One Identity Safeguard for Privileged Sessions

With One Identity Safeguard for Privileged Sessions, you can control, monitor and record privileged sessions of administrators, remote vendors and other high-risk users. Content of the recorded sessions is indexed to simplify searching for events and reporting so you can more easily meet your auditing and compliance requirements. In addition, Safeguard for Privileged Sessions serves as a proxy, and inspects the protocol traffic on the application level and can reject any traffic violating the protocol – thus making it an effective shield against attacks. In transparent mode, only minimal network changes are required and users do not have to change their workflow or client applications, which makes implementation a breeze. However, a workflow can be configured so you can authenticate users, limit access to specific resources, authorize and view active connections, and receive an alert if connections exceed preset time limits. Safeguard can also monitor sessions in real time and execute various actions: if a risky command or application appears, it can send you an alert or immediately terminate the session. Features: Full session audit, recording and replay All session activity – down to the keystroke, mouse movement, and windows viewed – is captured, indexed and stored in tamper-proof audit trails that can be viewed like a video and searched like a database. Security teams can search for specific events across sessions and play the recording starting from the exact location the search criteria occurred. Audit trails are encrypted, time-stamped and cryptographically signed for forensics and compliance purposes. Real-time alerting and blocking Monitors traffic in real time, and executes various actions if a certain pattern appears in the command line or on screen. Predefined patterns could be a risky command or text in a text-oriented protocol or a suspicious window title in a graphical connection. In the case of detecting a suspicious user action, Safeguard can log the event, send an alert or immediately terminate the session. Two modes of operations Choose which mode suits your needs.

• Workflow Engine – A workflow engine that supports time restrictions, multiple approvers, reviewers, emergency access, and the expiration of the policy. It also includes the ability to input reason codes and/or integrate directly with ticketing systems. A password request can be automatically approved or require any level of approvals.
• Instant On - Deploy in transparent mode so that no changes to user workflows are necessary. It can act as a proxy gateway operating like a router in the network – invisible to the user and to the server. Admins can continue to use familiar client applications and can access target servers and systems without any disruption to their daily routine.

Proxy access Since users have no direct access to resources, the enterprise is protected against unauthorized and unfettered access to sensitive data and systems. Safeguard for Privileged Sessions can proxy and record to many target resources, including UNIX/Linux, Windows, network devices, firewalls, routers and more. Full-text Search With it's Optical Character Recognition (OCR) engine, auditors can do full-text searches for both commands and any text seen by the user in the content of the sessions. It can even list file operations and extract transferred files for review. The ability to search session content and metadata accelerates and simplifies forensics and IT troubleshooting.