1 Introduction
Balabit is an international information security vendor headquartered in Luxembourg. Founded in 2000 in Hungary, the company still maintains their research and development centers there; however, with multiple sales offices in Europe, US and Russia and a large partner network it has a strong global market presence. Balabit’s oldest product is syslog-ng, a de-facto standard syslog server for various Unix-like platforms, which is used in over a million installations around the world. This impressive user base allows the company to expand into other areas of security intelligence with products like Shell Control Box, an activity monitoring appliance for controlling and recording privileged access to remote IT systems and Blindspotter, a privileged user behavior analytics product.
Privilege Management (PxM) already existed in early mainframe environments: those early multiuser systems included some means to audit and control administrative and shared accounts. Still, until relatively recently, those technologies were mostly unknown outside of IT departments. However, the ongoing trends in the IT industry have gradually shifted the focus of information security from perimeter protection towards defense against insider threats. Just as company networks become more open, incorporating multiple interconnected locations, the very notion of a network perimeter is gradually disappearing. It is therefore not surprising that PxM solutions have grown from a niche market into a mandatory component of any enterprise security infrastructure. Many vendors now offer integrated solutions for automated discovery of privileged accounts, storing and managing privileged account credentials in a secured vault, and monitoring privileged access to servers, databases and network devices. For a detailed overview of the leading PxM vendors you can refer to the KuppingerCole Leadership Compass on Privilege Management .
Since we reviewed Shell Control Box back in July 2014, Balabit has published several new releases of the product, including a major version upgrade. This updated report describes the most important new functions available in Shell Control Box 4 F2, the latest version as of April 2016. These include updated appliance hardware and new virtualized and cloud deployment options, significant changes in networking configuration, new integration capabilities, expanded protocol support and numerous other improvements. Naturally, Shell Control Box integrates with Balabit’s latest addition to their portfolio, Blindspotter user behavior analytics solution.
All these improvements reaffirm our previous verdict: although Shell Control Box technically does not constitute a complete privilege management solution, concentrating specifically on privileged activity monitoring and auditing, multiple unique features of the product, combined with the ease and flexibility of deployment and rich integration options both with other Balabit’s products and third party IAM, SIEM and ticketing systems make Shell Control Box a valuable addition to the multi-layered security infrastructure of any organization.
Shell Control Box is a core component of Balabit’s recently announced Contextual Security Intelligence Suite, an integrated Real-time Security Intelligence Platform providing detection and protection from advanced persistent threats, VIP account misuse and data leaks.