Add to collection(s) Add to saved
  1. Social Science
  2. Psychology
  3. Conformity

who they are

ObserveIT:
User Activity Monitoring
Mark Kreymer
mark@observeit.com
June, 2013
Copyright © 2011 ObserveIT. All rights reserved.
All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for informational purposes only.
www.observeit.com
ObserveIT Software that acts like a security camera on your servers!

 Video camera: Recordings of all user activity
 Summary of key actions: Alerts for problematic activity

2
700+ Enterprise Customers
Healthcare / Pharma
Financial
Telco & Media
Manufacturing
Retail / Service
Utilities / Logistics / Energy
IT Services / Technology
Government
Gaming
3
Worldwide Presence
France
CG61
S2IH
BOUYGUES TELECOM
Societe Generale
Groupama Asset
Management (GAM)
Spain
Banco Espirito Santo S.A.
CECA (Confederación
Española de Cajas de
Ahorros)
BBVA
Caja Madrid
Canada
Bell Canada
Quebec Loto
Bellin Treasury Services Ltd.
Toronto Hydro
Transat A.T. Inc.
Atlantic Lottery Corporation
(ALC)
UK
Germany
Norway
Estonia
UK Payments Administration Ltd
Sanofi Aventis
VTS
Estonian Security
BlackRock
HSH Nordbank
Police Board
QinetiQ
Boehringer Ingelheim GmbH
Switzerland
Vocalink UK
AGRAVIS Raiffeisen AG
BCN
Friends Provident
Deutsche Telekom AG
Bank Vontobel AG
Hyperion Insurance Group
Schweizerische Bundesbahnen (SBB)
LCH.Clearnet Ltd.
Luxemburg
Swiss Federal Railway
BSkyB Sky Network Service
TELINDUS
Luxmeburge
ZKB
Xtrakter Ltd
Corner Banca SA
Opal Telecom Ltd
Banca del Sempione
Talk Talk Technology (Carphone CPWN) Liechtenstein
Banca Euromobiliare Suisse
BNP Paribas Real Estate Advisory (UK) LGT FInancial Services
BancaStato
VTB Capital plc
Baillie Gifford & Co.
Italy
Heritage Group LTD
Vodafone (Italy)
ELECTRONIC'S TIME SRL
Allianz SPA
ING Lease Italia S.p.A.
UBI Banca Sistemi&Servizi
Xerox s.p.a.
Poland
Podkarpacki OddziaB
Wojewódzkiego Narodowego
Funduszu Zdrowia z siedzib w
Rzeszowie
Elektrotim S.A.
Inteligo Financial Services S.A.
Czech Republic
Hungary
Greece
GE Money Bank
Wiz
z Air
hol
Croatia
Slovenia
Cyprus
T-Mobile Croatia
OTP
Zavarovalnica Triglav d.d
Raiffeisen banka d.d.
SEM Ltd
Slovakia
Tatra Banka a.s.
South Korea
Japan
Mitsubishi Information
USA
Trend Micro Inc.
Shumway Capital Partners, LLC
Spoken Communications
University Health Systems of Eastern Carolina
Casino Arizona
CDW
Dimension Data Americas (USA)
CSX Technology
PGE - Portland General Electric
Cisco (Webex)
St. Jude Medical
UPS
Disney
IBM
Newegg
Spring Branch Independent School District
Sony
British Petrolum (BP)
SUNY Downstate
Washington University
Western Governors University
Kroll Ontrack
BNP Paribas
StrataCare, LLC.
Societe Generale (USA)
MFS Investment Management
Fort McDowell Enterprises
CHARLES SCHWAB & CO
Aastra
Cost Plus World Market (CPWM)
Samsung Networks Korea
Yonsei Hospital
GS Caltex
Defense Acquisition
Program Administration
China
Taiwan
Trinidad &
Tobago
Bolivia
Turkey
PETROTRIN
Telecel S.A. TIGO
Chile
Nexus
Argentina
Nuevo Banco del
Chaco S.A.
