HOW OBSERVEIT ADDRESSES KEY HONG KONG IT SECURITY GUIDELINES



Similar documents
How To Use A Logbook For A Business

HOW OBSERVEIT ADDRESSES KEY INDIA DOT REMOTE ACCESS SECURITY REQUIREMENTS

USER ACTIVITY MONITORING FOR IBM SECURITY PRIVILEGED IDENTITY MANAGER

HOW OBSERVEIT ADDRESSES 7 OF THE SANS 20 CRITICAL SECURITY CONTROLS

16 CLOUD APPS YOU NEED TO KNOW IF EMPLOYEES ARE USING

ObserveIT User Activity Monitoring software meets the complex compliance and security challenges related to user activity auditing.

Edit system files. Delete file. ObserveIT Highlights. Change OS settings. Change password. See exactly what users are doing!

InspecTView Highlights

Record and Replay All Windows and Unix User Sessions Like a security camera on your servers

ISO COMPLIANCE WITH OBSERVEIT

OBSERVEIT 6.0 WHAT S NEW

MIND THE GAP INFRASTRUCTURE VS. USER-BASED MONITORING

Privileged Session Management Suite: Solution Overview

TOP REASONS WHY SIEM CAN T PROTECT YOUR DATA FROM INSIDER THREAT

Remote Workers are Under Control

Strangers in Your Servers:

ObserveIT User Activity Monitoring

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

How To Manage A Privileged Account Management

Secret Server Qualys Integration Guide

Drawbacks to Traditional Approaches When Securing Cloud Environments

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

Adding ObserveIT video audit logs to your SIEM

You don t know what you don t know!

Securing Remote Vendor Access with Privileged Account Security

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite.

Netwrix Auditor. Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

Solution Brief for HIPAA HIPAA. Publication Date: Jan 27, EventTracker 8815 Centre Park Drive, Columbia MD 21045

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

BOMGAR FOR VENDOR ACCESS SECURE REMOTE ACCESS FOR THIRD-PARTIES

Remote Vendor Monitoring

End Your Data Center Logging Chaos with VMware vcenter Log Insight

Addressing the United States CIO Office s Cybersecurity Sprint Directives

Generate Reports About User Actions on Windows Servers

Risk boils down to two things Assets and People.

Netwrix Auditor for Active Directory

FISMA / NIST REVISION 3 COMPLIANCE

OBSERVEIT TECHNICAL INFORMATION FOR SALES TEAM. Created by Alex Ellis Pre-Sales Engineer - 2/26/14

What s New in Centrify DirectAudit 2.0

Trust but Verify: Best Practices for Monitoring Privileged Users

Netwrix Auditor for SQL Server

End-user Security Analytics Strengthens Protection with ArcSight

Windows Least Privilege Management and Beyond

managing SSO with shared credentials

CyberArk Privileged Threat Analytics. Solution Brief

Oracle Privileged Account Manager 11gR2. Karsten Müller-Corbach

Qlik Sense Enabling the New Enterprise

<Insert Picture Here> Oracle Database Security Overview

OBSERVEIT TECHNICAL SOLUTION OVERVIEW

The Need for Real-Time Database Monitoring, Auditing and Intrusion Prevention

ARS v2.0. Solution Brief. ARS v2.0. EventTracker Enterprise v7.x. Publication Date: July 22, 2014

Information Technology Policy

Privilege Gone Wild: The State of Privileged Account Management in 2015

Protection & Compliance are you capturing what s going on? Alistair Holmes. Senior Systems Consultant

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

PowerBroker for Windows

Technology Partners. Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in 2009.

CSN38:Tracking Privileged User Access within an ArcSight Logger and SIEM Environment Philip Lieberman, President and CEO

PowerBroker for Windows Desktop and Server Use Cases February 2014

Complete Patch Management

OBSERVEIT DEPLOYMENT SIZING GUIDE

What s New in Centrify Server Suite 2015

PROPALMS TSE 6.0 March 2008

Privilege Gone Wild: The State of Privileged Account Management in 2015

White Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere

Outgoing VDI Gateways:

Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

Enforcive / Enterprise Security

Enterprise Solution for Remote Desktop Services System Administration Server Management Server Management (Continued)...

White Paper. PCI Guidance: Microsoft Windows Logging

Automate PCI Compliance Monitoring, Investigation & Reporting

Vistara Lifecycle Management

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Netwrix Auditor for Windows Server

IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems

The Comprehensive Guide to PCI Security Standards Compliance

Security Event Management. February 7, 2007 (Revision 5)

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Identity & Access Management in the Cloud: Fewer passwords, more productivity

Exporting IBM i Data to Syslog

Using Computer Surveillance to Watch Corporate Security and Employee Performance

Next Generation Jump Servers for Industrial Control Systems

Smarter Security for Smarter Local Government. Craig Sargent, Solutions Specialist

Compliance Guide: PCI DSS

SIEM and IAM Technology Integration

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.

