Prevent Insider Threats with User Activity Monitoring

Editor's Notes

• #2: Today we are going to talk about why User activity monitoring the most effective way to combat insider threats.
• #3: Before we jump into the presentation - here’s a little background on the company.
• #4: All five of this year largest breaches involved insiders Morgan Stanley insider exposes rich clients' info online AT&T fined $25 million after call-center workers sold customer data Ex-JPMorgan Employee Charged With Stealing Customer Data What did we learn from these? Insiders already have credentialed access to network and services Increased use of applications that can leak data (e.g. Web Email, Drop Box, WeTransfer) Increased amount of data that leaves protected boundary / perimeter Most security controls are looking at the perimeter trying to prevent outsiders from coming in.
• #5: 3 out of 4 Security professionals say they Can’t distinguish between legitimate business use and abuse Crowd-based research in cooperation with the 260,000+ member Information Security Community
• #6: 3 out of 4 Security professionals say they Can’t distinguish between legitimate business use and abuse Crowd-based research in cooperation with the 260,000+ member Information Security Community
• #7: Let’s talk about Insider Threat Intelligence with ObserveIT and what makes us different. First, we focus on the USER – after all – Insider Threats are a People Problem. This approach allows us to provide a clear picture of the risk users present and enables you to do something about it too. Second, we have a 3-step approach for providing the best Insider Threat Intelligence out there: ObserveIT is an agent based solution and essentially screen scrapes all activity and index the textual information on the screen. This includes “Collecting” the information need to distinguish abuse from legitimate use via Visual Screen Recording Technology, and transcribe what’s taking place into User Activity Logs. Next, we have unique capabilities to detect risky insider activity with rule-based User Behavior Analytics, and Activity Alerting. Finally, we have the ability to take action and quickly respond to users putting your business at risk with Live Session Response and Session Shutdown. We’ll dig into each of these capabilities in the demonstration portion of this meeting, but I wanted to give you and idea of how the solution works. 
• #8: Now that we talked about how the solution works at a high-level, let’s quickly cover where other customers are leveraging our solution. From our Qualification call I know you’re interested in a specific use case, but I wanted to share other areas that might be of interest and why customer are using us. The scope of Insider threats expands Employees, Privileged users and even trusted third-parties. When dealing with Employees most customers are concerned data extraction and fraudulent activity within core applications. The use case can range from monitoring call center employees to individuals on HR Watch-lists. With Privileged Users, we see customer looking to see if users are abusing their access or concerned about data leakage. It can range from Help Desk user to DBAs to enforcing Segregation of Duties. We also see a lot of customers looking to track all High Privilege Accounts like system admins on all their servers. Third-parties is a big one and where our roots tie back too. Most customers are monitoring third-parties to trust, but verify their work and make sure IP isn’t leaving with them or that they aren’t bring down any servers. We see customers monitoring Contractors, Remote Vendors to Completely Outsourced IT shops. Underpinning monitoring all of these groups is Audit and Compliance – whether it’s to satisfy Audit controls or map to a Security Framework. Now that we’ve covered the use cases at a high-level, which do you feel is most relevant to cover in the next part of this discussion?
• #9: ObserveIT is a software only solution that is simple to deploy, operate and maintain: Our Agents are simple to install and do not require you to reboot on install or on upgrade We provide coverage for desktops, server, Jump-servers, VDI/Citrix and remote access All reporting, analysis and visual session replay is accessed via our web based Console All data (videos and user activity logs) are stored in a Database Server and provides easy integration into BI and SIEM/Log Management -- Click to Next Slide ---
• #10: And these are just 4 examples of the over 1,200 customer we have using ObserveIT everyday to identify and manage their user-based risk --click to next slide--