HOW OBSERVEIT ADDRESSES KEY INDIA DOT REMOTE ACCESS SECURITY REQUIREMENTS



Similar documents
USER ACTIVITY MONITORING FOR IBM SECURITY PRIVILEGED IDENTITY MANAGER

HOW OBSERVEIT ADDRESSES KEY HONG KONG IT SECURITY GUIDELINES

HOW OBSERVEIT ADDRESSES 7 OF THE SANS 20 CRITICAL SECURITY CONTROLS

Edit system files. Delete file. ObserveIT Highlights. Change OS settings. Change password. See exactly what users are doing!

ObserveIT User Activity Monitoring software meets the complex compliance and security challenges related to user activity auditing.

Record and Replay All Windows and Unix User Sessions Like a security camera on your servers

Adding ObserveIT video audit logs to your SIEM

Privileged Session Management Suite: Solution Overview

ObserveIT User Activity Monitoring

OBSERVEIT TECHNICAL INFORMATION FOR SALES TEAM. Created by Alex Ellis Pre-Sales Engineer - 2/26/14

OBSERVEIT TECHNICAL SOLUTION OVERVIEW

Remote Workers are Under Control

OBSERVEIT 6.0 WHAT S NEW

TOP REASONS WHY SIEM CAN T PROTECT YOUR DATA FROM INSIDER THREAT

ISO COMPLIANCE WITH OBSERVEIT

Privileged Access Management 15.2 Available Features

How To Manage A Privileged Account Management

Next Generation Jump Servers for Industrial Control Systems

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

Privileged User Activity Auditing: The Missing Link for Enterprise Compliance and Security

PowerBroker for Windows

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

Privileged Access Management 15.3 Available Features

Configuration Information

PowerBroker for Windows Desktop and Server Use Cases February 2014

Ekran System List of Frequently Asked Questions

Remote Vendor Monitoring

AdminToys Suite. Installation & Setup Guide

Configuration Information

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.

Securing Remote Vendor Access with Privileged Account Security

How to Use Remote Access Using Internet Explorer

HyTrust Logging Solution Brief: Gain Virtualization Compliance by Filling Log Data Gaps

OBSERVEIT DEPLOYMENT SIZING GUIDE

Vistara Lifecycle Management

How to remotely access your Virtual Desktop from outside the college using VMware View Client. How to guide

Technology Partners. Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in 2009.

Complete Patch Management

Drawbacks to Traditional Approaches When Securing Cloud Environments

Here is a demonstration of the Aqua Accelerated Protocol (AAP) software see the Aqua Connect YouTube Channel

Generate Reports About User Actions on Windows Servers

Netwrix Auditor for Active Directory

The 5-Minute ThinManager Overview. White Paper. For more information, please visit:

ISO27001 compliance and Privileged Access Monitoring

Netwrix Auditor. Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure

User manual of the Work Examiner Contents

Netwrix Auditor for SQL Server

Workspace Manager 2014 Module Comparison Chart

CSN38:Tracking Privileged User Access within an ArcSight Logger and SIEM Environment Philip Lieberman, President and CEO

IMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY MONITORING

Enterprise Remote Control 5.6 Manual

This document details the procedure for installing Layer8 software agents and reporting dashboards.

Netwrix Auditor. CEF Export Add-on Quick-Start Guide. Version: 8.0 6/3/2016

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

Before You Begin Your Computer Must Meet the System Requirements to Access Cloud9

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite.

Alert Logic Log Manager

Secret Server Qualys Integration Guide

Data Sheet: Work Examiner Professional and Standard

Configuring SQL Server Lock (Block) Monitoring With Sentry-go Quick & Plus! monitors

Remote Access: Internet Explorer

What s New in Centrify DirectAudit 2.0

SQL Server Solutions GETTING STARTED WITH. SQL Diagnostic Manager

Remote Desktop Solution, (RDS), replacing CITRIX Home Access

NEXT-GENERATION, CLOUD-BASED SERVER MONITORING AND SYSTEMS MANAGEMENT

What s New in Centrify Server Suite 2015

administrator are Console Users that can log on to the Web Management console and

Boost your VDI Confidence with Monitoring and Load Testing

LogMeIn Network Console Version 8 Getting Started Guide

Administration Guide NetIQ Privileged Account Manager 3.0.1

For Splunk Universal Forwarder and Splunk Cloud

SIEM and IAM Technology Integration

Communication ports used by Citrix Technologies. July 2011 Version 1.5

How To Secure A Database From A Leaky, Unsecured, And Unpatched Server

Netwrix Auditor for Windows Server

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

White Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere

Outgoing VDI Gateways:

