Date post: | 20-Aug-2015 |
Category: |
Technology |
Upload: | observeit |
View: | 1,749 times |
Download: | 3 times |
www.observeit-sys.comCommercially Confidential www.observeit-sys.com
IdentifyRecordReport
ObserveIT – Corporate Presentation
February 2011
www.observeit-sys.comCommercially Confidential
Market Challenges
Lack of accountability Incomplete audit logs You need to know exactly
what happened!
www.observeit-sys.comCommercially Confidential
Identify ReportRecordWHAT:
HOW:
WHY:
Each shared-user session is tied to a specific named user.
Accountability: Knowing that a file was changed by “administrator” is insufficient for PCI, HIPPA, SOX , ISO or other audit requirements. You need to know the actual person who did it.
A visual recording of every session is captured.
Eliminating Blind Spots:Logs cannot cover every single action. Video recordings remove any doubt about what the user actually did. A picture is worth a thousand log entries.
Audit, review, search and replay all user sessions
Fast and convenient access:Automated reports and quick drill-down to user recordings answer your questions fast, saving massive human resource efforts and satisfy compliance regulations.
ObserveIT:Like a security camera
on your servers!
www.observeit-sys.comCommercially Confidential
Why video recordings?
People act differently when they know they are being recorded • Nanny-cams allow parents to ensure the safety of their children• Would you speed on a road that has video surveillance?• Recording phone calls in call centers has improved productivity
www.observeit-sys.comCommercially Confidential
What you will miss without ObserveIT
Precise indication of changes within files• File system audit only shows that web.config file was changed • ObserveIT visual replay shows that the “connection string” key was edited by the DBA
while troubleshooting performance issues
System changes driven by UI actions• A single checkbox in a properties window can generate dozens of changes in multiple
config files• ObserveIT shows the exact action that caused the change, not the reverse-engineering of
file changes
Copy/ Export / Screen capture• ObserveIT captures every on-screen activity, including copy/paste
www.observeit-sys.comCommercially Confidential
Business Cases Remote Vendor Monitoring
• Know exactly what 3rd party vendors do on your servers
• Improve security, accountability and policy messaging
• Transparent SLA and billing validation• No more ‘Finger pointing’
Compliance Report Automation• Satisfy PCI, HIPPA, SOX and ISO regulatory
mandates• Precise user identification• Track every access to servers and databases• Audit people, not just apps• Total application coverage that grows with
your growth• Bulletproof evidence
Managed Services Monitoring• For VARs, MSPs and Remote IT support
teams• Monitor your employee activity on
customer servers• Improve trust and quantify SLA
measurements• Speed up the troubleshooting process
Root-Cause Analysis• Know ‘Who did what?’: Answer the question
that will really lead to problem resolution• Immediate root cause determination• Alerts from within Network Monitor tools• Defeat the ‘Oops’ factor
www.observeit-sys.comCommercially Confidential
Over 400 Enterprise CustomersFinancial
IT Services Gov’t/Utilities/Healthcare/Education
Manufacturing/Pharma Telecommunications
www.observeit-sys.comCommercially Confidential
Recording Everything: Complete Protocol Coverage
Agnostic to network protocol and client application Captures all Remote Sessions and also Console Sessions
Terminal
Telnet
www.observeit-sys.comCommercially Confidential
Recording + Metadata of Windows sessionsAudit List
Replay Window
ObserveIT lists every user
sessionExact video
playbackWithin each
session, details of every action taken Navigate quickly
within the recording
www.observeit-sys.comCommercially Confidential
Recording + Metadata of Unix sessions
List of each user command
Exact video playback of
screen
For each command, a detailed list of
system calls
Launch video replay
Audit List
Replay Window
www.observeit-sys.comCommercially Confidential
Privileged User Identification
User logs on as generic “administrator”
Each session audit is now tagged with an actual name:
Login userid: administratorActual user: Daniel
ObserveIT requires named user account credentials prior to granting
access to system
Active Directory used for authentication
www.observeit-sys.comCommercially Confidential
Search and Filter by User, Server, Date,
App Launched and more
Intelligent Metadata for Searching and Navigation
Launch video replay at the
precise location of interest
Textual summary of every action
www.observeit-sys.comCommercially Confidential
User Messaging
NOTE: No database admin task may be performed between 0800 and 1800 GMT
Please enter your support ticket number in box below.