Reining in the Effects of Uncontrolled Change

Google Identity Services for work

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

The Cloud App Visibility Blindspot

IMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY MONITORING

Privileged User Activity Auditing: The Missing Link for Enterprise Compliance and Security

GETTING MORE FOR LESS AS LOG MANAGEMENT AND SIEM CONVERGE

Transcription:

HOW OBSERVEIT ADDRESSES KEY HONG KONG IT SECURITY GUIDELINES The Office of the Government Chief Information Officer of The Government of the Hong Kong Special Administrative Region issued its IT Security Guidelines [G3] 1, version 7.0, in September 2012. These Guidelines include a wide range of information security governance recommendations and best practices related to the usage of IT in organizations. The present document presents a high-level look at how ObserveIT s user activity recording and logging solution addresses a number of the key Guidelines. 2 Also mentioned are a number of the Hong Kong Monetary Authority s General Principles for Technology Risk Management [TM-G-1] 3 (version V.1 24.06.03) addressed by ObserveIT. WHAT IS USER ACTIVITY MONITORING? ObserveIT s User Activity Monitoring system generates video recordings of every user session, providing unparalleled insight into what is being done on company servers. Whereas standard logs collect data on server and network activity, session recordings and logs focus on the user activity within the operating system and every application (commercial, bespoke, legacy and cloud). This granular, user-focused monitoring capability offers a detailed and invaluable tool with which to understand what administrators and remote vendors are doing on monitored servers. However, ObserveIT goes far beyond simply recording the on-screen activity to video: the software transcribes every session into an easyto-read user activity log so that watching the video isn t necessary to know what the user did. Clicking on any particular event in the log launches the video playback from that exact moment. 1 http://www.ogcio.gov.hk/en/infrastructure/methodology/security_policy/doc/g3_pub.pdf 2 Note that the Guidelines quoted herein are paraphrased from the original for the sake of brevity and clarity. 3 http://www.hkma.gov.hk/media/eng/doc/key-functions/banking-stability/supervisory-policy-manual/tm-g-1.pdf OBSERVEIT HOW OBSERVEIT ADDRESSES KEY HONG KONG IT SECURITY GUIDELINES 1

1 2 This activity analysis is also used to generate real-time user activity alerts and reporting. Integration with other systems including log analysis, security information and event monitoring (SIEM), access control and IT ticketing systems further leverages the value of the session recordings and text logs by making them readily available when and where they are needed. Learn more about ObserveIT at www.observeit.com. Following are the Top 3 ways in which ObserveIT addresses the Hong Kong ITSec Guidelines. SECURITY MONITORING AND LOGGING OF PRIVILEGED USER ACTIVITY 7.2 Management Responsibilities: Outsourcing Security Bureaux/departments should actively monitor external service providers. 10.2 Data Security: Data Life Cycle Management Data access and usage activities should be properly monitored, and if possible with preventive measures to alert/stop policy violations. 12.14.1 Operations Security: Logging Applications should have auditing or tracing functions in order to give more information on individual use or misuse of the application. 12.14.2 Operations Security: Monitoring the System In addition to the application log, server system log (e.g. firewall logs, web access logs, system event logs) shall also be reviewed regularly to detect anomalies, including those attacks / intrusions on system software or web applications targeting on end users. Most unauthorised users of an information system can be detected via system monitoring. Why It s Important Both internal privileged users and external service providers (who typically access internal systems from remote locations) hold the keys to the kingdom. These are the people with the greatest potential to cause data breaches, configuration faults or other system damage, whether intentionally or inadvertently. It is critical for the organization to be aware of exactly what these privileged users are doing inside the network, both during and after their activities. The ObserveIT Solution ObserveIT generates both visual and textual activity logs of all actions performed by users on all Unix, Linux and Windows servers in all applications and system areas, with no gaps. Custom-defined activity alerts can inform administrators, in realtime, whenever suspicious activity is occurring. Keyword-based activity search makes it easy to discover exactly who did what, for faster and easier after-thefact forensics investigations. ObserveIT can record all user actions and configuration changes made to server settings, network hardware and other devices. OBSERVEIT HOW OBSERVEIT ADDRESSES KEY HONG KONG IT SECURITY GUIDELINES 2

Native integration with IT ticketing systems allows administrators to click a link within any ticket record to immediately access video recordings and textual activity logs of all sessions related to a ticket. ObserveIT activity logs can be integrated into log management, SIEM and NMS systems for user activity analytics in those systems. Alert details are overlaid in the session player, at the moment in the video that the alert was generated. 2 UNIQUE USER IDENTIFICATION 9.3 Access Control Security: User Identification Individual accountability should be established by identifying and authenticating users of the system with the use of a user identity which uniquely identifies a single individual such that subsequent tracing of the user's activities on the system is possible in case an incident occurs or a violation of the IT security policy is detected. Why it s Important Many organizations grant access to sensitive systems via shared login credentials, such as administrator or root. While this simplifies system management, it becomes impossible to know which individual user accessed the system for any particular session. Some address this need with password vaults, but these systems are complex and expensive to deploy and maintain. A simple, effective and secure solution is required for unique identification of shared-account users. OBSERVEIT HOW OBSERVEIT ADDRESSES KEY HONG KONG IT SECURITY GUIDELINES 3

