VISULOX is on the market since over 10 years– in this time many errors and bugs have been fixed, and solutions have been found for customer questions. This article summarizes a few of them.
VISULOX is a software suite developed in Germany by the amitego engineering GmbH for centralized management of remote access of internal and external privileged users (pUser) to the IT infrastructure. For more than ten years, in which VISULOX is on the market, many customers’ requirements have been met. Some of them we have listed here:
|1. General control and documentation obligation|
|Legal regulations and standards on data protection and information security, as well as some other regulations require documentation of accesses and actions of privileged users to the infrastructure. These compliance requirements are essential for many companies to obtain their certification / certificate. VISULOX supports these customers and forms part of the data protection management process.
The VISULOX approach is to make remote access more transparent. By recording the user's interaction as a film and making them aware of it the users work more carefully. Our customers report that errors due administrative access went down.
|2. Data loss|
|VISULOX handles file transfer based on guidelines. These guidelines allow or deny transfer based on direction (in/out) and document any access. We have customers (e.g. automotive suppliers), who have to document file transfers based on their clients security policy and the contract of any file transfer. Administrators often have direct, uncontrolled access to file systems and databases and to secret information that could be disclosed without the knowledge of the company. With VISULOX administrators can access and fulfill admin tasks, also they can upload patches, but cannot download files. This includes a very hot, most forgotten topic: copy & paste allows exporting data, too. With VISULOX copy & paste is also controlled.|
|Service providers use VPN channels for accessing our customer’s network. There have been times, where this was state of the art, but the primary concept of VPN is insecure. VPN only encrypts the communication, so only man-in-the-middle-attacks have no chance to phish data. But what happens, if the client is infected to phish data there? Outsourcing contracts meet this by requesting latest security patches on the client and also other security activates. VISULOX helps here with a different approach, which makes the named parts obsolete. VISULOX splits the client accessing network from the company network by a proxy environment. The communication is encrypted, physically and logically. To add state of the art authentication activities, a Two Factor Authentication is implemented.|
|4. Annual costs of physical tokens|
|One of our telecommunications customers used a CISCO VPN Concentrator with RSA tokens for remote access for each privileged user, regardless of whether it is an internal or external access – resulting in more than 500 tokens. The annual cost of one RSA token is $ 50 (new token, distribution, handling, management). The budget for new acquisitions was $ 25,000. The integrated two-factor authentication of VISULOX uses an existing token (mobile phone, mail), and reduces thereby the costs to a quarter. An additional advantage is the flexibility of this token.|
|5. bIncrease security and additional cost saving|
|5 Increase security and additional cost saving
As VISULOX does not need any client side component and has a better security level than VPN, the customer has a higher flexibility allowing access. The process to permit access is made much faster.
VISULOX provides a standard process for privileged external access to any kind of internal system.
|6. Data retention|
|Access to secret personal information, like the phone connection list, has to be done with special setups. With the regular front-end access personal data is presented in anonymized form to find suspicious communication. If a judge wants the personal information, an extra authorized access is needed. This is all handled by the application; managing this data. But who does the administration and who controls them? VISULOX with his Dual Control mode for applications (enforced four eye principle) solved this problem. Only two admins together at the same time can manage server, database and network components. Because VISULOX can be implemented redundantly, even the administration of VISULOX is done in the Dual Control mode.|
|7. Over charging|
|One customer had the impression that his service provider is overcharging him. Because VISULOX recorded the user's interaction, there is evidence, whether the service provider is only online or working actively.|
|8. Access to production and increase security|
|Manufacturers have production lines with new and old machines. Also for these machines administration tasks have to be done by the machine vendor, where security is not a top priority. To allow a controlled access, also aligned with the company security policy (who, what way and when) for business application, VISULOX helped a customer to give their vendors a controlled access.|
|9. Resolve complex problems quickly|
|A routine operation, such as performing a backup, could lead to problems, if this is done with wrong parameters at the wrong time. A telecommunication company had a big problem, when part of its mobile network went down in the middle of the day, without an apparent cause. Aside from the penalty issued by the Telecommunications Government Agency, they had to make sure that such a thing would never happen again to avoid future penalties. To find out what went wrong, they had to perform a forensic analysis of their network elements and payed their providers for such an investigation. This was expensive and time consuming.
What happened was that a routine database backup procedure, issued by one of the administrators had a small change of one parameter, which performed the backup with a reboot for the clustered database. They found out what happened, now the next question occurred: how can this sort of error be prevented in the future? This is where VISULOX solved the problem with features like Command Guard's server side scripts. The backup procedure was checked and stored inside the VISULOX database, so whenever the administrator wants to do a backup, he just calls the stored script and avoids the Copy & Paste from a notepad that caused the problem at the first time. In this way VISULOX prevents such problems and guaranties that only approved scripts can be used by the administrators.
|10.Document and audit routine administration task in a time and cost effective manner|
|Many of the administration tasks performed on the IT infrastructure become daily routines. Checking to see if there is a problem could become a "false positive" state of mind. When the administrators see "all green" on their check list panel every day, this could lead into a false sense of confidence, that everything is ok. One of the auditor’s tasks is to check these daily procedures, to make sure that the administrators are really performing the necessary checks on their list. But how can this be done in a time and cost effective manner?
This is where VISULOX came to aid one bank with such a problem: by using the annotation feature inside the recording of the administrator session, the auditor can see that the check list task is performed daily and with visual evidence of the outcome. Since the auditor is watching a video with placeholders on each of the tasks, documented by the annotation feature, this routine job becomes easier and can be done in a short amount of time because he can jump to the precise moment, where the task has been done, instead of having to watch a long video with hours of work recorded. Or even worse, having to search for such activities inside the log files of every of the infrastructure elements. This is saving time and money for the bank and assuring that preventive work has really been performed by the administrators as part of their daily routine.
|11.Prevent the ping pong blame game|
|Reality is that many companies depend on external support experts to prevent problems and maintain their IT infrastructure elements in a good shape. But what happens, if a problem arises and there are many people involved in solving it, then the blame game starts, where one is passing the responsibility to others. Such a behavior is known as the ping pong game. This is part of human behavior and to end such a game, you have to document the actions of everybody and gather evidence that could be useful for assigning the blame to the real culprits. To safeguard against this sort of behavior, many companies have penalty clauses in place for external support providers. The problem is to have real and indisputable evidence of wrong doing in order to apply them. This is where amitego helped a telecommunication company: by forcing their external providers to use VISULOX as the only mean of connecting to perform administration tasks, they were able to document everything the external providers did. So when a problem arose, it was easy for the company to see who the real culprit was and to apply the penalty clause with indisputable video evidence.|