Upload
observeit
View
224
Download
0
Embed Size (px)
Citation preview
Who is ObserveIT?
Risk of Data Exposure through core apps
Examples of Risky Application Scenarios
Brief Demonstration of ObserveIT
AGENDA
WHO IS OBSERVEIT?
HQ Boston, MA / R&D Tel Aviv, Israel Founded 2006 1,200+ Customers Worldwide $20M Invested by Bain Capital
The leading provider of User Activity Monitoring for Application Users, Admins and External Vendors
Audit and Compliance
WHAT’S BEING MONITORED
Application Users
__________________________________________
Custom & Commercial Apps:
External Vendors
__________________________________________
Service Providers & Contractors:
Privileged Users
__________________________________________
Critical Systems, Files & Data:
SOXEU Data
Protection Reform HIPPA
Healthcare (PHI) data Customer (PII) data Employee data Company data Financial data Intellectual property Sales & marketing
data
AT&T will pay $25 million after
call-center workers sold
customer data
Morgan Stanley insider exposes rich clients' info
online
DATA EXPOSED THROUGH APPLICATIONS
Ex-JPMorgan Employee
Charged With Stealing
Customer Data
APPS ARE THE WINDOW TO OUR MOST SENSITIVE DATA: Healthcare (PHI)
data Customer (PII) data Employee data Company data Financial data Intellectual
property Sales & marketing
data
WHAT DOES THE USER SEE?
Maintain backend application systems, DBs, and infrastructure for business users
Risks• Remote Access• Configuration
Changes• Audit &
Compliance
IT Users
Systems
Front End
Data
Application
User variety of applications everyday to drive business
Risks• App Data
Extraction• Shadow IT • Audit &
Compliance
Business Users
TODAY’S RISK OF DATA EXPOSED THROUGH APPLICATIONS:
95%BUSINESS USERS
5%IT USERS
84% of Insider based breaches involve users with no admin rights
Source: Gartner 2013 Key IT Metrics Report & 2014 IBM/Ponemon
BUSINESS USERS OUTNUMBER IT ADMINISTRATORS BY 20:1
HERE'S THE PROBLEM:
Unified logging for
all apps_____________________________________________
________
Access to view
information_____________________________________________
________
Shadow IT_____________________________________________________
Remote Workers Employee Turnover
Layoffs Two weeks notice
HR watch list
INTERNAL AUDITS Takes staff a long time to review
each log
Reduced audit times by correlating events with view video-like playback in plain English
DATA SECURITY
Each log is different for each
application
Instantly detect changes in actual user behavior that warrant investigation
Homegrown / Web app’s don’t
produce logs
Isolate users, systems and data in real-time and historically with detailed forensic data
FORENSIC INVESTIGAT
IONS
RELYING ON LOGS DOESN'T CUT IT
Firewall
IDS
IAM
SIEM
WHY DATA LOSS PREVENTION SOFTWARE FALLS SHORT
SystemsFront End Data
Application
App Users
Contractors
IT Users
DLP
Employee scanning unnecessary customer records in call center
Employees viewing personal claims information for business claims clients
Employee views the record of a patient not under their care
Employee views the record of high profile customers (VIP)
RISKY APP SCENARIOS
Record User Activity
Video-like Playback
User Activity Logs
Profile User Behavior
Rule-Based Analytics
Report & Audit
Instant Notification
Real-Time Drill Down
Kill Sessions
OBSERVEIT USER ACTIVITY MONITORING
EVENT AND ACTIVITY API
Real-time event and activity stream via Direct DB connection
Support all user activities, alerts and system events
Fully supported and documented API
LEARN ABOUT INSIDER RISKS BEFORE THEY BECOME A REAL THREAT
Real-time Alerts Who? Did what? On which
computer? When? From which client?
Setting SeverityNotification Policies
INSTANT NOTIFICATION
Window Title: Break-Glass Scenario
Are you sure you want to view another employee of
the hospitals medical records?
INTEGRATION WITH SIEMNative HP ArcSight integration via CEF file formatExport alert data to SIEM (all formats)