Risk boils down to two things Assets and People.

Transcription

1 1

2 Risk boils down to two things Assets and People. It is the interaction of People and Assets that creates risk Assets without anyone accessing them No Risk but there is no business to be transacted either People without anything to access No Risk but nothing for them to do click In world of IT Assets are represented by Apps, Systems and Information People are represented by Users If you are like any of our customers, you have more and more users that need more and more access to your critical applications, systems and information to run your business. So how do you mitigate this risk while not slowing down business? 2

3 There are two major steps involved in mitigating risk: Identifying your risks and prioritizing them Managing the risks you have identified But what we are missing is that our users are exposing us to a huge amount of risk that we not aware of And if you not aware of the risk, how can you protect yourself from it? So what have we done to date? We have taken what has worked for protecting our assets and attempted to use them to protect our users by guessing what they are doing and attempting to control their access click to next slide 3

4 These increasingly frequent attempts to steal important information bypass traditional protection mechanisms that have focused on infrastructure and log data. CLICK TO NEXT SLIDE 4

5 SIEM (Security Event and Log management)/log Management is a critical component of your security architecture that provides the correlation and machine intelligence to detect incidents, and you ve done a fantastic job of collecting infrastructure data from your servers, network infrastructure, and firewalls for that reason. However, without user activity monitoring you are missing a critical security vantage point, leaving you vulnerable, suffering from extended periods of exposure to undetected breaches, and in a state of continuous uncertainty as to what s been compromised. CLICK TO NEXT SLIDE 5

6 But clearly this isn t working, as 69% of all breaches involves an internal user or a contractor so a trusted user (or someone who steal his/her credential) click 6

7 As an IT security professional it s alarming to know that the threat of userbased attacks has never been higher. A staggering 76 percent of all breaches involve accounts with access to sensitive data, be it hackers trying to steal credentials, careless third party vendors or negligent or even malicious insiders. CLICK TO NEXT SLIDE 7

8 When we dive deeper into the risk associated with our Users, we see there are many different types of users Business Users, IT Users and Contractors 8

9 So what is the first step in protecting your company and your users from the threat of User Based Risk? Understanding your User Risk Profile Here are a few stats to help you understand the variety of User Based Risks that exist across your organization: First let s start the fact that 69% of reported breaches involved a trusted users Next let s talk about business users this is the user group that most companies completely miss. The fact is though that 84% of user based breaches involve business users When it comes to IT users, we tend to think it s only about their malicious actions, but the truth is that 62% are related to human error Finally, when it comes to Contractors, this is a user population we typically are already concerned about, and with good reason, because breaches involving them have significantly higher impact 9

10 Provider [Name] Microsoft Windows Security Auditing [Guid] { A5BA 3E3B0328C30D} EventID 4656 Version 1 Level 0 Task Opcode 0 Keywords 0x TimeCreated [ SystemTime] T12:37: Z EventRecordID Correlation Execution [ProcessID] 476 [ThreadID] 492 Channel Security Computer UNI W08 Prod Security EventData SubjectUserSid S

11 SubjectUserName Administrator SubjectDomainName UNI W08 Prod SubjectLogonId 0x6489b ObjectServer Security ObjectType File ObjectName C:\Windows\ObserveIT\Web\ObserveIT\Web.config HandleId 0xd8 TransactionId { } AccessList %%1538 %%1541 %%4416 %%4417 %%4418 %%4419 %%4420 %%4423 %%4424 AccessReason %%1538: %%1801 D:(A;ID;FA;;;BA) %%1541: %%1801 AccessMask 0x12019f PrivilegeList RestrictedSidCount 0 ProcessId 0x44c ProcessName C:\Windows\System32\notepad.exe 10

12 And ObserveIT is not the only one talking about User Based Risk and Security. In fact, Gartner predicts that by 2018 User Activity Monitoring will be part of 80% of enterprise security solutions 11

13 This is where ObserveIT comes in ObserveIT solves this critical missing gap we answer the WHO S DOING WHAT question We capture, record and monitor all user activity whether you Business Users, IT Users, and Thirst Party Contractors We provide video like playback of the actual activity of your users and we create User Activity Logs that provide searchable, easy to understand audit trails for every action performed Our solutions alerts when we detect abnormal and suspicious user activity providing both an actual video replay of the user s actions and a step by step use activity log of exactly what they did Click to Next Slide 12

