Integrating Proofpoint ITM’s session recording system with an IT ticketing system can provide your organization with additional layers of security and monitoring unavailable in any other approach.
Proofpoint ITM integration with ServiceNow is currently available out of the box (no development effort required). Integration with most other ticketing systems, such as the following, will be available soon (or can be provided in an expedited manner upon request):
Watch this video to see a demonstration of Proofpoint ITM integrated with an IT ticketing system:
The Benefits of Integration Proofpoint ITM with ServiceNow
The three main benefits that ticketing system integration provides are:
1. The organization can require specific administrators and/or remote vendors to enter a valid ticket number from the ticketing system before being able to log into specific servers. By linking every login to a particular ticket, unnecessary and unauthorized logins are reduced and there is greater enforcement of segregation of duties.
2. Once a ticket number is provided as part of the server login process, Proofpoint ITM automatically augments the ticket data with key details about the login session which are only available to Proofpoint ITM. For example, the ticket will include the actual user name used to access the server (based on a secondary identification login which goes beyond generic system admin login accounts), the particular server which was accessed and the exact date/time that the session occurred.
3. The ticket record will include a direct link to the video recording of the particular session in which the administrator or remote vendor addressed the ticket. This provides the unique ability to visually review exactly how the user addressed the ticket. Linking a video recording of their actions addressing a ticket from within the ticket itself allows faster and easier auditing of the exact actions performed by administrators and remote vendors.
How it Works
Usage is simple: when an administrator or remote vendor for whom this feature is enabled attempts to log in to a monitored server, a window similar to the one at the right appears. The ticket number entered is validated against the ticketing system database before the user is granted access to the system.
When an administrator or remote vendor for whom this feature is enabled attempts to log into a monitored server, a window similar to the one above appears.
Two optional features (which are configured by the Proofpoint ITM system administrator) can be seen in this screen shot. Both of these are a matter of policy and can be set for individual users and/or servers:
• A check box may be shown to allow the creation of a new ticket number on the fly, if the user does not already have one.
• The Skip button may be enabled to allow users to enter a server even without a valid ticket number.