Citrix developed Session Recording Technology for Citrix customers in highly regulated industries like healthcare, finance and government. Enterprises operating in these industries are required to monitor, record and examine internal user activity in applications that deal with confidential information or sensitive workflows.
In addition to helping these customers pass regulatory compliance and security audits, other customers have used Session Recording to troubleshoot end user performance issues, along with using it as a precautionary measure to deter malicious behaviour from employees and protect the enterprise from internal threats.
Citrix Session Recording Technology (SRT) allows customers to record the on-screen activity of any user session running on XenApp Platinum or XenDesktop Platinum editions. Session Recording thus complements the ammunition of security features deployed in and around XenApp/XenDesktop deployments for external threats.
Building on top of this security from internal threats, we have added an administrator logging feature in the latest release of Session Recording (Session Recording 7.11), which chronicles all actions executed by administrators along with timestamp, task category, Session Recording component on which the action was carried out, details of action, administrator username who carried out the action and other details. See a sample log table below:
Built-in capability to make administrator actions auditable has been an ask from many of our customers. And understandably so, as administrators gone rogue is generally perceived as one of the biggest insider threats to corporate networks.
Monitoring access and actions of privileged users, such as the role of Session Recording administrators, is also mandated by regulatory compliance standards of healthcare, finance and other industries, including HIPAA, PCI-DSS and SOX. Administrator logging for Session Recording is designed to cater to all these security and compliance requirements from our customers.
This feature will enable enterprises to do privileged user monitoring and enforce accountability for administrators by tracking their actions. So, for example, just like a hospital employee accessing a patient’s record over a XenApp published application will create a recording and thus leave auditable evidence, an administrator will also leave a trail in a tamper-proof log every time they play back a recording of a doctor’s session, who in turn had accessed a patient’s record within their session.
Key highlights of Administrator logging with Session Recording
The screenshot below shows a log-entry corresponding to an administrator retrieving and playing back a recording file in Session Recording player:
As you can see, the log shows the timestamp of the action, details of action (session-file download), the administrator’s identity and the file-id of the recording file retrieved. The file-id shown in this log can be searched within the Session Recording player console to figure out details like which user does this recording correspond to?
In another case, if an administrator modified the Session Recording policy configuration to exempt a certain user or a certain application from being recorded, then that policy change will be captured in the log and easily tracked back to the individual administrator. The screenshot from the administrator log below recorded an administrator enabling a Session Recording policy with a filter on machine name, application name and user id.
Administrator logging also captures any changes in configuration of Session Recording server. For example, when an administrator configures or edits settings like roll-over file size or roll-over time then it is captured like this:
And finally, what if—to evade all of this—the administrator tries to disable the logging feature? We have designed administrator logging such that it is self-monitoring as well. So when an administrator enables or disables this logging feature, that action will also be logged as an entry.
With this new administrator logging feature, all actions performed within Session Recording become auditable thus increasing accountability on the administrator’s part, deterring any malicious behaviour and improving overall security of the enterprise IT environment.
Try it now!
To take advantage of the new administrator logging feature, upgrade to Session Recording 7.11 today. Simply log into your Citrix account and select XenApp or XenDesktop from the product menu to access the latest Platinum Edition and components. For further information, please refer to the Session Recording documentation.