Use Shell control box for remote access monitoring

General overview about the product
Shell Control Box (SCB) is an enterprise-level activity monitoring appliance that controls privileged access to remote IT systems, records activities in searchable, movie-like audit trails, and prevents malicious actions. SCB acts as an application level proxy gateway: it’s placed between the client and the server, and inspects the protocol traffic on the application level rejecting all traffic violating the protocol – an effective shield against attacks.

Fast deployment appliance
with extremely low TCO SCB is a turnkey network appliance – its implementation and configuration is fast and simple. Compared to competitors, there is no need to purchase
and install any additional software (e.g. Windows or MS SQL servers) or hardware to have SCB fully functioning. Full implementation typically takes only 3-5 days! After deployment, SCB operates in the background like a black box of an airplane – there is no need for any extra workload to operate it.

Independent, agentless device

Compared to agent-based solutions, there is no need for installing and updating agents on clients or servers, eliminating unnecessary maintenance and potential security issues. As a host independent gateway, SCB can control and monitor access to any type of systems
incl. all Windows/UNIX/Linux servers, mainframes, network devices, security devices, web-based applications or thin client environments, such as VMware View, Citrix XenApp or XenDesktop. SCB is an independent audit solution which perfectly separates the
monitoring system from the monitored system. It extracts information from the raw network traffic and reconstruct the original session between the endpoints. This prevents anyone from modifying the extracted audit information, as the administrators of the server have no access to the SCB.

Transparent,“router-like” operation 

As a proxy gateway, SCB can operate as a router in the network – invisible to the user and to the server. As a transparent solution, SCB requires minimal changes to the existing network. Also, since it operates on the network level, users can keep using the client applications they are familiar with, and do not have to change their work processes,
unlike jump host solutions. All in all, by supporting the most platforms and protocols on the market SCB can be implemented into extremely heterogeneous IT environments.

Granular access control

Since SCB has full access to the inspected traffic, security managers can granularly control who can access what and when on the servers. For example, they can selectively permit or deny access to protocol channels: enable terminal sessions in SSH, but disable port-forwarding and file transfers, or enable desktop access for RDP, but disable file
sharing. SCB supports the 4-eyes authorization principle. This is achieved by requiring an authorizer to allow administrators to access the server. The authorizer also has the possibility to monitor the work of the administrator in real-time with the option of instant connection termination.

Real-time prevention of malicious activities

SCB can monitor transferred content in real time and can send alerts or even block connections if a certain pattern is detected in the traffic. Predefined patterns can be a risky command in a text-oriented protocol or a suspicious application in a graphical connection. This command & application control policy can prevent malicious user activities as they
happen instead of just recording or reporting them.

Industry-leading session recording and auditing

SCB is the leading session auditing solution on the market offeringOptical Character Recognition (OCR) capabilities to log ALL data about privileged actions in graphical user interfaces. SCB can support and audit file transfers, as well. All data is recorded into searchable movie-like audit trails, making it easy to find relevant information
in forensics or troubleshooting situations. Auditors can do free-text searches in the content of text-based and graphical sessions. They can search for EVERY events (for example, mouse clicks, pressing Enter) and texts seen by the user.
SCB can store the audit trails in a highly confidential way – in an encrypted (with multiple keys if needed), time-stamped and digitally signed format, so not even the administrator of the SCB can tamper with the audit information. This extreme level of data security – together with the granular access rights management – makes SCB compliant with
the most rigorous local laws and national security certification s, as well.

  1. SCB is a PAM solution that help:
  • Control internal IT staff
  • Control third party provider
  • Control multiple protocols
  • Control SSH or Telnet or RDP or HTTP/s or VNC or ICA connection.
  • Sharing administrative password
  • Bypassing company policies
  • Hiding traces
  • Who did … on my server?
  • IT system troubleshooting and forensics
  • Monitoring and replay user sessions
  • Control remote access in detail
  • Prevent malicious action to server in real time
  • Privileged user fraud
  • ISO 27001, Basel III, MiFID II (Markets in Financial Instrument Directive), SOX-EuroSox, PCI DSS
  1. Most advanced technology:
  • Agentless, independent
  • Fast deployment
  • Nothing changed to existing system
  • 4 eyes authorization
  • Tamper proof auditing data

Contact us now for more information about the product.

MAS Technology Risk Management Guidelines, Shell Control Box , , , , , , , , , , , , , , , , , ,

Comments are closed.