Your SlideShare is downloading. ×
  • Like
  • Save
Observe it
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply
Published

 

Published in Education
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
580
On SlideShare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Commercially ConfidentialCommercially Confidential Record Replay Alert ObserveIT – Record & Replay Terminal, Citrix and Console Sessions info@observeit-sys.com January 2010
  • 2. Commercially Confidential Agenda Quick Overview Why use ObserveIT Competitive Landscape Product Feature Demonstrations Enterprise-Ready Architecture Case Studies
  • 3. Commercially Confidential The Company in a Nutshell • Founded in 2006 • Focused exclusively on People-Auditing software products – First GA product release – 2007 – Current product version - v5.0 • Global Presence – Partners in 5 Continents
  • 4. Commercially Confidential Our Product in a Nutshell • Record and Replay of user sessions – Like a ‘security camera’ on your servers – Software-based solution – Playback Remote Desktop, Citrix, VMWare or any other remote access session – Fast search and navigation to find user actions, without lengthy playback
  • 5. Commercially Confidential Hundreds of Enterprise Customers Financial Healthcare/Education/Gov’t Telecommunications IT Services Manufacturing
  • 6. Commercially Confidential Agenda Quick Overview Why use ObserveIT Competitive Landscape Product Feature Demonstrations Enterprise-Ready Architecture Case Studies
  • 7. Commercially Confidential ObserveIT Answers Critical Needs  Compliance and Security • Track every access to corporate servers and databases • Audit people, not just apps • Total application coverage that grows with your growth • Bulletproof evidence • Precise user identification  Remote Vendor Monitoring • Know exactly what 3rd party vendors are doing on your servers • Improve security, accountability and policy messaging • Transparent SLA and billing validation • No more ‘Finger pointing’  Root-Cause Analysis • Know ‘Who did what?’: Answer the question that will really lead to problem resolution • Immediate root cause determination • Alerts from within Network Monitor Tools • Defeat the ‘Oops’ factor
  • 8. Commercially Confidential ObserveIT Answers Critical Needs Who accessed the salaries spreadsheet in the past 24 hours? And what did they do? Without ObserveIT Check the file system logs Check the HR app audit Check the finance dept. audit Check admin support app log I wonder if there are other access points? ?? ?? ???? With ObserveIT  Compliance and Security • Track every access to corporate servers and databases • Audit people, not just apps • Total application coverage that grows with your growth • Bulletproof evidence • Precise user identification  Remote Vendor Monitoring • Know exactly what 3rd party vendors are doing on your servers • Improve security, accountability and policy messaging • Transparent SLA and billing validation • No more ‘Finger pointing’  Root-Cause Analysis • Know ‘Who did what?’: Answer the question that will really lead to problem resolution • Immediate root cause determination • Alerts from within Network Monitor Tools • Defeat the ‘Oops’ factor Unified reporting of all user activity on the HR spreadsheet Instant playback of exact user actions
  • 9. Commercially Confidential  Compliance and Security • Track every access to corporate servers and databases • Audit people, not just apps • Total application coverage that grows with your growth • Bulletproof evidence • Precise user identification Without ObserveIT With ObserveIT  Remote Vendor Monitoring • Know exactly what 3rd party vendors are doing on your servers • Improve security, accountability and policy messaging • Transparent SLA and billing validation • No more ‘Finger pointing’  Root-Cause Analysis • Know ‘Who did what?’: Answer the question that will really lead to problem resolution • Immediate root cause determination • Alerts from within Network Monitor Tools • Defeat the ‘Oops’ factor ObserveIT Answers Critical Needs What did SupportCorp do on our servers yesterday? Are they responsible for the data deletion event? I have no idea…… Finger pointing accusations Lengthy SLA review Is there anywhere we can find this information? ?? ?? ?? Find the exact user session Session playback eliminates any doubt
  • 10. Commercially Confidential  Compliance and Security • Track every access to corporate servers and databases • Audit people, not just apps • Total application coverage that grows with your growth • Bulletproof evidence • Precise user identification  Remote Vendor Monitoring • Know exactly what 3rd party vendors are doing on your servers • Improve security, accountability and policy messaging • Transparent SLA and billing validation • No more ‘Finger pointing’ Without ObserveIT With ObserveIT ObserveIT Answers Critical Needs Why is our server broken? And how can I fix it? Check the event log Check the network cable Check the database log Attention all admins: Who touched this server?!?%!? ?? ?? Check the registry  Root-Cause Analysis • Know ‘Who did what?’: Answer the question that will really lead to problem resolution • Immediate root cause determination • Alerts from within Network Monitor Tools • Defeat the ‘Oops’ factor Identify cause of outage immediately
