Your browser does not allow storing cookies. We recommend enabling them.

Network Monitoring - Encrypted Connections

Enterprise networks are frequently accessed by 3rd parties such as consultants, outsourcing partners, remote contractors, and other trusted third parties. Today's distributed operations mean that very often these trusted outsiders access the corporate core systems remotely over the public Internet. Allowing remote access requires that encrypted secure protocols are used, to protect the identity and login credentials as well as the privacy of the exchanged data. Use of encryption has, however, an unpleasant side-effect as it also means that the network monitoring solutions used by corporate IT teams are blinded by encryption and unable to monitor the connections. Protocols such as SSH, SFTP, RDP, and HTTPS provide security but also hide the actions within the connections under the cover of encryption.

Corporate IT security teams require tools that can monitor, control, and audit encrypted connections of trusted 3rd parties.

Monitoring Network Access of 3rd Parties

Both corporate security policies and regulatory controls require the monitoring of network access of all users that enter the corporate core systems. Information security is based on knowing and controlling who has access to what. Combining this with the necessity of privacy protected network access requires network monitoring solutions that are able to see inside the encrypted and protected connections. Normal network monitoring systems are not able to do this, and are blind to encryption. Common network monitoring tools, such as Wireshark are able to capture, detect and reconstruct various unencrypted protocols, but do not see into the protected tunnels of encrypted SSH, RDP, or HTTPS protocols.


CryptoAuditor - Monitor, Control, Audit

CryptoAuditor is a transparent, network based solution for monitoring encrypted connections at a designated network entry point, for example at a corporate firewall. CryptoAuditor works as a trusted audit point as it intercepts, decrypts, inspects, and re-encrypts traffic - transparently without the endpoints even knowing of the procedure.

CryptoAuditor provides a centralized enforcement point that allows effective enforcement for corporate policy and works as a compliance enabler for organizations in regulated businesses.

Using CryptoAuditor for network monitoring of encrypted connections allows benefits such as:

  • Recording an audit trail
  • Safe use of shared accounts
  • Effortless enforcement of 2 factor authentication
  • Real-time protection against data theft
  • Prevent SSH back-tunneling attacks

Audit Trail of 3rd Party Actions

Monitoring network connections of third parties with CryptoAuditor allows storing a record of actions for later audits or reviews. CryptoAuditor stores the sessions as videos that can be searched and indexed - these recorded sessions form an audit trail that can be used for multiple purposes that range from service level reviews to forensic examinations.

Allows Safe Use of Shared Accounts

CryptoAuditor allows safe and auditable use of shared accounts at corporate resources. This is a very convenient and secure way of sharing a single account among a team of individual users. The actual login credentials of the shared account (for example the root account of the corporate firewall) do not need to be exposed to (sometimes temporary or external) users, and the actions undertaken at the shared account are logged and recorded.

Enforcement of Two-Factor Authentication

Deploying a well placed security policy enforcement point such as CryptoAuditor offers an additional benefit in the form of an efficient and smooth deployment point for two-factor authetication (2FA). Most 2FA solutions require the installation of a server-side component or agent. With CryptoAuditor, this agent can be deployed in the CryptoAuditor virtual appliance. This reduces the solution complexity and maintenance burden, while improving overall system security.

Real-time Protection Against Data Theft

CryptoAuditor's network monitoring capabilities allow real-time traffic observation and filtering. CryptoAuditor can be configured to take preventive action for example in the case where an unauthorized file transfer of designated high value data assets is discovered. CryptoAuditor stops data exfiltration attacks on the fly.

Prevent SSH Back-tunneling Attacks

SSH back-tunnelling is one of the ways the SSH protocol can be misused. An attack like this is difficult to observe and protect against, since the actions of the attacker are hidden from sight of most security systems. Using an auditing solution such as CryptoAuditor allows detecting an unauthorized SSH tunnel and both preventing the attackers intentions and recording the attempt for more thorough investigations.

Try CryptoAuditor Live

CryptoAuditor is available for a free online demonstration at our cloud-based demonstration environment. This fully interactive online demonstration environment allows you to intercept, decrypt, observe, and record an encrypted SSH or RDP session.

Try CryptoAuditor Live Demonstration




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now