Goverlan Remote Control

Connecting Remotely via the Citrix Access Gateway (CAG)

Achieving PCI Compliance for: Privileged Password Management & Remote Vendor Access

SmartCode. v5.0. VNC Manager. Award Winning Remote Computer Management Software. Powerful tool to control all your computers from one program

14.1. bs^ir^qfkd=obcib`qflk= Ñçê=emI=rkfuI=~åÇ=léÉåsjp=eçëíë

Transcription:

HOW OBSERVEIT ADDRESSES KEY INDIA DOT REMOTE ACCESS SECURITY REQUIREMENTS In January 2013, the Department of Telecommunications of the Government of India s Ministry of Communications & IT contacted all telecom service providers in India with a set of security and auditing requirements for remote access systems. This document presents a high-level look at how ObserveIT s server session recording solution addresses a number of these key auditing requirements. WHAT IS USER ACTIVITY MONITORING? ObserveIT s User Activity Monitoring system generates video recordings of every user session, providing unparalleled insight into what is being done on company servers. Whereas standard logs collect data on server and network activity, session recordings and logs focus on the user activity within the operating system and every application (commercial, bespoke, legacy and cloud). This granular, user-focused monitoring capability offers a detailed and invaluable tool with which to understand what administrators and remote vendors are doing on monitored servers. However, ObserveIT goes far beyond simply recording the on-screen activity to video: the software transcribes every session into an easyto-read user activity log so that watching the video isn t necessary to know what the user did. Clicking on any particular event in the log launches the video playback from that exact moment. This activity analysis is also used to generate real-time user activity alerts and reporting. Integration with other systems including log analysis, security information and event monitoring (SIEM), access control and IT ticketing systems further leverages the value of the session recordings and text logs by making them readily available when and where they are needed. Learn more about ObserveIT at www.observeit.com. OBSERVEIT HOW OBSERVEIT ADDRESSES KEY INDIA DOT REMOTE ACCESS SECURITY REQUIREMENTS 1

The Top 3 Ways ObserveIT Addresses DoT Remote Access Requirements 1 REMOTE ACCESS LOGGING AND AUDITING The DoT requirements: Complete audit trail of remote access activities pertaining to the network operated in India, maintained for six months Remote access storage server in India storing remote access command logs locally in the storage server for the purpose of audit All remote access requests/commands given from foreign locations on India network elements captured and stored directly on the Indian remote access storage server 2 The ObserveIT Solution ObserveIT generates both screen recordings and plain-english user activity logs of all actions performed by all users on all Windows and Unix/Linux servers via all connectivity methods (RDP, Citrix, Telnet, SSH, etc.) in all applications and system areas, with no gaps! Auditors can review reports presenting every login, command executed, application run, window opened, URL accessed and so forth. Auditors can jump directly to screen recordings of remote access activities by server, by user, by application or by keyword search. Auditors can define granular user activity alerts to ObserveIT activity logs can be integrated into log management, SIEM and access control systems for activity analytics within those systems. OBSERVEIT HOW OBSERVEIT ADDRESSES KEY INDIA DOT REMOTE ACCESS SECURITY REQUIREMENTS 2

2 KEYWORD SEARCH OF THE AUDIT TRAIL The DoT requirements: Capability to search for specific commands or keywords from the available audit trail The ObserveIT Solution ObserveIT provides keyword search within user activity logs, where search results are linked directly to the specific portion of the screen recordings. The keyword search capability provides for highly granular location of specific activities, by searching for: o System commands executed o Names of system settings changed o Names of applications run o Titles of windows opened o URLs visited in a Web browser o o Keystrokes typed Text entries made (even by partial typing, editing, keyboard shortcuts, auto-complete, paste from Clipboard, etc.) ObserveIT generates both screen recordings and plain-english user activity logs of all actions performed by all users on all Windows and Unix/Linux servers via all connectivity methods (RDP, Citrix, Telnet, SSH, etc.) in all applications and system areas, with no gaps! Sspecific commands and keywords can also be used to generate real-time alerts so that auditors can quickly review any suspicious user actions that occurred during any given time frame. Alert details are overlaid in the session player, at the moment in the video that the alert was generated. OBSERVEIT HOW OBSERVEIT ADDRESSES KEY INDIA DOT REMOTE ACCESS SECURITY REQUIREMENTS 3

