Secret Server Feature: SESSION RECORDING
Record Privileged Session Access
Maintain a full audit trail for your critical systems by recording remote sessions with Secret Server.
What’s the challenge?
Knowing who logged into your system with an administrator credential is simply not good enough. You need a complete record of the user’s activity as well, either as a backstop to change control to ensure no unauthorized changes were made, or to meet compliance requirements.
Why it’s important
If someone adds a backdoor account or makes an unauthorized configuration change, you must be able to identify who accessed the system, review what they did and react accordingly.
How this feature solves it
Recording privileged sessions results in an end-to-end record of a user’s privileged access. Secret Server provides an audit trail from when the user checked out a credential, to what they did on the system, to when they logged off.
By locking down privileged credentials with per-use password changes and access approval as well as controlling access to the endpoint through Secret Server’s proxy, you ensure that Secret Server brokers all privileged sessions. Users are then required to go through Secret Server to access sensitive systems, such as Domain Controllers or highly regulated environments such as PCI or SOC-2 scoped networks.
Whether users are opening Remote Desktop, SSH Sessions, or custom tools such as SQL Management Studio, Secret Server can record and archive their sessions. Users are notified when their sessions will be recorded, and only the session window itself is recorded to alleviate privacy concerns of viewing the full desktop of the user.
TRY IT FREE FOR 30 DAYS. It’s fast to install and easy to use!
Start your free trial of Secret Server using the blue trial form.
Or, check out our Chart of Secret Server’s user-friendly features.
Session Recording provides video playback of RDP, SSH, and custom applications. SSH sessions also log all traffic for text based searching and analysis when combined with the SSH Proxy. Once a session is recorded it can be stored on disk and archived based on your company’s retention policy.
Session recording is built into Secret Server, so when you’re ready to turn it on be sure you have a video codec installed for performing the video processing. It’s also part of the session launcher that admins are already using to automatically open remote connections. As it doesn’t require complex configuration or additional deployments it’s fast and simple to roll out to meet audit controls or internal security mandates.
Many organizations choose to use Session Recording in conjunction with SIEM correlation or analytics to alert the SOC team on potential abuse or breaches. Secret Server can be configured to export events via syslog to enrich network logon information with the actual user. So when an alert is generated you know which recorded sessions are relevant.