Transcript Система “Экран”

EKRAN SYSTEM 3.2
CONTENTS
•
•
•
•
•
•
About the program
Ekran Server and Management Tool
Licensing
Ekran Clients
Alerts
Ekran Monitor
2
ABOUT THE PROGRAM
3
EKRAN SYSTEM
Smart user activity videorecording system
Privileged
Identity
Management
•Ekran Systems allows to
create indexed video
records of all concurrent
terminal sessions on your
servers and also record
remote and local sessions
on workstations.
Employee Work
Control
Cost Saver on
the Market
•Are you interested in
your company's security?
•Do you want to know
what your employees do
during their working
hours?
•Do you want to control
sensitive information
use?
•Ekran System provides
all popular segment
features while offering
much more beneficial
pricing than ObserveIT
or Balabit.
4
EKRAN SYSTEM
Ekran System is a solution for remote monitoring of user activities. It allows to record activities of
target computers with installed Ekran Clients and replay obtained series of screenshots in a video
format.
Ekran System records all the terminal, local, and remote sessions.
Ekran System consists of:
Ekran
Management
Tool
GUI part used for Ekran
System management
Ekran Server
Main component used
for storing screenshots,
obtained from
computers with Ekran
Clients
Ekran
Monitor
User-friendly interface
for quick review and
analysis of records,
obtained from Clients
Ekran Client
Components installed
on the target computer
to take screenshots and
send them to the Server
5
STRUCTURE OF THE PROGRAM
6
EKRAN SERVER AND MANAGEMENT
TOOL
7
Installation of components, user management,
permissions, Management Tool settings
EKRAN SERVER INSTALLATION
At installation, you can select the type of database and also set the key that will be used during the
local removal of Ekran Clients.
Selecting the
components for
installation
Firebird or MS SQL
database
8
MANAGEMENT TOOL INSTALLATION
The Management Tool can be installed on any computer, a network connection to the Server is
required for it to operate.
Run the EkranSystem_ManagementTool.exe
installation file and follow further instructions
9
MANAGEMENT TOOL
The Management Tool is new user-friendly component for managing the whole system. The work with
the Management Tool is performed via your browser. By default, the Management Tool interface is
divided into the following areas:

Navigation pane

Data View pane

Filtering pane

Toolbar
10
USER AND USER GROUP MANAGEMENT
By default there is one administrator in the system. There are two types of users:

Internal users

Active Directory Users (Windows domain users)
Create users
To define
permissions for
users, you can
create user groups.
One user can belong
to several user
groups.
Convenient user
management
11
USER AND USER GROUP PERMISSIONS
The permissions allow you to define which functions a user will be able to perform with the system and
Clients. Administrative permissions define actions that a user can perform with the whole system.
Client permissions define actions that a user can perform with selected Clients.
You can define the permission for
a user on the Administrative
Permissions tab.
Client permissions are
defined for each Client
or Client group
individually.
Client permissions for
Ekran Agent
12
MANAGEMENT TOOL SETTINGS
Management Tool settings define the main parameters of data storage.
Firebird storage location
Manual and automatic DB
cleaning
13
LICENSING
14
Types of licenses and management of serial keys
LICENSING
Ekran System has a beneficial licensing system. It is licensed only by the number of
Ekran Clients. Ekran Server component and any number of Ekran Monitors are
delivered for free.
There are two types of Ekran Client licenses:

The license for the workstation

The license for the server
Ekran System comes with built-in trial serial key for 30 days, which allows
you to deploy the system to review basic functions and features with restriction
of 5 workstation licenses and 1 server license.
For permanent using of Ekran System you should license it by activating the
serial keys on the computer with the installed Ekran Server.
15
SERIAL KEY AND LICENSE MANAGEMENT
In order to start receiving data from Ekran Clients, you should assign them licenses
after serial keys activation.
Online key activation
Key activation without
server connection
Convenient serial key
management
Assigning/removing
licenses
16
EKRAN CLIENTS
17
Installing and configuring Clients
INSTALLING EKRAN CLIENTS
Ekran Clients can be installed remotely or locally. Installation is performed via the Management Tool.
Local installation
Generate the installation
package and set the Client
configuration during generation.
Use Client installation file (.exe)
to install the Client with default
parameters.
If you already have an .ini file
with defined settings generated
in the Management Tool and
saved to your computer, you can
use it for installing the Clients.
Installing Client locally using
Client installation file (.exe).
18
INSTALLING EKRAN CLIENTS
Remote installation
Build the list of
computers
Scan network in order
to find the target
computer
Select computers
on which Clients
will be installed
Search the target
computer by IP
Define
installation
parameters
Select target computers
by entering their
names.
Click the Install
button, follow
further
instructions
Pay attention that
computers, on which Clients
were not installed previously,
will be listed here.
19
EKRAN CLIENTS SETTINGS
Ekran Clients settings are set at installation and then can be changed in Management Tool.
Flexible Ekran Client settings
20
FORCED USER AUTHENTICATION
The Ekran System Client can request entering credentials before allowing a user to work with Windows.
This allows you to achieve two goals:
• Monitor users’ activity on the
computer when multiple users use
the same credentials to log in to
Windows.
• Block some users from using the
computer (only users who know
secondary authentication
credentials will be able to log in).
The Administrator can optionally
select the Enable secondary user
authentication on log-in option for
the required Client in the Client
Configuration.
21
FORCED USER AUTHENTICATION
When a user logs in to the Client computer, the Ekran System Secondary Authentication window is
displayed to the user. The user enters the login and password of the allowed user.
If the login and password are valid, the user is allowed to work with the Client computer.
The Secondary Authentication
window is displayed for the user.
He/she enters the credentials of
the user having the Login to
Client Computer permission for
the selected Client
22
ADDITIONAL MESSAGE ON USER LOGIN
The additional message on user login allows you to inform the user that his/her session is monitored and
also inform him/her about the important issues related to the corporate policy or the country’s laws.
If the user clicks I Agree, he/she
is allowed to continue working
with the system. If the user clicks
Cancel, he/she returns to the
Windows login screen.
23
URL MONITORING AND SMART KEYSTROKE
LOGGING
When the user works in the browser, the Ekran System Client will collect the URL address along with the
window title. This will allow improving the screen captures search, alerts work and data filtering. Key
logger feature adds even more info that you can use to complete audit trails.
If keystrokes logging is enabled,
the Client logs keystrokes along
with the screen capture
creation. The Backspace, Delete,
Left Arrow and Right Arrow
symbols are now processed while
displaying keystrokes. This allows
you to get more accurate keystroke
logging.
URL Monitoring can work in two
modes:
• Monitor full URLs
• [recommended] Monitor only
domains of the top and second
level (e.g., facebook.com)
24
SIEM INTEGRATION
Ekran System integrates with your SIEM system using log files.
Log files location
25
APPLICATION FILTERING
Application filtering allows you to reduce the amount of information received from the Client by defining
applications, whose data will be skipped during the monitoring, or by defining only those applications,
whose data must be tracked.
The applications are identified
by name or window title. Both
parameters are combined with
OR logic.
26
EKRAN CLIENT WORK ON THE LOCAL
MACHINE
Users, including privileged ones, are not able to stop Client working on his machine, as well as remove
Client locally without the Ekran System Administrator assistance.
Additional service, which
ensures that Client can not
be stopped
Attempt to remove
Ekran Client locally
Ekran Client can be
removed locally using
the key, which only
Admin knows
27
ALERTS
28
Alert settings
SETTING ALERTS
Be proactive – setup alerts!
Alerts are events that notify about certain activity (potentially harmful/prohibited actions) on the target
computers with Clients installed on it.
Configuring alerts about
potentially dangerous events
Setting alert rules
29
SETTING ALERTS
Alerts allow to respond quickly without performing search. Investigator can be notified via email or receive
a warning in Ekran Monitor Tray.
Selecting assigned clients
Defining how investigators will be
notified about alerts
Most problems with receiving alert
notifications are caused by the wrong
email settings. Now you can quickly
test that email settings are correct by
sending a test email from the
Management Tool.
30
GLOBAL ALERT SETTINGS
Working in the Admin Panel of Ekran System, you
can configure general settings for alerts, that will
be applied to all hosts, events, and system users.
Configure technical SMTP settings for
sending email alerts
Adjust the efficient parameters of
receiving alerts by your
administrators: how often they can
come, whether they will be processed
individually or analyzed in bunch
Determine the maximum number of
the latest records in alert log
31
RECEIVING ALERTS
Receiving alerts in the Monitor Alerts area and reviewing them in Ekran Monitor with corresponding
screenshots.
Quick access to a key
screenshot with
potentially harmful event
Receiving alert in realtime
Easily review all
notifications
32
EKRAN MONITOR
33
Review the monitoring results
DATA SEARCHING
Ekran Monitor allows to search in the recorded sessions. You can search by parameters such as the
active window title, application name, user name, host name, start time of the session, end time of the
session, the last captured screenshot timestamp and the type of session. You can also search by keywords
within the text typed by user (key log). In addition you can sort obtained results.
Simple search
Advanced search
Obtained results
34
VIEW LIVE SESSIONS
Ekran Monitor allows to view screenshots in the Live Sessions (while the monitoring of the computer
with Ekran Client is still in progress). Thus, it is possible to monitor user actions performed at this
very moment, in real time mode.
Reliable Live Sessions
review
35
MAGNIFIER GLASS AND SEARCH NAVIGATION
To enlarge certain parts of the video, use the Magnifying glass control button and then move
the rectangle across the screen capture. You can also use the Next/Previous Activity buttons to
navigate between search results matches.
36
Navigating between
search results matches
Using Magnifier Glass
VIDEO EXPORT
Video export involves the export of screenshots from the stored session to the video file on the
computer.
 Export video to *.avi format.
 Export screenshots to *.png format.
Export of the recorded
screenshots to *.avi format
Viewing the exported video
in any third-party
application
37
REPORT GENERATION
The user activity can be analyzed with the help of reports generated via the Management Tool.
These reports allow you to receive the information on the activity of multiple Clients, alert events, and
detected URLs, and get statistics on time spent in each application or on each web-page by the user.
Scheduled Reports
The reports can be generated on a daily, weekly, or monthly basis and sent via email at the specified time.
38
REPORT GENERATION
Manually generated reports
The reports can be generated manually at any time for any time period.
39
GENERATED REPORTS TYPES
o Grid Report:
• Alert Grid Report
o Summary Reports:
• Activity Summary Report
• URL Summary Report
40
GENERATED REPORTS TYPES
o Chart Reports:
• Activity Chart Report
• URL Chart Report
• Activity Pie Chart Report
• URL Pie Chart Report
41