Professional Documents
Culture Documents
Page 2 of 147
System Overview
Page 3 of 147
About the System
Privileged
Privileged Flexible
Employee Work Password
Activity Deployment and
Control and Session
Monitoring Licensing
Management
Ekran System allows • Are you interested in Ekran System helps Ekran System supports
the creation of your company's you to provide the widest range of
indexed video records security? privileged access platforms and
of all concurrent • Do you want to know (PAM) to critical assets infrastructure
Windows, Citrix, and what your employees and meet compliance configurations on the
Linux terminal do during work requirements by market, delivering
sessions on your hours? securing, managing reliable deployments of
servers, and the • Do you want to and monitoring any size, from piloting
recording of remote control the use of privileged accounts dozens to tens of
and local sessions on sensitive and access. thousands of endpoints.
workstations, information? Flexible licensing helps
including Windows, to fit it into your budget
macOS and Linux. and address project
changes.
Page 4 of 147
About the System
You can record all terminal, remote, and local user sessions and
alert security personnel to suspicious events.
The Main Components of Ekran System
Components installed on
The GUI component The main component
the target computer to
used for system used for storing data
monitor user activity and
management & obtained from Client
send it to the Application
session viewing computers
Server
Page 5 of 147
The Basic Deployment Scheme
Page 6 of 147
Large-Scale Deployments
Page 7 of 147
High Availability Mode
Page 8 of 147
Multi-Tenant Mode
Page 9 of 147
The Ekran System Application Server
& the Management Tool
User management, permissions,
Active Directory integration,
Management Tool settings
Page 10 of 147
The Management Tool
Page 11 of 147
Tenant Management
Page 12 of 147
User Management & Permissions
Page 13 of 147
Active Directory Integration
Page 14 of 147
Active Directory Integration
Page 15 of 147
The Audit Log
Audit all user activities performed in the Management Tool via the
Audit log which contains detailed information on all changes.
Page 16 of 147
Database Management
Page 17 of 147
Database Configuration
Page 18 of 147
Database Cleanup
You can configure a cleanup (or archive & cleanup) operation that
can be applied either to a specific Client or to a Client group.
Page 19 of 147
Database Archiving
It is good practice to archive and delete old monitored data from the
database regularly to avoid running out of space on the Application
Server computer, and to save the monitored data in secure storage.
Page 20 of 147
Database Archiving
You can view the archived sessions in your archived database in the
Session Viewer and perform searches on the data in the usual way at
any time.
Page 21 of 147
Database Parameters
Page 22 of 147
Isolating the Database from Clients
You can disconnect all Clients from the database to make them
go offline, so as to fix any issues with the database, and perform
database cleanup and maintenance without stopping the Ekran
System Application Server. Once database operation is restored,
you can bring all Clients back online in just one click.
Page 23 of 147
SIEM Integration
Ekran System integrates with your SIEM system by using the log files
of monitored events.
Page 24 of 147
Advanced SIEM Integration
Page 25 of 147
Advanced SIEM Integration
Ekran System allows the sending of records about alert events and
monitored data directly to SIEM systems such as Splunk, ArcSight,
and QRadar.
Page 26 of 147
Licensing
Types of licenses, serial key
management and floating endpoint
licensing
Page 27 of 147
Licensing
Page 28 of 147
Licensing
Page 29 of 147
Serial Key & License Management
You can request a Trial serial key for 30 days to deploy the system and
review its features, including those in the Enterprise Edition, and also
update the product during this period.
To use Ekran System for a longer period, and with a greater number of
Clients, the product needs to be licensed by activating purchased serial
keys on the computer with the Ekran System Application Server installed.
You can use either Permanent keys, or Subscription keys.
Page 30 of 147
The Enterprise Serial Key
Page 31 of 147
Floating Endpoint Licensing
Ekran System is currently the only such product on the market to offer
floating endpoint licensing.
This unique functionality allows you to reassign licenses between Clients both
manually “on the fly”, and automatically, so that you only need to purchase the
amount of Ekran System Workstation Client licenses corresponding to the
maximum possible number of simultaneously active Clients.
Page 34 of 147
Installing Ekran System Clients
Remote Installation
Page 35 of 147
Target Computers for Remote Installation (Windows Clients)
Page 36 of 147
Updating Ekran System Clients
After the Ekran System Application Server is updated to a new version, all
Clients are automatically updated to the same version on their next connection
to the Application Server.
If you want to personally supervise the update process of the target Clients,
you can disable the Update Client automatically option for them.
Page 37 of 147
Monitoring Parameters
Page 38 of 147
Client Monitoring
The screen captures that the Client sends are stored in the form of
deltas (the differences between a newer recorded screen capture
and an older one) to minimize storage space.
Page 39 of 147
User Activity Recording
Page 40 of 147
URL Monitoring
Page 41 of 147
Keystroke Logging
Page 42 of 147
Keyword-Triggered Monitoring
Page 43 of 147
Clipboard Monitoring
Ekran Client captures all text data which is copied or cut and then
pasted into documents, files, applications, the browser address bar,
etc, on Windows Client computers.
You can set an alert to be triggered whenever a user copies or pastes
information.
Page 44 of 147
Application Filtering
Ekran System allows you to define filtering rules for websites and
applications to adjust the amount of monitored data and to exclude
areas where private information can be observed, so as to comply
with corporate policy rules and country regulations related to user
privacy.
