Ekran System v. 5.0

Program Overview

Contents

• About the Program

• Ekran Server & Management Tool

• Database Management• Licensing• Client Installation• Monitoring Parameters• Client Protection• Advanced User

Authentication• Notifying Users about Being

Monitored• User Blocking• Viewing Sessions• Alerts • USB Monitoring• Dashboards• Interactive Monitoring• Reports

Page 2 of 86

About the Program

Page 3 of 86

About the Program

Smart user activity video recording system.

Page 4 of 86

Privileged Identity Management

• Ekran System allows to create indexed video records of all concurrent Windows, Citrix, and Linux terminal sessions on your servers and record remote and local sessions on workstations.

Employee Work Control

• Are you interested in your company's security?

• Do you want to know what your employees do during their working hours?

• Do you want to control sensitive information use?

Cost Saver on the Market

• Ekran System provides all popular segment features while offering much more beneficial pricing than ObserveIT or Citrix Smart Auditor.

About the Program

Ekran System is an affordable user monitoring solution for enhanced cyber security. You can record all terminal, remote, and local user sessions and alert security personnel to suspicious events.

Page 5 of 86

Ekran Management Tool

GUI part used for system management

& session viewing

Ekran Server

Main component used for storing

data obtained from Client computers

Ekran ClientsWindows/Linux/Citrix

Components installed on the target computer to monitor user activity

and send it to the Server

Ekran System Components

Ekran System Structure

Page 6 of 86

High Availability Mode (Enterprise Edition)

Page 7 of 86

The High Availability mode provides a high level of operational performance and balances the load of sent data, minimizing downtime and service interruptions.

Ekran Server & Management Tool

User management, permissions, Management Tool settings

Page 8 of 86

Management Tool

You can manage the whole system via the Management Tool in your browser.

Page 9 of 86

User Management & Permissions

• Create two types of users: Internal or Active Directory (Windows domain users/groups).

• Use groups for easier user management.• Define permissions for users.

Page 10 of 86

Management Tool Log

Page 11 of 86

Audit all user activities performed in the Management Tool via the Management Tool Log with the detailed information on all changes.

Database Management

Page 12 of 86

Database Configuration

Page 13 of 86

Database Cleanup

Page 14 of 86

One-Time Cleanup Scheduled Cleanup

Database Archiving (Enterprise Edition)

Page 15 of 86

Archive and delete the old monitored data from the Database to not run out of space on the Server computer and to save the monitored data in a secure storage.

Database Archiving (Enterprise Edition)

Page 16 of 86

You can view the archived sessions from your archived database in the Session Viewer and perform searches in them in a usual way at any time.

SIEM Integration

Page 17 of 86

Ekran System integrates with your SIEM system using log files of the monitored events.

Advanced SIEM Integration

Page 18 of 86

Create a CEF log file to get access to the Ekran System alert events and monitored data via the integral ArcSight or Splunk interface.

LicensingTypes of Licenses & Serial Key

Management

Page 19 of 86

Licensing

Page 20 of 86

Ekran System is licensed by the number of Ekran Clients, end-points to be monitored. All management components, including Server and Management Tool, are provided for free with any deployment.Types of Ekran Client licenses:• Windows workstation license • Windows server license• Linux machine license

Serial Key & License Management

Page 21 of 86

Request a trial serial key for 30 days to deploy the system and review its basic features with a restriction of 5 workstation licenses, 1 server license, and 3 Linux licenses.To work with Ekran System for a longer period, license it by activating the serial keys on the computer with the installed Ekran Server. You can use either permanent keys, or subscription keys.

Enterprise Key

Page 22 of 86

Activate Enterprise serial key to get exclusive access to a set of additional, valuable features of Enterprise Edition Ekran System.

Client Installation

Page 23 of 86

Installing Ekran Clients

Page 24 of 86

Convenient Ekran Client installation:• Local:

o Linux Clients (via tar.gz file)o Windows Clients

using installation file with default parameters using generated package with customized

parameters • Remote (for Windows Clients)

Remote Installation

Select computers to install Clients on

Customize installation parameters

The Clients are successfully installed!

Target Computers for Remote Installation

Page 25 of 86

• Scan your local computer network• Define a range of IP addresses to search the target

computers• Simply enter target computer names

Monitoring Parameters

Page 26 of 86

Client Monitoring

Page 27 of 86

The data the Client sends is stored in the form of deltas (differences between a newer screen capture and an older one) to minimize storage space.Recorded information is saved in an easy-to-review and easy-to-search form:• The name of the launched application• The title of the active window• Entered URL• Text entered via user’s keyboard (keystrokes)• Commands executed in Linux (both from user input & by

running the scripts)• The information on plugged-in USB devices

Screen Capturing

Page 28 of 86

Ekran Client screen capture creation is event-triggered by default. You can configure the Client to capture active window only.