3 MIRROR IMAGE AND HIGH AVAILABILITY The DoT requirements: Mirror image of the remote access information is available on line for monitoring purposes The uptime of the remote access storage server should not be less than 99.99% The ObserveIT Solution The ObserveIT solution is built with Microsoft technologies, making it straightforward to implement all available Microsoft-provided infrastructure solutions. Thus, high availability, fault tolerance and online mirrors of the ObserveIT server are readily available using standard Microsoft infrastructure solutions. ADDITIONAL OBSERVEIT BENEFITS Beyond the core logging and auditing capabilities described above, ObserveIT provides the following additional features which enhance remote access security, control and auditing. Unique User Identification over Shared Accounts ObserveIT includes a secondary identification feature that uniquely identifies each actual user, even when using shared accounts (e.g., Administrator, root). After logging in to a server using a shared account, the user is required to enter his own personal credentials which are then logged together with the shared account access. Logon Banner Acknowlegment ObserveIT includes a logon banner feature that requires the user to click an acknowledgment of the organization s policies in order to access a server. The user s action of acknowledging the banner is visually recorded by the system. Integration with SIEM, IT Ticketing and Access Control Systems Enhance log management and Security Information and Event Management (SIEM) systems (such as Splunk, HP ArcSight and RSA envision) by incorporating gap-less activity logs, covering every application (commercial, bespoke, legacy, cloud) and operating system area. Users can be required to enter a valid ticket number from an external IT ticketing system such as ServiceNow, ensuring that every login is connected with a specific purpose. Tight integration with access control platforms (such as CA Access Control) makes it much easier to determine, audit and refine access permissions for each role/user. OBSERVEIT HOW OBSERVEIT ADDRESSES KEY INDIA DOT REMOTE ACCESS SECURITY REQUIREMENTS 4

ZERO-GAP MONITORING, ANALYSIS, ALERTING AND INTERVENTION ObserveIT monitors, records and analyzes all user activity in every application, webpage and window, over any connection method (Remote Desktop, Terminal Services, GoToMyPC, LogMeIn, PC Anywhere, local login, etc.). ObserveIT also records Windows sessions running as Citrix published applications, in Citrix virtual desktops and VMware environments, as well as stand-alone Windows, Unix/Linux desktops and servers. Addressing a major security gap in most organizations, ObserveIT generates user activity logs and screen recordings for commercial, legacy, bespoke and cloud apps, including those with no internal logging facilities of their own. Administrators can watch live sessions and can even lock a session and user account from within ObserveIT if they wish to immediately stop a suspicious activity. This is particularly useful in the event that the system generates a real-time alert: the administrator receiving the alert can view all activity occurring in the live session screen, rewind to see the actions that led up the alert and take immediate action to halt the session. Additionally, the recordings and resulting user activity logs are valuable for root cause analysis, ad hoc IT forensics and regulatory compliance audit reporting. Reports can be customized to specific business needs and can be scheduled or run on demand. LOW RESOURCE REQUIREMENTS ObserveIT utilizes ultra-efficient data storage, requiring less than 250GB/year for a high-usage, 1000-server environment. The local agents have a minimal footprint of 1%-2% CPU utilization, 10 MB RAM during session and 0% CPU when users are inactive. OBSERVEIT HOW OBSERVEIT ADDRESSES KEY INDIA DOT REMOTE ACCESS SECURITY REQUIREMENTS 5

OBSERVEIT FEATURE HIGHLIGHTS Screen capture recording plus video activity analysis for searchable, text-based logging of all user activity Real-time alerts provide immediate awareness of suspicious, dangerous and out-of-policy behavior Advanced keylogging enables keyword searching to instantly find any on-screen mouse or keyboard action Records actions in all system areas and all apps zero-gap recording of all commercial, legacy, bespoke and cloud apps plus all system areas Supports all connection methods, including local login, Remote Desktop, Terminal Services, PC Anywhere, Citrix, VMware, VNC, Dameware, etc. SIEM, NMS and IT ticketing system integration for better security and easier investigations including direct links to session replay and user activity logs Privileged User Identification, without requiring password rotation or check-in/check-out Threat detection console detects and pinpoints suspicious activity DBA Activity Audit monitors and audits all SQL queries executed by DBAs against production databases Pre-built and customizable audit reports can be exported to Excel or XML, or scheduled to run automatically for email delivery TRUSTED BY 1200+ CUSTOMERS OBSERVEIT IDENTIFY AND MANAGE USER-BASED RISK Start monitoring in minutes, free: www.observeit.com/tryitnow OBSERVEIT HOW OBSERVEIT ADDRESSES KEY INDIA DOT REMOTE ACCESS SECURITY REQUIREMENTS 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information