Ekran System v Program Overview

Similar documents
Ekran System v Program Overview

Ekran System v.5.1 Help File

ObserveIT Release Notes

Secret Server Demo Outline

Ekran System v.6.3 Help File

ObserveIT 7.1 Release Notes

Security from the Inside

Ekran System v.5.2 Deployment Guide

WHAT S NEW IN OBSERVEIT 5.8 ObserveIT 5.8 delivers a range of enhancements aimed at more efficiently supporting the monitoring of business users.

WHAT S NEW WITH OBSERVEIT: INSIDER THREAT MANAGEMENT VERSION 6.5

User Guide. Version R94. English

User Guide. Version R92. English

PCI DSS Compliance. White Paper Parallels Remote Application Server

HPE Intelligent Management Center

Ekran System v.6.0 Privileged User Accounts and Sessions (PASM)

USER GUIDE Summer 2015

Ekran System v.5.5 Deployment Guide

Quick Start Guide. Kaseya 2009

NETWRIX GROUP POLICY CHANGE REPORTER

User Guide. Version R94. English

User Guide. Version R95. English

Ekran System v.6.1 Troubleshooting

Netwrix Auditor for SQL Server

HIPAA Regulatory Compliance

Zemana Endpoint Security Administration Guide. Version

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

WINDOWS HOST GUIDE. Remote Support & Management PC Mac Tablet Smartphone Embedded device. WiseMo Host module on your PC or Server

XProtect Go 2016 R2. Specification Sheet

GDPR Controls and Netwrix Auditor Mapping

Understand & Prepare for EU GDPR Requirements

Cyber security tips and self-assessment for business

Upgrading an ObserveIT One-Click Installation

NETWRIX PASSWORD EXPIRATION NOTIFIER

NETWRIX ACTIVE DIRECTORY CHANGE REPORTER

Netwrix Auditor for Active Directory

OBSERVEIT TECHNICAL SOLUTION OVERVIEW

Sync User Guide. Powered by Axient Anchor

SOLUTION OVERVIEW. Enterprise-grade security management solution providing visibility, management and reporting across all OSes.

Kaseya 2. Quick Start Guide. for VSA 6.1

XProtect Essential 2017 R1 Specification Sheet. Specification Sheet

GRS Enterprise Synchronization Tool

22 August 2018 NETOP REMOTE CONTROL PORTAL USER S GUIDE

YOUR IT REMOTE MANAGEMENT & SUPPORT SOLUTION. Goverlan REACH vs TeamViewer

Online documentation: Novell Documentation Web site. ( documentation/securelogin70/index.html)

User Guide. Version R95. English

Workstation Configuration Guide

DSS User Guide. End User Guide. - i -

Detector Service Delivery System (SDS) Version 3.0

Verity Central Quick Reference Manual. Document ID A04

SOLUTION OVERVIEW. Manage your network security for up to 250 seats from a single cloud-based console

Performing an ObserveIT Upgrade Using the Interactive Installer

ObserveIT Technology Overview

Privileged Remote Access 18.3 Access Console User Guide

Workstation Configuration

10.2 Running process checklist Contacting TEMASOFT Support... 30

ForeScout Extended Module for Tenable Vulnerability Management

WebEx Fundamentals User Guide

Agent and Agent Browser. Updated Friday, January 26, Autotask Corporation

Workstation Configuration

Comodo Next Generation Security Information and Event Management Software Version 1.4

Kaseya 2. User Guide. Version 2.1

Workstation Configuration

Acronis Data Cloud plugin for ConnectWise Automate

SECURITY & PRIVACY DOCUMENTATION

Anchor User Guide. Presented by: Last Revised: August 07, 2017

Entrust. Discovery 2.4. Administration Guide. Document issue: 3.0. Date of issue: June 2014

