Privileged Activity Monitoring Shell Control Box is an activity monitoring appliance that controls privileged access to remote IT systems, records activities in searchable, movie-like audit trails, and prevents malicious actions. SCB is a quickly deployable enterprise tool with the widest protocol coverage on the market. It is completely independent from clients and servers - integrating seamlessly into existing infrastructures.

1. Yves Van Tongerloo // Sales Manager Belgium|Netherlands|Luxembourg
yves.van.tongerloo@balabit.com

2.  15 years in network security
 Global leader in
 privileged user monitoring and
 log management
 +30% annual growth in the last 5 years
 1 million (!) installations worldwide
 Half of Fortune50 among clients
 Headcount: 170
 60% developers and system engineers
 Global partner network
 100 partners in 40+ countries
THE SYSLOG-NG
COMPANY

3. Partnerships & Certifications
 ISO 9001:2009 certified company
 Awarded to Deloitte Technology Fast 50 CE List (2009-2013)
 Appliance performance validated by West Coast Labs (leading test facility, US)
 SCB in TOP25 Must Have Software Applications by Computer Technology Review
 Citrix Ready PLUS Partner
 VMware Technology Alliance Partner
 Microsoft Communication Protocol Program (MCPP) Partner
 Lieberman Technology Integration Partner
 Thycotic Technology Alliance Partner

4. TELCO / IT
REFERENCES ///
FINANCE
6
OTHER
INDUSTRIES

5. New Trends - New Human Threats
„50% of enterprises use
hybrid cloud by 2017”
„87% of connected devices
sales by 2017 will be
tablets and smartphones”
„1 in 5 enterprises have
experienced an APT attack”

6. Privileged User Fraud
88% of all internal misuses are caused by privilege abuse
71% of all internal misuses are made via LAN access (21% via remote access)
Use of stolen credentials was the top threat action in 2013
Only 1% of security incidents are discovered through log reviews*
* Source: Verizon 2014 Data Breach Investigations Report

7. SHELL CONTROL
BOX
9

8. CONTROL
MONITORING
PREVENTION 9

9. TRANSPARENT
PROXY SOLUTION
USE
STANDARD TOOLS
10
IT Staff
Outsourcing
partners
Managers
Firewall,
Network devices,
Databases,
Web/file servers,
Citrix serverVDI users

10. IT Staff
Outsourcing
partners
Managers
Firewall,
Network devices,
Databases,
Web/file servers,
Citrix serverVDI users
NO AGENTS
11
TRANSPARENT
PROXY SOLUTION

11. TRANSPARENT
PROXY SOLUTION
TAMPER-PROOF
EVIDENCE
12
IT Staff
Outsourcing
partners
Managers
Firewall,
Network devices,
Databases,
Web/file servers,
Citrix serverVDI users

12. GRANULAR
CONTROL
ENHANCED
AUDIT
EASY
DEPLOYMENT
MULTI PROTOCOL
TRANSPARENT
INDEPENDENT
PROXY GATEWAY
4 EYES
AUTOLOGON
CHANNEL CONTROL
FILE TRANSFER
ANALYZE
REAL TIME
BLOCKING &
ALERTING
MALICIOUS
ACTIONS
MOVIE-LIKE PLAYBACK
FULL-TEXT SEARCH
PCAP EXPORT
FILE RETRIEVAL
KEY // BENEFITS
13

13. Our Key Customers Say

14. Purchasing Drivers
Compliance
International standards
Local legislation
Company policy
Security
Monitor IT staff
Control outsource & cloud admins
Audit terminal services users
Operational Efficiency
Fast Troubleshooting &
Forensics
Quick audits

