ObserveIT Customer presentation
-
Upload
virtual-data-consultants -
Category
Documents
-
view
1.211 -
download
1
description
Transcript of ObserveIT Customer presentation
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.comwww.observeit.com
ObserveIT:User Activity MonitoringYour [email protected]
November 2011
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
ObserveIT - Software that acts like a security camera on your servers!
Video recording of all user activity Analysis of video to generate text audit logs
(even for apps that have no internal logging!)
3
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
400+ Enterprise Customers: Key IndustriesFinancial Telecommunications
IT Services
Retail / Service
Utilities / Public Services
Gaming
Healthcare / Pharma
Manufacturing
4
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Business challenges that ObserveIT solves
Remote Vendor Monitoring
Compliance &Security Accountability
Root Cause Analysis & Documentation
5
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Bank Branch Office Bank Computer Servers
They both hold money.
An Analogy
6
They both have Access Control.The branch also has security cameras. The servers do not.
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com7
Companies invest a lot in controlling user access. But once users gain access…
…there is little knowledge of who they are and what they do!
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com8
”
“ If there is one positive note, it’s that discovery through log analysis has dwindled down towards 0%, so things are only looking up from here.
Less than 1% of data breaches are discovered via log analysis.
” “
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com9
Check out Event Viewer on your computer:Can you ‘discover’ what you just did 5 minutes ago?
Don’t blame your log analysis tools for not finding something that you yourself can’t find (even with a head-start)!
• Thousands of log entries…• …lots of arcane technical details…• …But nothing actually shows what the user did!
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
I don’t have a log analysis problem…. I’ve got a SIEM
The picture isn’t quite as rosy as you think.
10
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com11
SIEM Tools have Blindspots (But don’t blame your SIEM!!!)
All these apps either:Don’t have any logs -OR-Only have technical debug logs
What logs do these apps produce?
Desktop Apps• Firefox / Chrome / IE• MS Excel / Word• Outlook• Skype
Remote / Virtualization• Remote Desktop• VMware vSphere
Text Editors• vi• Notepad
Admin Tools• Registry Editor• SQL Manager / Toad• Network Config
Blindspots are NOT an inherent problem in SIEM...…They are caused by what we feed the SIEM
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com12
Wouldn’t you rather be shown this?
Hey! The user clicked
this checkbox!!!
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com13
TODAYX with ObserveIT
Our intuitive approach
Corporate Server
Sam the Security Officer
Cool!WHO is doing WHAT on our servers???
ITAdmin
‘Admin‘ = Alex
Video Session
Recording
Video Capture
Shared-userIdentificatio
n
Video Analysis
Audit Report Database
List of apps, files, URLsaccessed
Named User Video Text Log Alex Play! App1, App2
Alex the Admin
Logs on as ‘Administrator’
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com14
TODAY
Our intuitive approach
Corporate Server
Sam the Security Officer
Cool!
ITAdmin
‘Admin‘ = Alex
Video Session
Recording
Video Capture
Shared-userIdentificatio
n
Video Analysis
Audit Report Database
List of apps, files, URLsaccessed
Named User Video Text Log Alex Play! App1, App2
Alex the Admin
Every Protocol!
Audit Report Database
Patent-pending video
storage:Low-footprint
with ObserveIT
X
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com15
System Logs are like Fingerprints
Both are valid…Both are important……But the video log goes right to the point!
They show the results/outcome of what took place
They show what exactly what took place!
User Audit Logs are like Video Recordings
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
LIVE DEMODemo Links
Powerpoint demo: Click here to show
Live hosted demo: http://demo.observeit.com
Internal demo: http://184.106.234.181:4884/ObserveIT
YouTube demos: English: http://www.youtube.com/watch?v=uSki27KvDk0&hd=1
Korean: http://www.youtube.com/watch?v=k5wLbREixco&hd=1
Chinese: http://www.youtube.com/watch?v=KVT-1dX_CoA&hd=1
Japanese: http://www.youtube.com/watch?v=7uwXlHpLeTc&hd=1
French: http://www.youtube.com/watch?v=wC31aXpkGOg&hd=1
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Business challenges & Customer use-cases
Remote / 3rd-Party Vendor Auditing
• Impact human behavior• Transparent SLA and billing• Eliminate ‘Finger pointing’
Compliance &Security Accountability
• Reduce compliance costs• Eliminate audit blindspots• Satisfy PCI, HIPAA, SOX, ISO
Root Cause Analysis & Documentation
• Immediate root cause determination
• Documenting best-practices and corporate processes
21
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
3rd Party Vendor Auditing
• Instant Accountability!– Know exactly what 3rd party vendors are doing
• Impact human behavior–Do you speed when you know there are radar cameras?
• Transparent SLA and Billing Validation–No doubts about what was done and for how long
•No more ‘Finger pointing’–Quickly find and fix problems
22
3rd-Party Vendor Monitoring
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Turnkey solution for auditing remote users
• Route 3rd party users – Video audit of every action
• Policy & Support Ticket Messaging – Impacting human behavior– SLA clarity
23
Remote Users
Internet
ObserveIT Video Audit
NOTE: PCI -DSS compliance regulations require that user activity be audited.
All activity during this login session will be recorded. Please confirm that you are aware that you are being recorded.
3rd-Party Vendor Monitoring
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
ObserveIT Compliance Coverage
Compliance Requirements
• Assign unique ID to each person with computer access(ex: PCI Requirement 8)
• Track all access to network resources and sensitive data(ex: PCI Requirement 10)
• Maintain policies that addresses information security(ex: PCI Requirement 12)
ObserveIT Solution
• ObserveIT Secondary Identification
• ObserveIT Session Recording
• ObserveIT Policy Messaging
24
Compliance Accountability
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
But I like my SIEM tool!
So do we!
32
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
ObserveIT Video and Logs in CA UARM
33
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
ObserveIT Video and Logs in Splunk
34
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
DEPLOYMENT SCENARIO OPTIONS
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Standard Agent-Based Deployment
Remote Users
ObserveIT Management
ServerDatabase
Server
Metadata Logs& Video Capture
User SessionAudit Data
ObserveIT Agents
LocalLogin
Desktop
RDP
SSH
ICA
Internet
36
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Gateway Deployment (Agent-less)
Corporate Servers (no agent installed)
Corporate Desktops(no agent installed)
Terminal Server or Citrix Server
Published AppsPuTTY
ObserveIT Agent
User SessionAudit Data
Remote Users
RDP
VPN
ObserveIT Management
ServerDatabase
Server
Metadata Logs& Video Capture
Internet
37
• Agent is deployed on gateway only. Records all sessions routed via that gateway.
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Hybrid Deployment
Any Corporate Server(no agent installed)
Corporate Desktops(no agent installed)
Sensitive production servers (agent installed)
Terminal Server or Citrix Server
ObserveIT Agent
User SessionAudit Data
Remote and local users
RDP
VPN
ObserveIT Management
ServerDatabase
Server
Metadata Logs& Video Capture
Internet
38
Direct login (not via gateway)
ObserveIT Agent
• Gateway agent audits all users routed via the gateway (no matter what target network resource)
• Additional agent deployment on sensitive production servers for more depth of coverage
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
SYSTEM ARCHITECTURE
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
ObserveIT Architecture
ObserveIT Agents
AD NetworkMgmt
ObserveIT Web Console
LocalLogin
Desktop
ObserveIT Management
Server
Database Server
SIEM BI
Remote Users
RDP
SSH
ICA
Metadata Logs& Video Capture
User SessionAudit Data
41
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
ObserveIT Agents
AD NetworkMgmt
ObserveIT Web Console
LocalLogin
Desktop
ObserveIT Management
Server
Database Server
SIEM BI
Remote Users
RDP
SSH
ICA
Metadata Logs& Video Capture
ObserveIT Architecture:Management Server • ASP.NET application in IIS
• Collects all data delivered by the Agents• Analyzes and categorizes data, and sends to DB
Server• Communicates with Agents for config updates
42
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
ObserveIT Agents
AD NetworkMgmt
ObserveIT Web Console
LocalLogin
Desktop
ObserveIT Management
Server
Database Server
SIEM BI
Remote Users
RDP
SSH
ICA
Metadata Logs& Video Capture
ObserveIT Architecture:Agent
• Installed on each monitored server• Agent becomes active only when user session starts• Data capture is triggered by user activity (mouse movement,
text typing, etc.). No recording takes place while user is idle• Communicates with Mgmt Server via HTTP on customizable
port, with optional SSL encryption• Offline mode buffers recorded info (customizable buffer size)• Watchdog mechanism prevents tampering
43
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
ObserveIT Architecture:How the Windows Agent Works
User logon wakes up the Agent
Real-time
Screen Capture
Metadata Capture
Synchronized capture via Active Process of OS
URLWindow TitleEtc.
Captured metadata & image packaged and sent to Mgmt
Server for storage
User action triggers Agent
capture
44
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
ObserveIT Architecture:How the Linux/Unix Agent Works
User logon wakes up the Agent
Real-time
CLI I/OCapture
Metadata Capture
User-mode executable that bound to every secure shell
or telnet session
System CallsResources EffectedEtc.
Captured metadata & I/O packaged and sent to
Mgmt Server for storage
TTY CLI activity triggers Agent
capture
45
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
ObserveIT Agents
AD NetworkMgmt
ObserveIT Web Console
LocalLogin
Desktop
ObserveIT Management
Server
Database Server
SIEM BI
Remote Users
RDP
SSH
ICA
Metadata Logs& Video Capture
ObserveIT Architecture:Web Console
• ASP.NET application in IIS• Primary interface for video replay and reporting• Also used for configuration and admin tasks• Web console includes granular policy rules for
limiting access to sensitive data
46
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
ObserveIT Agents
AD NetworkMgmt
ObserveIT Web Console
LocalLogin
Desktop
ObserveIT Management
Server
Database Server
SIEM BI
Remote Users
RDP
SSH
ICA
Metadata Logs& Video Capture
ObserveIT Architecture:Database Server
• Microsoft SQL Server database• Stores all config data, metadata and screenshots• All connections via standard TCP port 1433
47
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
ObserveIT Agents
AD NetworkMgmt
ObserveIT Web Console
LocalLogin
Desktop
ObserveIT Management
Server
Database Server
SIEM BI
Remote Users
RDP
SSH
ICA
Metadata Logs& Video Capture
ObserveIT Architecture:SIEM/BI Integration • Text metadata logs for all apps (including those with
no internal logs) can be accessed by any SIEM collector• BI systems can analyze and correlate based on specific
user action• Video replay of each action is correlated to the textual
logs, giving more detailed evidence of activity
48
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
ObserveIT Agents
AD NetworkMgmt
ObserveIT Web Console
LocalLogin
Desktop
ObserveIT Management
Server
Database Server
SIEM BI
Remote Users
RDP
SSH
ICA
Metadata Logs& Video Capture
ObserveIT Architecture:System Integration
• AD integration for user validation and user group policy management• Network Mgmt integration for system alerts and
updates based on user activity
49
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
KEY FEATURES:WHAT MAKES OBSERVEIT GREAT
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Generate logs for every app(Even those with no internal logging!!)
WHAT DID THE USER DO? A human-understandable list
of every user action
Cloud-based app: Salesforce.com
System utilities: GPO, Notepad
Legacy software: financial package
51
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Video analysis generates intelligent text metadata for Searching and Navigation
ObserveIT captures User, Server, Date, App Launched, Files
opened, URLs, window titles and underlying
system calls
ObserveIT captures:• User• Server• Date• App Launched• Files opened• URLs• Window titles • Underlying system calls
Launch video replay at the precise
location of interest
52
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Recording Everything: Complete Coverage
• Agnostic to network protocol and client application• Remote sessions and also local console sessions• Windows, Unix, Linux
Telnet
53
Unix/Linux ConsoleWindows Console
(Ctrl-Alt-Del)
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Logs tied to Video recording: Windows sessions
Audit Log
Replay Window
PLAYBACK NAVIGATION: Move quickly between apps that the user ran
CAPTURES ALL ACTIONS:Mouse movement, text
entry, UI interaction, window activity
USER SESSION REPLAY: Bulletproof forensics for
security investigation
54
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Logs tied to Video recording: Unix/Linux sessionsAudit Log
Replay Window
List of each user command
Exact video playback of screen
55
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Privileged/Shared User Identification
User logs on as generic “administrator”
ObserveIT requires named user account credentials prior to granting access to
system
Active Directory used for authentication
Each session audit is now tagged with an actual name:Login userid: administrator
Actual user: Daniel
56
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Policy Messaging
NOTE: PCI-DSS compliance regulations require that user activity be audited.
All activity during this login session will be recorded. Please confirm that you are aware that you are being recorded.
Send policy and status updates to each user exactly
when they log in to server
Capture optional user feedback or ticket # for detailed issue tracking
Ensure that policy standards are understood and explicitly
acknowledged
57
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Real-time Playback
On-air icon launches real-time playback
View session activity “live", while users are
still active
58
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Report Automation: Pre-built and custom compliance reports
Design report according to precise requirements: Content Inclusion,
Data Filtering, Sorting and Grouping
Canned compliance audits and build-your-own investigation reports
Schedule reports to run automatically for email delivery
in HTML, XML and Excel
59
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Double-password privacy assurance:Complies with employee privacy mandates
60
Two passwords: One for Management.
Second for union rep or legal council.
Two passwords: One for Management.
Second for union rep or legal council.
Textual audit logs to be accessed by compliance officers for security audits, but video replay requires
employee council authorization (both passwords)
Textual audit logs to be accessed by compliance officers for security audits, but video replay requires
employee council authorization (both passwords)
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
API Interface
Start, stop, pause and resume recorded sessions based on custom events based on
process IDs, process names or web URLs
Control ObserveIT Agent via scripting and custom DLLs within
your corporate applications
62
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Robust Security
Agent ↔ Server communication • AES Encryption - Rijndael• Token exchange• SSL protocol (optional)• IPSec tunnel (optional)
Database storage• Digital signatures on captured sessions• Standard SQL database inherits your enterprise
data security practices
Watchdog mechanism • Restarts the Agent if the process is ended• If watchdog process itself is stopped, Agent
triggers watchdog restart• Email alert sent on any watchdog/agent
tampering
63
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Recording Policy Rules
Granular include/exclude policy rules per server, user/user
group or application to determine recording policy
Determine what apps to record, whether to record
metadata, and specify stealth-mode per user
64
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Pervasive User Permissions
Granular permissions / access control• Define rules for each user• Specify which sessions the user may playback
Permission-based filtering affects all content access• Reports• Searching• Video playback • Metadata browsing
Tight Active-Directory integration• Manage permissions groups in your native AD
repository
Access to ObserveIT Web Console is also audited• ObserveIT audits itself
Satisfies regulatory compliance requirements
65
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
CUSTOMER SUCCESS STORIES
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
HIPAA Compliance Auditing
Industry: Medical Equipment ManufacturerSolution: Compliance Report Automation (HIPAA)Company: Toshiba Medical Systems
Business Environment• Medical imaging products (MRI, CT, US, X-Ray) deployed at hospitals and
medical centers worldwide• Customer support process requires remote session access to deployed
systems
Challenge
Solution
• Strict HIPAA compliance regulations must be enforced and demonstrable• In addition, SLA commitments require visibility of service times and
durations
• ObserveIT deployed in a Gateway architecture• All access routed via agent-monitored Citrix gateway • Actual systems being accessed remain agent-less• Toshiba achieved 24x7 SLA reports, including granular incident
summaries• Automatic generation of HIPAA regulatory documentation, led to
reduced compliance costs and improved customer (hospital) satisfaction
67
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
PCI Compliance at a Market Transaction Clearinghouse
Business Environment
Challenge
Solution
• A major clearinghouse must provide concrete PCI documentation
• Each audit report cycle was a major effort of log collection• Audits were often judged incomplete when exact cause of
system change was unidentified
• Since deploying ObserveIT, audit reporting has become fully automated• Zero audit rejects have occurred
Industry: Financial ServicesSolution: Compliance Report Automation (PCI)
68
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Remote Vendor Monitoring at Coca-Cola
Business Environment• Bottling and production line software for geographically diverse sites• Centralized ERP platform for sales, fulfillment and compensation• Many platforms supported by 3rd Party solution providers
Challenge
Solution
• Ensure 100% accountability for any system access violation• Eliminate downtime errors caused by inappropriate login usage• Increase security of domain admin environment
• ObserveIT deployed on all systems that are accessed via RDP by remote vendors
• IT admins also monitored on sensitive domain admin servers• As a result, Coca-Cola saw a significant decrease in system availability
issues caused by improper user actions
Moti LandesIT Infrastructure Manager and IT Div. CISO, Coca-Cola
As soon as vendors discovered that all actions are being recorded, it became much easier to manage them.
“
”
Industry: Food&Beverage ManufacturingSolution: Remote Vendor MonitoringCompany: Coca-Cola
69
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Medical Systems Remote Auditing
Industry: Medical Equipment ManufacturerSolution: Remote Vendor AuditingCompany: Siemens Medical Instruments
Business Environment• Corporate servers host business applications for both internal and
customer-facing solutions• Servers are managed and accessed by various privileged user staff
members • Access is also open to multiple external vendor contractors
Challenge
Solution
• Before ObserveIT, there was no practical way to log user activities on these servers.
• ObserveIT provides accountability of all internal and outsource vendor admins
• Reporting and searching is used to focus on critical issues• Fast deployment ensured quick and painless uptime:
“All we needed to do was to install a small agent on the servers to be monitored and the recording starts immediately, without even requiring any configuration and settings”
Robert Ng, Siemens
Not only was ObserveIT able to record every single user session on the servers, the recordings are also fully indexed, allowing me to zoom in on areas of interest.
“
”
70
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Customer Audits and ISO 27001 at BELLIN Treasury
Business Environment• Hosted treasury software solutions deployed in 7 data centers
worldwide for over 6,000 customers• System support and development teams must access servers via RDP• Customers demand precise audit validation on-demand
Challenge
Solution
• Proactively provide customers with evidence of bulletproof audit trail process
• Satisfy the regulatory mandates of each of the customer environments worldwide
• ObserveIT deployed on all production servers worldwide• One-time setup and hands-free operations keeps maintenance costs
down• Customer satisifaction increased signficiantly• Solution submitted as central part of ISO 27001 certification process
Rick Beecroft,Area Manager, Americas and Pacific RimBELLIN Treasury
We enjoy showing off to our customers that every user action is recorded. This increases confidence all around.
“
”
Industry: Financial Software ServicesSolution: Compliance AuditingCompany: Bellin Treasury
71
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Remote Vendor Monitoring at LeumiCard
Challenge
Solution
• Operations and maintenance require system access by various privileged internal users via RDP.
• Corporate control reports require documentation of exactly what takes place on each production server, and to be able to explain why the action was necessary.
• Shared-account (administrator) users must provide secondary named-user credentials from Active Directory
• User must acknowledge that s/he is aware that s/he is logging into a production server.
• Video recording captures a video replay of each user session. • Daily email control reports are delivered automatically to each
manager, according to area of responsibility. Each of these managers can then replay sessions that relate to their systems
Ofer Ben Artzy,Manager of Infrastructure Systems
This has dramatically decreased the number of user sessions on production machines. Users are more likely to find an alternative way to do their job via secondary test servers, which means a reduced number of entries in my daily control reports.
“
”
Industry: Financial ServicesSolution: Remote Vendor MonitoringCompany: LeumiCard
Business Environment• LeumiCard’s highly-secured data center runs on several platforms, all
with sensitive mission-critical applications.
72
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
ISO 27001 Compliance for Remote User Audits
Business Environment• Large government and corporate customers demand ISO compliance• Mission-critical ERP platform managed by an external service provider• Corporate philosophy focuses on “safety, certainty and high standards”
Challenge
Solution
• Compliance requirements call for monitoring and logging the activities of all external users who access the network
• ObserveIT was deployed on corporate servers and TS machines• Combination of visual screenshots plus full indexing of text is used for
easy searching• Secure logging of all access to the system by remote connection• Fast access to the logs during the examination of each incident
Przemysław JasińskiIT Department Manager, Elektrotim
Implementation has been dictated to prevent problems with third parties having access to our IT system.