  • 11. Commercially Confidential Agenda Quick Overview Why use ObserveIT Competitive Landscape Product Feature Demonstrations Enterprise-Ready Architecture Case Studies
  • 12. Commercially Confidential Key Differentiators: ObserveIT ↔ Other Software-based Monitors • ObserveIT captures ALL sessions – Other solutions are protocol specific (ex. Only ICA, Only RDP) • ObserveIT captures full textual metadata – Not a simple “Dummy Recorder” • ObserveIT is enterprise-ready – Small footprint, pervasive user permissions, robust security, SCOM /CA integration • ObserveIT allows fast search and navigation – Other solutions do not capture metadata, thus requiring tedious playback to find a specific event • ObserveIT audit reports are more thorough – Detailed metadata, full coverage, plus real-time alerting
  • 13. Commercially Confidential Key Differentiators: ObserveIT ↔ Network Appliances • ObserveIT captures ALL sessions – Appliances only record certain remote session protocols, and do not capture local console (admins and users must be routed via gateway) • ObserveIT captures full textual metadata – Appliances only capture what the network protocol gives them: Only text for CLI/text-based protocols; Only graphics for RDP/graphic-based protocols • ObserveIT is best-of-breed solution – Why use network appliance for remote login, when you can choose industry leading solutions (ex. Juniper)? • ObserveIT allows fast search and navigation – Appliances do not give chapter-based navigation, metadata searching, etc. • ObserveIT allows both agent-less and agent-based deployment – Flexible deployment scenarios can meet your specific requirements for every access point
  • 14. Commercially Confidential Agenda Quick Overview Why use ObserveIT Competitive Landscape Product Feature Demonstrations Enterprise-Ready Architecture Case Studies Video Replay of User Sessions Comprehensive Searching and Navigation Policy-Based, Event-Driven Recording Report Generator Policy Messaging User Identification Real Time Playback
  • 15. Commercially Confidential ObserveIT lists every user session Within each session, details of every action taken Jump straight to the precise action. Replay only what you’re interested in. Clicking on video icon launches the video replay (see next slide)
  • 16. Commercially Confidential See an exact video playback of the entire user session (including mouse movements, selection of UI elements and text entry) Navigate quickly within the recording (including jumping between each activity, as the user launches a new app or opens a new window)
  • 17. Commercially Confidential Agenda Quick Overview Why use ObserveIT Competitive Landscape Product Feature Demonstrations Enterprise-Ready Architecture Case Studies Video Replay of User Sessions Comprehensive Searching and Navigation Policy-Based, Event-Driven Recording Report Generator Policy Messaging User Identification Real Time Playback
  • 18. Commercially Confidential Search and filter according to: •User ID •Date of Session •Specific Server Search and filter according to: •User ID •Date of Session •Specific Server Search and filter according to: •User ID •Date of Session •Specific Server
  • 19. Commercially Confidential Search results highlight exact location of user action within the user session timeline Google-like free text search: Search for any text appearing in user sessions •Application Name •Window Titles •UI Elements •User generated content
  • 20. Commercially Confidential Agenda Quick Overview Why use ObserveIT Competitive Landscape Product Feature Demonstrations Enterprise-Ready Architecture Case Studies Video Replay of User Sessions Comprehensive Searching and Navigation Policy-Based, Event-Driven Recording Report Generator Policy Messaging User Identification Real Time Playback
  • 21. Commercially Confidential Define policies to handle each session
  • 22. Commercially Confidential Granular policy rules to specify: • Whether to record video • What metadata to capture • If user identification is required • Specific users / applications / servers to include or exclude Granular policy rules to specify: • Whether to record video • What metadata to capture • If user identification is required • Specific users / applications / servers to include or exclude Granular policy rules to specify: • Whether to record video • What metadata to capture • If user identification is required • Specific users / applications / servers to include or exclude
