Insider Threat Management

Tech Tuesday: The Importance of Continuous Recording in User Activity Monitoring

Share with your network!

Proofpoint offers two modes of recording the on-screen activity of monitored computers: User-activity-triggered recording and continuous recording. As its name implies, the first mode only captures the user’s screen and activity log data when some keyboard or mouse activity is occurring. Both because User Activity Monitoring is all about tracking what users are doing, and because recording screens with user interaction saves storage space, this is a satisfactory solution in most circumstances.

+ Data Breach Video Recording Software: 15 Day Trial – Proofpoint User Activity Monitoring

However, there are some instances where it is important to continuously record what appears on the screen, even when the user is not interacting with the computer. Examples of situations in which an organisation might want to record continuously are:

  • To see the content of videos or auto-playing presentations that appear on the screen
  • To review program/script output that is displayed some time after the user's interaction (e.g., output of a lengthy CMD shell command)
  • For IT troubleshooting and helpdesk support, it is sometimes important to see the screen recording in the same time frame that the user saw it (including time stamps and content displayed on screen) – for example, to observe applications opening slowly and/or displaying warning/error messages that may pop up and disappear without user interaction
  • For regulatory compliance and/or maximum security of the most sensitive servers, it might be required to record everything that appears on-screen during an interactive session, regardless of mouse or keyboard activity

Continuous recording is easily activated for any Server Policy by selecting the option and specifying the number of seconds between screenshots:

 

IT Security User Monitoring

 

Recognising the increased storage requirements involved when invoking continuous recording, Proofpoint ITM combines its continuous recording option with two other capabilities to store the minimum amount of screen recording data required:

  • Granular recording policies ensure that only the particular users, applications and URLs of relevance/interest are recorded.
  • Screen storage optimisation minimises storage requirements by recording only portions of the screen that changed and by compressing the recorded screen images.

Check out our last Tech Tuesday blog titled, "Integrating User Activity Monitoring & IT Ticketing Systems."