Who is doing what on your network?

Over the past few months, while talking to customers, the topic of Zero Trust Architecture keeps coming up. Seemingly everyone is thinking of implementing the model – which we fully encourage! One of the core components of the principle is the ability to inspect and log all network and system traffic. This often leads me to highlight how Akamai’s Enterprise Application Access (EAA) solution provides visibility for our customers into the number of third party contractors connecting into their infrastructure – insight often unavailable with traditional access solutions. With a traditional access solution, contractors are allowed into the network by configuring a VPN and establishing an SSH session or exposing devices/appliances in the DMZ.

When utilizing these traditional solutions, there are a few key questions:

  • How do you set up access credentials?
  • How do you prevent a compromised machine from connecting?
  • How much work is required to give access to the contractor?
  • How can you track what the contractor has done in each session that they log?

While there are even more questions to ask, let’s discuss the last point further. We are talking about visibility into what contractors (or other users) are doing. Take this example: what if one of the systems that your contractors access goes down? Your first step would probably be to access the system to check on the audit trails/logs in order to determine what went wrong. But, what if the system has crashed and you are unable to access the console? How can you find out what command was invoked? Did someone change key files? Did they enter a wrong command?

In the same scenario, but with EAA, you would have had visibility into all of the above. EAA provides SSH audit logging functions for every application. This eliminates the administrator need to log in to the server to find out exactly what happened. SSH audit logs can be downloaded directly from the EAA Management Portal. Additionally, the visibility capabilities don’t just apply to SSH sessions. EAA also has application logs that show HTTP/S request information.

Coupling this with the additional features of EAA, such as built-in MFA, application bridging and SSO, shows that EAA is a unique platform with a great deal of features and benefits. 

Adopting cloud-based solutions like EAA is one of the best ways I can help my customers utilize the zero trust model. Interested in learning more about how Akamai can solve your third-party access needs, or want more visibility into your network? Visit Akamai.com/eaa for more information.

BTan1.png

Figure 1. SSH Audit Report Page. 

BTan2.png

Figure 2. SSH Audit Example.

 

*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Benny Tan. Read the original post at: http://feedproxy.google.com/~r/TheAkamaiBlog/~3/QSRJdE7V974/who-is-doing-what-on-your-network.html