Page 45 of 147
Monitoring Time Filtering
Page 46 of 147
Remote Host IP Filtering
Page 47 of 147
SWIFT Username Monitoring
Ekran System allows the username used for logging in to the SWIFT
network to be recorded, so that you can easily identify such users.
Page 48 of 147
Privileged User Monitoring
You can also monitor the activity of users logging in under privileged
user accounts.
Page 49 of 147
Bandwidth Usage Reduction
Page 50 of 147
Client Group Settings
You can define the settings for a Client group, and then apply them
to Clients, so as to save time.
Page 51 of 147
Monitoring using Linux Clients (X Window System)
Page 52 of 147
Monitoring via Linux Clients (Remote Sessions)
Page 53 of 147
Monitoring via Linux Clients (Local Sessions)
Page 54 of 147
Detection of Disconnected Clients
Page 55 of 147
Detection of Disconnected Clients
Page 56 of 147
Viewing Disconnected Clients
You can view all Clients that are offline for more than a specified
time period on the Offline Clients page.
Page 57 of 147
Client Protection
Page 58 of 147
Protected Mode
Ekran System allows you to protect Windows Clients and their data
by enabling Protected mode.
Page 59 of 147
Client Uninstallation
Page 61 of 147
Advanced User Authentication
Page 62 of 147
Secondary User Authentication (Windows Clients)
Page 63 of 147
One-Time Passwords (Windows Clients)
Page 64 of 147
One-Time Passwords (Windows Clients)
Page 65 of 147
Secondary User Authentication (Linux Clients)
Page 66 of 147
Two-Factor Authentication
Page 67 of 147
Two-Factor Authentication
Page 68 of 147
Two-Factor Authentication
You can add users who you want to be allowed to log in to Windows
and Linux computers with Clients installed using time-based one-
time passwords (TOTP) generated by TOTP mobile applications.
Page 69 of 147
Two-Factor Authentication
The Ekran System Client prompts the user to enter a TOTP to access the
system.
Page 70 of 147
Password Management
Page 71 of 147
Password Management
Page 72 of 147
Adding a Secret
Page 73 of 147
Logging in Using a Secret
Page 74 of 147
Viewing Secrets in Sessions
You can easily find the user sessions in which a specific secret was
used. In addition, the secret data is highlighted in blue in the
Session Player so you can also quickly find it within the session.
Page 75 of 147
User and Entity Behavior Analytics
Page 76 of 147
User and Entity Behavior Analytics
Ekran System User and Entity Behavior Analytics (UEBA) allows you to
better protect your system from malicious and illicit insiders.
Page 77 of 147
User and Entity Behavior Analytics
Add a user behavior rule to view user profiles and analyze sessions with
the detected anomalies, and get timely notified about risky user activity.
Page 78 of 147
User and Entity Behavior Analytics
Page 79 of 147
Administrator Approval
on Login
Page 80 of 147
Administrator Approval on Login
Page 81 of 147
Administrator Approval on Login
Page 82 of 147
Administrator Approval on Login
Page 83 of 147
Administrator Approval on Login
Only after the trusted user confirms the user’s access request, the user
is allowed to access the system.
Page 84 of 147
Access Request and Approval
Workflow
Page 85 of 147
Access Request and Approval Workflow
Page 86 of 147
Access Request and Approval Workflow
Page 87 of 147
Access Request and Approval Workflow
Page 88 of 147
Notifying Users about
Being Monitored
Page 89 of 147
Notifying Users about Being Monitored
Page 91 of 147
Notifying Users about Being Monitored
Page 92 of 147
Notifying Users about Being Monitored
Page 93 of 147
Blocking Users
Page 94 of 147
Blocking Users Overview
Page 95 of 147
Blocking Users Overview
The user desktop is blocked, and after a defined time interval the
user is forcibly logged out.
If the blocked user then tries to re-log in to the Client computer, the
system will not allow them to do so.
Page 96 of 147
Viewing the Blocked Users List
The Blocked Users List contains information on when, and why users
were blocked.
To allow users to access Client computers again, remove them from
the list.
Page 97 of 147
Viewing Sessions
Page 98 of 147
Searching the Data in the List of Sessions
Page 99 of 147
Viewing Live Sessions
You can enlarge any area of the video in the Session Player by using
the Magnifying Glass.
Licenses
Recent Alerts
Ekran System reports provide a full overview of the time spent using
applications and on websites visited on the user’s computer.
You can generate a highly customizable report either ad-hoc or you
can schedule the sending of reports to your email on a daily, weekly,
or monthly basis.
The reported activity can include alerts, applications launched,
websites visited, USB devices plugged-in/blocked, and Linux
commands executed.
Scheduled Reports
Reports can be generated manually at any time for any time period.
In the Linux Grid Report, you can view all exec* and sudo commands
executed on Linux Client computers.
Date & time format configuration allows you to define the date and
time format for the Management Tool and the Application Server.
Custom logo settings allow you to use of any custom graphics file
instead of the default logo on Client notifications during secondary
user authentication, user blocking, etc.
Custom Reports settings allow you to use any custom graphics file
instead of the default logo in reports. You can also add header and
footer text to the reports.
Ekran System allows you to view the current resource usage by the
Ekran System Application Server process:
• CPU Usage by the Application Server process
• Memory Usage by the Application Server process
• The Database State