CryptoAuditor is a multi-purpose product that monitors, controls, and audits encrypted administrator sessions, 3rd party access, and file transfers.

CryptoAuditor allows you to see, control, and record what happens inside encrypted privileged sessions to your corporate resources. CryptoAuditor monitors and controls encrypted secure connections, and enforces your corporate security policy also on privileged users.

CryptoAuditor is non-invasive and transparent compliance enabler for PCI-DSS, Sarbanes-Oxley, HIPAA, and many other mandates.

No Agents to Install, No Disruptions to Processes

CryptoAuditor requires no changes to your environment. There are no agents to install and no access portal to go through. CryptoAuditor is an extension of your firewall — fast to implement and has no impact on end user experience or workflows.

CryptoAuditor integrates readily with data loss prevention (DLP), intrusion detection (IPS), anti–virus (AV), and SIEM solutions and allows real-time incident detection and response to threats within encrypted sessions (SSH, SFTP, RDP or HTTPS).

CryptoAuditor paves the way to compliance with regulations that call for visibility, accountability, and auditability of actions on sensitive data and systems. Read more on Compliance and CryptoAuditor.

Cryptoauditor Monitoring an RDP Session


You need visibility into encrypted communications without disrupting the users as they do their daily work and without compromising the security you depend on. CryptoAuditor preserves end–to–end security while silently decrypting and securely storing session traffic. CryptoAuditor’s architecture and management allow enterprise–scale deployments with no changes to end user workflows, login processes or network architecture.


CryptoAuditor provides advanced monitoring, control and auditing capability of privileged access. CryptoAuditor integrates with directory services, enabling privileged users, contractors and business partners to authenticate with their individual account credentials to gain controlled access to specific systems and services. CryptoAuditor can even control which specific services are allowed within an encrypted connection. CryptoAuditor enables safe, controlled, and accountable shared use of privileged (root, Administrator) accounts - it allows enforcement of multi-factor authentication, and provides access to privileged accounts without the need to disclose the credentials of privileged accounts.


CryptoAuditor records and stores a complete replication of the monitored session. All communications including text, file transfers, and graphical sessions are stored. Advanced search capabilities allow speedy forensic investigation even in graphically oriented sessions.

Video playback of user sessions enables intuitive forensics, troubleshooting, and peer review analysis.

CryptoAuditor - Network Monitoring


How Does CryptoAuditor Work?

CryptoAuditor works as a trusted audit point that is installed with the consent of the organization. CryptoAuditor terminates incoming protected communications, and re-establishes sessions to the protected target servers. It can work in conjunction with Universal SSH Key Manager to implement automatic key management. CryptoAuditor inspects and records the sessions in real time for forensics and internal audit, and enforces configured policy on the sessions. The sessions are then re-encrypted and forwarded to the final destination. The entire traffic inspection and recording can be done transparently to the end-users or target servers. The traffic is protected all the way from users to CryptoAuditor, and from CryptoAuditor to target servers.

Virtual appliances are deployed at key locations in the network - in front of server farms, databases, network entry points, or in outgoing data gateways. It can be deployed in a fully transparent mode so you don’t need to change end-user access and login procedures. A centralized console provides unified management. Sessions are indexed and stored in an encrypted database for reporting, replay, and investigation.

Cryptoauditor itself is a virtual appliance that can be installed in private or public cloud, or on dedicated hardware. Typically it is installed close to an internal or external firewall.

CryptoAuditor Features

  • Transparent monitoring of encrypted connections (SSH, RDP, HTTPS)
  • Secure use of shared accounts - without disclosing the credentials of the shared account
  • Secure storage of credentials in a cryptographic vault
  • Recording the monitored sessions as searchable videos
  • Cost-efficient enforcement of two-factor-authetication for critical resources
  • Easy, zero-touch installation with no changes to connection endpoints
  • Fully network based approach - no agents at servers nor clients for end-users
  • Available for Cloud (including AWS and OpenStack) or On-premises deployments
  • Uses FIPS 140-2 certified cryptography.