ManageEngine EventLog Analyzer Quick Start Guide

Deposit Wizard TellerScan Installation Guide

Secure Access & SWIFT Customer Security Controls Framework

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

USER MANUAL. MageMob Admin TABLE OF CONTENTS. Version: 1.0.0

User Guide. Version R95. English

MOVE BEYOND GPO FOR NEXT-LEVEL PRIVILEGE MANAGEMENT

AUTHORIZED DOCUMENTATION

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Milestone XProtect Basis+

Remote Support 19.1 Web Rep Console

Cloud Security Whitepaper

Nuance Management Center

Migration from Citrix. White Paper Parallels Remote Application Server

VMware vcloud Air SOC 1 Control Matrix

Welcome to PDQ Deploy

Business Insights Dashboard

Netwrix Auditor. Administration Guide. Version: /31/2017

Goliath Application Availability Monitor. Technology Overview

Veritas System Recovery 16 Management Solution Administrator's Guide

OBSERVEIT TECHNICAL SOLUTION OVERVIEW


HIPAA Compliance Module. Using the HIPAA Module without Inspector Instructions. User Guide RapidFire Tools, Inc. All rights reserved.

WhatsConfigured v3.1 User Guide

Oracle Adaptive Risk Manager Online Dashboard and Reporting Guide

Privileged Access Access Console User Guide 18.1

TechNet Home > Products & Technologies > Desktop Products & Technologies > Microsoft Office > SharePoint Portal Server 2003 > Deploy

Central Administration Console Installation and User's Guide

Welcome to PDQ Deploy

Netwrix Auditor Competitive Checklist

Guide for network administrators Systems Management. Guide for network Administrators. Version: Author: Panda Security

Risk Intelligence. Quick Start Guide - Data Breach Risk

Privileged Remote Access Access Console User Guide 18.3

Nuance Management Center

Transcription:

Ekran System v. 5.1 Program Overview

Contents About the Program Ekran Server & Management Tool Database Management Licensing Client Installation Monitoring Parameters Client Protection Advanced User Authentication Two-Factor Authentication Administrator s Approval on Login Notifying Users about Being Monitored User Blocking Viewing Sessions Alerts USB Monitoring Dashboards Interactive Monitoring Reports Page 2 of 102

About the Program Page 3 of 102

About the Program Smart user activity video recording system. Privileged Identity Management Employee Work Control Cost Saver on the Market Ekran System allows creating indexed video records of all concurrent Windows, Citrix, and Linux terminal sessions on your servers and record remote and local sessions on workstations. Are you interested in your company's security? Do you want to know what your employees do during their working hours? Do you want to control sensitive information use? Ekran System provides all popular segment features while offering much more beneficial pricing than ObserveIT or Citrix Smart Auditor. Page 4 of 102

About the Program Ekran System is an affordable user monitoring solution for enhanced cyber security. You can record all terminal, remote, and local user sessions and alert security personnel to suspicious events. Ekran System Components Ekran Management Tool Ekran Server Ekran Clients Windows/Linux/Citrix GUI part used for system management & session viewing Main component used for storing data obtained from Client computers Components installed on the target computer to monitor user activity and send it to the Server Page 5 of 102

Ekran System Structure Page 6 of 102

High Availability Mode (Enterprise Edition) The High Availability mode provides a high level of operational performance and balances the load of sent data, minimizing downtime and service interruptions. Page 7 of 102

Ekran Server & Management Tool User management, permissions, Active Directory Integration, Management Tool settings Page 8 of 102

Management Tool You can manage the whole system via the Management Tool in your browser. Page 9 of 102

User Management & Permissions Create two types of users: Internal or Active Directory (Windows domain users/groups). Use groups for easier user management. Define permissions for users. Page 10 of 102

Active Directory Integration Integration with Active Directory allows you to establish the domain trusts with multiple domains. Page 11 of 102

Active Directory Integration Integration with Active Directory allows you to do the following: Add users & user groups from trusted domains to allow them to access the Management Tool and Client machines with enabled Forced User Authentication. Create alerts for domain groups to quickly respond to suspicious user activity on the Client computers belonging to trusted domains. Page 12 of 102

Management Tool Log Audit all user activities performed in the Management Tool via the Management Tool Log with the detailed information on all changes. Page 13 of 102

Database Management Page 14 of 102

Database Configuration Page 15 of 102

Database Cleanup One-Time Cleanup Scheduled Cleanup Page 16 of 102

Database Archiving (Enterprise Edition) Archive and delete the old monitored data from the Database to not run out of space on the Server computer and to save the monitored data in a secure storage. Page 17 of 102

