CryptoAuditor – Don’t Let a Trusted Insider Become an Exploit

As the inventors of the SSH protocol, SSH Communications Security is focused on helping organizations of all types and sizes secure the path to their information assets. CryptoAuditor is a transparent and centralized real-time privileged access monitoring and auditing solution that enables organizations to control trusted insider data transfer activities on the fly and without any impact on remote administrators. CryptoAuditor is designed to reduce potential security threats from trusted insiders, meet current and emerging compliance mandates and reduce costs associated with implementation and administration with a minimally invasive approach designed to work with your existing network architecture.

 The Challenge

 Administrators are trusted insiders that often times have the broadest access to their organization’s critical business information. In fact, these trusted insiders often have more access to sensitive information assets than even C-level employees. While the vast majority of trusted insiders are just that – trusted – even one bad actor can cause considerable damage.

Because administrators have access to such a broad array of information and the means to transmit that information encrypted – essentially blinding security and forensics teams to their activities – the threat of a trusted insider becoming a stealth exploit is very real.

In addition, without administrator auditing and monitoring capabilities in place your organization may be out of compliance with both internal and external compliance mandates which may leave you open to fines and other liabilities.

The Solution

CryptoAuditor delivers a minimally invasive solution that turns the tables on potential insider threats while helping you meet or exceed compliance mandates. In the past, malicious users have been able to use encrypted connections to avoid any monitoring of their actions. With

CryptoAuditor, SSH, SFTP and RDP traffic can be unencrypted and recorded on the fly, all without impacting administrators.

Easily deployed across your distributed network as either a virtual

Return on Security Investment for CryptoAuditor Technology

Reduce the Risks from Trusted Insiders:

CryptoAuditor delivers immediate control and accountability over your privileged access users, closing a significant security gap in your information security architecture.

    • Extensive Yet Transparent Footprint: With its minimally invasive approach, CryptoAuditor captures a broad array of traffic across all

of your needed audit points while remaining transparent to administrators. 

  • Easily Deployed in Your Existing Architecture: CryptoAuditor is designed to easily deploy across your distributed architecture and makes management easy through a one-console approach.

or hardware appliance, your enterprise wide CryptoAuditor is easily managed through a centralized console allowing for all encrypted audit trails to be stored in a central location where activities can be replayed on demand or in real time. Additionally, all configuration and management can be handled from a single console, saving time while improving usability. As opposed to other standard forensics tools, IDS/DLP integration with ICAP protocol and content based alerts through SNMP/ syslog / email enables security teams to engage in pre-exploit security actions to ensure that crucial data is not accidentally or maliciously transported outside the enterprise.

Most first generation privileged access auditing solutions are gateway and software agent based making them difficult and expensive to deploy across needed audit points and creates a more intrusive and lengthy work flow for administrators. CryptoAuditor is designed to be minimally invasive and transparent to your administrators, vastly reducing deployment time and costs while causing no interruption to their day-to-day work.

Getting your environment under control

Challenge CryptoAuditor
How to meet regulations and security standards (e.g. PCI- Inspection, auditing and recording of encrypted connections
DSS) that require encryption of data in transit, but also full including all the user activities, key strokes, server outputs, data
auditing of privileged users’ activities and proving the individual transfers etc. Comprehensive reporting and enhanced security
accountability? functions (e.g. 4-eyes authorization)
No centralized overall visibility for encrypted remote system Centralized management, reporting and visibility for SSH, SFTP,
access, and users’ activities and data transfers RDP (HTTPS and FTPS planned for version 1.1)
No real time information, alerts, intrusion or data loss prevention Real time auditing and content based alerts, integration to SIEM
capabilities for encrypted connections (crucial especially for through SNMP. IPS/DLP integration through ICAP.
external connections)
No means to reliably audit the administrators (internal/ Network level inspection provides a true 3rd party for auditing
external) who have the biggest operational power over the IT and forensics. The end system administrators do not have admin
infrastructure and systems, and are able to modify the logs, access to CryptoAuditor system or its audit trails
shutdown the auditing services and erase or hide their actions
and activities?
Complex, time consuming and error prone processes for Real-time visibility and content based alerts. Centralized content
reacting to problems and security issues, troubleshooting and based audit trail search throughout the audited environment.
forensics, enabling audited access for external users etc.
Complex and time consuming deployment of auditing solutions Transparent deployment, auditing and control
and changes on user experience and current ways of working
Complex and cumbersome processes and tools increase CryptoAuditor enables auditing and control without adding
the amount of ‘grey’ IT, workarounds and other unofficial/ complexity
unauthorized means
Crypto Auditor , , , , , ,

Comments are closed.