Support Site

Privileged User

What is Persistent Security with ConsoleWorks?

by

What is persistent security with ConsoleWorks? Traditional security practices focus primarily on normal operations and require documentation to be performed manually. ConsoleWorks achieves full security and automated documentation in all modes, including maintenance, configuration, and system failure. This “always-on” connection, which covers many of the traditional approach’s “blind spots,” is what we mean when we talk about persistent security. ConsoleWorks remains in a persistent state of security by retaining its connection in all states, locking out unauthorized access, and automatically capturing forensic records of all User activity.

Persistent Security in Action
A leader in healthcare technology chose ConsoleWorks to help them ensure the protection of patient records, delivery of mission-critical healthcare services, and compliance with HIPAA regulations.

This company didn’t want to risk leaving their systems vulnerable to potential security risks through the “blind spots” of traditional security practices – that is, anyone accessing devices or systems through a means other than the normal network, such as through a serial or configuration port.

ConsoleWorks monitors these ports and establishes a persistent connection that detects and reports on events in real-time. It also creates forensic records of all actions taken, in all operating modes, down to the keystroke – invaluable in protecting the organization from litigation and HIPAA violations.

Let’s Talk about Compliance & Change Management

by

Compliance is one of those subjects that keeps a lot of people up at night. It doesn’t matter what the compliance driver is, whether it’s SOX, PCI, NERC-CIP, HIPAA, etc. Or even if it’s some form of internal compliance policy. Compliance always means the same thing, more demands on us to follow rules and then prove that we have, indeed, followed them.

For both IT/OT operations, the biggest compliance challenge is documenting what privileged users do. Often, this falls into the Change Management bucket. Traditionally there are two things we can do to document what Privileged Users do. The first is to pull information from log files which include information about logins, logoffs, and whatever else is written to a log file while a privileged user is actively logged-on. In years past this information was “good enough” but that has changed, and the implications can be – painful.

The change I am referencing is the requirement to document all activities of privileged users. Gathering log file data only tells us system-generated messages in response to a privileged user’s actions, not what they ‘actually did’. In most cases that information is insufficient to really know what actions the privileged user performed (what commands they executed). This takes us to the traditional change management practice, requiring Privileged Users to manually document all their activities.

How well do you think that works from a compliance perspective? Right, not very good at all. Missing records, inaccuracies, and inconsistencies will happen. Typically, Privileged Users prefer not to produce manual documentation and the time spent doing so takes away from other IT/OT business projects. So, the situation creates poor record keeping, and frustrated Privileged Users.

ConsoleWorks solves this problem. The Platform sits between Privileged Users and privileged interfaces, ConsoleWorks can capture every Privileged Users’ keystroke activity. Digitally signed records are automatically produced, eliminating the need to manually document anything – meeting the needs of the most stringent compliance or auditor requirements.  Happy auditor, and happy users.

Access Control with ConsoleWorks

by

Privileged Interactive Access utilizes multiple approaches to control access to managed devices. Each approach focuses more precisely, giving greater and finer controllability down to the keystroke security.

Authentication – With ConsoleWorks, there are two non-exclusive ways to use authentication to control access:

  • User-to-ConsoleWorks authentication
  • ConsoleWorks-to-Asset authentication

Role-based Privileges – The ConsoleWorks privileges model enables the ability to associate privileges with roles, rather than with specific users, freeing you to associate these privileged roles with multiple users as needed. The ConsoleWorks privileges model provides access with sublime granularity.

Command Control – provides authority over what a user can do with an asset. Some users may be granted unfettered access, or controls can be placed on every character typed and every command.

 

See Resources for More Information

Closed Loop Remediation with ConsoleWorks

by

Closed Loop Remediation – The ability to monitor, log, remediate, and secure physical and virtual infrastructure in all machine states; power on, single user, maintenance, production, and failure.

ConsoleWorks allows privileged users to perform their daily work while it works behind the scenes to monitor and respond to Events and changes to devices and applications.

Event detection is accomplished by using the pre-defined event patterns from each application or infrastructure vendor and mapping, in real-time, the information received to the vendor messages. With ConsoleWorks Intelligent Event Modules (IEMs), messages are matched using a number of techniques, including case sensitivity, wildcards, and regular expressions. The activity leading up to the event pattern match, and everything after it, is logged down to the keystroke.

When an Event is detected, it is checked for level of severity and to see whether an Event with the same name is already active or if an activity is currently outstanding. The Event can be configured to trigger one or more Actions that can notify personnel, integrate with applications such as trouble ticket systems or help desk solutions, or take customized actions that meet a client’s specific needs.

When a problem is detected, ConsoleWorks provides the user with a consistent way to interface with the IT infrastructure to solve the problem while capturing the process, commands, and method used to remediate the Event.

 

Access Control with ConsoleWorks

by

When it comes to security, ConsoleWorks offers many unique features to ensure consistent security practices across the entire IT infrastructure, including robust Access Control capabilities using a role-based/task-based permissions model.

Privileged users should be able to access only those interfaces needed to perform their work. Role-based access and control in the IT foundation ensures that interfaces cannot be accessed without permission. Users only see the interfaces assigned to them.

ConsoleWorks provides advanced role-based access and control capabilities with LDAP integrations for fine-grained control of access rights and privileges across all managed connections. Access Control Rules enable administrators more granular and graduated control over what specific users can do inside ConsoleWorks and how they can use ConsoleWorks to access and interact with managed assets.

In ConsoleWorks 4.6, the permissions model has been completely re-engineered. Significant enhancements have been made with new capabilities that allow very granular control over what any one person is allowed to do in ConsoleWorks, particularly with separation of duties.

View Datasheets in Resources

What is the Difference between ConsoleWorks and SNMP?

by

While SNMP is a great tool for what it does, it only solves part of the problem. SNMP is an agent-based polling solution, and its abilities are thus limited to performance monitoring and visibility within a “poll cycle.” With polling solutions like SNMP, many organizations may experience false positives if an outage occurs and is resolved between polling cycles – which, depending on the configuration, can be 15 minutes or longer – which contributes to a false sense of security, availability, and compliance. Furthermore, when a machine is being configured, from a hardware, operating system, or network perspective, SNMP is not the tool to provide visibility into configuration activities.

The major difference between ConsoleWorks and SNMP is that ConsoleWorks monitors people – privileged users – whereas other tools log the results of human activity through events that are not always clear enough or contain enough detail.

The level of messaging that is different with ConsoleWorks versus SNMP and other polling solutions is the people log, the people messages, the people alerts and alarms – both on the running OS and when the machine is in single user, configuration, service, or maintenance mode.

View Datasheets in Resources

We can help

Reach out today, and we'll talk through how we might be able to help!

Contact us