Database Archiving (Enterprise Edition) You can view the archived sessions from your archived database in the Session Viewer and perform searches in them in a usual way at any time. Page 18 of 102

SIEM Integration Ekran System integrates with your SIEM system using log files of the monitored events. Page 19 of 102

Advanced SIEM Integration Create a CEF log file to get access to the Ekran System alert events and monitored data via the integral ArcSight or Splunk interface. Page 20 of 102

Licensing Types of Licenses & Serial Key Management Page 21 of 102

Licensing Ekran System is licensed by the number of Ekran Clients, end-points to be monitored. All management components, including Server and Management Tool, are provided for free with any deployment. Types of Ekran Client licenses: Windows workstation license Windows server license Linux machine license Page 22 of 102

Serial Key & License Management Request a trial serial key for 30 days to deploy the system and review its basic features with a restriction of 5 workstation licenses, 1 server license, and 3 Linux licenses. To work with Ekran System for a longer period, license it by activating the serial keys on the computer with the installed Ekran Server. You can use either permanent keys, or subscription keys. Page 23 of 102

Enterprise Key Activate Enterprise serial key to get exclusive access to a set of additional, valuable features of Enterprise Edition of Ekran System. Page 24 of 102

Client Installation Page 25 of 102

Installing Ekran Clients Convenient Ekran Client installation: Local: o Linux Clients (via tar.gz file) o Windows Clients using installation file with default parameters using generated package with customized parameters Remote (for Windows Clients) Remote Installation Select computers to install Clients on Customize installation parameters The Clients are successfully installed! Page 26 of 102

Target Computers for Remote Installation Scan your local computer network Define a range of IP addresses to search the target computers Simply enter target computer names Page 27 of 102

Monitoring Parameters Page 28 of 102

Client Monitoring The data the Client sends is stored in the form of deltas (differences between a newer screen capture and an older one) to minimize storage space. Recorded information is saved in an easy-to-review and easy-tosearch form: The name of the launched application The title of the active window Entered URL Text entered via user s keyboard (keystrokes) Clipboard text data (copied and pasted text) Commands executed in Linux (both from user input & by running the scripts) The information on plugged-in USB devices Page 29 of 102

Screen Capturing Ekran Client screen capture creation is event-triggered by default. You can configure the Client to capture active window only. Page 30 of 102

URL Monitoring Ekran Client monitors URLs entered in web browsers. You can configure the Client to monitor full URLs or domains of top and second level only. Page 31 of 102

Keystroke Logging Ekran Client captures all text entered through the user s keyboard and adjusts it for better comprehension. Use a special Viewing text data permission to limit user access to this sensitive data. Page 32 of 102

Keyword-Triggered Monitoring You can configure Ekran Client to start monitoring and creating screen captures only after detecting the defined keywords entered by the user. Page 33 of 102

Clipboard Monitoring Ekran Client captures all text data, which has been copied or cut and then pasted into documents, files, applications, browser address line, etc. on the Windows Client machines. Page 34 of 102

Application Filtering Ekran System allows you to define the filtering rules for websites/applications to adjust the amount of monitored data and exclude the areas where private information can be observed to comply with corporate policy rules and country regulations related to user privacy. Page 35 of 102

Privileged User Monitoring Monitor the activity of users logging in under privileged user accounts. Page 36 of 102

Client Group Settings You can define the settings for a Client Group and then apply them to the Client to save your time. Page 37 of 102

Client Protection Page 38 of 102

Protected Mode Ekran System allows you to protect the Client and its data by enabling the Protected Mode. The usage of Protected Mode has the following advantages: Prevention of Client uninstallation. Prevention of stopping Client processes. Prevention of editing Client system files and logs. Prevention of editing Client settings in the registry of the Client computer. Prevention of modification, removal, and renaming of Client files. Page 39 of 102

Client Uninstallation Users, including privileged ones, are unable to stop the Client working on their machines, as well as remove the Client locally without the Administrator assistance. Only Ekran System Administrator knows the uninstallation key defined prior to Client installation and necessary for local removal. Page 40 of 102

Advanced User Authentication Page 41 of 102

Advanced User Authentication Advanced user authentication allows you to achieve two goals: Monitor users activity on the computer when multiple users use the same credentials to log in. Improve your security by limiting the access to the specific users who know secondary authentication credentials. Page 42 of 102