14 Our customers are using ObserveIT to solve a number of critical business challenges: Rapidly responding to security incidents is critical challenge for today s under resourced and over worked security teams User Context ObserveIT provides complete visibility into what your users are actually doing, providing an entirely new vantage point that is easy to understand and act upon User Targeted threats Our reporting, alerting and analysis provides your team with the ability to detect and respond to user based threats without having to wade through a ton of non related system data Event Fatigue Our user activity data also provide a crystal clear forensic trail to tell what actually happened when shifting through the mounds of alert and infrastructure data your team has to deal with everyday ObserveIT dramatically shrinks the time to discover the who, what, when and where of security incidents and breaches from weeks/months to hours/days. Our user activity data compliments the infrastructure focused data security teams collect and analyze today to provide complete visibility into what is or did 13

15 happen within a company s servers. 13

16 ObserveIT has transformed how IT professionals think about securing today s enterprise. With a completely software based solution, ObserveIT provides instant out ofbox value allowing companies to quickly shift to a user centric security strategy, and satisfy PCI, HIPAA, SOX, and ISO compliance regulations in minutes. One of the best things about ObserveIT is how simple it is to deploy, operate and maintain. Our Agents are simple to install and do not require you to reboot on install or on upgrade We provide coverage for desktops, server, Jump servers, VDI/Citrix and remote access All reporting, analysis and video replay is accessed via our easy to use web based Application Server All data (videos and user activity logs) are stored in a Database Server and provides easy integration into BI and SIEM/Log Management AGENT OVERHEAD 14

17 Only runs when a user session is active When active, the average utilization is 10MB of RAM The typical CPU utilization is 1% 2%, only at the moment of data capture During idle time, CPU utilization is negligible Each captured screenshot is between 5 50 KB 14

18 ObserveIT is a pioneer in user activity monitoring, and is the only company that provides tailored analytics, alerting and operational forensics to effectively address the growing risk of user based threats. ObserveIT provides; (READ LIST OF ITEMS) Identity Access Management (IAM) Security Information and Event Management (SIEM) CLICK TO NEXT SLIDE 15

19 Here we can see ObserveIT in action: First You can see a list of all user activity in the Server Diary tab. You can quickly see each session and the user activity log of what the user did CLICK Second You can see that alerts were triggered for suspicious activity, with the actual video playback of the users session. Third we have provided the video in chapters so you can quickly view and jump to specific users actions CLICK TO NEXT SLIDE 16

20 Our video replay provides the ability to actually see what any users did on any system being monitored by ObserveIT On the right you see the full user activity logs associated with this session CLICK Our activity alerts also show up in this view. Here a remote vendor has accessed a credit card database table they shouldn t be and you can see precisely when it happened and hop to the exact video of when inappropriate activity occurred CLICK Alert indicators are also embedded in the user activity logs right on the screen CLICK Finally, you can actually message users in real time and terminate their active sessions right from this view 17

21 It is also important that the User Behavior Intelligence you gain from ObserveIT not live on an Island all by itself. We provide the to integrate this User intelligence into your existing infrastructure based Security ecosystem whether that be SIEM, ITSM or IAM IT Service Management (ITSM) è la disciplina che si occupa della gestione di sistemi di information technology (IT) Identity Access Management (IAM) si intendono i sistemi integrati di tecnologie, criteri e procedure in grado di consentire alle organizzazioni di facilitare e al tempo stesso controllare gli accessi degli utenti ad applicazioni e dati critici Security Information and Event Management (SIEM) Sistema di Gestione delle Informazioni e degli eventi di Sicurezza 18

22 19

23 SQL Express is not supported for production! 20

24 21

25 For the application server, when you have hundreds and thousands of agents and you require some sort of LB and HA, you may use software based LB such as Microsoft NLB, or hardware based such as F5 or Citrix NetScaler. For the SQL server, Microsoft based failover cluster is often used. 22

26 23

27 Install once all in about 45 minutes or less Your choice of how many servers to monitor up to 5Max Get full access to ObserveIT Community, Documentation and Extensions Take advantage of our special offer for free deployment tech support 24