Shell Control Box is an activity monitoring appliance that controls privileged access to remote servers and networking devices and records activities in movie-like audit trails that can be searched and replayed.
At your company, users at different organizational levels should have the possibility to directly access and manipulate sensitive information, such as CRM data, personnel records or credit card numbers. Beyond these privileged users, there are several superusers, as well, such as administrators, IT contractors or executives, who practically have unrestricted access to your information assets. System logging has limitations in tracing what exactly happened in your applications, moreover a skilled administrator (or attacker) can even manipulate logs to cover his tracks. As a result, it is very difficult to answer the question of “who did what?” and even more difficult to provide proof of any misuse.
The Shell Control Box (SCB) solves exactly these problems by introducing an independent auditor layer to oversee the working sessions of your privileged users. Your existing IT environment requires no change and your staff can do their day-to-day jobs without changing their working habits.
SCB acts as a central authentication gateway, enforcing strong authentication before users can access your sensitive IT assets. In addition, it is a policy enforcement point – only authorized personnel can access your systems. A turnkey solution to control all access over the commonly used protocols (SSH, RDP, HTTP, Citrix, VNC, Telnet).
SCB controls and audits who has done what and when for example in your financial or SAP system. Aware of this, your employees will do their work with a greater sense of responsibility leading to a reduction in human errors. By having an easily interpreted, tamper-proof activity record, finger-pointing issues can also be eliminated.
User sessions are recorded in high quality, tamper- proof and confidential audit trails. The highest quality audit trails ensure that all the necessary information is accessible through ad-hoc forensic analyses or pre-defined reports.
When something wrong happens, everybody wants to know the real story. Analyzing thousands of text-based logs can be a nightmare and may require the participation of external experts. The ability to easily reconstruct user activity allows you to shorten investigation time and avoid unexpected cost.
You can monitor the traffic of SSH connections in real time, and execute various actions if a certain pattern (for example, a suspicious command or text) appears in the command line or on the screen. SCB can send you an e-mail alert or immediately terminate the connection before a risky user action comes into effect.
The ability to report user activity and resource access has become part of the standard of due care for a wide variety of regulations across many industries (e.g. PCI-DSS, SOX, Basel II/III, ISO2700x). If a company does not comply, company leaders typically take responsibility.
“We found that BalaBit SCB is the only serious product on the market that is capable to securely monitor SSH sessions.„
Øyvind Gielink, IT security Officer, Telenor Group
“BalaBit SCB allowed us to quickly and transparently mitigate several risks that were identified by an external audit.„
Giray Devlet, Security Officer, Bitbrains.