The PAM market guide specifically calls out the feature to monitor user activities in REAL TIME. Our video recording feature is useful to show people how they can track what contractors do, but they can't see activities in realtime. In our setup with little activity, it takes a while before actions are auditable.
It would be preferable if we could demonstrate more realtime monitoring capabilities. We can evaluate commands pretty quick, we just seem to have issues indexing and building MP4 video. Maybe even just prioritize commands showing up in "input commands" screen while in parallel video output is being built?
by: Jean-Paul G. | over a year ago | Configuration
Comments
Agree that this is a feature we need in our PAM solution. My reading of this idea is a "real-time" either publicly announce, or privately insert a 2nd party into an active session in order to provide real-time monitoring of privilege activity. While I am not a fan of getting into the "How" per say in an ideas protal, it would be itneresting to hear how participants view / react to a tradeoff that would be required. Today, one of the greatest features of PAM is its ability to be less disruptive to the natural workflow of privilege users whereby the local agent handles the recording, self contained, and then forwards to the central infrastructure after recording in complete. To do what this idea is suggesting would force users through a "gateway" of sorts that would all all sessions under PAM management to be "tapped" by potentially multiple people. For an analogy think of a n-way distribution amplifier on an audio or video cable. This would come at a price and a trade off on performance. Would like to see what questions / thoughts this would generate. However we definitely agree that this is a candidate for consideration in a future release.
That is true, and as I understand how we are working with PAM today, this would be the natural path to take. We are already forcing our users to go through our SSH gateway and customers would expect this functionality there. The same way if in the future we have an agentless setup for RDP (maybe also through a gateway...), customers will call this out. This year alone, we have had 3 or 4 opportunities turned down here in Spain BECAUSE we are lacking this feature as it is present in other competitor products (CyberArk specifically, though I think Wallix can also do this..).
As far as performance tradeoffs go, this can always be handled through architecture, I would say (Throw hardware at the problem). though of course, this is a conversation that probably is best had outside the ideas portal....
No new updates on this Idea at this time. I see the value and need, but from what I can tell, given the current architecture of PAM, this would be a big ticket item to take on, though I agree it makes sense to do so.