URL Monitoring

Page 29 of 86

Ekran Client monitors URLs entered in web browsers.You can configure the Client to monitor full URLs or domains of top and second level only.

Keystroke Logging

Page 30 of 86

Ekran Client captures all text entered through the user’s keyboard and adjusts it for better comprehension.Use a special Viewing keystrokes permission to limit user access to this sensitive data.

Keyword-Triggered Monitoring

Page 31 of 86

You can configure Ekran Client to start monitoring and creating screen captures only after detecting the defined keywords entered by the user.

Application Filtering

Page 32 of 86

Ekran System allows you to define the filtering rules for websites/applications to adjust the amount of monitored data and exclude the areas where private information can be observed to comply with corporate policy rules and country regulations related to user privacy.

Privileged User Monitoring

Page 33 of 86

Monitor the activity of users logging in under privileged user accounts.

Client Group Settings

Page 34 of 86

You can define the settings for a Client Group and then apply them to the Client to save your time.

Client Protection

Page 35 of 86

Protected Mode

Page 36 of 86

Ekran System allows you to protect the Client and its data by enabling the Protected Mode.The usage of Protected Mode has the following advantages:• Prevention of Client uninstallation.• Prevention of stopping Client processes.• Prevention of editing Client system files and logs.• Prevention of editing Client settings in the registry of the

Client computer.• Prevention of modification, removal, and renaming of Client

files.

Client Uninstallation

Page 37 of 86

Users, including privileged ones, are unable to stop the Client working on their machines, as well as remove the Client locally without the Administrator assistance.

Only Ekran System Administrator knows the uninstallation key defined prior to Client installation and necessary for local removal.

Advanced User Authentication

Page 38 of 86

Advanced User Authentication

Page 39 of 86

Advanced user authentication allows you to achieve two goals: • Monitor users’ activity on the computer when multiple users

use the same credentials to log in.• Improve your security by limiting the access to the specific

users who know secondary authentication credentials.

Advanced User Authentication

Page 40 of 86

The Ekran System Client requests entering credentials before allowing a user to work with Windows Server.

One-Time Password

Page 41 of 86

Enterprise Edition Ekran System provides the administrator with a unique ability to generate a one-time password for a user to login to the Client computer with Windows Server OS.

One-Time Password

Page 42 of 86

The user can request a one-time password directly from the secondary authentication window displayed on login to Windows Server.

Notifying Users about Being Monitored

Page 43 of 86

Notifying Users about Being Monitored

Page 44 of 86

To follow the security policy of your company or your country regulations, you can:• Enable displaying an additional message on user logging in to

notify the user that his or her work is being monitored.

• Display a Client tray icon with the notification about monitoring to the user.

Notifying Users about Being Monitored

Page 45 of 86

• Require the users to enter the comments to the additional message displayed on their login to the Client computers.

User Blocking

Page 46 of 86

User Blocking Overview

Page 47 of 86

Ekran System allows you to block users performing potentially harmful and forbidden actions on computers with Windows Server operating system with Ekran Clients installed on them. Users can be blocked from both Live and Finished sessions.

User Blocking Overview

Page 48 of 86

The user desktop is blocked, and after the defined time interval the user is forcedly logged out. If the blocked user tries to log in to the Client computer, the system does not allow him/her to do so.

Viewing Blocked User List

Page 49 of 86

The Blocked User List contains information on who, where, and when was blocked. To allow the users access to the Client Computer, remove them from the list.

Viewing Sessions

Page 50 of 86

Searching Data in Session List

Page 51 of 86

Ekran Management Tool allows searching in the recorded sessions. Search is performed by different parameters:• For Windows Clients: active window title, application name,

user name, Client name, visited URL, entered keystrokes, user’s comment to the additional message, USB device information.

• For Linux Clients: commands and command parameters.

Viewing Live Session

Page 52 of 86

Ekran System allows you to perform monitoring of user activity in real time.You can connect to a Live session and observe the activities a user is performing at the given moment.

Magnifying Glass

Page 53 of 86

You can enlarge certain parts of the video in the Session Player by using the Magnifying Glass.

Forensic Export

Page 54 of 86

With Ekran System Forensic Export, you can:• Export a monitored session or its part to a securely

encrypted file.• Investigate the recorded user activity in the in-built offline

session viewer.• Present evidence in forensic format to the third parties.

