Ground-breaking audit tool for SSH and Windows Remote Desktop Protocol (RDP)
A startup company in China, BMST Co. Ltd., is bringing security managers and auditors a ground-breaking product which can audit SSH and Windows Remote Desktop Protocol (RDP) as a network bridge transparent to the upper layer applications. The product is named Session Auditor. It can record, replay, query, correlate those session data from most of popular protocols used in the daily network and system maintenance and operations, such as SSH, RemoteDesktop(RDP), Telnet, FTP, HTTP, Rlogin, VNC, and even those SQL query in Oracle, Sybase, MS SQL and etc. The most brilliant point is its unprecedented audit capability to the two most popular encrypted protocols, ie. SSH and RDP, making it unique in the competition against common sniffer products as well as forensics tools.
The founders of BMST have put their product at much larger background – the wave of compliance.
In the wake of Enron and WorldCom the role of internal auditors in corporate governance has taken on whole new meaning. Compliance is a long journey that enterprise excutives and IT managers have to take. Although there have been too much in your work breakdown structure task list, however, “Audit” is the right one that you can never overlook for seconds. Audit systems help executives assure everything runing as expected and defined.
Generally speaking, “audit system” for information systems are seperated into two kinds, one is management layer auditing, another one is technical layer auditing. The former is mapped to those auditing tools, particularly based on best practices and standards, such as ISO27001(BS7799), Cobit. But as to the technical layer auditing, there are too many tools and approaches in IT managers’ table. Typically it’s implemented by those log collection and analysis tools in the IDC’s security product category of SIEM(Security Information and Event Management). Those logs are designed to record only the event results, without the details of the activities and operations. In other words, if security managers and auditors want to do in depth investigation and forensics, those logs can’t help any more.
BMST’s Session Auditor can help. It’s an outstanding in-depth investigation and forensics tool. With its huge built-in storage (up to 2T Bytes), SA can record up to 5 months of network traffic in a wire speed fast ethernet (100Mb/s) environment without missing any packet.
SA Lite is coming. It’s an all-in-one box with lower price. I believe some SMB or customers with light requirement of audit and forensics must be very interested.
It’s said that the current SA can support script languages to edit/add new audit policy. This script is very powerful. Besides SA, a similar product, named SessionGuard (SG) is around the corner to be released. It will support two models: in-line and offline(ie. work via SPAN port), in the same time.
google
ahhhh not a totally software solution. thanks for clearing it up for me
Chris
it’s composed of two hardware boxes, one is 1U rack-mountable which collects data and send them to the second 2U rack-mountable box which is reponsible for processing data. so it’s impossible to download it. thanks for your interests. please check their website: http://www.bmst.net/en/index.htm
i dont see where to download it. am i missing something?
Got it and thanks for the info
Hi, Mike, you are welcome.
Hi there Richard;
How are you? It has been a long time since I talked to you.
I am glad that you guys have completed your work and come up with a fantastic tool for IT Managers.
How can I get one unit along with complete instructions to play with before I commit myself to you as your distributor in US or at least California ?
Thanks.
According to my knowledge, it’s internal maintenance and operation oriented, so as the design, it does’t support Skype at the beginning. Additionally, to decrypt Skype is not practical at this moment, even we have had the news that a team from China has succeeded in breaking the Skype protocol.
sounds a good tool for IT managers, especially for those who have security concerns about their business. The major concerns of IT manager who are looking for auditor tools is that whether or not the tool can capture, record, replay all the traffic they want.
Just one question, can this application decrypt the point to point encrypted data traffic such as Skype?