15. Telenor Group
 Challenge: Control third-party providers’ (encrypted) access to critical network zones
 Solution: Monitoring encrypted (SSH) administrative sessions by SCB
 Benefit: transparent audit of a key admin protocol that otherwise is inaccessible to audit.
Central Bank of Hungary
 Challenge: Enhancing the protection of the mission-critical currency-system
 Solution: SCB to audit IT operators working in VMware View (thin-client) environment
 Benefit: Increased accountability of the banking IT staff
Ankara University, Turkey
 Challenge: Prevent another data loss on externally managed servers
 Solution: SCB to control and monitor remote desktop (RDP) and SSH connections of
externally supported servers
 Benefit: Mitigated risk of data loss in IT outsourcing processes
Use Cases – Security
https://www.balabit.com/company/references

16. Leading bank, Germany
 Challenge: The bank’s ATM network broke down due to a wrong command
executed by a remote ATM admin
 Solution: Record all actions of ATM admins by SCB
 Benefit: By searching & replaying the relevant working session, the bank
identified and solved the problem in hours.
Major mobile provider, Russia
 Challenge: The provider’s mobile network partially stopped after a junior operator
misconfigured a critical network router
 Solution: Record all actions of network operators by SCB
 Benefit: By replaying the relevant session, the provider identified the problem and
restored the network rapidly.
Use Cases – Operational Efficiency
https://www.balabit.com/company/references

17. Use Cases – Compliance
https://www.balabit.com/company/references
Fiducia IT AG – financial IT services provider, Germany
 Challenge: Audit administrative access to private banking information to comply with BaFin
requirements
 Solution: SCB monitors all internal & external administrative access to data center (8,000 UNIX/
Linux servers)
 Benefits: Smoothly passing supervisory audits
SIA SSB Group - financial provider, Italy
 Challenge: Audit access of 200 administrators’ to credit card data for PCI DSS compliance
 Solution: SCB controls and monitors the administrators’ sessions to sensitive servers
 Benefit: Full compliance with PCI DSS w/o business disruption
Major telecommunication provider, Taiwan
 Challenge: Audit remote accesses to the 3G network infrastructure for ISO 27011 compliance
 Solution: SCB monitors remote access of internal and external network operators
 Benefit: Full compliance with ISO 27011 and with company access policies.

18. CONTROL
4-EYES
///
15
Authorizer Auditor

19. SHARED
ACCOUNTS
///
External IM
AD / LDAP …
WHO?
16
Client
Server side
auto-logon
Hiding the
password
Server
Retrieve credentials
for the host-user pair
Credential Store
(local or remote)
Audited connection paused until
gateway authentication is successful
Gateway authentication on SCB
Authentication on
the server using
data from the
Credential Store

20. REAL-TIME
ANALYSIS
///
>1234 5678 9123 4567
>scp financial.db
Command detection
Screen-content detection
>cat cred
Window-title detection
17
Never
reaches
other side

21. LICENSE // APPLIANCE
T1 T4 T10 VM
Single QuadCore CPU Single QuadCore CPU Dual 6-Core CPU n/a
8 GB 8 GB 32 GB n/a
1 TB
Software RAID
4 TB
Hardware RAID
10 TB
Hardware RAID
n/a
Redundant PSU
Redundant PSU
Spare disk
n/a
HA HA HA NO
10 -> 500
Protected Hosts
10 -> 5000
Protected Hosts
100 -> Unlimited
Protected Hosts
10 -> Unlimited
Protected Hosts
19

22. Benefits for the IT
 Turnkey appliance for privileged user monitoring
 Centralized authentication & access control
 Faster and higher quality security audits
 Lower troubleshooting and forensics costs
 Fast deployment, low OPEX
 Easy scalability and HA option
 Direct 7/24 vendor support (option)

23. Benefits for the Business
 Greater chance of passing supervisory audits
 Closer employee & partner control – verified SLAs
 Improved accountability of staff
 Reduced number of human errors
 Strong evidence in legal proceedings
 Enhanced security against human threats

24. Thank you for your attention!
Yves Van Tongerloo // Sales Manager Belgium|Netherlands|Luxembourg
yves.van.tongerloo@balabit.com