Angola
Banco Nacional
de Angola
Chad
MIC Chad, Ltd. TIGO
South Africa
Derivco (PTY) Ltd.
Ubank
MultiChoice Africa (Pty)
Ltd.
Clicks Group Ltd.
Truworths, South Africa
Tanzania
MIC Tanzania, Ltd. TIGO
Turkcell
ANADOLU SIGORTA
Vakifbank
Yasar Factoring
T.C. Ziraat Bankas1
Israel
Qatar
Taiwan Railways
Administration, MOTC
Taiwan Accreditation
Foundation (TAF)
Taiwan Mobile
Ministry of Education
China Construction Bank
China Mobile Group Guangdong Co.
ShinseiBank
Tesco China
China Foreign Exchange Trade System
National Interbank Funding Center
The Hong Kong Jockey Club
DMX
India
HDFC Bank Ltd.
iYogi
HCL
Wipro
Excellence Nessua
QFC Regulatory Authority
Yes
Court of the Crown Prince (CPC)
Leumi Bank
Financial Centre Authority
Harel Insurance
Hapoalim Bank
United Arab Emirates
Ayalon Insurance
First Gulf Bank
Australia
Pelephone
Metito Overseas Ltd.
Woodside Energy Ltd
Comverse
AHI Carrier Fzc
Australian Stock Exchange
Zim
NetstarLogicalis
Clal Insurance
Bezeq
Visa
Coca Cola
Orange
First International Bank
Bank Discount
Ministry of Interior
Philippines
Asian Development Bank
Singapore
BT Frontline
Siemens Medical
Singapore Post
Singapura Finance
UOB
Shimano
4
Business challenges that ObserveIT addresses
Remote Vendor
Monitoring
• Impact human behavior
• Transparent SLA and billing
• Eliminate ‘Finger pointing’
Compliance &
Security Accountability
Root Cause Analysis &
Documentation
• Reduce compliance costs for
GETTING compliant and
STAYING compliant
• Satisfy PCI, HIPAA, SOX, ISO
• Immediate root-cause answers
• Document best-practices
5
An Analogy
Bank Branch Office
Bank Computer Servers
Companies invest in access control
but once users gain access,
there is little knowledge of
who they are and what they do!
(Even though 71% of data breaches
involve privileged user credentials)
They both hold money…
…They both have Access Control…
...Here they also have security cameras…
…Here, they don’t!
6
Why?
Because system logs are built by DEVELOPERS for DEBUG!
Only 1% of(and
datanot
breaches
are
by SECURITY
ADMINS for SECURITY AUDIT)
discovered by log analysis!
(Even in large orgs with established SIEM processes,
the number is still only 8%!)
“
“
“
“
I don’t have this problem.
I’ve got log analysis!
The picture isn’t quite as
rosy as you think.
7
Can you tell what
happened here?
Replay Video
Wouldn’t it be easier
with a ‘Replay Video’
button?
Video Replay shows
exactly what happened
8
And many commonly used apps don’t even have their own logs!
• DESKTOP APPS
DESKTOP APPS
•
•
•
•
Firefox / Chrome / IE
MS Excel / Word
Outlook
Skype
REMOTE & VIRTUAL
• Remote Desktop
• VMware vSphere
ADMIN TOOLS
•
•
•
•
Registry Editor
SQL Manager
Toad
Network Config
TEXT EDITORS
• vi
• Notepad
9
System Logs are like
Fingerprints
They show the results/outcome
what
took place
System Logs areoflike
Fingerprints
User Audit Logs are like
Surveillance Recordings
They show exactly what
took place!
“
“
Both are valid…
…But the video log goes right to the point!
10
Our Solution
1: Video Capture
Video
Session
Recording
‘Admin‘
= Alex
Logs on as ‘Administrator’
X X X
ITthe
Alex
Admin
2: Video Content Analysis
List of apps,
files, URLs
accessed
3: Shared-user Identification
Corporate
Server or Desktop
WHO is doing WHAT
on our network???
