Enhanced Auditing and Reporting
Ekran System® report and statistics feature provides security specialists with a powerful tool to analyze a potential cyber threat landscape for a period of time and cross-check incident response activities.
While summarized information is provided in a report, a user activity monitoring video log of each session gives all details required for in-depth investigation. Thus you can flag suspicious events in user action statistics and then research them in detail with session analysis.
Ekran System reports comprise crucial data to analyze users’ behavior such as visited URLs and started applications with time spent using them, captured keystrokes, executed Linux commands with parameters, and plugged-in/blocked USB devices. Each report can be generated in multiple formats including PDF, HTML, Excel spreadsheet, CSV, and Text format (simple & rich text). User action statistics are illustrated by pie charts and bar charts.
Ekran System® advanced report types
Ekran System software solution provides the following advanced report types:
- User activity report provides a detailed summary about all applications used by specified users or user groups within a specified time interval and includes the duration of work within each application. This format is important to report employee activity monitoring results and can be used to flag suspicious activity of server administrators.
- URL report presents the list of all visited websites (URLs) for the specified users and time interval together with the duration of time spent on each website. This information is an important addition to the employee activity statistics.
- Linux report is specifically designed for Linux servers containing all executed Linux commands with parameters for the specified hosts and time interval. An important aspect of this report is that it represents all executed commands, including in scripts run by the user.
- USB report is related to USB device management and represents all events related to USB devices: details on connected USB devices, and USB device blocking events.
- Keystroke report contains all captured keystrokes for the selected users and endpoints during a selected period of time. This information is aligned with the applications and activity titles.
- Alert report is related to real-time alerting functionality and provides information on all triggered alerts on suspicious events that appeared in the system during a period of time. This report is useful to cross-check incident response activity and audit all potentially dangerous issues.
- Sessions out of work hours report provides information on sessions that included activities performed out of user work hours. As such activities are not associated with user’s usual tasks, corresponding sessions get a higher risk score and need to be audited first.
- Terminal server report contains a list of users who have accessed a given terminal during a selected time frame. Each connection to a terminal server is a potential threat, so monitoring who logs in to these servers is critical. Combined with a user activity report, this report is useful for auditing all user activity on critical servers.
- Productivity report provides information on active and idle time of employees. This allows you to determine downtime with no user input and get valuable insights into how much time your employees actually spend actively working. You can even configure a schedule to automatically receive productivity reports on a daily, weekly, or monthly basis.
With report scheduling, you can set up rules to get all important summary information regularly delivered to the necessary mailboxes. And at any time you can generate an ad-hoc report with custom parameters.
Ekran System has a specific type of log for all actions performed by Ekran System users within its Management Tool, in particular installation / uninstallation of Clients, changing monitoring settings, enabling / disabling alerts, etc.
This option allows you to obtain an audit trail of all administrative activity performed in the software system, and track access to the security monitoring records. Besides being an important aspect of the security process audit, it is required by regulatory compliance norms.
Ekran System allows you to export a full monitored session or a fragment of it into an independent stand-alone protected format. The exported information includes:
- Video log,
- Synchronized metadata,
- Embedded played and navigation controls.
The result is an exe file. To guarantee the integrity of exported monitored data, Ekran System solution signs this file with a server-specific e-key, transforming it into a protected format. This means it can be validated at any time and used for further investigation and forensic activities.
Providing multiple tools to organize, securely perform, and report user activity monitoring, Ekran System is cost-effective for both SMB and large enterprises. Its flexible licensing scheme enables deployments of any size.