• Site Map
• Contact Us

• Home
• Our Company
  • Customers
  • Careers
  • Contact Us
  • RSS & Blogs
• Products
  • Identity Manager
  • Password Manager
  • Group Manager
  • Privileged Access Manager
  • Download evaluation
  • Savings Calculator
  • Releases
  • Suite 8.0 New Features
  • CCC
• Solutions
  • Security / GRC
  • Reducing IT support cost
  • Improve user service
• Support
  • Shipping products
  • Supported versions
  • Portal login
  • Report problem
• Services
  • Solution delivery
  • Methodology
  • Education
  • Upgrades
  • AdMax Program
  • Hitachi ID Systems-Managed IAM
  • Guarantee
• News &  Events
  • Press Releases
  • Press Coverage
  • Archived Webinars
• Resource Center
  • White Papers
  • Independent Reviews
  • Brochures
  • Slide Decks
  • Case Studies
  • Regulatory Compliance
  • Certifications
  • Community
• Partners
  • Technology Partners
  • Channel Partners
  • System Integrators and Consultants
  • Managed Service Providers
  • Public Sector
  • Partner Portal
  • Online partner application

Features Record administrator logins

Record administrator logins - Hitachi ID Privileged Access Manager

Session recording overview

Hitachi ID Privileged Access Manager can be configured to record screen, keyboard and other data while users are connected to privileged accounts. The recording may be of just the window launched to connect a user to a privileged account or of the user's entire desktop.

The session recording system is tamper resistant -- if users attempt to interrupt recording, their login sessions to privileged accounts are disconnected and an alarm is raised.

Session recordings may be archived indefinitely and may serve a variety of purposes, ranging from knowledge sharing and training to forensic audits. Access to recorded sessions is secured through a combination of access control policies and workflow approvals, designed to safeguard user privacy.

The Privileged Access Manager session monitoring infrastructure is included at no extra cost. It works using ActiveX components and does not require software to be permanently installed on user PCs. There is no footprint on managed systems and no proxy servers are used.

Session monitoring is compatible with all administration programs and protocols, as it instruments the administrator's PC, rather than network traffic.

Monitoring technology

ActiveX Recording Architecture

Session monitoring in Privileged Access Manager works by launching an ActiveX component when a login session is established to a privileged account.

The ActiveX component can capture:

1. Either the login session that was launched or the user's entire desktop.
2. Video from the user's screen.
3. Keystrokes from the user's keyboard.
4. Snapshots from the user's web cam.
5. Contents of the user's copy buffer.
6. Meta data about processes running on the user's PC, including process name and ID, window title, etc.
7. Meta data about user interface elements on the user's screen, such as text prompts and the content of input fields.

Using an ActiveX component means that the installation footprint of Privileged Access Manager session monitoring is minimized -- there is no software to install on user PCs and no proxy server for users to connect through.

Indefinite Retention

Session recordings may be archived indefinitely and may serve a variety of purposes, ranging from knowledge sharing and training to forensic audits of administrator actions. Access to recorded sessions is secured through a combination of access control rules and workflow processes, to protect user privacy.

Tamper Proofing

The session recording system is tamper resistant -- if users attempt to interrupt recording, their login sessions to privileged accounts are disconnected and an alarm is raised.

Privileged Access Manager can be configured to make a recording of a user's PC for the duration of a login session to a privileged account. This includes either video capture of either the full screen or just the login window, key logging, recording of the contents of the copy buffer and even snapshots from the user's webcam.

Full screen and web cam capture

Capturing the full screen gives context for administrator actions. For example, if a user downloads a file from a privileged account to his PC, a recording of just his login window will not show what happens next, but a full screen recording may show the file being copied to a USB drive or uploaded to a web site.

Capturing web cam snapshots reliably links the session to the user in question. In the event of a forensic audit, if the user claims that actions recorded and associated with his profile were performed by someone else, perhaps after stealing his password, there will be clear evidence that it was the user in question who performed.

Network and storage impact

The session monitor ActiveX component can generate up to about 10 kBytes/second of data, most of which is video. On a modern PC, it will consume no more than 2% to 3% of the user's CPU and only a very small amount of memory.

A single Privileged Access Manager server can collect about 100 concurrent session recording data streams. This means that a load balanced arrangement of 3 Privileged Access Manager nodes can capture sessions from 300 IT workers simultaneously, and probably more than 500 users total, 24x7.

The data volume from a single administrator session, assuming a constant stream of data for 8 hours/day, 220 days/year, amounts to about 60GB/year. 100 concurrently active administrators whose every action is recorded will generate about 6TB/year of data.

© Hitachi ID Systems, Inc. . All rights reserved.