Privileged account activity management is one of several equivalent terms that refers to privileged access management. This particular variant emphasizes the fact that modern privileged access management systems often include session monitoring capability, to record what was done by users while connected to a shared, privileged account, rather than stopping at granting and revoking access to those accounts.
Hitachi ID Privileged Access Manager can be configured to record screen, keyboard and other data while users are connected to privileged accounts. The recording may be of just the window launched to connect a user to a privileged account or of the user's entire desktop.
The session recording system is tamper resistant -- if users attempt to interrupt recording, their login sessions to privileged accounts are disconnected and an alarm is raised.
Session recordings may be archived indefinitely and may serve a variety of purposes, ranging from knowledge sharing and training to forensic audits. Access to recorded sessions is secured through a combination of access control policies and workflow approvals, designed to safeguard user privacy.
Multiple mechanisms are included to launch and record sessions:
In the first four cases, any Windows-compatible client admin tool can be launched, with credentials injected. Screen capture, copy buffer, window metadata and keylog data are streamed from the system running the admin tool (which may be the user's PC or Windows RDS proxy) to the Privileged Access Manager server(s).
In the last case, only SSH and RDP are currently supported. Screen capture, copy buffer, window metadata and keylog data are streamed from the Linux/Tomcat proxy server to the Privileged Access Manager server(s).
The Privileged Access Manager session monitoring infrastructure is included at no extra cost. Both direct and proxied connections may be deployed. No software is deployed on the managed endpoint. There are no fees per proxy server.
In a typical deployment, admin tools including SSH clients, RDP clients, hypervisor admin consoles (e.g., vSphere), DBA tools (e.g., SQL Management Studio) and more may be launched and monitored. Video capture may be of the user's entire desktop or just the launched window.