ObserveIT Remote Access Monitoring Software - Corporate Presentation

www.observeit-sys.comCommercially Confidential www.observeit-sys.com

IdentifyRecordReport

ObserveIT – Corporate Presentation

February 2011

www.observeit-sys.comCommercially Confidential

OBSERVEIT OVERVIEW


Market Challenges

Lack of accountability Incomplete audit logs You need to know exactly

what happened!


Identify ReportRecordWHAT:

HOW:

WHY:

Each shared-user session is tied to a specific named user.

Accountability: Knowing that a file was changed by “administrator” is insufficient for PCI, HIPPA, SOX , ISO or other audit requirements. You need to know the actual person who did it.

A visual recording of every session is captured.

Eliminating Blind Spots:Logs cannot cover every single action. Video recordings remove any doubt about what the user actually did. A picture is worth a thousand log entries.

Audit, review, search and replay all user sessions

Fast and convenient access:Automated reports and quick drill-down to user recordings answer your questions fast, saving massive human resource efforts and satisfy compliance regulations.

ObserveIT:Like a security camera

on your servers!


Why video recordings?

People act differently when they know they are being recorded • Nanny-cams allow parents to ensure the safety of their children• Would you speed on a road that has video surveillance?• Recording phone calls in call centers has improved productivity


What you will miss without ObserveIT

Precise indication of changes within files• File system audit only shows that web.config file was changed • ObserveIT visual replay shows that the “connection string” key was edited by the DBA

while troubleshooting performance issues

System changes driven by UI actions• A single checkbox in a properties window can generate dozens of changes in multiple

config files• ObserveIT shows the exact action that caused the change, not the reverse-engineering of

file changes

Copy/ Export / Screen capture• ObserveIT captures every on-screen activity, including copy/paste


Business Cases Remote Vendor Monitoring

• Know exactly what 3rd party vendors do on your servers

• Improve security, accountability and policy messaging

• Transparent SLA and billing validation• No more ‘Finger pointing’

Compliance Report Automation• Satisfy PCI, HIPPA, SOX and ISO regulatory

mandates• Precise user identification• Track every access to servers and databases• Audit people, not just apps• Total application coverage that grows with

your growth• Bulletproof evidence

Managed Services Monitoring• For VARs, MSPs and Remote IT support

teams• Monitor your employee activity on

customer servers• Improve trust and quantify SLA

measurements• Speed up the troubleshooting process

Root-Cause Analysis• Know ‘Who did what?’: Answer the question

that will really lead to problem resolution• Immediate root cause determination• Alerts from within Network Monitor tools• Defeat the ‘Oops’ factor


Over 400 Enterprise CustomersFinancial

IT Services Gov’t/Utilities/Healthcare/Education

Manufacturing/Pharma Telecommunications


KEY FEATURES:WHAT MAKES OBSERVEIT GREAT


Recording Everything: Complete Protocol Coverage

Agnostic to network protocol and client application Captures all Remote Sessions and also Console Sessions

Terminal

Telnet


Recording + Metadata of Windows sessionsAudit List

Replay Window

ObserveIT lists every user

sessionExact video

playbackWithin each

session, details of every action taken Navigate quickly

within the recording


Recording + Metadata of Unix sessions

List of each user command

Exact video playback of

screen

For each command, a detailed list of

system calls

Launch video replay

Audit List

Replay Window


Privileged User Identification

User logs on as generic “administrator”

Each session audit is now tagged with an actual name:

Login userid: administratorActual user: Daniel

ObserveIT requires named user account credentials prior to granting

access to system

Active Directory used for authentication


Search and Filter by User, Server, Date,

App Launched and more

Intelligent Metadata for Searching and Navigation

Launch video replay at the

precise location of interest

Textual summary of every action


User Messaging

NOTE: No database admin task may be performed between 0800 and 1800 GMT

Please enter your support ticket number in box below.

Send policy and status updates to each user

exactly as they log in to server

Ensure that corporate standards are understood

and acknowledged

Capture admin support ticket number for issue

tracking


Real-time Playback

View session activity "on

the air", while users are still

active

On-the-air icon launches

real-time playback


Report Automation: Pre-built and Custom reports

Schedule reports to run automatically

for email delivery

HTML, XML and Excel

report delivery

Canned compliance audits and build-your-own

investigation reports.

Design report according to precise requirements: Content Inclusion, Data

Filtering, Sorting and Grouping


System Monitor Integration Instant-replay from within your network management environment

• Microsoft SCOM, CA-Unicenter, IBM Tivoli, HP OpenView

Real-time alerts• On file access/deletion, Network share, Registry edit , RDP open connection, URL access etc.