Cool! Now I know.
Audit Reporting DB &
SIEM Log Collector
User
Alex
Video
Play!
Text Log
App1, App2
Sam the
Security Officer
11
Demo Links:
Live hosted demo: http://demo.observeit.com
YouTube demos:
English: http://www.youtube.com/watch?v=uSki27KvDk0&hd=1
Russian: http://www.youtube.com/watch?v=fzVhLfSb2nY&hd=1
LIVE DEMO
DEPLOYMENT SCENARIO OPTIONS
Standard Agent-based Deployment
•
•
•
•
Agent installed
each monitored
Administrators
access on
ObserveIT
audit machine
• Agent becomes active only when user session starts
• ASP.NET application in IIS
• Data capture is triggered by user activity (mouse movement, text typing,
Data
Storage
Mgmt
Serverinterface
receives
data
from
Agents
• Primary
forsession
video replay
and
reporting
etc.). No recording takes place while user is idle
ASP.NET
application
IIS • Microsoft
• Also
used forinconfiguration
and admin
tasks database
SQL Server
• Communicates with Mgmt Server via HTTP on customizable port, with
Collects
all data
delivered
by the
• Web
console
includes
granular
policy
rules for limiting
(orAgents
optonal
file-system
storage)
optional SSL encryption
Analyzesaccess
and categorizes
and sends
to DB data,
Servermetadata and screenshots
to sensitivedata,
data
•
Stores
all
config
• Offline mode buffers recorded info (customizable buffer size)
Communicates with Agents for
config
updates via standard TCP port 1433
• All
connections
• Watchdog mechanism
prevents
tampering
ObserveIT
Agents
ObserveIT
Web Console
ObserveIT
Management
Server
Remote
Users
Database
Server
Metadata Logs
& Video Capture
Local
Login
Desktop
AD
Network
Mgmt
SIEM
BI
Open API and Data Integration
• Standards-based
• Simple integration
14
Gateway Jump-Server Deployment
Corporate Servers
SSH
PuTTY
(no agent installed)
MSTSC
Gateway
Server
Corporate Desktops
Internet
(no agent installed)
ObserveIT
Agent
Remote and local users
Corporate Servers
(no agent installed)
ObserveIT
Management Server
15
Hybrid Deployment
Corporate Servers
SSH
PuTTY
(no agent installed)
MSTSC
Gateway
Server
Corporate Desktops
Internet
(no agent installed)
ObserveIT
Agent
Remote and local users
Direct login
(not via gateway)
Sensitive production servers
(agent installed)
ObserveIT
Management Server
16
Gateway Jump-Server Deployment
Customer #1 Servers
SSH
PuTTY
(no agent installed)
MSTSC
Gateway
Server
Internet
Remote and local users
Customer #2 Servers
(no agent installed)
ObserveIT
Agent
Customer #3 Servers
(no agent installed)
ObserveIT
Management Server
17
Citrix Published Apps Deployment
Published Apps
Citrix
Server
Remote
Access
ObserveIT
Agent
ObserveIT
Management Server
18
Related documents
15-图书馆在宿舍前边This courseware is for PRS –Lesson 15. Please
15-图书馆在宿舍前边This courseware is for PRS –Lesson 15. Please
Compressed Air Energy Storage (CAES)
Compressed Air Energy Storage (CAES)
Why plan? - Training Square Ltd
Why plan? - Training Square Ltd
Long Term Disability coverage
Long Term Disability coverage
A Gift of Peace PowerPoint Ppt file
A Gift of Peace PowerPoint Ppt file
System Logs are like Fingerprints
System Logs are like Fingerprints
Open
Open
Case Study on the Life of a Technical Writing Project
Case Study on the Life of a Technical Writing Project
CSA and Distributor PPT
CSA and Distributor PPT
Unit M5 slides - Wessex Innovation Resources
Unit M5 slides - Wessex Innovation Resources
Document
Document
BIFO level 3 sample questions
BIFO level 3 sample questions
Download