Ground-breaking audit tool for SSH and Windows Remote Desktop Protocol (RDP)

A startup company in China, BMST Co. Ltd., is bringing security managers and auditors a ground-breaking product which can audit SSH and Windows Remote Desktop Protocol (RDP) as a network bridge transparent to the upper layer applications. The product is named Session Auditor. It can record, replay, query, correlate those session data from most of popular protocols used in the daily network and system maintenance and operations, such as SSH, RemoteDesktop(RDP), Telnet, FTP, HTTP, Rlogin, VNC, and even those SQL query in Oracle, Sybase, MS SQL and etc. The most brilliant point is its unprecedented audit capability to the two most popular encrypted protocols, ie. SSH and RDP, making it unique in the competition against common sniffer products as well as forensics tools.

The founders of BMST have put their product at much larger background – the wave of compliance.

In the wake of Enron and WorldCom the role of internal auditors in corporate governance has taken on whole new meaning. Compliance is a long journey that enterprise excutives and IT managers have to take. Although there have been too much in your work breakdown structure task list, however, “Audit” is the right one that you can never overlook for seconds. Audit systems help executives assure everything runing as expected and defined.

Generally speaking, “audit system” for information systems are seperated into two kinds, one is management layer auditing, another one is technical layer auditing. The former is mapped to those auditing tools, particularly based on best practices and standards, such as ISO27001(BS7799), Cobit. But as to the technical layer auditing, there are too many tools and approaches in IT managers’ table. Typically it’s implemented by those log collection and analysis tools in the IDC’s security product category of SIEM(Security Information and Event Management). Those logs are designed to record only the event results, without the details of the activities and operations. In other words, if security managers and auditors want to do in depth investigation and forensics, those logs can’t help any more.

BMST’s Session Auditor can help. It’s an outstanding in-depth investigation and forensics tool. With its huge built-in storage (up to 2T Bytes), SA can record up to 5 months of network traffic in a wire speed fast ethernet (100Mb/s) environment without missing any packet.

This post was also published at sbin.cn.

About these ads

13 Responses to Ground-breaking audit tool for SSH and Windows Remote Desktop Protocol (RDP)

  1. sounds a good tool for IT managers, especially for those who have security concerns about their business. The major concerns of IT manager who are looking for auditor tools is that whether or not the tool can capture, record, replay all the traffic they want.

    Just one question, can this application decrypt the point to point encrypted data traffic such as Skype?

  2. Richard says:

    According to my knowledge, it’s internal maintenance and operation oriented, so as the design, it does’t support Skype at the beginning. Additionally, to decrypt Skype is not practical at this moment, even we have had the news that a team from China has succeeded in breaking the Skype protocol. ;)

  3. Hi there Richard;
    How are you? It has been a long time since I talked to you.
    I am glad that you guys have completed your work and come up with a fantastic tool for IT Managers.

    How can I get one unit along with complete instructions to play with before I commit myself to you as your distributor in US or at least California ?
    Thanks.

  4. Creek says:

    Hi, Mike, you are welcome.

  5. Got it and thanks for the info

  6. i dont see where to download it. am i missing something?

  7. Richard says:

    it’s composed of two hardware boxes, one is 1U rack-mountable which collects data and send them to the second 2U rack-mountable box which is reponsible for processing data. so it’s impossible to download it. thanks for your interests. please check their website: http://www.bmst.net/en/index.htm

  8. ahhhh not a totally software solution. thanks for clearing it up for me

    Chris

  9. Oliver says:

    it was said that the development team was preparing a downloadable software version to ease the oversea partners… ;)

  10. [...] A startup at China, BMST, is exploring a new field in security audit by rolling out their ground-breaking product – Session-Auditor.  That’s good pitch in the hot compliance trends. Compared against those tradional host based audit systems and SPAN-sniffer like audit systems, SA can audit those encrypted protocols transparently, without necessity to install expensive agents at hosts. Another plus of this product is its built-in access control capability. That means you don’t need intranet firewalls to protect your mission critical servers from operation and administration terminals. Just use Session-Auditor. [...]

  11. [...] startup at China, BMST, is exploring a new field in security audit by rolling out their ground-breaking product – Session-Auditor.  That’s good pitch in the hot compliance trends. Compared against those tradional host based [...]

  12. [...] startup at China, BMST, is exploring a new field in security audit by rolling out their ground-breaking product – Session-Auditor.  That’s good pitch in the hot compliance trends. Compared against those tradional host based [...]

  13. [...] KPI (Key Performance Indicator) are setup and monitored to reflect the compliance status. Complete auditing systems are under continuous construction and improvement, while periodic and formal auditing [...]

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: