Encrypted Channel Monitoring
Security Intelligence in the Shell
Encrypted channel monitoring provides visibility into SSH, SFTP and RDP traffic moving across your encrypted networks. Without it your security intelligence solutions may be left in the dark.
Encryption can be a double-edged sword. On the one hand it allows you ensure you are authenticating to the correct server and protect your data from prying eyes. On the other hand it can be used by malicious insiders or external bad actors to gain access to your systems and exfiltrate your data all without leaving a trace.
Encrypted Channel Monitoring eliminates this blind spot in a safe and secure way providing greater security intelligence in SSH, SFTP and RDP connections.
Encrypted Channel Monitoring in Practice
Encrypted channel monitoring is a network level monitoring tool that provides both primary and extended security capabilities to your security operations and forensics teams.
- Enforce policy and shutdown connections. Without encrypted channel monitoring it can be very difficult to enforce policy and, where policy violation are occurring, shutdown the connection in SSH, SFTP and RDP connections. Malicous insiders and external bad actors know this so they will target your encrypted networks as a means to secretly infiltrate your systems and exfiltrate your data.
- Provides context as to what an identity is doing. Authentication, even strong authentication, is not enough to ensure that an identity is who it says it is. Encrypted channel monitoring allows you to gain visibility into your encrypted traffic and enables your security intelligence solution to correlate sys log and packet data to determine if suspicious activity or a potential exploit is occurring.
- Vault data for auditing and forensics. If an exploit were to occur having the proper forensics tools in place is critical to know which identity was involved, what was taken and from where it was taken. Encrypted channel monitoring enables a full audit trail of SSH, SFTP and RDP traffic.
- Extend the value of your DLP deployment. DLP solutions are designed to stop data loss in its tracks. However, without encrypted channel monitoring, network based DLP solutions cannot see the traffic. An encrypted channel monitoring solution integrates with your DLP and extends its value.