ObserveIT Customer Webcast: AIG Pioneers User-Centric Security Strategy

Editor's Notes

• #3: Meet PCI and SOX compliance requirements Monitor third party virtual desktop environments Track what changes third parties made on AIG systems Internally implement root-cause analysis of any problem
• #4: AIG stands out as one of the world’s largest insurance organization with over 88 million customer and 64,000 employees worldwide. AIG Israel, a fully owned subsidiary, supports the company’s intense focus on building the most secure systems possible. AIG Israel is leading the way when it comes to adapting its security needs to modern expectations of keeping their sensitive information, customer data and systems safe. Been a customer for 2 years Whether they realized they were a pioneer or not, adding user-centric security is significantly shifting the way AIG looks at security. SNIR – infrastructure architect – in charge of every new technology coming in and runs the project up to the go live data and then also maintains it. Chooses, evaluates and selects.
• #5: “Requirement 10: Monitor Access to Network Resources and Cardholder Data” ObserveIT offers a feature that identifies users within generic ‘administrator’ users or shared accounts. When logging into a server using a shared-user account, ObserveIT offers a secondary identification window, where that user must sign in with their second set of credentials. Video recordings and logs are then tied to that specific user accordingly.   ObserveIT monitors all user activity. This provides an unequivocal audit trail of user activity and bulletproof evidence as to who worked on what servers. Because of this, you can easily conduct root cause analysis to find changes or use the advanced keyword search, which allows you to search by applications, user names, windows, text typed and more.   “Requirement 12: Maintain Policy that Addresses IT Security for all Personnel” ObserveIT offers a ‘just-in-time policy messaging’ feature that delivers important messages and updates about corporate policies generally, or for specific applications and servers. This ensures that all users have read and agreed to the security policies and procedures before logging on, and are aware of either general or specific policies. Due to several regulations (including PCI) we need to record all of our external suppliers that connect to our production environment. This is accomplished via a series of VDI machines with ObserveIT agent on them. They bought it for PCI They set it up and forget They were using Observe IT as a insurance policy for an insurance company This set it and forget approach however was really just the first step in shifting to a user-centric security approach. Business Challenge –PCI Compliance Why now? Did PCI requirements changes? Auditor got stringent? Change Auditors?   Why ObserveIT – what was it that brought you to select ObserveIT ? Easy to use Great feedback from references
• #6: My Environment – servers/citrix…. Key aspects of his environment and ORG Citrix – every provider gets a virtual workstations with all the tools he needs Try to minimize RDP access and usage
• #7: Conclusive Forensic evidence for a production problem– Discovered that a config. file was changed, but didn’t know who or why? Went to all their vendors and they all said they didn’t do it. ObserveIT showed definitive proof of who it was
• #8: Record all of our external suppliers that connect to our production environment Role out to all vendors, not just PCI providers – any external vendor who is accessing our systems We then turned on notification of recording for deterrence
• #9: They have great coverage and forensic evidence for vendor but when involved internal users they have no coverage. Will gain much more value from expanding into internal users. Deploy to all internal System users Security team wants to get data into SIEM for detect and incident response RSA Security Analytics Very excited about turning ObserveIT into a proactive solution with the new alerting & analytics capabilities. Plans to setup alerts for what users are doing within key applications and servers.
• #10: We have tons of audit tools that look at infrastructure data or watching config changes, ObserveIT provides a user-centric - it give me closure on a critical missing view into was the actual cause, by users, for all that infrastructure activity Now with alerting I become proactive and can stop incidents in their tracks both within servers, but more importantly within critical applications!!
