Session Logging Solutions
Most fraud cases involve employees from within organizations. Organizations are facing challenges in addressing the following situations:
- Do you know what a particular individual has done for the last months?
- Do you know what your system administrator has changed in the Windows server configuration last Tuesday?
- Do you know what the support engineers did to the application configuration during his login session and what other software they have executed last weekend?
- Do you know what DB configurations have been changed by the DBA last night?
Although these questions sound trivia, most organizations have difficulties in collecting such critical information to reconstruct the entire sequence of events based on the system event logs. In order to ensure accountability and fraud preventions, organizations are enforcing audit trail with content and forensic information so that they can record what commands have been issued by the administrators or users. Because of the GUI environment in the Microsoft Windows platform, it has complicated the requirement further in collating the events for screen updates, key board activities and mouse actions.
Enterprise Admin Guard (EAG) is designed to facilitate the capture and review of system administrators and user activities for the Microsoft Windows Platforms, Terminal Service and Citrix server environments. EAG Recorder acts as a virtual video recorder to record the entire sequence of events including screen updates, key strokes and mouse movement during each login sessions. The recorded information is transmitted in real time to a dedicated EAG Audit Log server to consolidate the logs from multiple EAG Recorders. EAG Log Reviewer allows replay of the recorded information via a VCR-like interface.
EAG offers two different versions of the EAG Recorder to cater for different deployment requirements:
- EAG for Windows Server Edition
Requirements: Organizations that need to monitor the local activities for server access or critical business activities on selective desktops.
Deployment: EAG Recorder is installed on a standard Microsoft Server or Desktop. All session activities via local login to the machine will be recorded. EAG can also record the remote session initiated by PCAnywhere and VNC.
- EAG for Windows Terminal Service Edition
Deployment: EAG Recorder is installed on a Microsoft Server with Terminal Service or Citrix environment. All remote thin client session activities and local login to the machine will be recorded.
Requirements: Organizations need to record audit trail with content for thin client sessions in the following situations:
- For system administration activities in a data center setting with remote and local administration requirements. EAG supports both local and remote recording and it is proven to be extremely useful for such setup.
- For system access to other host platforms such as AS/400, Unix or Mainframe via a Terminal Server. The host access is initiated via the Terminal Emulator Software on the Terminal Server and the audit trail for the host access activities will be recorded.
- For accessing critical business applications via Microsoft Terminal Service or Citrix. The entire sequence of events during the thin client session will be recorded.