ObserveIT alert in CA-Unicenter ObserveIT alert in MS SCOM

Click on alert to see ObserveIT video playback Trigger automatic email

alert delivery


API InterfaceControl ObserveIT Agent via

scripting and custom DLLs within your corporate applications

Start, stop, pause and resume recorded sessions based on

custom events based on process IDs, process names or web URLs


Robust Security

Agent ↔ Server communication • AES Encryption - Rijndael• Token exchange• SSL protocol (optional)• IPSec tunnel (optional)

Database storage• Digital signatures on captured sessions• Standard SQL database inherits your enterprise data

security practices

Watchdog mechanism • Restarts the Agent if the process is ended• If watchdog process itself is stopped, Agent triggers

watchdog restart• Email alerts sent on any watchdog/agent tampering


Recording Policy RulesGranular include/exclude

policy rules per server, user/user group or

application to determine recording policy

Determine what apps to record, whether to record

metadata, and specify stealth-mode per user


Pervasive User Permissions

Granular permissions / access control• Define rules for each user• Specify which sessions the user may playback

Permission-based filtering affects all content access• Reports• Searching• Video playback • Metadata browsing

Tight Active-Directory integration• Manage permissions groups in your native AD

repository

Access to ObserveIT Web Console is also audited• ObserveIT audits itself

Satisfies regulatory compliance requirements


SYSTEM ARCHITECTURE


ObserveIT Agents

Remote Users

RDP

SSH

ICA

optional

LDAP SIEM NetworkMgmt

ObserveIT Web Console

Terminal Server

Desktop

ObserveIT Management

Server

Database Server

Recordings & Metadata

ObserveIT Architecture


ObserveIT Agents

Remote Users

RDP

SSH

ICA

optional



Terminal Server

Desktop


Server

Database Server


ObserveIT Architecture:Agent

• Installed on each monitored server• Captures screenshots and metadata for each user

action• Communicates with Mgmt Server via HTTP POST • All content is encrypted• Watchdog prevents any tampering


ObserveIT Agents

Remote Users

RDP

SSH

ICA

optional



Terminal Server

Desktop


Server

Database Server


ObserveIT Architecture:Mgmt Server • ASP.NET application in IIS

• Collects all data delivered by the Agents• Analyzes and catorizes data, and sends to DB Server• Communicates with Agents for config updates


ObserveIT Agents

Remote Users

RDP

SSH

ICA

optional



Terminal Server

Desktop


Server

Database Server


ObserveIT Architecture:Web Console • ASP.NET application in IIS

• Primary interface for video replay and reporting• Also used for configuration and admin tasks• Web console includes granular policy rules for limiting

access to sensitive data


ObserveIT Agents

Remote Users

RDP

SSH

ICA

optional



Terminal Server

Desktop


Server

Database Server


ObserveIT Architecture:Database Server

• Microsoft SQL Server database• Stores all config data, metadata

and screenshots• All connections via standard TCP

port 1433


ObserveIT Agents

Remote Users

RDP

SSH

ICA

optional



Terminal Server

Desktop


Server

Database Server


ObserveIT Architecture:Database Server

• LDAP integration for user validation• SIEM integration to link video replay from within textual

logs• Network Mgmt integration to enable system alerts and

updates based on user activity


Terminal or Citrix Serverwith ObserveIT Agent

Corporate Servers (No Agent Installed)


Server

Database Server

Gateway Deployment (Agent-less)

Published ApplicationsPutty.exe

VPNTraffic

RDP over SSL Traffic

ICA

RDP

SSH


CUSTOMER SUCCESS STUDIES


HIPAA Compliance Auditing

Industry: Medical Equipment ManufacturerSolution: Compliance Report Automation (HIPAA)Company: Toshiba Medical Systems

Business Environment• Medical imaging products (MRI, CT, US, X-Ray) deployed at hospitals and

medical centers worldwide• Customer support process requires remote session access to deployed

systems

Challenge

Solution

• Strict HIPAA compliance regulations must be enforced and demonstrable• In addition, SLA commitments require visibility of service times and

durations

• ObserveIT deployed in a Gateway architecture• All access routed via agent-monitored Citrix gateway • Actual systems being accessed remain agent-less• Toshiba achieved 24x7 SLA reports, including granular incident

summaries• Automatic generation of HIPAA regulatory documentation, led to

reduced compliance costs and improved customer (hospital) satisfaction


PCI Compliance at a Market Transaction Clearinghouse

Business Environment

Challenge

Solution

• A major clearinghouse must provide concrete PCI documentation

• Each audit report cycle was a major effort of log collection• Audits were often judged incomplete when exact cause of

system change was unidentified

• Since deploying ObserveIT, audit reporting has become fully automated• Zero audit rejects have occurred

Industry: Financial ServicesSolution: Compliance Report Automation (PCI)


ISO 27001 Compliance for Remote User Audits

Business Environment• Large government and corporate customers demand ISO compliance• Mission-critical ERP platform managed by an external service provider• Corporate philosophy focuses on “safety, certainty and high standards”

Challenge

Solution

• Compliance requirements call for monitoring and logging the activities of all external users who access the network

• ObserveIT was deployed on corporate servers and TS machines• Combination of visual screenshots plus full indexing of text is used for

easy searching• Secure logging of all access to the system by remote connection• Fast access to the logs during the examination of each incident

Przemysław JasińskiIT Department Manager,Elektrotim

Implementation has been dictated to prevent problems with third parties having access to our IT system.