The ObserveIT Solution ObserveIT includes a secondary identification feature that uniquely identifies each actual user, even when using shared accounts (e.g., Administrator, Root). After logging in to a server using a shared account, the user is required to enter his own personal credentials which are then logged together with the shared account access. These secondary credentials can be defined in Active Directory or isolated within ObserveIT itself. 3 CHANGE MANAGEMENT AUDITING 12.1.4 Operations Security: Change Management Changes to information systems should be controlled and recorded. Why it s Important Configuration changes made to servers, network devices and application software need to be carefully controlled and audited to prevent security breaches and system down time. When disaster strikes, it is vital that administrators and investigators can quickly determine exactly who did what and when so that the damage can be immediately reversed. The ObserveIT Solution ObserveIT records every action performed by every user on every server, resulting in both visual and textual logs of all change-related activities, in all applications and system areas, with no gaps. Unlike manual documentation methods (which are annoying to administrators, time-consuming and error-prone), ObserveIT effortlessly generates accurate documentation of every change. Native integration with IT ticketing systems allows auditors and investigators to click a link within any ticket record to immediately access video recordings and textual activity logs of all server sessions related to the ticket. OBSERVEIT HOW OBSERVEIT ADDRESSES KEY HONG KONG IT SECURITY GUIDELINES 4

GENERAL PRINCIPLES FOR TECHNOLOGY RISK MANAGEMENT [TM-G-1] The functionality described above also comprehensively addresses four central requirements included in the Hong Kong Monetary Authority s Supervisory Policy Manual, General Principles for Technology Risk Management [TM-G-1], version V.1 24.06.03: 3.2.1 For each application system, all users should be identified by unique user-identification codes (e.g. user IDs) with appropriate method of authentication (e.g. passwords) to ensure accountability for their activities. 3.2.3 Monitoring of the activities performed by privileged and emergency IDs (e.g. peer reviews of activity logs) 3.3.1 Monitoring the use of system resources to detect any unusual or unauthorized activities 3.4.1 Adequate logging and monitoring of system and user activities should be in place to detect anomalies, and the logs should be securely protected from manipulation. OBSERVEIT HOW OBSERVEIT ADDRESSES KEY HONG KONG IT SECURITY GUIDELINES 5

ZERO-GAP MONITORING, ANALYSIS, ALERTING AND INTERVENTION ObserveIT monitors, records and analyzes all user activity in every application, webpage and window, over any connection method (Remote Desktop, Terminal Services, GoToMyPC, LogMeIn, PC Anywhere, local login, etc.). ObserveIT also records Windows sessions running as Citrix published applications, in Citrix virtual desktops and VMware environments, as well as stand-alone Windows, Unix/Linux desktops and servers. Addressing a major security gap in most organizations, ObserveIT generates user activity logs and screen recordings for commercial, legacy, bespoke and cloud apps, including those with no internal logging facilities of their own. Administrators can watch live sessions and can even lock a session and user account from within ObserveIT if they wish to immediately stop a suspicious activity. This is particularly useful in the event that the system generates a real-time alert: the administrator receiving the alert can view all activity occurring in the live session screen, rewind to see the actions that led up the alert and take immediate action to halt the session. Additionally, the recordings and resulting user activity logs are valuable for root cause analysis, ad hoc IT forensics and regulatory compliance audit reporting. Reports can be customized to specific business needs and can be scheduled or run on demand. LOW RESOURCE REQUIREMENTS ObserveIT utilizes ultra-efficient data storage, requiring less than 250GB/year for a high-usage, 1000-server environment. The local agents have a minimal footprint of 1%-2% CPU utilization, 10 MB RAM during session and 0% CPU when users are inactive. OBSERVEIT HOW OBSERVEIT ADDRESSES KEY HONG KONG IT SECURITY GUIDELINES 6

OBSERVEIT FEATURE HIGHLIGHTS Screen capture recording plus video activity analysis for searchable, text-based logging of all user activity Real-time alerts provide immediate awareness of suspicious, dangerous and out-of-policy behavior Advanced keylogging enables keyword searching to instantly find any on-screen mouse or keyboard action Records actions in all system areas and all apps zero-gap recording of all commercial, legacy, bespoke and cloud apps plus all system areas Supports all connection methods, including local login, Remote Desktop, Terminal Services, PC Anywhere, Citrix, VMware, VNC, Dameware, etc. SIEM, NMS and IT ticketing system integration for better security and easier investigations including direct links to session replay and user activity logs Privileged User Identification, without requiring password rotation or check-in/check-out Threat detection console detects and pinpoints suspicious activity DBA Activity Audit monitors and audits all SQL queries executed by DBAs against production databases Pre-built and customizable audit reports can be exported to Excel or XML, or scheduled to run automatically for email delivery TRUSTED BY 1200+ CUSTOMERS OBSERVEIT IDENTIFY AND MANAGE USER-BASED RISK Start monitoring in minutes, free: www.observeit.com/tryitnow OBSERVEIT HOW OBSERVEIT ADDRESSES KEY HONG KONG IT SECURITY GUIDELINES 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information