Send policy and status updates to each user
exactly as they log in to server
Ensure that corporate standards are understood
and acknowledged
Capture admin support ticket number for issue
tracking
www.observeit-sys.comCommercially Confidential
Real-time Playback
View session activity "on
the air", while users are still
active
On-the-air icon launches
real-time playback
www.observeit-sys.comCommercially Confidential
Report Automation: Pre-built and Custom reports
Schedule reports to run automatically
for email delivery
HTML, XML and Excel
report delivery
Canned compliance audits and build-your-own
investigation reports.
Design report according to precise requirements: Content Inclusion, Data
Filtering, Sorting and Grouping
www.observeit-sys.comCommercially Confidential
System Monitor Integration Instant-replay from within your network management environment
• Microsoft SCOM, CA-Unicenter, IBM Tivoli, HP OpenView
Real-time alerts• On file access/deletion, Network share, Registry edit , RDP open connection, URL access etc.
ObserveIT alert in CA-Unicenter ObserveIT alert in MS SCOM
Click on alert to see ObserveIT video playback Trigger automatic email
alert delivery
www.observeit-sys.comCommercially Confidential
API InterfaceControl ObserveIT Agent via
scripting and custom DLLs within your corporate applications
Start, stop, pause and resume recorded sessions based on
custom events based on process IDs, process names or web URLs
www.observeit-sys.comCommercially Confidential
Robust Security
Agent ↔ Server communication • AES Encryption - Rijndael• Token exchange• SSL protocol (optional)• IPSec tunnel (optional)
Database storage• Digital signatures on captured sessions• Standard SQL database inherits your enterprise data
security practices
Watchdog mechanism • Restarts the Agent if the process is ended• If watchdog process itself is stopped, Agent triggers
watchdog restart• Email alerts sent on any watchdog/agent tampering
www.observeit-sys.comCommercially Confidential
Recording Policy RulesGranular include/exclude
policy rules per server, user/user group or
application to determine recording policy
Determine what apps to record, whether to record
metadata, and specify stealth-mode per user
www.observeit-sys.comCommercially Confidential
Pervasive User Permissions
Granular permissions / access control• Define rules for each user• Specify which sessions the user may playback
Permission-based filtering affects all content access• Reports• Searching• Video playback • Metadata browsing
Tight Active-Directory integration• Manage permissions groups in your native AD
repository
Access to ObserveIT Web Console is also audited• ObserveIT audits itself
Satisfies regulatory compliance requirements
www.observeit-sys.comCommercially Confidential
ObserveIT Agents
Remote Users
RDP
SSH
ICA
optional
LDAP SIEM NetworkMgmt
ObserveIT Web Console
Terminal Server
Desktop
ObserveIT Management
Server
Database Server
Recordings & Metadata
ObserveIT Architecture
www.observeit-sys.comCommercially Confidential
ObserveIT Agents
Remote Users
RDP
SSH
ICA
optional
LDAP SIEM NetworkMgmt
ObserveIT Web Console
Terminal Server
Desktop
ObserveIT Management
Server
Database Server
Recordings & Metadata
ObserveIT Architecture:Agent
• Installed on each monitored server• Captures screenshots and metadata for each user
action• Communicates with Mgmt Server via HTTP POST • All content is encrypted• Watchdog prevents any tampering
www.observeit-sys.comCommercially Confidential
ObserveIT Agents
Remote Users
RDP
SSH
ICA
optional
LDAP SIEM NetworkMgmt
ObserveIT Web Console
Terminal Server
Desktop
ObserveIT Management
Server
Database Server
Recordings & Metadata
ObserveIT Architecture:Mgmt Server • ASP.NET application in IIS
• Collects all data delivered by the Agents• Analyzes and catorizes data, and sends to DB Server• Communicates with Agents for config updates
www.observeit-sys.comCommercially Confidential
