feature, SCB can better fit companies' existing IT and security ecosystem.
About BalaBit’s Shell Control Box (SCB)
Shell Control Box (SCB) is an activity monitoring appliance that controls access to remote servers, virtual desktops, or networking devices, and records the activities of the users accessing these systems. For example, it records as the system administrators configure your database servers through SSH, or your employees make transactions using thin-client applications in VMware View. The recorded audit trails can be replayed like a movie to review the events exactly as they occurred. The content of the audit trails is indexed to make searching for events and automatic reporting possible. SCB is especially suited to supervise privileged-user access as mandated by many compliance requirements, like PCI-DSS. It is an external, fully transparent device, completely independent from the clients and the servers. The server- and client applications do not have to be modified in order to use SCB; it integrates smoothly into the existing infrastructure. For more information, please visit Shell Control Box product page.