CryptoAuditor is a multi-purpose product that monitors, controls, and audits encrypted administrator sessions, 3rd party access, and file transfers.
CryptoAuditor allows you to see, control, and record what happens inside encrypted privileged sessions to your corporate resources. CryptoAuditor monitors and controls encrypted secure connections, and enforces your corporate security policy also on privileged users.
- Why CryptoAuditor
- Typical use cases
- How does CryptoAuditor work
- Next steps
Insiders attacks and hacking through vendors are the most common ways of breaching an organization. Typically such attacks utilizes access that someone already have. Perhaps the user's password or other credentials were stolen, or perhaps a legitimate insider is about to commit a crime or just engage in risky behavior.
These users are often trusted insiders. Often they root access or are able to access critical service accounts, databases, and production servers. The damage they can do is very high, and such attacks are common.
Besides reducing risk, CryptoAuditor makes it much easier to meet regulatory requirements.
Fast and easy installation
CryptoAuditor differs from competition by being easy to install and deploy without changing the existing IT infrastructure. Customers often deploy it in hours. There are no agents to install and no access portal to go through. There are many ways to use CryptoAuditor, but most expediently it is used as an extension to your firewall to give more visibility and control into SSH and Remote Desktop (RDP) connections.
Typical use cases
Audit insider and vendor activity
CryptoAuditor records and stores a complete replication of the monitored session. All communications including text, file transfers, and graphical sessions are stored. Advanced search capabilities allow speedy forensic investigation even in graphically oriented sessions.
Video playback of user sessions enables intuitive forensics, troubleshooting, and peer review analysis.
Control privileged access
CryptoAuditor controls who has access to which services and accounts on which servers. It does this using information in Active Direcory, RADIUS, ticketing systems, and other repositories.
CryptoAuditor hides the credentials used to access privileged accounts from the end users, even if they are system administrators with root access. It is an ideal solution for controlling access to shared accounts, service accounts, and root. All activities of users on these accounts are monitored.
Control SSH, Remote Desktop, file transfers, and tunneling
CryptoAuditor provides advanced monitoring, control, and auditing capability of privileged access. It records all activity within encrypted connections. It supports SSH (Secure Shell), Windows Remote Desktop (RDP), and HTTPS.
CryptoAuditor provides precise control of what files can be transmitted, in which direction data can be transmitted, and whether tunneling is permitted. Many other protocol features can also be configured.
Secure DevOps workflows
DevOps is an ideal tool for securing DevOps workflows and bringing auditability into production deployments. Several customers use it to monitor who deploys what in productions and what developers do on production servers when they are given access for diagnostics and maintenance.
How does CryptoAuditor work
CryptoAuditor works as a trusted audit point that is installed with the consent of the organization. CryptoAuditor terminates incoming protected communications, and re-establishes sessions to the protected target servers. It can work in conjunction with Universal SSH Key Manager to implement automatic key management. CryptoAuditor inspects and records the sessions in real time for forensics and internal audit, and enforces configured policy on the sessions. The sessions are then re-encrypted and forwarded to the final destination. The entire traffic inspection and recording can be done transparently to the end-users or target servers. The traffic is protected all the way from users to CryptoAuditor, and from CryptoAuditor to target servers.
Virtual appliances are deployed at key locations in the network - in front of server farms, databases, network entry points, or in outgoing data gateways. It can be deployed in a fully transparent mode so you don’t need to change end-user access and login procedures. A centralized console provides unified management. Sessions are indexed and stored in an encrypted database for reporting, replay, and investigation.
Cryptoauditor itself is a virtual appliance that can be installed in private or public cloud, or on dedicated hardware. Typically it is installed close to an internal or external firewall.
APIs and integrations
CryptoAuditor integrates with data loss prevention (DLP) systems, intrusion detection, anti–virus, and SIEM solutions. It uses Active Directory, RADIUS, and LDAP directories for configuring authentication information. It readily integrates to various two-factor authentication products and ticketing systems to provide extra security for access.
CryptoAuditor itself offers REST APIs for managing keys for end devices.
- Transparent monitoring of encrypted connections: SSH, Remote Desktop (RDP), HTTPS
- Secure storage of credentials in a cryptographic vault
- Recording the monitored sessions as searchable videos
- Cost-efficient enforcement of two-factor-authetication for critical resources
- Fully network based approach - no agents at servers nor clients for end-users
- Full support for AWS and OpenStack as well as on-premise deployments
- Uses FIPS 140-2 certified cryptography.
- CryptoAuditor datasheet
CryptoAuditor in Amazon AWS
CryptoAuditor readily supports Amazon AWS and is available directly from AWS Marketplace.