Privileged Account Security solutions, such as CyberArk, became almost mandatory for larger data centers – definitely in case of critical infrastructures. They support your compliance by managing the passwords of your privileged users, recording their screen while working on given systems, and by strict policies it’s only allowed for privileged users to work when their sessions are recorded.

In case of mainframes, in order to comply with this regulation, the 3270 emulation session has to be established from specific servers for guaranteeing the required recording; the same is true for any session via PUTTY, FTP, etc. Accordingly it has to be detected, such as via the given SIEM solution, if someone tries to bypass this session recording obligation by connecting from outside the Privileged Account Security solution’s surveillance scope. For properly detecting any bypassing a corresponding monitoring is required on the mainframe.

All SF-Sherlock users may now participate in our latest experience to establish such a bypass detection. A set of specialized filters has been developed to select and forward all required details to your SIEM solution – almost spoon-ready for an easy filter and correlation definition.