The present invention, in some embodiments thereof, relates to establishing a computer super-session which includes multiple sub-sessions and, more specifically, but not exclusively, to establishing a super-session which provides a unified user experience.
Organizations often monitor sessions between users and target systems and services within or outside the organization.
Existing session management security solutions offer monitoring and auditing support for privileged sessions to single or multiple sensitive target services. When an end-user starts multiple sessions to target services, each of those sessions is monitored and audited separately. The information collected throughout those sessions is kept separately for each session and actions between those sessions are not correlated. As a result, an auditor auditing the multiple sessions does not have a wide-scope view of the actions that took place throughout the end user's multiple sessions. Information correlating the sessions may be missing. Also, related actions that took place throughout one or more of those said sessions are not identified.
Current solutions for performing and monitoring sessions throughout an organization include:
A) Some user activity monitoring solutions enable the organization to monitor normal or privileged sessions. The monitored sessions may be to multiple targets, but the users must provide the credentials for each of those targets separately.
B) Privileged System Management (PSM)-Sessions are initiated, monitored and controlled by a proxy server which serves as an intermediate between the user and the target system. This approach may be integrated with a Privileged Account Management System (PAMS) which authenticates and manages user credentials. PSM solutions typically allow the user to establish a privileged session to a single target service without having to enter the target credentials.
C) Single Sign On (SSO) solutions allow the user to perform privileged sessions. The performed sessions may access multiple target services and are partially monitored to keep session metadata.
FIG. 1 illustrates a prior art method of a user initiating sessions to two target services. The user initiates two sessions independently (to resources A′ and B′), in 110 and 130. In 120 and 140, each session is managed separately by a PSM system.
FIG. 2 illustrates a prior art method of auditing multiple sessions to respective target services. In 210, the auditor audits one session established with a single target service. In 220 the auditor monitors any additional sessions to respective target services independently. In 230 the auditor manually correlates between the multiple audited sessions.
In addition, existing privileged session management tools that automatically open sessions to multiple targets do not provide a unified user experience for the multiple sessions. The end user interacts with each target services separately, thus the user experience is degraded.