  • 23. Commercially Confidential Agenda Quick Overview Why use ObserveIT Competitive Landscape Product Feature Demonstrations Enterprise-Ready Architecture Case Studies Video Replay of User Sessions Comprehensive Searching and Navigation Policy-Based, Event-Driven Recording Report Generator Policy Messaging User Identification Real Time Playback
  • 24. Commercially Confidential Deliver formatted report or Export Excel data Create your own custom reports Schedule reports to run automatically for email delivery
  • 25. Commercially Confidential Design report according to precise requirements: • Content Inclusion • Data Filtering • Sorting and Grouping Design report according to precise requirements: • Content Inclusion • Data Filtering • Sorting and Grouping Designreportaccordingtoprecise requirements: •ContentInclusion •DataFiltering •SortingandGrouping Design report according to precise requirements: • Content Inclusion • Data Filtering • Sorting and Grouping
  • 26. Commercially Confidential Agenda Quick Overview Why use ObserveIT Competitive Landscape Product Feature Demonstrations Enterprise-Ready Architecture Case Studies Video Replay of User Sessions Comprehensive Searching and Navigation Policy-Based, Event-Driven Recording Report Generator Policy Messaging User Identification Real Time Playback
  • 27. Commercially Confidential NOTE: No database admin task may be performed between 0800 and 1800 GMT Please enter your support ticket number in box below. Immediately upon logging into the server… User is required to acknowledge receipt (and optionally required to enter response) …the user receives your message (ex. Network Policy, Ticket #)
  • 28. Commercially Confidential Agenda Quick Overview Why use ObserveIT Competitive Landscape Product Feature Demonstrations Enterprise-Ready Architecture Case Studies Video Replay of User Sessions Comprehensive Searching and Navigation Policy-Based, Event-Driven Recording Report Generator Policy Messaging User Identification Real Time Playback
  • 29. Commercially Confidential User logs on as generic “Administrator”
  • 30. Commercially Confidential ObserveIT requires username identification prior to granting access to system Active Directory used for authentication
  • 31. Commercially Confidential Each session is now tagged with an actual name Login userid: administrator Actual user: daniel
  • 32. Commercially Confidential Agenda Quick Overview Why use ObserveIT Competitive Landscape Product Feature Demonstrations Enterprise-Ready Architecture Case Studies Video Replay of User Sessions Comprehensive Searching and Navigation Policy-Based, Event-Driven Recording Report Generator Policy Messaging User Identification Real Time Playback
  • 33. Commercially Confidential “On Air” icon shows that a session is currently active
  • 34. Commercially Confidential Video replay of session is launched in Real-Time mode, with continuous updates until the session ends Video replay of session is launched in Real-Time mode, with continuous updates until the session ends
  • 35. Commercially Confidential Agenda Quick Overview Why use ObserveIT Competitive Landscape Product Feature Demonstrations Enterprise-Ready Architecture Case Studies
  • 36. Commercially Confidential Complete Coverage • Agnostic to network protocol and client application • Captures all Remote Sessions and also Console Sessions Terminal
  • 37. Commercially Confidential Small Footprint • Ultra-efficient data storage – Less than 250GB/year for high-usage, 1000 server environment • Minimal Agent CPU utilization – 0% CPU when no console active – 1%-2% CPU, 10 MB RAM during session
  • 38. Commercially Confidential Integration with System Monitors • Instant-replay from within your network management environment – Microsoft SCOM, CA-Unicenter, IBM Tivoli, HP OpenView • Real-time alerts – On file access/deletion, Network share, Registry edit , RDP open connection, URL access etc. ObserveIT alert in CA-Unicenter ObserveIT alert in MS SCOM Click on alert to see ObserveIT video playback Trigger automatic email alert delivery
  • 39. Commercially Confidential Robust Security Infrastructure • Agent ↔ Server communication – AES Encryption - Rijndael – Token exchange – SSL protocol (optional) – IPSec tunnel (optional) • Database storage – Digital signatures on captured sessions – Standard SQL database inherits your enterprise data security practices • Watchdog mechanism – Restarts the Agent if the process is ended – If watchdog process itself is stopped, Agent triggers watchdog restart – Email alerts sent on any watchdog/agent tampering
