Record and Replay All Windows and Unix User Sessions Like a security camera on your servers ObserveIT is the only enterprise solution that records both Windows and Unix user sessions, supporting all methods of access, without requiring any architecture changes. Full video playback of every user action Records all remote and console Windows and Unix sessions RDP, ICA, VMWare, SSH, Telnet and more Comprehensive software-based solution for: Monitoring 3rd-party providers Secure Compliance Auditing of all user activity Troubleshooting of root cause of errors
Market Challenges The writing is on the wall... When remote vendors, sysadmins and business users access your network, you need the full picture of what really happened. ObserveIT gives you video playback of user activity, tied directly to your event logs. Even a detailed log entry of file change timestamps is not enough. Did the user Copy/Paste data? Edit XML elements? Change an Excel formula? ObserveIT shows you precisely what was done.
Benefits of ObserveIT Bulletproof legal evidence - Reduce the risk of misaligned client-vendor interests by capturing bulletproof legal evidence of all vendor activity. Video replay can be used during litigation or to eliminate need for legal action. Remote Vendor Auditing Secure Compliance Instant Troubleshooting Increased self-reliance - Video recordings document all vendor activity, allowing you to reduce reliance and dependency. Eliminate the mystery and know what they do. Improve flexibility when ending contracts, adjusting agreements or setting SLA expectations. Improve in-house knowledge - An indexed database of user session recordings becomes a best-practices repository for critical business operations. Overcome poor communications - Reduce the need for verbal descriptions, hand-holding, and email explanations: 30 seconds of video explains more than hours of training, phone calls and emails. Reduce geopolitical risks - Your business is exposed to risk if security or political events prevent off-shore vendors from providing services. Video playback of prior activities provides path for temp/emergency staff to step in mid-stream. Enhance your System Management infrastructure - Tie a precise video replay to every textual log entry in your SIM log management Immediate Compliance for all new apps - Every new app (ex: customized CRM module) is automatically monitored and ready for compliance auditing. No need to modify code / config to achieve log requirements. Desktop Auditing - Monitor all user actions, even if they are only working on their own Desktops, without touching corporate servers.
ObserveIT s Unique Advantage: Video + Metadata places all the intelligence at your fingertips ObserveIT lists every user session Windows Session: Metadata + Video ObserveIT captures Window title, Application name, files opened, URL accessed, UI element selection and text entry Exact video playback Within each session, details of every action taken Unix Session: Metadata + Video ObserveIT captures shell logins, including all command line activity and system calls. (If user types rm*, ObserveIT captures each file name that is deleted.) List of each user command For each command, a detailed list of system calls Exact video playback of command prompt screen
Key Features Record & Replay - Exact video playback of every Windows and Unix session, including mouse movements, UI interaction, text entry and command line. Intelligent Metadata associated with each session - No need to replay hours of video to find what you need. Interactive drill-down - according to user, server, app name, file or resource used, underlying system calls and more - takes you straight to the the right user action replay. Real-time Playback - View session activity on the air while users are still active, or replay historical recordings at any time. Privileged User Identification - Associate usernames with each anonymous administrator login. Add an additional level of system access control for sensitive resources. Complete Coverage - ObserveIT is agnostic to network protocol and client application. Captures Unix and Windows sessions via: SSH, Telnet, RDP, Terminal Services, Citrix, VMware, VNC, PC-Anywhere, Dameware and more. System Monitor Integration - Instant-replay from within network management (SCOM, Unicenter, Tivoli, OpenView, etc.) Real-time alerts on any user action (File access, network share, registry edit, URL access and more) Enterprise Scale Robust Security Architecture - Agent-Server encryption, Digital Signatures, Pervasive User Permissions and System Watchdog mechanism are designed for secure enterprise environments AD Policy, Event-Driven Rules - Flexible rules engine allows for inclusion / exclusion policies according to Active Directory user and user groups. Event rules also can be triggered per application, resource used. Small Footprint - Ultra-efficient data storage: Less than 250GB/year for high-usage, 1000 server enviroment. Minimal Agent CPU utilization: 0% CPU when no console active, 1%-2% CPU, 10 MB RAM during session.
How ObserveIT Works Remote and terminal users access your servers. ObserveIT records every user action. 1 2 3 You can review, audit, search and replay all user sessions. Why Use ObserveIT Remote Vendor Auditing: No more fingerpointing! Know exactly what your 3rd-party vendors are doing on your servers. Secure Compliance: Audit people, not just apps Detailed audit reports provide bulletproof evidence of every access to your corporate servers and databases, delivered automatically. Instant Troubleshooting: Defeat the Oops factor Find the root cause of any config change, using detailed searching and video session playback.
ObserveIT Architecture The ObserveIT Agent is installed on each monitored server. The Agent captures data (screenshot and metadata) for every user action. Metadata includes info on the state of the operating system and the application program being used, which allows ObserveIT to precisely identify what the user is doing. By default, the Agent communicates with the Management Server via HTTP POST (TCP port 80). All content is encrypted. The Agent architecture includes a Watchdog service to prevent it being shut off. The ObserveIT Management Server is an ASP.NET application in IIS that collects all data delivered by the Agents, where it is analyzed and sent to the Database Server to be stored and indexed. The Management Server communicates with the Agents for configuration update. It also can integrate easily with LDAP for user validation, with SIM to link video replay from within textual log file listings, and with Network Management systems to allow for system alerts and updates based on user activity. The ObserveIT Web Console is an ASP.NET application in IIS that serves as the primary interface for accessing information (video replay, reporting, etc.) in ObserveIT. It is also used for configuration and administration tasks. Config data is also stored in the Database Server. The Web Console includes granular policy rules for limiting access to sensitive data. The Database Server is a Microsoft SQL Server database that stores all configuration data, metadata and screenshots captured by ObserveIT Agents. Both the Management Server and Web Console apps connect via standard TCP port 1433. Each of the three server applications can be installed on a single machine, or distributed for performance and security considerations.
Who s Using ObserveIT Manufacturing Financial Telecommunications IT Services Healthcare/Education/Gov t people audit Like a Security Camera on Your Servers. info@observeit-sys.com www.observeit-sys.com