Gartner, Market Guide for Privileged Access Management, Felix Gaehtgens, Anmol Singh, 27 May 2015
SCB acts as an application level proxy gateway. The transferred connections and traffic are inspected on the application level (Layer 7 in the OSI model), rejecting all traffic violating the protocol – an effective shield against attacks. This high-level understanding of the traffic gives control over the various features of the protocols, like authentication and encryption methods used in SSH connections, or channels permitted in RDP traffic.
SCB can enforce the use of two-factor authentication methods and also verify the public key of the users. SCB has a built-in capability to verify the SSH host keys and certificates identifying the servers, preventing man-in-the-middle attacks and other threats. This authentication is completely independent from the authentication that the user performs on the remote server. To avoid accidental misconfiguration and other human errors, SCB supports the 4-eyes authorization principle as well.
SCB operates transparently and extracts information directly from the communication of the client and the server, providing reliable access data. SCB records user sessions into searchable audit trails, making it easy to find relevant information in forensics or troubleshooting situations. Audit trails can be browsed online, or followed real-time to monitor the activities of the privileged users. The multiplatform Audit Player application replays the recorded sessions just like a movie – all actions of the administrators can be seen exactly as they appeared on their monitors. The Audit Player enables fast forwarding during replays, searching for events (for example, mouse clicks, pressing Enter) and text seen by the user.
Joe's One Day (Incident management)
Joe's One Day 2. - Joe at an outsourcing company (Real-time detection & prevention)
SCB can monitor traffic in real time, and execute various actions if a certain, predefined pattern appears in the command line or on the screen. In the case of detecting a suspicious user action (e.g. a destructive command or an unwanted windows application), SCB can perform the following measures:
SCB is configured from a clean, intuitive web interface. The roles of each SCB administrator can be clearly defined using a set of privileges – management of SCB as a host, management of connections to servers, viewing audit trails and reports, and so on.
To ensure integration into your network infrastructure is seamless, SCB is available both as a physical or virtual appliance and automatically handles transparent and nontransparent connections. It can be seamlessly integrated with password management, ticketing systems, SIEM and system management tools. To simplify integration with firewalled environments, SCB supports both source and destination address translation (SNAT and DNAT).
The Forrester Wave, Privileged Identity Management, Q3 2016, by Andras Cser