Imprivata Privileged Access Management Product Update 2.3.202002092319

February 9, 2020

PAM Update: Added active behavior analytics, added recording for RDP Proxy clipboard and file transfer events

This update adds an active behavior analytics component to monitor, log and automate the management of suspicious and undesired user activities.

The update also adds support to record clipboard and file transfer events during sessions made using native RDP clients.

Added active behavior analytics

This update adds an active behavior analytics component to monitor, log and automate the management of suspicious and undesired user activities.

The component monitors the network for too frequent access to sensitive data, excessive content download from managed end-points, uploading large binaries to critical infrastructure or high rate or execution of management functions.

The active behavior analytics component sets in an invisible watch guard that controls access to privileged resources yet do not interfere with the routine administrator's activities.

The active behavior analytics component is capable to record violations in the defined network policies, terminating active sessions to remote servers following rule violation of the associated profile, blocking a suspected account from performing further actions with privileged access or resetting passwords of the affected assets.

Active behavior analytics rules are enforced automatically based on the behavior profiles configuration.

The behavior management component allows blocking malicious actors from performing undesired activities when taking advantage of granted or assumed privileged access.

Added recording for RDP Proxy clipboard and file transfer events

This update adds support to record clipboard and file transfer events during sessions made using native RDP clients with the option to capture the content of transferred files and clipboard.

The option brings the functionality available for a long time for in-browser and SSH Proxy sessions to the remote Windows access established using native RDP clients such as MS mstsc, mobile RDP clients, mRemoteNg, etc.

Clipboard and file transfer events capture event time, user, transferred content size, the remote server information and also the content (clipboard or the file) itself for further investigation. An automatic purge option is available for file transfer events based on the configured retention time.

Added the option to temporarily block users

The update introduces the option to temporarily block users as a quick way to restrict privileged access without modifications in the permission architecture.

The option could be used to suspend and then quickly resume user access during vacation breaks or follow behavior monitoring profiles enforcement until further investigation.

The block option is available for all system users regardless of the source user directory (local, MS Active Directory, eDirectory, etc)