There are times when it’s not enough to have metadata of what somebody did during a session. Finding the root cause of an issue by sorting through audit logs takes time and doesn’t guarantee you’ll figure exactly what went wrong. It’s like looking at footprints to figure out what someone did and where they went. This is where full recording of sessions becomes indispensable.
Privileged session recording means recording the user’s actual screen during their SSH (or kubectl) session for real-time or later playback. If audit logging is akin to tracking footprints to learn what someone did, session recording is like having security surveillance that you could watch live or replay later.
Analysts and research companies advise security and infrastructure leaders to deploy session recording solutions as soon as possible for the following reasons:
Beyond replaying sessions, there are good reasons to be able to view and share sessions in real-time. From a security perspective, you can watch suspicious activity and stop it in its tracks, or shadow individuals as they perform sensitive work on secure servers — the “four eyes” principle. From a collaboration and training perspective, you can invite a team member to a live session so you could troubleshoot a problem together or conduct training.
Complete session logging and recording, including metadata and user identities, across entire clusters. Keep the full recordings of all interactive sessions within any region or datacenter topology, from spot instances on modern clouds to old servers buried in phone closests. Teleport automatically records and stores all sessions on the nearest bastion or “admin box” without requiring complicated client configuration. Recorded sessions can be replayed via command line interface or via web-based player.
Separation between the privileged session and its recording. The session recording is encrypted, compressed and stored in a separate server from where the privileged session occurred, so it can’t be tampered with.
Real-time session monitoring and sharing. Invite others to watch your session by entering a URL in their browser or a session ID in their terminal. View documentation for sharing sessions.