Advanced User Authentication (Windows Clients) The Ekran System Client requests entering credentials before allowing a user to work with Windows Server. Page 43 of 102

One-Time Password (Windows Clients) Enterprise Edition Ekran System provides the administrator with a unique ability to generate a one-time password for a user to login to the Client computer with Windows Server OS. Page 44 of 102

One-Time Password (Windows Clients) The user can request a one-time password directly from the secondary authentication window displayed on login to Windows Server. Page 45 of 102

Advanced User Authentication (Linux Clients) The Ekran System Client requests entering credentials before allowing a user to work with the terminal on Linux Client machines. Page 46 of 102

Two-Factor Authentication Page 47 of 102

Two-Factor Authentication Two-factor authentication allows you to enable an extra layer of security to better protect the critical endpoints in your network. Page 48 of 102

Two-Factor Authentication Add users who will be allowed to log into the Windows Server Client machines using time-based one-time passwords (TOTP) generated in the TOTP mobile applications. Page 49 of 102

Two-Factor Authentication The Ekran System Client prompts the user to enter a TOTP to start working with the system. Page 50 of 102

Administrator s Approval on Login Page 51 of 102

Administrator s Approval on Login Administrator s approval on login allows you to better protect the Client machines in your network from undesired access. Page 52 of 102

Administrator s Approval on Login Add users whose access to the Client machines needs to be restricted. Page 53 of 102

Administrator s Approval on Login When the restricted user logs into the Client machine, the Client blocks the desktop and sends the user s access request to the administrator. Page 54 of 102

Administrator s Approval on Login After the administrator confirms the user s access request, the user is allowed to start working with the system. Page 55 of 102

Notifying Users about Being Monitored Page 56 of 102

Notifying Users about Being Monitored To follow the security policy of your company or your country regulations, you can: Enable displaying an additional message on user logging in to notify the user that his or her work is being monitored. Display a Client tray icon with the notification about monitoring to the user. Page 57 of 102

Notifying Users about Being Monitored Require the users to enter the comments to the additional message displayed on their login to the Client computers. Page 58 of 102

Notifying Users about Being Monitored Required the user to enter a valid ticket number created in the integrated ticketing system to start working with the Client machine. Page 59 of 102

User Blocking Page 60 of 102

User Blocking Overview Ekran System allows you to block users performing potentially harmful and forbidden actions on computers with Windows Server operating system with Ekran Clients installed on them. Users can be blocked from both Live and Finished sessions. Page 61 of 102

User Blocking Overview The user desktop is blocked, and after the defined time interval the user is forcedly logged out. If the blocked user tries to log in to the Client computer, the system does not allow him/her to do so. Page 62 of 102

Viewing Blocked User List The Blocked User List contains information on who, where, and when was blocked. To allow the users access to the Client Computer, remove them from the list. Page 63 of 102

Viewing Sessions Page 64 of 102

Searching Data in Session List Ekran Management Tool allows searching in the recorded sessions. Search is performed by different parameters: For Windows Clients: active window title, application name, user name, Client name, visited URL, entered keystrokes, clipboard text data, user s comment to the additional message, ticket number, USB device information. For Linux Clients: commands and command parameters. Page 65 of 102

Viewing Live Session Ekran System allows you to perform monitoring of user activity in real time. You can connect to a Live session and observe the activities a user is performing at the given moment. Page 66 of 102

Magnifying Glass You can enlarge certain parts of the video in the Session Player by using the Magnifying Glass. Page 67 of 102

Forensic Export With Ekran System Forensic Export, you can: Export a monitored session or its part to a securely encrypted file. Investigate the recorded user activity in the in-built offline session viewer. Present evidence in forensic format to the third parties. Page 68 of 102

Alerts Page 69 of 102

Setting Up Alerts Ekran System allows you to enable quick incident response using alert notifications: Set up alerts about suspicious user activity on the Client computers. Specify individuals to receive instant alert notifications via email or in the Tray Notifications application. Page 70 of 102

Default Alerts Ekran System contains a set of default alerts prepared by the vendor security experts. They will alarm you about data leakage, potentially fraudulent, illicit, or work-unrelated activities. Page 71 of 102

