How To Use A Logbook For A Business

Similar documents
HOW OBSERVEIT ADDRESSES KEY INDIA DOT REMOTE ACCESS SECURITY REQUIREMENTS

HOW OBSERVEIT ADDRESSES KEY HONG KONG IT SECURITY GUIDELINES

USER ACTIVITY MONITORING FOR IBM SECURITY PRIVILEGED IDENTITY MANAGER

HOW OBSERVEIT ADDRESSES 7 OF THE SANS 20 CRITICAL SECURITY CONTROLS

16 CLOUD APPS YOU NEED TO KNOW IF EMPLOYEES ARE USING

ObserveIT User Activity Monitoring software meets the complex compliance and security challenges related to user activity auditing.

Edit system files. Delete file. ObserveIT Highlights. Change OS settings. Change password. See exactly what users are doing!

InspecTView Highlights

Record and Replay All Windows and Unix User Sessions Like a security camera on your servers

Adding ObserveIT video audit logs to your SIEM

TOP REASONS WHY SIEM CAN T PROTECT YOUR DATA FROM INSIDER THREAT

OBSERVEIT 6.0 WHAT S NEW

You don t know what you don t know!

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

Privileged Session Management Suite: Solution Overview

MIND THE GAP INFRASTRUCTURE VS. USER-BASED MONITORING

Strangers in Your Servers:

ISO COMPLIANCE WITH OBSERVEIT

ObserveIT User Activity Monitoring

Technology Partners. Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in 2009.

Remote Workers are Under Control

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

OBSERVEIT TECHNICAL SOLUTION OVERVIEW

Risk boils down to two things Assets and People.

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

How To Manage A Privileged Account Management

Netwrix Auditor for Active Directory

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite.

Securing Remote Vendor Access with Privileged Account Security

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Netwrix Auditor for SQL Server

Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

OBSERVEIT TECHNICAL INFORMATION FOR SALES TEAM. Created by Alex Ellis Pre-Sales Engineer - 2/26/14

Netwrix Auditor. Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure

Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

Protection & Compliance are you capturing what s going on? Alistair Holmes. Senior Systems Consultant

Drawbacks to Traditional Approaches When Securing Cloud Environments

How to Use Remote Access Using Internet Explorer

Configuration Information

Workspace Manager 2014 Module Comparison Chart

Module Comparison Chart

Remote Vendor Monitoring

OBSERVEIT DEPLOYMENT SIZING GUIDE

Secret Server Qualys Integration Guide

August Investigating an Insider Threat. A Sensage TechNote highlighting the essential workflow involved in a potential insider breach

Netwrix Auditor for Windows Server

Generate Reports About User Actions on Windows Servers

Next Generation Jump Servers for Industrial Control Systems

Addressing the United States CIO Office s Cybersecurity Sprint Directives

Complete Patch Management

Ultimate Windows Security for ArcSight. YOUR COMPLETE ARCSIGHT SOLUTION FOR MICROSOFT WINDOWS Product Overview - October 2012

Configuration Information

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

User manual of the Work Examiner Contents

Exporting IBM i Data to Syslog

Outgoing VDI Gateways:

How to Launch WebXtender for BDM. Banner Document Management (BDM)

Reports, Features and benefits of ManageEngine ADAudit Plus

Solution Brief for HIPAA HIPAA. Publication Date: Jan 27, EventTracker 8815 Centre Park Drive, Columbia MD 21045

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

AdminToys Suite. Installation & Setup Guide

managing SSO with shared credentials

Enforcive / Enterprise Security

Ekran System List of Frequently Asked Questions

Communication ports used by Citrix Technologies. July 2011 Version 1.5

Citrix Online, div. of Citrix Systems Inc. GoToAssist TM. Product Category: Knowledge Management/eSupport Validation Date: 2/22/2005

Concierge SIEM Reporting Overview

Remote Access: Internet Explorer

Connect for Dragon Medical 360 Network Edition. Administrator Guide

<Insert Picture Here> Oracle Database Security Overview

What s New in Centrify Server Suite 2015

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

IMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY MONITORING

Netwrix Auditor. Administrator's Guide. Version: /30/2015

CONNECT-TO-CHOP USER GUIDE

Netwrix Auditor for File Servers

What s New in Centrify DirectAudit 2.0

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.

Data Sheet: Work Examiner Professional and Standard

IBM Tivoli Compliance Insight Manager

Privileged Access Management 15.2 Available Features

Vistara Lifecycle Management

HarePoint Workflow Extensions for Office 365. Quick Start Guide

This document details the procedure for installing Layer8 software agents and reporting dashboards.