  • 40. Commercially Confidential Pervasive User Permissions • Granular permissions / access control – Define rules for each user – Specify which sessions the user may playback • Permission-based filtering affects all content access – Reports – Searching – Video playback – Metadata browsing • Access to ObserveIT Web Console is also audited – ObserveIT audits itself • Satisfies regulatory compliance requirements
  • 41. Commercially Confidential System Components Application Server Web Console using IIS on Windows Server 2003/2008 Database Server using MS SQL Server 2000/2005 on Windows Server 2003/2008 ObserveIT Admin using a Web Browser How it Works 1. Each monitored desktop or server runs the ObserveIT Agent 2. The Agent encrypts information about user activity and sends it to the Application Server 3. Application Server analyzes data and stores it in the Database Server 4. Web Management Console is a web-based interface for searching and reporting on captured user activity Corporate Server Corporate Desktop HTTP Traffic (by default -TCP 4884) SQL Traffic (by default -TCP 1433) HTTP Agent Corporate Server Agent Agent Switch
  • 42. Commercially Confidential Deployment Architecture: Enterprise network (1000’s of servers) Web Console LDAP Server ObserveIT Admin DB Server on MS SQL Cluster SQL TrafficSwitch Load Balancer Corporate Servers Agent Corporate Servers Agent Corporate Desktops Agent App Server App Server HTTP Traffic SQLTraffic HTTP Traffic LDAP Traffic (TCP 389)
  • 43. Commercially Confidential Deployment Architecture: Remote Access Gateway (Agent-less Servers) Corporate Servers (No Agent installed) Corporate Servers (No Agent installed) Corporate Servers (No Agent installed) DB Server App Server Web Console RDP Traffic Telnet/SSH Traffic ICA Traffic Published ApplicationsPutty.exe VPN Terminal or Citrix Server with ObserveIT Agent VPN Traffic RDP over SSL Traffic Win2008 TS Gateway
  • 44. Commercially Confidential Agenda Quick Overview Why use ObserveIT Competitive Landscape Product Feature Demonstrations Enterprise-Ready Architecture Case Studies
  • 45. Commercially Confidential Case Study: Reducing Errors and Improving QoS at Pelephone Isaac Milshtein Director, IT Operations, Pelephone Since we deployed ObserveIT, users are much more careful with their server activity. Knowing that your actions can be replayed has a remarkable effect. “ ” Company: Pelephone Industry: Cellular Network Operator Founded: 1986 Headquarters: Tel Aviv, Israel Business Environment Challenge Solution • 1200-server IT environment in 3 hosting centers • Business applications (Billing, CRM, etc.) and Customer-facing applications (Revenue generating mobile services) • Maintain QoS with multiple 3rd party apps • Track activities of privileged vendor access • Oct 2006: ObserveIT deployed on 5 internal business app servers • Nov 2006: ObserveIT resolves high-visibility outage - Minimized impact on mission-critical app - Identified improper actions by outsource vendor • Jan 2007: ObserveIT deployed on entire IT platform • 2007-Present: Multiple customer-facing outages solved - Positive ROI : Elimination of revenue losses from service outages pays for ObserveIT deployment many times over • 2008: ObserveIT integrated into CA-Unicenter environment
  • 46. Commercially Confidential Business Environment Challenge Solution Case Study: Remote Access Visibility at VocaLink • Control access to system resources, including shared privileges between two merged corporate entities during period of merger • Achieve common system management and visibility • 2008 - ObserveIT deployed to monitor and audit serve activity during merger activity • 2009 - Successful visibility results from merger activity lead to system-wide deployment • Payment transaction platform distributed across Europe • Supporting 60,000 ATM machines • Clearing 90,000,000 transactions per day Company: VocaLink Industry: Financial Services Founded: 2007 (Merger) Headquarters: London, UK
  • 47. Commercially Confidential Case Study: Compliance Auditing at Toshiba Medical Company: Toshiba Medical Systems Industry: Healthcare Equipment Founded: 1939 Headquarters: Tokyo, Japan (Corp HQ) Los Angeles, CA, USA (Division) Business Environment • Medical imaging products (MRI, CT, US, X-Ray) deployed at hospitals and medical centers worldwide • Customer support process requires remote session access to deployed systems Challenge Solution • Strict HIPAA compliance regulations must be enforced and demonstrable • In addition, SLA commitments require visibility of service times and durations • ObserveIT deployed in a Gateway architecture • All access routed via agent-monitored Citrix gateway • Actual systems being accessed remain agent-less • Toshiba achieved 24x7 SLA reports, including granular incident summaries • Automatic generation of HIPAA regulatory documentation, led to reduced compliance costs and improved customer (hospital) satisfaction
  • 48. Commercially Confidential observeit-sys.com Thank You! Netbr & Observe It 5511 – 3159 4119