Alerts

Page 55 of 86

Setting Up Alerts

Page 56 of 86

Ekran System allows you to enable quick incident response using alert notifications:• Set up alerts about suspicious user activity on the Client

computers. • Specify individuals to receive instant alert notifications via

email or in the Tray Notifications application.

Default Alerts

Page 57 of 86

Ekran System contains a set of default alerts prepared by the vendor security experts. They will alarm you about data leakage, potentially fraudulent, illicit, or work-unrelated activities.

Alerts in Session Player

Page 58 of 86

Monitored data associated with alert events is highlighted in different colors in the Session Player according to alert risk level.

Alerts in Alert Viewer

Page 59 of 86

You can view detailed information on all alert events as well as screen captures associated with them in a special viewer.

Receiving Alerts

Page 60 of 86

Receive alert notifications in real time, review them in the Ekran System Tray Notifications journal, and open the session with the alert-related data in the Session Player.

USB Monitoring

Page 61 of 86

USB Monitoring Overview

Page 62 of 86

Ekran System provides two types of monitoring USB devices plugged into the Client computer:

• USB-based storage monitoring, to view information on the devices detected by Windows as mass storage and receive alert notifications.

• Kernel-level USB monitoring, for an in-depth analysis of plugged-in devices and their blocking.

Setting Up Kernel-level USB Rules

Page 63 of 86

Ekran System can detect USB devices connected to a computer, alert you on device plugging in, and block their usage (either all devices of a certain class or all except the allowed devices) on a Client computer.

USB-Based Storage Monitoring

Page 64 of 86

USB-based storages are automatically detected on being plugged in.

Kernel-Level USB Monitoring

Page 65 of 86

Screen captures created on USB devices being plugged in or blocked are highlighted in the Session Viewer.

Dashboards

Page 66 of 86

Dashboards Overview

Page 67 of 86

The dashboards offer a convenient real-time view of the most useful data grouped in one place.Customize the dashboards on the Management Tool Home page by adjusting their look and settings.

Dashboard Types

Page 68 of 86

There are three main types of Ekran System dashboards:• System State Dashboards

o Licenseso Clients o Database Storage Usage

• Monitoring Dashboardso Recent Alertso Latest Live Sessions

• Threat Detection Dashboardso Sessions out of Work Hourso Rarely Used Computerso Rarely Used Logins

System State Dashboards

Page 69 of 86

Clients Database Storage Usage

Licenses

Monitoring Dashboards

Page 70 of 86

Recent Alerts

Latest Live Sessions

Threat Detection Dashboards

Page 71 of 86

Rarely Used Computers Rarely Used Logins

Sessions out of Work Hours

Interactive Monitoring

Page 72 of 86

Interactive Monitoring Overview

Page 73 of 86

You can filter out data by three parameters: • Who: filter by a specific user logged into the Client computer.• Where: filter by a specific Client.• When: filter by the time period.Additionally, you can set the order of bars being displayed, using the Applications and URLs filters.

Data is displayed in the form of two column charts (Application Monitoring chart and URL Monitoring chart).To see the list of application/website entries, click on the column with the application/website name.

Application Monitoring Chart

Page 74 of 86

This chart provides information on the application usage frequency. You can also use this chart to analyze information on the most rarely used applications and detect any threats and suspicious activity on investigated computers.

URL Monitoring Chart

Page 75 of 86

This chart provides information on the website visiting frequency. You can also use this chart to analyze information on the most and least visited websites and detect potentially harmful activity on investigated computers.

Reports

Page 76 of 86

Reports & Statistics

Page 77 of 86

Ekran System Reports provide the full overview of the time spent in applications and on websites visited on the user’s machine. Generate a highly customizable report ad-hoc or schedule sending reports to your email on a daily, weekly, or monthly basis.The reported activity can include alerts, launched applications, visited web-sites, plugged-in/blocked USB devices, and executed Linux commands.

Scheduled Reports

Reports & Statistics

Page 78 of 86

The reports can be generated manually at any time for any time period. Manual Report

Generation

Report Types

Page 79 of 86

Activity summary report

Activity pie chart report

Activity chart report

Report Types

Page 80 of 86

User statistics report

Report Types

Page 81 of 86

Session grid report

Report Types

Page 82 of 86

Alert grid report

Keystroke grid report

Report Types

Page 83 of 86

URL pie chart reportURL summary report

URL chart report

Report Types

Page 84 of 86

USB storage grid report

Kernel-level USB storage grid report

Report Types

Page 85 of 86

In the Linux grid report, you can view all exec* and sudo commands executed on Linux Client computers.

Linux grid report

Visit us online:www.ekransystem.com

Page 86 of 86