SSH.COM CryptoAuditor®

Intelligent 3rd party session control and forensics
used by Fortune 500 companies

See what your SIEM missed

Monitor and control encrypted 3rd party sessions

Dear CIO,

Who do you trust with your digital core?

Trust is essential. As we collaborate more from person-to-person, organization-to-organization and machine-to-machine, we must trust colleagues, partners and suppliers with access to our precious networks.

You grant access to a staggering number of 3rd parties via encrypted connections. DevOps, M2M and connections to the IoT mean that 3rd party access is exploding. The cost of ad hoc management and troubleshooting of 3rd party access is extraordinary.

As well as a cost factor, there is a security risk and compliance problem.

Network and data security products do not read, control or investigate who is or was doing what in encrypted sessions. You have no knowledge of events on an individual session level.

Major organizations need security designed for totally compliant and secure session control. SSH.COM’s Fortune 500 customers rely on our intelligent, real-time, granular session control and forensics.

See what your SIEM missed

Control and audit encrypted sessions. See the unseen.

Read more about CryptoAuditor

Externalized business processes need encrypted connections – but at what cost?


Without real-time visibility and control over encrypted sessions, you are exposed to costly data breaches and compliance failures.


Your dynamic environment includes hundreds of 3rd party and Nth party vendors. You must control their access to your digital core.


Trust violations and errors are inevitable. You need monitoring, detection and an audit trail for regulatory compliance.

The unique solution for encrypted access forensics.



No hardware, no CAPEX. Cut OPEX with process-driven, unified, centralized management of 3rd party and privileged access.

Cloud and


Rapid, scalable deployment. No changes to network architecture, no new agents, no disruption and no user training.

Hardened sessions


Compliant session monitoring and auditing, contextual session control, support for four-eyes authorization – and session video playback.

Flexible deployment:

Your virtual audit point for 3rd party access.

SSH.COM CryptoAuditor is a centrally managed virtual appliance for monitoring, controlling and auditing encrypted privileged access and data transfers. It’s designed for deployment in front of server farms, databases and network entry points to solve the problem of poorly monitored privileged access, particularly remote vendor access.

It terminates and re-opens privileged user sessions, and inspects and records sessions in real time before re-encrypting and pushing the session forward. Sessions are indexed and stored in an encrypted database for reporting, replay and forensic investigation.

It’s easy to run from the centralized console, and easy to deploy, with no hardware, no agents, no new clients, no user training, and no changes to workflows. It can be deployed in fully transparent mode with no changes to end-user access and login procedures.

SSH.COM CrypoAuditor is cloud-ready, integrates with all major DLP, AV, IDS and SIEM systems, and is used by four of the world’s five largest banks.


Hardened sessions for the trusted vendors of Fortune 500 companies.

  • Monitor insider and 3rd party access to your digital core
  • Control remote access by vendors, consultants, home workers, and M2M and IoT connections
  • Define privileged access and activities based on user identity
  • Collect forensic evidence for investigations with every keystroke and every pixel
  • Protect critical data and minimize credentials abuse by enabling two-factor authentication

  • Integrate with existing firewalls, detect attacks earlier and resolve issues in real time
  • Address individual accountability even for shared accounts with AD/LDAP infrastructure
  • View encrypted SSH, SFTP and Remote Desktop traffic at your boundary
  • Prevent data theft with Data Loss Prevention (DLP) and analytics
  • Record, store and index session audit trails for searches, replay and reporting, with support for 4-eyes review

SSH.COM is trusted by enterprises from all sectors

  • ssh_customers_13
  • ssh_customers_14
  • ssh_customers_15
  • ssh_customers_16
  • ssh_customers_18
  • ssh_customers_02
  • ssh_customers_07
  • ssh_customers_08

Get visibility. Get control. Get CryptoAuditor.

CryptoAuditor readily supports Amazon AWS and is available directly from AWS Marketplace.
Read the getting started guide for CryptoAuditor in Amazon AWS.

Get CryptoAuditor from the AWS Marketplace

Remote control. Rewind. Relax.

SSH.COM CryptoAuditor is an intelligent proxy designed for deployment in front of server farms, databases and network entry points.

  • Multiple deployment modes: Bastion (non-transparent), Router (Layer 3) and Bridge (Layer 2 with VLAN support).
  • Distributed architecture with multiple Hound audit-points and shared vault storage.
  • High-availability Hound clustering with configurable failure tolerance.
  • Straightforward auditing of privileged activity, including session replay and video sessions.
  • Monitor and record SSH, SFTP, RDP, SSL/TLS, HTTPS.
  • Block SSH tunneling to mitigate the threat from user-created backdoors.

  • Searchable database for quick and easy access to recorded session information.
  • Real-time 4-eyes authorization for critical access scenarios.
  • Identity-based policy control with integration to directory services to control privileged access and activities.
  • Manage users and credentials via HTTP REST-based API.
  • Certified compatibility with McAfee, RSA, IBM and VCE vBlock.
  • Integrations with SIEM, IDS, DLP, network AV etc.
  • FIPS 140-2 certified cryptography (certificate #1747).

How can we help?

Get in touch. We treat every request with the highest urgency and integrity.