A startup company in China, BMST Co. Ltd., is bringing security managers and auditors a ground-breaking product which can audit SSH and Windows Remote Desktop Protocol (RDP) as a network bridge transparent to the upper layer applications. The product is named Session Auditor. It can record, replay, query, correlate those session data from most of popular protocols used in the daily network and system maintenance and operations, such as SSH, RemoteDesktop(RDP), Telnet, FTP, HTTP, Rlogin, VNC, and even those SQL query in Oracle, Sybase, MS SQL and etc. The most brilliant point is its unprecedented audit capability to the two most popular encrypted protocols, ie. SSH and RDP, making it unique in the competition against common sniffer products as well as forensics tools.
The founders of BMST have put their product at much larger background – the wave of compliance.
In the wake of Enron and WorldCom the role of internal auditors in corporate governance has taken on whole new meaning. Compliance is a long journey that enterprise excutives and IT managers have to take. Although there have been too much in your work breakdown structure task list, however, “Audit” is the right one that you can never overlook for seconds. Audit systems help executives assure everything runing as expected and defined.
Generally speaking, “audit system” for information systems are seperated into two kinds, one is management layer auditing, another one is technical layer auditing. The former is mapped to those auditing tools, particularly based on best practices and standards, such as ISO27001(BS7799), Cobit. But as to the technical layer auditing, there are too many tools and approaches in IT managers’ table. Typically it’s implemented by those log collection and analysis tools in the IDC’s security product category of SIEM(Security Information and Event Management). Those logs are designed to record only the event results, without the details of the activities and operations. In other words, if security managers and auditors want to do in depth investigation and forensics, those logs can’t help any more.
BMST’s Session Auditor can help. It’s an outstanding in-depth investigation and forensics tool. With its huge built-in storage (up to 2T Bytes), SA can record up to 5 months of network traffic in a wire speed fast ethernet (100Mb/s) environment without missing any packet.
This post was also published at sbin.cn.
My new blog at sbin.cn
January 30, 2007Due to the publicly known reasons, this blog at wordpress.com has been not accessible at China for a long time till last Spring festival (Feb.2006). It’s very difficult for me to update and manage this blog, while most of my readers from mainland can not read it since then. So I decide move it to a new site with good performance.
Hope you guys can change your bookmark and RSS feeds. I am sorry for the unconvenience for this move. Thanks for the great pleasure WP community gave me.