“ ”
Industry: Utilities / ConstructionSolution: Compliance Report Automation (ISO 27001)Company: Electrotim
73
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Business Environment
Challenge
Solution
Remote Admin User Monitoring
• Control access to system resources, including shared privileges between two merged corporate entities during period of merger
• Achieve common system management and visibility
• 2008: ObserveIT deployed to monitor and audit server activity during corporate merger
• 2009: Successful visibility results from merger activity lead to system-wide deployment
• Payment transaction platform distributed across Europe• Supporting 60,000 ATM machines • Clearing 90,000,000 transactions per day
Industry: Financial ServicesSolution: Remote Vendor MonitoringCompany: VocaLink
74
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Privileged User Auditing
Business Environment• Web-based system connects families with a range of health, social
service and other federal and state support programs• Deployed and managed on 93 servers and 91 workstations across 3
geographically separated data centers
Challenge
Solution
• The Center is dedicated to providing usability, ease of access and responsiveness, without compromising any aspects of data security or compliance.
• Given the sensitivity of personal heath records data and the internal and government regulations regarding data access compliance, The Center sought to augment its security with an auditing solution that would detail all data and server access
• Peace-of-mind from knowing exactly what developers and admins are doing
• Immediate fulfillment of compliance usage reports• Faster response time to system faults
Vinay SinghIT Operations Manager
This is critical for keeping our servers up and running, and also to answer management’sneeds to demonstrate compliance.
“
”
Industry: Healthcare ITSolution: Privileged User AuditingCompany: Center to Promote HealthCare Access
We still need to document every server access by IT Admins and internal staff developers.
“
”
75
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Reducing Errors Caused by 3rd Party Vendors
Isaac Milshtein Director, IT Operations, Pelephone
Since we deployed ObserveIT, users are much more careful with their server activity. Knowing that your actions can be replayed has a remarkable effect.
“
”
Industry: TelecommunicationsSolution: Root-Cause Analysis + Vendor MonitorCompany: Pelephone
Business Environment
Challenge
Solution
• 1200-server IT environment in 3 hosting centers• Business applications (Billing, CRM, etc.) and Customer-facing
applications (Revenue generating mobile services)
• Maintain QoS with multiple 3rd party apps• Track activities of privileged vendor access
• ObserveIT initially deployed on 5 internal business app servers, and resolves high-visibility outage on mission-critical app: Identified improper actions by outsource vendor.
• ObserveIT next is deployed on entire IT platform• ObserveIT integrated into CA environment• Multiple customer-facing outages solved • Positive ROI via elimination of revenue losses from service outages• Vendor billing decreased once they realized they were being recorded
76
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Managed Services Monitoring at an IT Services Firm
Business Environment
Challenge
Solution
• IT support vendor provides system management services for over 40 major Global 1000 clients
• Each customer has different connection protocol requirements (some via VNC, some via RDP, some via Citrix, etc.)
• After deploying ObserveIT on an outgoing gateway, all sessions on customer servers are recorded
• Since deployment, there have been fewer accusations from customers regarding system problems
• For the few issues that were raised, the vendor immediately provided recordings that proved that all actions were proper
Industry: IT ServicesSolution: Managed Services Monitoring
77
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.comwww.observeit.com
Thank You!
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.comwww.observeit.com
Employee Privacy Policy in EuropeHow ObserveIT complies
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
Balancing Employee Privacy vs. Audit Compliancy
Privacy Requirements Compliancy Requirements
DPD 95/46/EC (EU)Human Rights Act (UK)BDSG (Germany)CNIL (France)
PCI-DSSISO 27001SOXFSA
Separation of personal communications
Secure Storage & Limited Access
User Consent
User Accountability Wide scope of activity logging
80
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
ObserveIT is fully compliant with privacy law
• Double-passwords ensure both audit completeness and employee privacy– Management holds one password, employee council / union holds the second password– Granular deployment allows textual audit logs to be accessed by compliance officers
(without the second password), but video replay requires employee council authorization (both passwords)
• Policy Rules eliminate monitoring for private communications– Include/Exclude granularity to capture only what is necessary for compliancy
• User policy messaging and consent validation– Users indicate awareness of monitoring activity each time they log on to a monitored
server
81
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com82
Copyright © 2011 ObserveIT Ltd. – Commercially Confidential www.observeit.com
For more information...
• See our Whitepaper on Employee Privacy issues: http://observeit-sys.com/Support/Whitepapers?req=privacy
83