ObserveIT Agents
Remote Users
RDP
SSH
ICA
optional
LDAP SIEM NetworkMgmt
ObserveIT Web Console
Terminal Server
Desktop
ObserveIT Management
Server
Database Server
Recordings & Metadata
ObserveIT Architecture:Web Console • ASP.NET application in IIS
• Primary interface for video replay and reporting• Also used for configuration and admin tasks• Web console includes granular policy rules for limiting
access to sensitive data
www.observeit-sys.comCommercially Confidential
ObserveIT Agents
Remote Users
RDP
SSH
ICA
optional
LDAP SIEM NetworkMgmt
ObserveIT Web Console
Terminal Server
Desktop
ObserveIT Management
Server
Database Server
Recordings & Metadata
ObserveIT Architecture:Database Server
• Microsoft SQL Server database• Stores all config data, metadata
and screenshots• All connections via standard TCP
port 1433
www.observeit-sys.comCommercially Confidential
ObserveIT Agents
Remote Users
RDP
SSH
ICA
optional
LDAP SIEM NetworkMgmt
ObserveIT Web Console
Terminal Server
Desktop
ObserveIT Management
Server
Database Server
Recordings & Metadata
ObserveIT Architecture:Database Server
• LDAP integration for user validation• SIEM integration to link video replay from within textual
logs• Network Mgmt integration to enable system alerts and
updates based on user activity
www.observeit-sys.comCommercially Confidential
Terminal or Citrix Serverwith ObserveIT Agent
Corporate Servers (No Agent Installed)
ObserveIT Management
Server
Database Server
Gateway Deployment (Agent-less)
Published ApplicationsPutty.exe
VPNTraffic
RDP over SSL Traffic
ICA
RDP
SSH
www.observeit-sys.comCommercially Confidential
HIPAA Compliance Auditing
Industry: Medical Equipment ManufacturerSolution: Compliance Report Automation (HIPAA)Company: Toshiba Medical Systems
Business Environment• Medical imaging products (MRI, CT, US, X-Ray) deployed at hospitals and
medical centers worldwide• Customer support process requires remote session access to deployed
systems
Challenge
Solution
• Strict HIPAA compliance regulations must be enforced and demonstrable• In addition, SLA commitments require visibility of service times and
durations
• ObserveIT deployed in a Gateway architecture• All access routed via agent-monitored Citrix gateway • Actual systems being accessed remain agent-less• Toshiba achieved 24x7 SLA reports, including granular incident
summaries• Automatic generation of HIPAA regulatory documentation, led to
reduced compliance costs and improved customer (hospital) satisfaction
www.observeit-sys.comCommercially Confidential
PCI Compliance at a Market Transaction Clearinghouse
Business Environment
Challenge
Solution
• A major clearinghouse must provide concrete PCI documentation
• Each audit report cycle was a major effort of log collection• Audits were often judged incomplete when exact cause of
system change was unidentified
• Since deploying ObserveIT, audit reporting has become fully automated• Zero audit rejects have occurred
Industry: Financial ServicesSolution: Compliance Report Automation (PCI)
www.observeit-sys.comCommercially Confidential
ISO 27001 Compliance for Remote User Audits
Business Environment• Large government and corporate customers demand ISO compliance• Mission-critical ERP platform managed by an external service provider• Corporate philosophy focuses on “safety, certainty and high standards”
Challenge
Solution
• Compliance requirements call for monitoring and logging the activities of all external users who access the network
• ObserveIT was deployed on corporate servers and TS machines• Combination of visual screenshots plus full indexing of text is used for
easy searching• Secure logging of all access to the system by remote connection• Fast access to the logs during the examination of each incident
Przemysław JasińskiIT Department Manager,Elektrotim
Implementation has been dictated to prevent problems with third parties having access to our IT system.
