Menu
Contact Us
Get a Demo
download-lp

Intelligent Session Capture

Privileged user accounts have elevated privileges such as Domain Administrator rights or root privileges. PAM solutions were developed to monitor and record privileged user account activity or sessions. They monitor this privileged access to network devices such as Windows, Linux and Macs. These PAM solutions help organizations meet audit and compliance requirements, conduct forensic analysis and protect critical assets against external and insider threats.

Traditional and well-known PAM vendors such as CyberArk, ThycoticCentrify and BeyondTrust achieve this goal by creating detailed session audits and video recordings of the on-screen activity of all IT administrator privileged sessions, including keystrokes and mouse movements.

But, what happens when you have large media files, threat activities that are not recorded, or controls and compliance personnel such as auditors that struggle to find the time and resources to work through all those video recordings?  

The Challenge

Traditional session monitoring and recordings present challenges to IT security personnel as well as compliance and controls experts. For example, they:

  • Produced as large media files, that are difficult to search and not amenable to data analysis
  • A burden on auditors, compliance officers and security admins to review and analyze video screen recordings for suspicious activity
  • Do not provide comprehensive visibility into all threat activity (privileged and non-privileged users) on endpoints: for example, a background download is not recorded.
  • Available at an additional cost of infrastructure (storage)
  • Complex to deploy, use and manage with security blind spots
SecureONE Console ISC

 

To address these challenges, Remediant has taken a novel, innovative approach to enhance the recording and monitoring of a privileged user’s activity during a session. 

The Solution

Remediant’s Intelligent Session Capture (ISC) leverages your existing investment in a EDR solution to:

1

Provide context to what time a privileged session started and ended. This correlated with EDR continuous detection helps better identify, confirm and respond to a nefarious incident in near-real time

2

Give you better, more actionable session monitoring and automatic intervention of endpoint threat activity

3

Track everything that happened before, during and after the privileged session to fully understand the attack. This includes network connection, downloaded files, processes and other activities

remediant-intelloget-session-capture

USE CASE: Malicious insider is leveraging their privileged JIT session to exfiltrate sensitive data

Benefits of ISC + EDR

Remediant Intelligent Session Capture offers a new and more effective approach to session recording by partnering with EDR vendors.

1

Obtain contextual data into privileged account activity while eliminating the need for additional infrastructure for recording and PAM agents

2

Prevent lateral movement attacks by removing excess standing privilege and replacing with JIT access

3

Correlate privileged account activity by accessing the recordings of all end point activity from an EDR solution to expedite incident response and remediation in real time

4

EDR data recordings are easy to access, search and analyze for auditing, forensics and compliance purposes

See the Industry's Leading EDR and PAM Integration with Remediant and VMware Carbon Black

Join us to learn more on Remediant and VMware Carbon Black's partnership and how you can reduce your attack surface and prevent lateral movement attacks. We'll discuss:

• Market trends and the need for integrated EDR and PAM solutions
• VMware Carbon Black and Remediant: the better together story
• Demos: Intelligent Session Capture and management of remote systems
• Use cases and benefits

Use Case

The combined solution helps Incident Response teams quickly determine root cause and stop lateral movement attacks at endpoints. For example:

  • A user signed into a Windows endpoint browses a website and accidentally downloads malware
  • The IR team detects this event using an EDR solution
  • To investigate, the IR team leverages Remediant’s Intelligent Session Capture (ISC) to identify that during a privileged session (JIT) the malware activates on the Windows endpoint to send sensitive information to a C&C site (provides context during the privileged session)
  • ISC helps the IR team pivot to the EDR console from Remediant to view all other systems the user has admin rights to during this JIT session and also easily search and find all other systems the malware has moved laterally to infect.
  • At this stage, the IR team may either isolate or quarantine the malware infected endpoints using an EDR solution
  • The IR team can realize the principle of least privilege by implementing JIT and enabling ZSP on all the malware infected endpoints to eliminate lateral movement

VMware Carbon Black + Remediant

The Remediant and VMware Carbon Black integration allows organizations of all sizes to protect their endpoints by discovering and restricting 24X7 privileged account sprawl and enabling Zero Trust security. See how you can Manage Remote Systems & intelligent Session Capture with our EDR integration.