featurES and Benefits

  • Comprehensive, Extensible Record/Reply/Audit Capabilities

    • Build-in Firewall. Provide “Control and Audit” capability in one box. Session Auditor can also be deployed as your internal firewall.
    • Real-time Session Monitoring. Active sessions are monitored in real-time, gaining instant visibility into operations on your critical servers.
    • Real-time Audit. Administrators and auditors are alerted to suspicious behaviors and immediate actions can be taken to prevent compromise.
    • Real-time Session Termination. Allows administrators to monitor real-time active sessions. Sessions that do not comply or violate policies can be terminated immediately to prevent further damage.
    • Script-based Auditing. Provides customizable scripts to search and locate specific activities such as password guessing, file deletion, application launches in monitored sessions.
    • Keyword Searching. Allows administrators and auditors to quickly zoom in to point of interest in text-based session by keyword searching.
    • VCR-like Session Replay. Provides maximum visibility to the events happening in IT systems. Eliminate the need to recreate remote user behavior by piecing together hundreds or even thousands of activities found in audit log files.
    • Tamper Proof Data Storage. Session Auditor stores audit data in dedicated storage in the appliance (SA Datacenter or SA Integrated). Except for data marked for dump-and-delete by administrators with dump privilege, these sensitive data cannot be modified nor edited. Other similar products that store audit data in local or remote folders of the servers, or in standard Microsoft SQL server, exposes these data to risk of being tampered with.
    • Powerful Reporting. Provides comprehensive reports to IT systems' status and activities. These reports can also be used to build a network behavior baseline for IT systems.

  • Easy and Straightforward Deployment

    • Network-based Solution. No impact and changes to server performance and stability. Similiar competitive products which adopt server-based software solutions may generate significant overhead to server performance, storage space and stability. The auditing process or daemon may also be terminated by privileged users and audit data are at risk of being deleted or tampered with.
    • Transparency. No changes to network and server configuration are required. Existing network environment remains exactly the same after deploying Session Auditor.
    • Hierarchical Deployment. Provides maximum scalability to meet growing needs of auditing requirement, covering large scale, distributed networks.
    • VLAN Trunk Deployment. Session Auditor can be deployed on VLAN trunk to monitor multiple VLANs simultaneously.

  • Out of Box Support for Popular Protocols

    • RDP, SSH, SFTP, SCP, X11, HTTPS, HTTP, SMTP, POP3, FTP, Telnet, Citrix ICA, VNC, HP RGS, Rlogin, CIFS, Samba, MSSQL, Oracle, Sybase
    • Support for new protocols are constantly being planned and included.

  • Strong and Flexible Management and Administration Capabilities

    • Integrated Console. All configuration, management, monitoring and audit tasks can be accomplished using a single integrated GUI Console. Other similar competitive products require separate program to replay and analyze recorded data.
    • Adminhost Control. Allows only specified host to connect to the appliance using the GUI Console.
    • Role-based User Management. Allows creation of multiple system accounts with different combinations of privileges to enhance security and accountability as well as segregation of duties.
    • Real Time Alert. Allows immediate identification of network or system faults so that prompt action can be taken to rectify the problems.
    • Centralized Online Software/Feature Upgrade. Software/Feature upgrade to Session Auditor can easily be achieved through the centralize GUI Console. Other server and software based solutions requires updates to be applied manually to every servers being monitored.
    • Automated Time Synchronization. Time setting in Session Auditor can be automatically synchronized via Network Time Protocol (NTP) server to ensure accuracy of audit records.
    • Syslog Integration. Session Auditor can send alerts of suspicious activities and system events to a syslog server which could than be integrated to other monitoring systems such as SOC.