“ ”
Industry: Utilities / ConstructionSolution: Compliance Report Automation (ISO 27001)Company: Electrotim
www.observeit-sys.comCommercially Confidential
Business Environment
Challenge
Solution
Remote Admin User Monitoring
• Control access to system resources, including shared privileges between two merged corporate entities during period of merger
• Achieve common system management and visibility
• 2008: ObserveIT deployed to monitor and audit server activity during corporate merger
• 2009: Successful visibility results from merger activity lead to system-wide deployment
• Payment transaction platform distributed across Europe• Supporting 60,000 ATM machines • Clearing 90,000,000 transactions per day
Industry: Financial ServicesSolution: Remote Vendor MonitoringCompany: VocaLink
www.observeit-sys.comCommercially Confidential
Medical Systems Remote Auditing
Industry: Medical Equipment ManufacturerSolution: Remote Vendor AuditingCompany: Siemens Medical Instruments
Business Environment• Corporate servers host business applications for both internal and
customer-facing solutions• Servers are managed and accessed by various privileged user staff
members • Access is also open to multiple external vendor contractors
Challenge
Solution
• Before ObserveIT, there was no practical way to log user activities on these servers.
• ObserveIT provides accountability of all internal and outsource vendor admins
• Reporting and searching is used to focus on critical issues• Fast deployment ensured quick and painless uptime:
“All we needed to do was to install a small agent on the servers to be monitored and the recording starts immediately, without even requiring any configuration and settings”
Robert Ng, Siemens
Not only was ObserveIT able to record every single user session on the servers, the recordings are also fully indexed, allowing me to zoom in on areas of interest.
“
”
www.observeit-sys.comCommercially Confidential
Privileged User Auditing
Business Environment• Web-based system connects families with a range of health, social service
and other federal and state support programs• Deployed and managed on 93 servers and 91 workstations across 3
geographically separated data centers
Challenge
Solution
• The Center is dedicated to providing usability, ease of access and responsiveness, without compromising any aspects of data security or compliance.
• Given the sensitivity of personal heath records data and the internal and government regulations regarding data access compliance, The Center sought to augment its security with an auditing solution that would detail all data and server access
• Peace-of-mind from knowing exactly what developers and admins are doing
• Immediate fulfillment of compliance usage reports• Faster response time to system faults
Vinay SinghIT Operations Manager
This is critical for keeping our servers up and running, and also to answer management’sneeds to demonstrate compliance.
“
”
Industry: Healthcare ITSolution: Privileged User AuditingCompany: Center to Promote HealthCare Access
We still need to document every server access by IT Admins and internal staff developers.
“ ”
www.observeit-sys.comCommercially Confidential
Reducing Errors Caused by 3rd Party Vendors
Isaac Milshtein Director, IT Operations, Pelephone
Since we deployed ObserveIT, users are much more careful with their server activity. Knowing that your actions can be replayed has a remarkable effect.
“
”
Industry: TelecommunicationsSolution: Root-Cause Analysis + Vendor MonitorCompany: Pelephone
Business Environment
Challenge
Solution
• 1200-server IT environment in 3 hosting centers• Business applications (Billing, CRM, etc.) and Customer-facing
applications (Revenue generating mobile services)
• Maintain QoS with multiple 3rd party apps• Track activities of privileged vendor access
• 2006: ObserveIT deployed on 5 internal business app servers. The solution resolves high-visibility outage on mission-critical app. Identified improper actions by outsource vendor
• 2007: ObserveIT deployed on entire IT platform• 2008: ObserveIT integrated into CA-Unicenter environment• 2008-Present:
• Multiple customer-facing outages solved • Positive ROI via elimination of revenue losses from service
outages• Vendor billing decreased once they realized they were being
recorded
www.observeit-sys.comCommercially Confidential
Managed Services Monitoring at an IT Services Firm
Business Environment
Challenge
Solution
• IT support vendor provides system management services for over 40 major Global 1000 clients
• Each customer has different connection protocol requirements (some via VNC, some via RDP, some via Citrix, etc.)
• After deploying ObserveIT on an outgoing gateway, all sessions on customer servers are recorded
• Since deployment, there have been fewer accusations from customers regarding system problems
• For the few issues that were raised, the vendor immediately provided recordings that proved that all actions were proper
Industry: IT ServicesSolution: Managed Services Monitoring
www.observeit-sys.comCommercially Confidential
ObserveIT Company Details
Founded in 2006 Focused exclusively on People-Auditing software products
• First GA product release: 2007• Current product version: v5.2
Global Presence • 400 Enterprise customers worldwide• Channel partners covering 5 continents• OEM and Distribution agreement with Computer Associates