Secrets of Event Viewer for Active Directory Security Auditing Lepide Software

Qlik Sense Enabling the New Enterprise

Netwrix Auditor for SQL Server

Goverlan Remote Control

Centralized Self-service Password Reset: From the Web and Windows Desktop

MySQL Security: Best Practices

Netwrix Auditor for Exchange

Payment Card Industry and Citrix XenApp and XenDesktop Deployment Scenarios

JIJI AUDIT REPORTER FEATURES

Configuring SQL Server Lock (Block) Monitoring With Sentry-go Quick & Plus! monitors

Privileged User Activity Auditing: The Missing Link for Enterprise Compliance and Security

BeyondInsight Version 5.6 New and Updated Features

What s New in BridgeTrak 8.0?

Transcription:

HOW OBSERVEIT ADDRESSES KEY AUSTRALIAN INFORMATION SECURITY CONTROLS The Australian Government s Information Security Manual (September 2012) specifies a wide range of information security governance controls. This document presents a high-level look at how ObserveIT s User Activity Monitoring solution comprehensively addresses 11 of those controls. WHAT IS USER ACTIVITY MONITORING? ObserveIT s User Activity Monitoring system generates video recordings of every user session, providing unparalleled insight into what is being done on company servers. Whereas standard logs collect data on server and network activity, session recordings and logs focus on the user activity within the operating system and every application (commercial, bespoke, legacy and cloud). This granular, user-focused monitoring capability offers a detailed and invaluable tool with which to understand what administrators and remote vendors are doing on monitored servers. However, ObserveIT goes far beyond simply recording the on-screen activity to video: the software transcribes every session into an easy-to-read user acitivy log so that watching the video isn t necessary to know what the user did. Clicking on any particular event in the log launches the video playback from that exact moment. This activity analysis is also used to generate real-time user activity alerts and reporting. Integration with other systems including log analysis, security information and event monitoring (SIEM), access control and IT ticketing systems further leverages the value of the session recordings and text logs by making them readily available when and where they are needed. Learn more about ObserveIT at www.observeit.com. Following are the Top 5 ways in which ObserveIT addresses the Australian InfoSec Controls. OBSERVEIT HOW OBSERVEIT ADDRESSES KEY AUSTRALIAN INFORMATION SECURITY CONTROLS 1

1 PRIVILEGED ACCOUNT ACTIVITY LOGGING AND AUDITING Agencies must ensure that the use of privileged accounts is controlled and auditable. (Control: 0445; Revision: 2; Updated: Sep-12; Applicability: G, P, C, S, TS; Compliance: must; Authority: AH) 2 Agencies must log, at minimum, the following events for all software components: all privileged operations (Control: 0583; Revision: 2; Updated: Sep-12; Applicability: TS; Compliance: must; Authority: AH) Agencies must log the following events for any system requiring authentication: logons, failed logon attempts, logoffs. (Control: 0584; Revision: 1; Updated: Sep-12; Applicability: C, S, TS; Compliance: must; Authority: AH) For each event identified as needing to be logged, agencies must ensure that the log facility records at least the following details, where applicable (Control: 0585; Revision: 2; Updated: Sep-12; Applicability: G, P, C, S, TS; Compliance: must; Authority: AH) Agencies should log the events listed below for specific software components: database, network/operating system, Web application (Control: 0987; Revision: 4; Updated: Sep-12; Applicability: G, P, C, S, TS; Compliance: should; Authority: AA) ObserveIT generates both visual and textual activity logs of all actions performed by all users on all servers in all applications and system areas, with no gaps. Auditors can view video recordings of every privileged account login, search for particular sessions using activity-related keywords (e.g., programs run, windows opened, URLs visited, system commands executed, text typed, system settings changed) and review textual activity logs by user or by server. ObserveIT activity logs can be integrated into log management, SIEM and NMS systems for activity analytics in those systems. ObserveIT can generate real-time alerts based on specific user actions and contexts, significantly enhancing the organization s ability to control and audit privileged user activity. Alert details are overlaid in the session player, at the moment in the video that the alert was generated. OBSERVEIT HOW OBSERVEIT ADDRESSES KEY AUSTRALIAN INFORMATION SECURITY CONTROLS 2

2 UNIQUE USER IDENTIFICATION Agencies must ensure that all users are uniquely identifiable and authenticated on each occasion that access is granted to a system. (Control: 0414; Revision: 2; Updated: Sep-12; Applicability: G, P, C, S, TS; Compliance: must; Authority: AH) If agencies choose to allow shared, non-user-specific accounts they must ensure that another method of determining the identification of the user is implemented. (Control: 0416; Revision: 1; Updated: Sep-12; Applicability: G, P, C, S, TS; Compliance: must; Authority: AH) ObserveIT includes a secondary identification feature that uniquely identifies each actual user, even when using shared accounts (e.g., Administrator). After logging in to a server using a shared account, the user is required to enter his own personal credentials which are then logged together with the shared account access. 3 CHANGE MANAGEMENT AUDITING Agencies should ensure their change management process includes maintaining and auditing logs of all changes (Control: 0912; Revision: 4; Updated: Sep-12; Applicability: G, P, C, S, TS; Compliance: should; Authority: AA) ObserveIT records every action performed by every user on every server, resulting in both visual and textual logs of all change-related activities, in all applications and system areas, with no gaps. Native integration with IT ticketing systems allows auditors and investigators to click a link within any ticket record to immediately access video recordings and textual activity logs of all server sessions related to the ticket. Tight integration with popular ticketing systems ensures water-tight logging of all system changes. OBSERVEIT HOW OBSERVEIT ADDRESSES KEY AUSTRALIAN INFORMATION SECURITY CONTROLS 3

