BalaBit Integration

BalaBit

Enterprise Random Password Manager (ERPM) integrates with BalaBit Shell Control Box (SCB) to provide extensive control over privileged user activity, movie-like playback and free-text searches of audit trail content.

The integration of BalaBit's SCB appliance with ERPM allows fine-grained control of user activity during privileged access, along with broad policy control by access types (for example, file transfer, command execution, etc.). Together, the products allow you to record and track details of each privileged access to help answer the question of "who did what."

Background

Shell Control Box (SCB) is an activity monitoring appliance that controls access to remote servers, virtual desktops, or networking devices, and records the activities of the users accessing these systems.

ERPM is the privileged identity management solution that automatically discovers, strengthens, monitors and recovers local, domain and process account passwords in the cross-platform enterprise.

SCB provides the ability to control the deeper details of the accesses to privileged accounts. It restricts users based on their actual activity or on the type of access (like file-transfer, command execution, etc.). Furthermore, with SCB it is possible to record and track the details of these accesses in addition to recording the fact and the time-frame of the access. These detailed recordings enable organizations to answer the “who did what?” question and provide proof of any miss-use, especially in the case of outsourced environments.

With SCB, it is currently possible to authenticate the user when accessing privileged accounts, though in the case of password based authentication (which is very widespread and is usually the only option in case of legacy systems and devices), the user needs to know the password of the privileged account. Typically, many users access the same privileged account and all of them need to know the password. This is not secure and the task of frequently changing the password is almost impossible to achieve.

Furthermore, this imposes a greater risk in case of allowing access to privileged accounts for external and 3rd party employees or in the case a user leaves the organization or changes his/her role.


ERPM - Balabit

Organizations are looking for a way to control and record access to privileged accounts. Both the control and the recording functionality complement each other.

Benefits

By integrating SCB with ERPM, organizations can enjoy the benefits of both technologies. Users continue to access servers and other network resources normally, and SCB controls and monitors their activities without disclosing privileged and shared account passwords. Users are authenticated by the SCB and credentials for accessing the server are retrieved transparently from ERPM by SCB impersonating the authenticated user. This automatic password retrieval protects the confidentiality of passwords.

Unlike other solutions on the market, the SCB control and monitoring functionality does not require users to modify the way they work. This operation mode enables users to utilize special capabilities (like file-transfer, remote printing etc.) of remote access protocols (like RDP, SSH and others) if they are so permitted.

The combination of the two products provides a solution that enables centralized, automated management of privileged account passwords, fine-grained control on access to privileged/shared accounts and independent audit-proof monitoring of such accesses with customizable reporting capabilities.

Using SCB with ERPM provides an excellent integration option as SCB seamlessly integrates into the network and does not require any modification neither on the clients nor on the servers. SCB works independently and therefore provides a real trusted solution on monitoring privileged accounts on any type of server or network device, while its transparent operation mode requires no change on how users do their daily jobs. Without this integration or with other products, users would need to authenticate to two different systems – first to ERPM and secondly to the monitoring solution. In this fashion, users get direct access to passwords.

How Does It Work?

The base of the integration is done through the REST based API of ERPM. Using this API it is possible to retrieve (check out/in) passwords from the ERPM database. SCB uses this API to retrieve passwords from ERPM on demand. The communication between SCB and ERPM is protected by using SSL/TLS encryption with X.509 based certification validation.

Access to servers or network devices work in the following way:

  1. User connects – using any native client (putty, mstsc, etc.) – to SCB, either directly or SCB transparently makes the connection
  1. Based on policy, the user gets authenticated on SCB
    1. User could be authenticated against a local database, LDAP, MS AD, RADIUS server
    2. Authentication could be done using any of the following methods: password, pubkey, x.509 certificate, one time password (e.g.: RSA SecurID)
  1. SCB checks if user could access the requested account on the server
  1. SCB gets the password from ERPM using the API for the account
    1. SCB is authenticated to ERPM either using an SCB specific account or proxying the user supplied password
  1. Connection is authenticated on the server and SCB continues to monitor and record the activities based on it's policy

Only steps 1 and 2 are visible to the user; all the rest is done transparently and automatically.

Functionality

 

ERPM

SCB

SCB+ERPM

Storing Passwords for Accounts

Y

Y

Y

Automatically Changing Passwords for Accounts

Y

Y

Automatically Discovering Privileged Accounts on Systems

Y

Y

Monitoring User Activities

Y

Y

Controlling User Access to Servers

Partial

Y

Y

Hardware Based Encryption of Passwords

Y

Y

Directory Services Integration

Y

Y

Y

Application-to-Application Password Access

Y

Limited

Y

Learn More 

For more information on how Lieberman Software's BalaBit integrations can help secure your organization, contact an account manager.

 

 



Live chat by SightMax