Balabit SCB App for Splunk

Privileged users, such as system administrators, IT vendors or powerful business users pose security risk for Splunk customers managing sensitive data. Actions of a malicious administrator or a privileged account hijack-based cyber-attack can go undetected for months while causing huge damage for the business. Shell Control Box (SCB) is a user monitoring appliance that controls privileged access to remote IT systems, records activities in searchable, movie-like audit trails, and prevents malicious actions. With the Balabit SCB App security events managed by Splunk Enterprise are extended by privileged user activities captured by Shell Control Box. Daily security operation tasks are greatly simplified, as it is no longer necessary to manually download and inspect user-related logs, as all the information is searchable and visualized in the Splunk web GUI. By having a complete, tamper-proof evidence about privileged users' access, you will be in a better position to prevent APT attacks. Tested with SCB 4F2