OBSERVEIT 6.0 WHAT S NEW



Similar documents
ObserveIT User Activity Monitoring software meets the complex compliance and security challenges related to user activity auditing.

HOW OBSERVEIT ADDRESSES KEY HONG KONG IT SECURITY GUIDELINES

Edit system files. Delete file. ObserveIT Highlights. Change OS settings. Change password. See exactly what users are doing!

TOP REASONS WHY SIEM CAN T PROTECT YOUR DATA FROM INSIDER THREAT

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

OBSERVEIT TECHNICAL SOLUTION OVERVIEW

USER ACTIVITY MONITORING FOR IBM SECURITY PRIVILEGED IDENTITY MANAGER

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

You don t know what you don t know!

How To Use A Logbook For A Business

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

What s New in Centrify DirectAudit 2.0

Securing Remote Vendor Access with Privileged Account Security

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.

Vistara Lifecycle Management

IBM Security QRadar Vulnerability Manager Version User Guide

PCI DSS Reporting WHITEPAPER

ObserveIT User Activity Monitoring

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

HOW OBSERVEIT ADDRESSES KEY INDIA DOT REMOTE ACCESS SECURITY REQUIREMENTS

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

Record and Replay All Windows and Unix User Sessions Like a security camera on your servers

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

MIND THE GAP INFRASTRUCTURE VS. USER-BASED MONITORING

Authoring for System Center 2012 Operations Manager

InspecTView Highlights

Clavister InSight TM. Protecting Values

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Enforcive / Enterprise Security

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

How To Manage A Privileged Account Management

Secret Server Qualys Integration Guide

Privileged Session Management Suite: Solution Overview

GFI White Paper PCI-DSS compliance and GFI Software products

Solution Brief for HIPAA HIPAA. Publication Date: Jan 27, EventTracker 8815 Centre Park Drive, Columbia MD 21045

Best Practices for Auditing Changes in Active Directory WHITE PAPER

XpoLog Center Suite Data Sheet

Alert Logic Log Manager

Solution Brief for ISO 27002: 2013 Audit Standard ISO Publication Date: Feb 6, EventTracker 8815 Centre Park Drive, Columbia MD 21045

QRadar SIEM and Zscaler Nanolog Streaming Service

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

Securing SharePoint 101. Rob Rachwald Imperva

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Feature. Log Management: A Pragmatic Approach to PCI DSS

mbits Network Operations Centrec

Automate Your BI Administration to Save Millions with Command Manager and System Manager

BeyondInsight Version 5.6 New and Updated Features

Complete Patch Management

Workflow Templates Library

Protect Your Business and Customers from Online Fraud

Securing and protecting the organization s most sensitive data

CloudPassage Halo Technical Overview

McAfee Web Reporter Turning volumes of data into actionable intelligence

Complete Patch Management

Bomgar 10.6 License Comparison

What is Security Intelligence?

Introduction to Network Discovery and Identity

What s New in Centrify Server Suite 2015

Adding ObserveIT video audit logs to your SIEM

How To Manage Security On A Networked Computer System

White Paper. Managing Risk to Sensitive Data with SecureSphere

TRIPWIRE NERC SOLUTION SUITE

SANS Top 20 Critical Controls for Effective Cyber Defense

Lavastorm Resolution Center 2.2 Release Frequently Asked Questions

INTEGRATING OBSERVEIT WITH HP ARCSIGHT CEF

The webinar will begin shortly

Tech Brief. Choosing the Right Log Management Product. By Michael Pastore

Course 55004A: Installing and Configuring System Center 2012 Operations Manager

Complete Database Security. Thomas Kyte

55004A: Installing and Configuring System Center 2012 Operations Manager

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Desktop Activity Intelligence

How To Use Ibm Tivoli Monitoring Software

Monitoring Clearswift Gateways with SCOM

Outgoing VDI Gateways:

APPLICATION MANAGEMENT SUITE FOR SIEBEL APPLICATIONS

Ecom Infotech. Page 1 of 6

Summit Platform. IT and Business Challenges. SUMMUS IT Management Solutions. IT Service Management (ITSM) Datasheet. Key Benefits

Server & Application Monitor

10 Things IT Should be Doing (But Isn t)

QRadar SIEM and FireEye MPS Integration

HOW OBSERVEIT ADDRESSES 7 OF THE SANS 20 CRITICAL SECURITY CONTROLS

IBM Security QRadar Vulnerability Manager

EZManage SQL Pro. Quick guide for installation and implementation

10 Building Blocks for Securing File Data

IBM Endpoint Manager Product Introduction and Overview

Backup Exec System Recovery Management Solution 2010 FAQ

Strengthen security with intelligent identity and access management

Anatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow

Q1 Labs Corporate Overview

Under the Hood of the IBM Threat Protection System

Extreme Networks Security Analytics G2 Vulnerability Manager

Generate Reports About User Actions on Windows Servers

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite.

