ConsoleWorks acts in a multi-dimensional fashion by monitoring not only the applications but also the servers, virtual machines, network, and storage devices that run them. It provides managers and privileged users an end-to-end management solution that controls access, that monitors and manages all log files, RDP and VNC sessions, and watches for specific events that may occur across the organization. It does it in real-time and in all machine states – power on, single user, maintenance, production and failure modes. Its persistent connection also locks down the “back door” entrances that are overlooked by similar, agent-based solutions.
The end-to-end, situational awareness view helps users understand WHY something went wrong and quickly determine and implement the resolution. During that process, ConsoleWorks captures the exact steps used by an experienced user to remediate an issue and stores it in the knowledge base for future reference and for audit purposes.
ConsoleWorks controls access by allocating specific permissions/ privileges to a user based on the ConsoleWorks role-based permission model. The permission model specifies which assets a user may access and at what level of privilege they may access those systems. ConsoleWorks supports command-by-command privilege grants for absolute control over electronic access.
The ConsoleWorks solution supports integration with an IAM solution and supports RBAC from an Active Directory server. The product was designed with the open ability to integrate its authorization/ authentication services with other technologies, as well.
GUI Capture and Monitoring
ConsoleWorks has the ability to capture complete recording and playback capabilities for privileged user sessions, across RDP/VNC and even web applications. Users gain a complete, detailed account of what happened on sensitive systems, and who performed a specific activity.
ConsoleWorks can monitor and manage almost any application or infrastructure interface – including routers, switches, servers, firewalls, virtual machines, PLCs, RTUs, appliances, applications and networks – to provide the most comprehensive record possible. ConsoleWorks watches for messages, or Events, in the data streams of all the assets and applications it manages.
Events are primarily text patterns that you want ConsoleWorks to watch for in the data streams of managed assets. These patterns can be customized text strings, including wildcards and REGEX expressions, or predefined text patterns drawn from a vendor’s data warehouse of important asset messages. Event definitions inside ConsoleWorks are supplemented with the asset class and subsystem, the asset where the Event should appear and the incident’s severity and context. Definitions can also include a vendor’s detailed explanation and recommendation for resolving the Event.
When ConsoleWorks detects an Event, it alerts the appropriate personnel in real time, records the circumstances, and automatically performs the default or customer-configured response(s). Users are able to respond to the asset or application error condition and immediately view the vendor-supplied explanation along with steps required to resolve the issue. Users can further customize Events to include site-specific remedies and contact information for emergency personnel.
Customizable Event States
Customizable Event States provide more flexibility, automation and control in designing the Event flow through different user-defined States.
ConsoleWorks can be configured to trigger script routines based on an Event’s status, the time or date that it occurred, and the asset where it occurred. Actions can perform internal ConsoleWorks tasks (like purging old Events) and tasks aimed at targets external to ConsoleWorks (such as paging the CIO about an unauthorized file access).
Log File Aggregation
ConsoleWorks monitors the asset logs in the context of all other managed applications or hardware. Its ability to aggregate error conditions across all log files enables users to view multiple log files, in context, to help in root cause analysis. In many cases, issues have been resolved before other solutions have been notified that an Event has occurred.
ConsoleWorks logs all information sent to a device as well as information received from a device. This information is prefixed with its source as well as the current timestamp on the ConsoleWorks machine when the record is received. The timestamp used is a patented timestamp format to include year, month, day, hour, minute, second and sequence number within a second. When this second sequence number is applied across all log lines from all managed devices, it allows disparate device logs to be integrated and viewed as a single log with better than milli-second time granularity.
Keystroke Logging and Best Practices
ConsoleWorks captures the steps taken for Event remediation down to the keystroke, enabling any ConsoleWorks user to leverage in-house past experience and acquire proven solutions faster. In this way, ConsoleWorks builds the business’s data warehouse of intellectual property related to the problem resolution.
Proof of Compliance & Reporting
ConsoleWorks produces, aggregates and summarizes audit logs that record user activities, exceptions, and information security events. Log files are digitally secured for each asset, operating system, application, etc. as they are written allowing detection of line deletion, insertion or modification.
ConsoleWorks has a number of report templates that can be user-customized to meet regulatory needs.