The present invention, in some embodiments thereof, relates to computer security, and, more particularly, but not exclusively, to controlling and monitoring sessions on target systems.
Monitoring and control of access to sensitive data and applications is a major computer security concern for businesses and other organizations. This issue is particularly critical for privileged accounts, in which the user (such as a system administrator) has access to multiple accounts and network services. A common challenge for an organization is how to monitor user activity and to control privileged, shared or sensitive credentials in order to prevent misuse and abuse.
There are solutions available to address these issues. Such solutions include:
I) Agent-based monitoring and access control—Agents are pre-installed on target systems to monitor and control access upon the target systems. The agents report to a centralized server using a dedicated communication channel. This solution requires a high investment of resources, since the installer (e.g. target system owner organization) needs to deploy, manage, upgrade, patch and monitor the agents. The pre-installed agents are continuously active on the target systems and consume target system resources. Moreover, a user with administrative access to the system may potentially circumvent and bypass the agent monitoring.
II) Privileged Session Management Proxies—Sessions are initiated, monitored and controlled by a proxy server which serves as an intermediate between the user and the target system. The Privileged Session Management Proxy may also provide Privileged Single Sign-On. This approach may be integrated with a Privileged Account Management System (PAMS) which authenticates and manages user credentials in coordination with the proxy. However in this approach, monitoring is done on the proxy and therefore lacks the context of what is actually running on the target system (e.g. which processes, windows titles, etc. are available to the user).
III) Client-side monitoring—Monitoring is performed on the client system which provides no control over the session, and lacks the context of what is actually running on the target system. An additional disadvantage is that a user with administrative rights on the client workstation may bypass the monitoring.