CryptoAuditor Benefits

  • Visibility into and control over third parties that access your network, such as financial system vendors, industrial equipment vendors, or outsourced IT administrators
  • Early warning of suspicious activity inside encrypted communications
  • Accountability in shared account usage scenarios
  • Compliance with regulatory requirements that call for monitoring capability. Fast-track to compliance.
  • Protects data and blocks viruses in encrypted file transfers
  • Reduces risk against attacks spreading using SSH
  • Protects internal network from unauthorized entry via tunneling
  • Gets more value out of prior investments to security controls such as Data-Loss Prevention, SIEM, Intrusion Detection, Intrusion Prevention, and Anti-Malware protection.

CryptoAuditor Use Scenarios

CryptoAuditor solves diverse security challenges in the cloud and traditional data centers. The following are sample deployment cases in which CryptoAuditor provides visiblity and control in a variety of actual real-life cases:

Network Monitoring for Third-Party Access

Monitoring encrypted third-party network access with CryptoAuditor enables storing a record of actions for later audits or reviews. CryptoAuditor stores the sessions as videos and metadata that can be searched and indexed - these recorded sessions form an audit trail that can be used for multiple purposes ranging from service level reviews to troubleshooting and forensic examinations.

Real-time Protection Against Data Theft

CryptoAuditor's network monitoring capabilities allow real-time traffic inspection and filtering, for example enabling preventive action upon discovery of unauthorized file transfer of high-value data assets. CryptoAuditor stops data exfiltration on the fly with preventative DLP.

Prevent SSH Tunneling Backdoors

SSH back-tunnelling provides a way for attackers to gain entry into the internal network from the Internet, and it is very difficult to prevent as firewalls generally need to permit access to cloud services used by the enterprise and the communications are encrypted. CryptoAuditor detects unauthorized SSH tunnels and blocks, records, and alerts on such attempts, based on policy.

Control and Monitor Cloud Access

The primary concern of organizations moving operations onto hosted and cloud environments is to ensure they know who has access to their data, and what operations are performed by the service provider in the hosted infrastructure. CryptoAuditor audits the actions performed by administrators in the cloud, and maintains trust between the service provider and the customer.

Safe Use of Shared Accounts

CryptoAuditor allows safe and auditable use of shared accounts on corporate resources. The shared account (e.g. root account of the corporate firewall) login credentials are not exposed to temporary or external users – and the actions undertaken at the shared account are logged and recorded to enforce full individual accountability.

Adding Two-Factor Authentication

Deploying CryptoAuditor as a security policy enforcement point also enables efficient and smooth deployment of two-factor authentication. Enforcing two-factor authentication in a single location reduces solution complexity and maintenance burden, while improving system security.

Cloud Ready

CryptoAuditor is a virtual appliance with distributed architecture. It adapts effortlessly into virtualized, hosted, and cloud environments – whether they are built on VMware or OpenStack based platforms, or hosted on Amazon Web Services. CryptoAuditor can act as a bastion host that monitors access into the cloud environment from the Internet. It has full session recording capabilities and imposes no disturbance on user processes or experience. It can also operate fully transparently on the network.

CryptoAuditor records the actions of end-customer administrators, as well as the hosting provider’s operators and engineers – thus maintaining full accountability across organizational boundaries.

It can also be deployed to control access between Virtual Private Clouds (such as Test and Production networks) to ensure the compliance-required segregation between environments. CryptoAuditor's transparent connection and user mapping capabilities adapt to environments where operations are performed by rotating third-party administrators on an ad hoc basis, as opposed to the more rigid deployment models of traditional PAM solutions.

CryptoAuditor can be deployed by both the end-user organization, as well as the hosting provider, to ensure that control and accountability can be demonstrated by either party in the hosted environment. CryptoAuditor is a high-value-add component to any hosted or cloud environment targeting security-conscious industries such as Financial Services, Government, or Healthcare.


Read more on Regulatory compliance and CryptoAuditor

For more information, download CryptoAuditor datasheet

Buy CryptoAuditor

For On-Premise

Contact sales .

In the Cloud

CryptoAuditor is a virtual appliance and fully cloud-capable. It is available for purchase at the Amazon Web Services Marketplace.

Buy CryptoAuditor from AWS Marketplace →