4 IDENTITY THEFT DETECTION Agencies must develop, implement and maintain tools and procedures covering the detection of potential cyber security incidents (Control: 0120; Revision: 2; Updated: Nov-10; Applicability: G, P, C, S, TS; Compliance: must; Authority: AH) 5 Agencies should authenticate both the remote user and device during the authentication process. (Control: 0706; Revision: 2; Updated: Sep-12; Applicability: G, P, C, S, TS; Compliance: should; Authority: AA) ObserveIT includes a unique identity theft detection feature that generates an alert any time a set of privileged user credentials are used from a computer/device not previously used with those credentials. When such an alert is issued, administrators can remotely observe all on-screen user activity in real-time and immediately lock the session and login account in order to prevent a data breach or system vandalism. ObserveIT maintains a list of approved account-device pairs. LOGON BANNER ACKNOWLEDGMENT Agencies should have a logon banner that requires a user to acknowledge and accept their security responsibilities before access to the system is granted. (Control: 0408; Revision: 2; Updated: Sep-12; Applicability: G, P, C, S, TS; Compliance: should; Authority: AA) ObserveIT includes a logon banner feature that requires the user to click an acknowledgment of the organization s policies in order to access a server. The user s action of acknowledging the banner is visually recorded by the system. Users can be required to acknowledge a policy message before logging into monitored servers. OBSERVEIT HOW OBSERVEIT ADDRESSES KEY AUSTRALIAN INFORMATION SECURITY CONTROLS 4

ZERO-GAP MONITORING, ANALYSIS, ALERTING AND INTERVENTION ObserveIT monitors, records and analyzes all user activity in every application, webpage and window, over any connection method (Remote Desktop, Terminal Services, GoToMyPC, LogMeIn, PC Anywhere, local login, etc.). ObserveIT also records Windows sessions running as Citrix published applications, in Citrix virtual desktops and VMware environments, as well as standalone Windows, Unix/Linux desktops and servers. Addressing a major security gap in most organizations, ObserveIT generates user activity logs and screen recordings for commercial, legacy, bespoke and cloud apps, including those with no internal logging facilities of their own. Administrators can watch live sessions and can even lock a session and user account from within ObserveIT if they wish to immediately stop a suspicious activity. This is particularly useful in the event that the system generates a real-time alert: the administrator receiving the alert can view all activity occurring in the live session screen, rewind to see the actions that led up the alert and take immediate action to halt the session. Additionally, the recordings and resulting user activity logs are valuable for root cause analysis, ad hoc IT forensics and regulatory compliance audit reporting. Reports can be customized to specific business needs and can be scheduled or run on demand. LOW RESOURCE REQUIREMENTS ObserveIT utilizes ultra-efficient data storage, requiring less than 250GB/year for a high-usage, 1000-server environment. The local agents have a minimal footprint of 1%-2% CPU utilization, 10 MB RAM during session and 0% CPU when users are inactive. OBSERVEIT HOW OBSERVEIT ADDRESSES KEY AUSTRALIAN INFORMATION SECURITY CONTROLS 5

OBSERVEIT FEATURE HIGHLIGHTS Screen capture recording plus video activity analysis for searchable, text-based logging of all user activity Real-time alerts provide immediate awareness of suspicious, dangerous and out-of-policy behavior Advanced keylogging enables keyword searching to instantly find any on-screen mouse or keyboard action Records actions in all system areas and all apps zero-gap recording of all commercial, legacy, bespoke and cloud apps plus all system areas Supports all connection methods, including local login, Remote Desktop, Terminal Services, PC Anywhere, Citrix, VMware, VNC, Dameware, etc. SIEM, NMS and IT ticketing system integration for better security and easier investigations including direct links to session replay and user activity logs Privileged User Identification, without requiring password rotation or check-in/check-out Threat detection console detects and pinpoints suspicious activity DBA Activity Audit monitors and audits all SQL queries executed by DBAs against production databases Pre-built and customizable audit reports can be exported to Excel or XML, or scheduled to run automatically for email delivery TRUSTED BY 1200+ CUSTOMERS OBSERVEIT IDENTIFY AND MANAGE USER-BASED RISK Start monitoring in minutes, free: www.observeit.com/tryitnow OBSERVEIT HOW OBSERVEIT ADDRESSES KEY AUSTRALIAN INFORMATION SECURITY CONTROLS 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information