CloudPassage Halo Technical Overview

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

Windows Server 2012 Server Manager

Automate PCI Compliance Monitoring, Investigation & Reporting

Transcription:

OBSERVEIT 6.0 WHAT S NEW ObserveIT 6.0 extends ObserveIT s industry leading session recording solution to a complete Insider Threat Platform that detects and mitigates the risk of insider threats across all users in an organization - privileged users, third-party vendors and business users. 6.0 introduces the following major new capabilities: User Risk Scoring & Dashboard Know which users are putting your business at risk and why Field-Level Application Monitoring Distinguish abusive behavior from normal user activity Alert Workflow and Reporting Streamline the way you investigate and report on ObserveIT activity alerts Additional new features include: New UNIX/Linux detection capabilities Improved search performance Security automation and scale management New supported platforms USER RISK SCORING & DASHBOARD ObserveIT 6.0 includes a new user risk dashboard to quickly identify and investigate risky users across your enterprise. At a glance, you re able to see a user risk summary, breakdown of risky users, new users at risk, top risky applications and activity alerts. The user risk dashboard highlights new users becoming risky and changes in their behavior based on risk score, recent score changes, applications being used and alerts that were triggered. The list of users at risk presents all the information needed to prioritize which users to investigate first including: General information about the user such as title, department and personal photo Risk score color coded by risk level Contribution of each application and alert rule to the user s total risk score A timeline that provides a quick understanding of when the risky activity occurred To investigate risky user behavior and discover intent, select a user for a snapshot of all their recent risky activity with the ability to adjust alert list filters to broaden or narrow your view. To isolate specific user activity associated ObserveIT WHAT S NEW IN OBSERVEIT 6.0 1

with a risky application or alert, click on the event for a contextual drill-down to the full alert list with all related session recordings and alert details of who, did what, on which computer, from which client, and when. User Risk Dashboard The new scoring engine provides a risk score per user that is used by the dashboard to identify and prioritize risky users. - User score is an intelligent aggregation of a user s activity alerts during the last month - Build your own alert rules, or use built-in canned alert rules to detect risky user activity across your applications, systems and users - Customize score thresholds per risk level for both alert rules and users to control risk sensitivity for various groups and assets - The daily risk score tracks a user s risk day by day, allowing you to easily identify score changes and act first on users who s risk level have recently changed ObserveIT WHAT S NEW IN OBSERVEIT 6.0 2

FIELD-LEVEL APPLICATION MONITORING ObserveIT 6.0 allows you to understand risk at an application field-level and detect abnormal usage. ObserveIT s new field-level monitoring allows you to mark specific fields within desktop or web-based applications and track how users interact with them for security, compliance, and internal policy enforcement. These new marked fields are available for generated reports, alerts, and ad-hoc searches enabling security teams to detect a wide range of insider threats. Field values are also tracked, allowing you to get detailed alerts and reports on the inputting and altering of data in sensitive application fields. Marking fields is easy with the ObserveIT Marking Tool. Simply point and click the fields in the application UI. ObserveIT Marking Tool ObserveIT WHAT S NEW IN OBSERVEIT 6.0 3

ALERT WORKFLOW & REPORTING When reviewing alerts, you can now set a status for each alert indicating whether it is being reviewed, identified as an issue, or dismissed as a non-issue. For non-issue alerts, the risk score of the impacted user is recalculated automatically to reflect the reduced user risk Alert reports by status provide you with the ability to produce management reports reflecting the status and progress of your security and compliance review process New alert reporting allows you to summarize alerts by rule, user, computer, alert status, etc. ObserveIT WHAT S NEW IN OBSERVEIT 6.0 4

ADDITIONAL FEATURES UNIX/LINUX DETECTION CAPABILITIES ObserveIT 6.0 exposes a wider command context to the alert rule definition - allowing you to alert on the following security risks: Opening root shell from untrusted login programs, other than SSH/Telnet, rlogin, direct console login, etc. Running an unapproved setuid program Breaking out of sudo command boundaries - e.g. running rm or cp commands from sudo vi Non-interactive shells opened from specific applications e.g. Web Server opening a reverse shell that is controlled by a remote terminal Record and detect risky activity in non-interactive shells launched by cron or at commands Enhanced set of canned alert rules to be used as is or adjusted for your specific needs Unix/Linux alerts are fully integrated into the new user scoring engine. The alerts are presented in the user risk dashboard alongside all other events - providing a comprehensive and holistic view of the total risk imposed by users in the organization regardless of the platform being used. IMPROVED SEARCH: FASTER, FOCUSED, AND HIGHLY USABLE As part of any investigation process, it is crucial to be able to quickly locate forensic data. ObserveIT 6.0 dramatically boosts search performance, allowing you to narrow your search, get results faster, and explore search results quickly. With ObserveIT 6.0 search functionality has been significantly upgraded. Find exactly what you need and much faster: Narrow the search by specific user activity log attributes such as searching in key-logging data only, searching only customer emails address being viewed (e.g. in case of suspected data breach), visited URLs only, SQL statements only, Unix/Linux commands only, etc. Reduce the scope of searched sessions by filtering specific users or servers (e.g. search on PCI servers only or search only on Call Center terminals) Improved search results by showing the specific user activity log elements found (whether URL, Window Title, In-app data element, SQL statement, etc.) and highlighting the matched keyword ObserveIT WHAT S NEW IN OBSERVEIT 6.0 5

SECURITY AUTOMATION AND SCALE MANAGEMENT As in every ObserveIT release, ObserveIT 6.0 adds security automation and scale management features to support large-scale enterprise deployments with large numbers of agents with increased security. Automatically unregister unused VDI agents in large desktop environments allowing floating license model for deployments with VDIs that are created and destroyed frequently Exporting ObserveIT Web Console configuration changes (policy audit) to your SIEM allows you to integrate and correlate recording policy modification events with other security events RODC support is now available for environments that allow read-only access to Active Directory domain controllers NEW SUPPORTED PLATFORMS MS SQL Server 2014 is now supported as the ObserveIT Database Server DBA Activity now supports MS SQL Management Studio 2012 and 2014 RHEL/CentOS/Oracle Linux 7.1 RHEL/CentOS/Oracle Linux 4 Debian 8 ObserveIT WHAT S NEW IN OBSERVEIT 6.0 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information