PowerBroker initially installs an agent on every server. All requests by users to run a process, either remotely or on a local machine, are sent to the authorization server, which checks the policy file and then either approves or rejects the request. In either case, the request and the resolution are logged. The log file of every user request is stored at a central server, which is not accessible from any of the client machines on a network. So even insider threats won’t be able to cover their tracks. Any attempts to circumvent the authorization server were met with failure in our testing. In addition, sessions from users can be recorded and played back later. When using the recording feature, even erased keystrokes are captured. A final component is the BeyondInsight tool, which uses analytics to identify anomalous behaviors and first time events.