• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Advertise With Us
  • Contact
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Cookie Policy (US)
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

Privileged Activity Monitoring Solutions

Updated on Feb 19, 2019 by Guest Authors

Like many new concepts, Privileged Activity Monitoring does not have a clear and perfect definition.

Many vendors have introduced new terminology for this concept in an attempt to be first to define the market with mixed results.

They are trying to use different naming conventions but similar acronyms: PUM, PAM, PAAM, etc. ‘Privileged User Monitoring’, ‘Privileged Activity Monitoring’, ‘Privileged Account Activity Management’ and all the variants of these expressions can be found on Google.

In fact, even major IT analyst firms do not have a generally accepted definition, which illustrates how new this concept is.

Perhaps the following definition can provide the most accurate description, according to which PAM tools aim to address the following requirements:

  1. Controlling the users’ access to privileged accounts (authenticating the users, restricting access based on time policies)
  2. Managing and controlling privileged sessions (for example, restricting administrative access to the servers)
  3. Monitoring use of shared and superuser accounts (for example, root or Administrator)
  4. Collecting audit information for forensics situations, compliance reports, and so on.

The Solutions

Privileged Activity Monitoring is still a niche market, with a small but growing number of IT security vendors in the field. Vendors approach this market from different directions and with various core competencies, such as password management, identity and access management, or network forensics.

Typically, they market their technologies as essential parts of larger solutions. However, all of these products are trying to meet the same challenge: control and monitor the access of privileged users to critical IT assets.

Since there are a number of different ways to approach the problem, let’s review the technologies they use.

Jump hosts (Hop gateways)

Jump hosts provide a web-based interface for accessing servers: the users access the jump host from their browser, and connect to the target server using a web-based client application that is running on the jump host. In the meantime, the jump host records the actions or logs of the application. As jump-hosts are non-transparent solutions, they make integration into an existing infrastructure difficult.

Also, the users must use the applications provided by the jump hosts, which may have compatibility issues with their server applications.

Auditing of graphical protocols (for example, Remote Desktop Protocol, or Citrix ICA) is rarely supported, and even if it is, it can become a performance issue. Transferring files between the server and the client can also be problematic, or not supported at all.

Network sniffers

Network sniffers are based on switch port mirroring; they receive the network traffic going to the servers and try to extract useful information from it. These solutions are easy to integrate and are non-invasive by nature.

They also have no effect on the way users do their work. However, all this also means that they are very limited in monitoring encrypted traffic, for example, SSH or RDP. Being passive solutions also limits the capabilities of these devices, so they cannot authenticate users, control protocol channels, or terminate unwanted connections to a server.

Agent-based solutions

Agent-based solutions install small applications (agents) on the monitored servers that collect information about the user activities. They can provide detailed monitoring capabilities, but have some general disadvantages:

  • Agents must be installed and maintained on each server.
  • Monitoring is limited to the platforms supported by the agent. Typically, they run only on the most common operating systems, leaving other systems and devices (for example, network devices) unmonitored.
  • They do not have any control over the connection used to access the server, thus cannot limit their use (for example, they cannot restrict file transfers or port-forwarding in SSH, or file redirection on Windows)
  • There is no separation between the monitoring system and the monitored system, so the agents can be manipulated by the monitored superusers. This is essentially the same problem as using the system logs of the monitored system to check the actions of the superuser, who can influence the system log

Proxy Gateways

Proxy gateways are the most mature solutions in terms of control granularity and auditing quality. Proxy-based technologies operate as network gateways: they are placed between the client and the server, and inspect the traffic on the application level. Since these proxies have full access to the inspected traffic, they have full control over protocol features.

For example, you can selectively permit or deny access to certain protocol-specific channels: you can enable terminal sessions in SSH, but disable port-forwarding and file transfers, or enable desktop access for the Remote Desktop Protocol, but disable file and printer sharing.

Disclosure: We might earn commission from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

DREO ChefMaker Combi Fryer Review – Experience Restaurant-Quality Meals

XGODY Sail1 Projector: A Comprehensive Review

Hoover SmartWash Pet Complete Automatic Carpet Cleaner: A Comprehensive Review

TORRAS COOLIFY 2S Neck Air Conditioner Review – A Revolution in Personal Comfort

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • DREO ChefMaker Combi Fryer Review – Experience Restaurant-Quality Meals
  • XGODY Sail1 Projector: A Comprehensive Review
  • Ryobi RY401180 40V HP Brushless 20″ Self-Propelled Mower Review: The Best-Selling Lawn Mower
  • Morus Zero Portable Clothes Dryer Review – A Compact Powerhouse in Laundry Technology

Copyright © 2023 · All Rights Reserved

Manage Cookie Consent
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional cookies Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}