Alerts in Session Player Monitored data associated with alert events is highlighted in different colors in the Session Player according to the alert risk level. Page 72 of 102

Alerts in Alert Viewer You can view detailed information on all alert events as well as screen captures associated with them in a special viewer. Page 73 of 102

Receiving Alerts Receive alert notifications in real time, review them in the Ekran System Tray Notifications journal, and open the session with the alert-related data in the Session Player. Page 74 of 102

USB Monitoring Page 75 of 102

USB Monitoring Overview Ekran System provides two types of monitoring USB devices plugged into the Client computer: USB-based storage monitoring, to view information on the devices detected by Windows as mass storage and receive alert notifications. Kernel-level USB monitoring, for an in-depth analysis of pluggedin devices and their blocking. Page 76 of 102

Setting Up Kernel-level USB Rules Ekran System can detect USB devices connected to a computer, alert you on device plugging in, and block their usage (either all devices of a certain class or all except the allowed devices) on a Client computer. Page 77 of 102

USB-Based Storage Monitoring USB-based storages are automatically detected on being plugged in. Page 78 of 102

Kernel-Level USB Monitoring Screen captures created on USB devices being plugged in or blocked are highlighted in the Session Viewer. Page 79 of 102

Dashboards Page 80 of 102

Dashboards Overview The dashboards offer a convenient real-time view of the most useful data grouped in one place. Customize the dashboards on the Management Tool Home page by adjusting their look and settings. Page 81 of 102

Dashboard Types There are three main types of Ekran System dashboards: System State Dashboards o Licenses o Clients o Database Storage Usage Monitoring Dashboards o Recent Alerts o Latest Live Sessions Threat Detection Dashboards o Sessions out of Work Hours o Rarely Used Computers o Rarely Used Logins Page 82 of 102

System State Dashboards Clients Database Storage Usage Licenses Page 83 of 102

Monitoring Dashboards Recent Alerts Latest Live Sessions Page 84 of 102

Threat Detection Dashboards Rarely Used Computers Rarely Used Logins Sessions out of Work Hours Page 85 of 102

Interactive Monitoring Page 86 of 102

Interactive Monitoring Overview You can filter out data by three parameters: Who: filter by a specific user logged into the Client computer. Where: filter by a specific Client. When: filter by the time period. Additionally, you can set the order of bars being displayed, using the Applications and URLs filters. Data is displayed in the form of two column charts (Application Monitoring chart and URL Monitoring chart). To see the list of application/website entries, click on the column with the application/website name. Page 87 of 102

Application Monitoring Chart This chart provides information on the application usage frequency. You can also use this chart to analyze information on the most rarely used applications and detect any threats and suspicious activity on investigated computers. Page 88 of 102

URL Monitoring Chart This chart provides information on the website visiting frequency. You can also use this chart to analyze information on the most and least visited websites and detect potentially harmful activity on investigated computers. Page 89 of 102

Reports Page 90 of 102

Reports & Statistics Ekran System Reports provide the full overview of the time spent in applications and on websites visited on the user s machine. Generate a highly customizable report ad-hoc or schedule sending reports to your email on a daily, weekly, or monthly basis. The reported activity can include alerts, launched applications, visited websites, plugged-in/blocked USB devices, and executed Linux commands. Scheduled Reports Page 91 of 102

Reports & Statistics The reports can be generated manually at any time for any time period. Manual Report Generation Page 92 of 102

Report Types Activity summary report Activity pie chart report Activity chart report Page 93 of 102

Report Types User statistics report Page 94 of 102

Report Types Session grid report Page 95 of 102

Report Types Detailed Activity report Page 96 of 102

Report Types Keystroke grid report Clipboard grid report Page 97 of 102

Report Types Alert grid report Page 98 of 102

Report Types URL summary report URL pie chart report URL chart report Page 99 of 102

Report Types USB storage grid report Kernel-level USB storage grid report Page 100 of 102

Report Types In the Linux grid report, you can view all exec* and sudo commands executed on Linux Client computers. Linux grid report Page 101 of 102

Visit us online: www.ekransystem.com Page 102 of 102

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback