Privileged User Monitoring: Best Practices


There are always those in a company who have access privileges that no one else has. Companies need to use surveillance cameras to record what is happening in their physical locations and keep the camera on their privileges users. Why is this needed? When an administrator or auditor replays a session’s video, it is like watching every action that user takes. It is used to keep privileged users honest and to help them if they make a mistake.


Best Practices


  • Monitoring privileged user activity is one of the first lines of defense against data breaches whether the breaches are mistakes or not. Most IT security managers have no idea what privileged users are doing and with sensitive data at their fingertips, it can be dangerous for privileged users to be un-monitored.

    All users must agree to have their sessions recorded and monitored. Monitoring and agreeing to be monitored will dramatically reduce unsanctioned activity. Learn if it is legal to monitor employees without their knowledge.

    Comprehensive monitoring ensures that even human errors will not be missed. Build a central monitoring infrastructure program


  • Give only the privileges to your superstar users that they need to do their work efficiently. All other activities should be restricted. Privileged users do not need unlimited access to all the systems they manage. Lock up admin tools, system protocols, and root messages. Label them “to be used in an emergency.”


  • Personalize every single account and make accountability vital among your privileged users. The first step is to minimize the number of shared accounts, and the second protocol is never to share account passwords.


  • Use strong authentication and authorization for privileged accounts. Protect those accounts with a full-blown security systems that requires the use of public keys or smart tokens. Avoid accidental misconfiguration and other human errors by requiring two-party authentication.


  • Control remote access and only use protocols that are based on company principals. The right solution is to control file transfers and other traffic that is unusual. Deny protocol channels like disk sharing, port-forwarding and file transfers between group members.


  • Use an independent and transparent activity monitoring device. These devices should be hidden and record to an audit system and pulls information directly from the communication between the user and the server. No one can modify the audit format, not even the privileged user.


  • Encrypt audit and data trails. Change up encryption codes on a weekly basis. Your privileged users should be given the keys to the encryption code only as needed and only when supervised.


  • Install forensics with that have video playbacks. Advanced PAM tools will replay recorded sessions. All actions of the privileged user will be seen exactly as they appear on the monitor. You can enable fast forward, search mode for events, and freeze screens. Exact screening will prevent database manipulation, shutdown, and stolen data. With these tools, you can always trace the problem.


Ekran System allows you to record and analyze the activity of users logging in under privileged user accounts. Learn how Ekran System identifies and monitors users using shared accounts.