• #11: Trust me User activity monitoring is a must The user perspective is important for all security disciplines At a minimum for Compliance purposes More importantly for closure on a critical missing view Now with alerting I become proactive and can stop incidents in their tracks both within servers, but more importantly within critical applications!! Now with alerting it’s a much more proactive solution Stop incidents in their tracks both within critical applications
• #12: My name is _____ and, I am excited to be here today to talk to you about a critical missing vantage point in your security strategy – User Activity Monitoring. - CLICK TO NEXT SLIDE -
• #13: As an IT security professional – it’s alarming to know that the threat of user-based attacks has never been higher. A staggering 76 percent of all breaches involve accounts with access to sensitive data, be it hackers trying to steal credentials, careless third party vendors or negligent or even malicious insiders. - CLICK TO NEXT SLIDE -
• #14: These increasingly frequent attempts to steal important information bypass traditional protection mechanisms that have focused on infrastructure and log data. - CLICK TO NEXT SLIDE -
• #15: Securing today’s enterprise requires a shift to user-centric security strategies that include user activity monitoring. There will continue to be an increase in attacks targeting user accounts and credentials with access to critical information— customer information, credit card data, trade secrets, formulas, processes, plans, pricing and similar intellectual property. CLICK – You don’t have to look to far to see devastating breaches. Target, Sony and the NSA, it is that they all had great infrastructure based security (such as Fire Eye or HP ArchSight) But, they all missed the User – whether it was an HVAC contractor (Target), Stolen Sysadmin credentials (Sony), or a malicious insider (NSA) - CLICK TO NEXT SLIDE -
• #16: I’d like to introduce you to a new way to address the growing threat of user-targeted and user-based attacks. ObserveIT provides bullet proof evidence of “who did what” by generating User Activity Logs along with visual recordings of user activity to investigate out-of-policy user behaviors, whether the threat is deliberate or inadvertent. - CLICK TO NEXT SLIDE -
• #17: With so many user accounts and credentials with access to critical information— it’s incredibly difficult to know exactly who’s doing what. For instant awareness of abnormal, suspicious, and malicious user activity, ObserveIT provides a real-time rapid response system using alerts and powerful user behavior analytics. - CLICK TO NEXT SLIDE -
• #18: ObserveIT has transformed how IT professionals think about securing today’s enterprise. With a completely software-based solution, ObserveIT provides instant out-of-box value allowing companies to quickly shift to a user-centric security strategy, and satisfy PCI, HIPAA, SOX, and ISO compliance regulations in minutes. One of the best things about ObserveIT is how simple it is to deploy, operate and maintain. Our Agents are simple to install and do not require you to reboot on install or on upgrade We provide coverage for desktops, server, Jump-servers, VDI/Citrix and remote access All reporting, analysis and video replay is accessed via our easy to use web based Application Server All data (videos and user activity logs) are stored in a Database Server and provides easy integration into BI and SIEM/Log Management CLICK TO NEXT SLIDE – AGENT OVERHEAD Only runs when a user session is active When active, the average utilization is 10MB of RAM The typical CPU utilization is 1%-2%, only at the moment of data capture During idle time, CPU utilization is negligible Each captured screenshot is between 5-50 KB
• #19: Let’s take a look at ObserveIT in action… First – You can see a list of all user activity in the “Server Diary” tab. You can quickly see each session and the user activity log of what the user did - CLICK - Second – You can see that alerts were triggered for suspicious activity, with the actual video playback of the users session. - CLICK - Third – we have provided the video in “chapters” so you can quickly view and jump to specific users’ actions - CLICK TO NEXT SLIDE -
• #20: Our video replay provides the ability to actually see what any users did on any system being monitored by ObserveIT On the right you see the full user activity logs associated with this session -CLICK - Our activity alerts also show up in this view. Here a remote vendor has accessed a credit card database table they shouldn’t be and you can see precisely when it happened and hop to the exact video of when inappropriate activity occurred -CLICK - Alert indicators are also embedded in the user activity logs right on the screen -CLICK - Finally, you can actually message users in real-time and terminate their active sessions right from this view - CLICK TO NEXT SLIDE -
• #21: ObserveIT helps more than 1,200 corporations keep their sensitive information and customer data safe. As a crucial part of any complete security strategy, ObserveIT easily integrates into current enterprise security processes and tooling with various native connectors to SIEMS, IAMs and ticketing systems. - CLICK TO NEXT SLIDE -
• #22: Install once – all in about 45 minutes or less Your choice of how many servers to monitor — up to 5 Max Get full access to ObserveIT Community, Documentation and Extensions Take advantage of our special offer for free deployment tech support