“ ”

Industry: Utilities / ConstructionSolution: Compliance Report Automation (ISO 27001)Company: Electrotim



Challenge

Solution

Remote Admin User Monitoring

• Control access to system resources, including shared privileges between two merged corporate entities during period of merger

• Achieve common system management and visibility

• 2008: ObserveIT deployed to monitor and audit server activity during corporate merger

• 2009: Successful visibility results from merger activity lead to system-wide deployment

• Payment transaction platform distributed across Europe• Supporting 60,000 ATM machines • Clearing 90,000,000 transactions per day

Industry: Financial ServicesSolution: Remote Vendor MonitoringCompany: VocaLink


Medical Systems Remote Auditing

Industry: Medical Equipment ManufacturerSolution: Remote Vendor AuditingCompany: Siemens Medical Instruments

Business Environment• Corporate servers host business applications for both internal and

customer-facing solutions• Servers are managed and accessed by various privileged user staff

members • Access is also open to multiple external vendor contractors

Challenge

Solution

• Before ObserveIT, there was no practical way to log user activities on these servers.

• ObserveIT provides accountability of all internal and outsource vendor admins

• Reporting and searching is used to focus on critical issues• Fast deployment ensured quick and painless uptime:

“All we needed to do was to install a small agent on the servers to be monitored and the recording starts immediately, without even requiring any configuration and settings”

Robert Ng, Siemens

Not only was ObserveIT able to record every single user session on the servers, the recordings are also fully indexed, allowing me to zoom in on areas of interest.

“

”


Privileged User Auditing

Business Environment• Web-based system connects families with a range of health, social service

and other federal and state support programs• Deployed and managed on 93 servers and 91 workstations across 3

geographically separated data centers

Challenge

Solution

• The Center is dedicated to providing usability, ease of access and responsiveness, without compromising any aspects of data security or compliance.

• Given the sensitivity of personal heath records data and the internal and government regulations regarding data access compliance, The Center sought to augment its security with an auditing solution that would detail all data and server access

• Peace-of-mind from knowing exactly what developers and admins are doing

• Immediate fulfillment of compliance usage reports• Faster response time to system faults

Vinay SinghIT Operations Manager

This is critical for keeping our servers up and running, and also to answer management’sneeds to demonstrate compliance.

“

”

Industry: Healthcare ITSolution: Privileged User AuditingCompany: Center to Promote HealthCare Access

We still need to document every server access by IT Admins and internal staff developers.

“ ”


Reducing Errors Caused by 3rd Party Vendors

Isaac Milshtein Director, IT Operations, Pelephone

Since we deployed ObserveIT, users are much more careful with their server activity. Knowing that your actions can be replayed has a remarkable effect.

“

”

Industry: TelecommunicationsSolution: Root-Cause Analysis + Vendor MonitorCompany: Pelephone


Challenge

Solution

• 1200-server IT environment in 3 hosting centers• Business applications (Billing, CRM, etc.) and Customer-facing

applications (Revenue generating mobile services)

• Maintain QoS with multiple 3rd party apps• Track activities of privileged vendor access

• 2006: ObserveIT deployed on 5 internal business app servers. The solution resolves high-visibility outage on mission-critical app. Identified improper actions by outsource vendor

• 2007: ObserveIT deployed on entire IT platform• 2008: ObserveIT integrated into CA-Unicenter environment• 2008-Present:

• Multiple customer-facing outages solved • Positive ROI via elimination of revenue losses from service

outages• Vendor billing decreased once they realized they were being

recorded


Managed Services Monitoring at an IT Services Firm


Challenge

Solution

• IT support vendor provides system management services for over 40 major Global 1000 clients

• Each customer has different connection protocol requirements (some via VNC, some via RDP, some via Citrix, etc.)

• After deploying ObserveIT on an outgoing gateway, all sessions on customer servers are recorded

• Since deployment, there have been fewer accusations from customers regarding system problems

• For the few issues that were raised, the vendor immediately provided recordings that proved that all actions were proper

Industry: IT ServicesSolution: Managed Services Monitoring


Thank You!www.observeit-sys.com


ObserveIT Company Details

Founded in 2006 Focused exclusively on People-Auditing software products

• First GA product release: 2007• Current product version: v5.2

Global Presence • 400 Enterprise customers worldwide• Channel partners covering 5 continents• OEM and Distribution agreement with Computer Associates

Date post:	20-Aug-2015
Category:	Technology
Upload:	observeit
View:	1,749 times
Download:	3 times

ObserveIT Remote Access Monitoring Software - Corporate Presentation

Technology