Privileged activity monitoring

Shell Control Box is an activity monitoring appliance that controls privileged access to remote servers and networking devices and records activities in movie-like audit trails that can be searched and replayed.

SCB audit trail appliance
Unlimited "Power" of Privileged Users

At your company, users at different organizational levels have the possibility to directly access and manipulate sensitive information, such as CRM data, personnel records or credit card numbers. Beyond these privileged users, there are several superusers, as well, such as administrators, IT contractors or executives, who practically have unrestricted access to your information assets. System logging has limitations in tracing what exactly happened in your applications, moreover a skilled administrator (or attacker) can even manipulate logs to cover his tracks. As a result, it is very difficult to answer the question of “who did what?” and even more difficult to provide proof of any misuse.

The Shell Control Box (SCB) solves exactly these problems by introducing an independent auditor layer to oversee the working sessions of your privileged users. Your existing IT environment requires no change and your staff can do their day-to-day jobs without changing their working habits.

Control SSH, RDP, Telnet sessions

control user access

SCB acts as a central authentication gateway, enforcing strong authentication before users can access your sensitive IT assets. In addition, it is a policy enforcement point – only authorized personnel can access your systems. A turnkey solution to control all access over the commonly used protocols (SSH, RDP, HTTP, Citrix, VNC, Telnet).

Closer employee & partner monitoring

SCB controls and audits who has done what and when for example in your financial or SAP system. Aware of this, your employees will do their work with a greater sense of responsibility leading to a reduction in human errors. By having an easily interpreted, tamper-proof activity record, finger-pointing issues can also be eliminated.

User sessions are recorded in high quality, tamper- proof and confidential audit trails. The highest quality audit trails ensure that all the necessary information is accessible through ad-hoc forensic analyses or pre-defined reports.

When something wrong happens, everybody wants to know the real story. Analyzing thousands of text-based logs can be a nightmare and may require the participation of external experts. The ability to easily reconstruct user activity allows you to shorten investigation time and avoid unexpected cost.


SCB can monitor the traffic of network connections in real time, and execute various actions if a certain pattern (for example, a suspicious command, window or text) appears in the command line or on the screen. In case of detecting a suspicious user action, SCB can send you an e-mail alert or immediately terminate the connection.

The ability to report user activity and resource access has become part of the standard of due care for a wide variety of regulations across many industries (e.g. PCI-DSS, SOX, Basel II/III, ISO2700x). If a company does not comply, company leaders typically take responsibility.

What our customers say?

Telenor Group
“We found that BalaBit SCB is the only serious product on the market that is capable to securely monitor SSH sessions” - Øyvind Gielink, IT security Officer, Telenor Group.
Read the case study
Interoute Germany GmbH
“When I had a closer look at the functions and operation of the Shell Control Box, I was really impressed” - Christian Schreiner, Senior Business Solution Consultant, Interoute Germany GmbH.
Read the case study
Fiducia IT AG.
“BalaBit is the first company in IT business, which provided a solution in promised time without any obvious faults. I never expected that at all.” - Michael Fendt, System & Network Engineer, Fiducia IT AG.
Read the case study
“We were up and running in a very short time, which impressed both customers and auditors. We would not have been able to achieve this with any other product available on the market.” - Mr. Giray Devlet, Security Officer, Bitbrains.
Read the case study
Ankara University
“We recommend this product to every institution which is interested in an activity monitoring solution.” - Riza Ayhan, Manager of IT Department, Ankara University
Read the case study
Leekie Enterprises Inc.
“The most fascinating solution for auditing remote sessions” - Ngadiman Sentosa, IT Manager, Leekie Enterprises Inc.
Read the case study
“SCB provided us clean auditing and a secure, central point for access management.” - Dr. Christoph Biardzki, Head of IT Infrastructure, Server and Service Group, LRZ.
Read the case study
Citrix Systems
“BalaBit's Shell Control Box is a great complementary of Citrix's solutions to be able to use in a strongly regulated environment.” - Michael Dundorf, Product Manager of Citrix Systems.
TÜV Rheinland
“SCB 3.1 is a stop-gap solution for many companies using Citrix solutions” - Hans Jürgen Gutmann, CEO of TÜV Rheinland.