REMEDIANT IS NOW PART OF NETWRIX  READ PRESS RELEASE

Blog
Get a Demo
  • There are no suggestions because the search field is empty.
Contact Us
Get a Demo

Customer Stories

    Use Cases

     

    Watch this video to learn about Zero Standing Privilege (2:08)
    Blog
    Get a Demo
    • There are no suggestions because the search field is empty.
    Contact Us
    Get a Demo

    Customer Stories

    Use Cases

     

    Watch this video to learn about Zero Standing Privilege (2:08)
    Menu
    Contact Us
    Blog
    Get a Demo
    • There are no suggestions because the search field is empty.
    GetADemoImage

    Intelligent Session Capture

    Privileged user accounts have elevated privileges such as Domain Administrator rights or root privileges. PAM solutions were developed to monitor and record privileged user account activity or sessions. They monitor this privileged access to network devices such as Windows, Linux and Macs. These PAM solutions help organizations meet audit and compliance requirements, conduct forensic analysis and protect critical assets against external and insider threats.

    Traditional and well-known PAM vendors such as CyberArk, ThycoticCentrify and BeyondTrust achieve this goal by creating detailed session audits and video recordings of the on-screen activity of all IT administrator privileged sessions, including keystrokes and mouse movements.

    But, what happens when you have large media files, threat activities that are not recorded, or controls and compliance personnel such as auditors that struggle to find the time and resources to work through all those video recordings?  

    The Challenge

    Traditional session monitoring and recordings present challenges to IT security personnel as well as compliance and controls experts. For example, they:

    • Produced as large media files, that are difficult to search and not amenable to data analysis
    • A burden on auditors, compliance officers and security admins to review and analyze video screen recordings for suspicious activity
    • Do not provide comprehensive visibility into all threat activity (privileged and non-privileged users) on endpoints: for example, a background download is not recorded.
    • Available at an additional cost of infrastructure (storage)
    • Complex to deploy, use and manage with security blind spots
    SecureONE Console ISC

     

    To address these challenges, Remediant has taken a novel, innovative approach to enhance the recording and monitoring of a privileged user’s activity during a session. 

    The Solution

    Remediant’s Intelligent Session Capture (ISC) leverages your existing investment in a EDR solution to:
    1

    Provide context to what time a privileged session started and ended. This correlated with EDR continuous detection helps better identify, confirm and respond to a nefarious incident in near-real time
    2

    Give you better, more actionable session monitoring and automatic intervention of endpoint threat activity
    3

    Track everything that happened before, during and after the privileged session to fully understand the attack. This includes network connection, downloaded files, processes and other activities
    Download Solution Brief
    remediant-intelloget-session-capture

    USE CASE: Malicious insider is leveraging their privileged JIT session to exfiltrate sensitive data

    Benefits of ISC + EDR

    Remediant Intelligent Session Capture offers a new and more effective approach to session recording by partnering with EDR vendors.
    1

    Obtain contextual data into privileged account activity while eliminating the need for additional infrastructure for recording and PAM agents
    2

    Prevent lateral movement attacks by removing excess standing privilege and replacing with JIT access
    3

    Correlate privileged account activity by accessing the recordings of all end point activity from an EDR solution to expedite incident response and remediation in real time
    4

    EDR data recordings are easy to access, search and analyze for auditing, forensics and compliance purposes

    See the Industry's Leading EDR and PAM Integration with Remediant and VMware Carbon Black

    Join us to learn more on Remediant and VMware Carbon Black's partnership and how you can reduce your attack surface and prevent lateral movement attacks. We'll discuss:

    • Market trends and the need for integrated EDR and PAM solutions
    • VMware Carbon Black and Remediant: the better together story
    • Demos: Intelligent Session Capture and management of remote systems
    • Use cases and benefits

    Register for Free

    Use Case

    The combined solution helps Incident Response teams quickly determine root cause and stop lateral movement attacks at endpoints. For example:

    • A user signed into a Windows endpoint browses a website and accidentally downloads malware
    • The IR team detects this event using an EDR solution
    • To investigate, the IR team leverages Remediant’s Intelligent Session Capture (ISC) to identify that during a privileged session (JIT) the malware activates on the Windows endpoint to send sensitive information to a C&C site (provides context during the privileged session)
    • ISC helps the IR team pivot to the EDR console from Remediant to view all other systems the user has admin rights to during this JIT session and also easily search and find all other systems the malware has moved laterally to infect.
    • At this stage, the IR team may either isolate or quarantine the malware infected endpoints using an EDR solution
    • The IR team can realize the principle of least privilege by implementing JIT and enabling ZSP on all the malware infected endpoints to eliminate lateral movement

    CrowdStrike Falcon + Remediant 

    This video demonstrates Remediant's Intelligent Session Capture capability through its integration with CrowdStrike Falcon. With this integration, you can pivot from the SecureONE console through an embedded “Investigate” link to the EDR console to proactively explore for any suspicious threat activity during the JIT privileged session at the Windows, Linux and Mac endpoints and mitigate it through a combination of Remediant and the EDR solution.
    Learn more about this integration

    VMware Carbon Black + Remediant

    This video demonstrates Remediant's Intelligent Session Capture capability through its integration with VMware Carbon Black Cloud.  With this integration, you can pivot from the SecureONE console through an embedded “Investigate” link to the EDR console to proactively explore for any suspicious threat activity during the JIT privileged session at the endpoints and mitigate it through a combination of Remediant and the EDR solution.
    Learn More about this Integration