BalaBit IT Security announced a new version of its Shell Control Box (SCB) activity monitoring appliance.
The latest version of SCB makes forensics investigations easier, faster and more cost effective by extending the list of auditable protocols – SSH, RDP, Citrix ICA, VNC, Telnet – with HTTP/HTTPS. HTTP, originally created for content transport, has been becoming increasingly popular as a GUI protocol for various tools such as management network devices, business applications and SaaS/virtual infrastructures.
Complying with data security regulations becomes smoother by extending real-time user activity monitoring to windows environments by controlling the applications that users run. To protect customers’ existing network investments, the new SCB version is able to authenticate and control network operators working with shared accounts in – still widely adopted – legacy network environments.
SCB 3 F5 is an independent and transparent device that does not require any change to the network or privileged users’ everyday work, and can now be integrated with all popular password management system.
Key new features:
Improved prevention of malicious actions: Real-time alerting in graphical sessions
SCB 3 F5 extends the previous version’s capabilities – monitoring, alerting and blocking the content in SSH traffic – to RDP and VNC protocols, as well. Now SCB can monitor the traffic of these graphical connections in real time, and send an e-mail alert and/or terminate the connection if a user tries to run an unwanted application.
Improved audit of privileged web activities: Review of HTTP pages
SCB can now render visited webpages like a web browser. Screenshots tracking the monitored user’s actions can be downloaded, in which. When replaying the HTTP session, the audit trail can be used as a web-browser to navigate among user-visited pages; to display the web pages by scrolling its content, and to click on the links; and even to display the forms with the values that were filled in by the user.
Integration with Password Manager tools
SCB 3 F5 provides a generic plugin framework that provides integration with all widely adopted password management systems. The integration enables user credentials to be completely separated from the credentials used to access servers. With this development, companies can future-proof their existing password management investments.
Monitor access to legacy network devices: New Telnet features
SCB 3 F5 offers several new features to reliably control and audit Telnet connections even if they are SSL/TLS-encrypted. For example, SCB can be configured to require gateway authentication from network operators in Telnet connections. SCB’s credential store can store user credentials and use them to login to the target device, without the user having access to the credentials. SCB can also monitor the Telnet traffic in real-time, and can send an alert or block the connection if a suspicious command or text appears in the command line or on the screen.