Three sentences summarizing the document: The document discusses how user activity monitoring software from ObserveIT can help organizations prevent insider threats by collecting, detecting, and responding to suspicious user behavior and activity across employees, privileged users, third parties, and other user groups to gain visibility into potential insider risks before they become threats. ObserveIT provides real-time monitoring, user activity logs, session replay and shutdown, and integration with other security tools to help customers comply with regulations and secure systems like EHR platforms from insider data theft or misuse. The presentation includes examples of how ObserveIT has helped customers monitor privileged healthcare users and third party vendor access to detect policy violations and block negligent or malicious insider activities.

1. Prevent Insider Threats With
User Activity Monitoring
Presented by Matt Zanderigo
Product Marketing Manager, ObserveIT
INSIDER THREATS: OUT OF
SIGHT, OUT OF MIND?

2. WHO ISOBSERVEIT?
 HQ Boston, MA / R&D Tel Aviv, Israel
 Founded 2006
 1,200+ Customers Worldwide
 $20M Invested by Bain Capital
The Leading Provider Of
User Activity Monitoring
To Prevent Insider Threats

3. Employee exposes rich clients'
information online
Call-center workers sold
customer data fined $25M
Employee charged with
stealing customer data
DBA account compromised
leaves 78.8M affected
Third-party credentials
stolen leaves 56M affected
Admin account compromised
exposed 11M Medical records
RECENTBREACHESINVOLVING INSIDERS

4. CHALLENGEWITHADDRESSINGINSIDERTHREATS
“It’s Hard to Distinguish
Abuse from Legitimate Use”
3 out of 4 InfoSec professionals say
260,000+
members

5. IT’SNOTA INFRASTRUCTURE PROBLEM
“We realized that infrastructure
monitoring alone was only giving
us half the picture.”
Snir Hoffman, InfoSec Architect

6. Audit and Compliance
Employees
__________________________________________
Data Extraction and
Fraud
Third-parties
__________________________________________
IP Theft and Service
Availability
Privileged Users
__________________________________________
Access Abuse and Data
leaks
SCOPE OFINSIDERTHREATS

7. Call Centers
_____________________________________________________
Remote Users
_____________________________________________________
HR Platforms
_____________________________________________________
Data Extraction
_____________________________________________________
Snooping
_____________________________________________________
Shadow IT
_____________________________________________________
EMPLOYEE MONITORING

8. PRIVILEGED USER MONITORING
UNIX / LINUX
_____________________________________________________
Windows
_____________________________________________________
DBAs
_____________________________________________________
Network
_____________________________________________________
Help Desk
_____________________________________________________
Programmers
_____________________________________________________
WireShark PuTTY
Toad
RDPWinSCP
Reg EditorCMD PowerShell
DR JavaSSH
AD
SQL PLUS

9. 3RD PARTY MONITORING
Contractors
_____________________________________________________
Consultants
_____________________________________________________
Vendors
_____________________________________________________
Outsourced IT
_____________________________________________________
Offshore Dev
_____________________________________________________
MSPs
_____________________________________________________

10. AUDIT AND COMPLIANCE
Internal Audits /
Security Controls
__________________________________________
Annual, Quarterly or
Monthly
Regulatory
Compliance
__________________________________________
Security
Frameworks
__________________________________________

11. PREVENTING INSIDERTHREATSWITHOBSERVEIT
Collect
DetectRespond
• User Behavior Analytics
• Activity Alerting
• Visual Recording
• User Activity Logs
• Live Session Replay
• Shutdown Sessions
CLEAR PICTURE OF THE RISK USERS PRESENT
DETECT INSIDER
RISK BEFORE IT
BECOMES A THREAT
STOP USERS FROM
PUTTING YOUR
BUSINESS AT RISK
USERS

12. USERS

16. ADDINSIDERTHREATINTELLIGENCETOSECURITYPOSTURE
SIEM IAMITSM
USERS
INSIDERTHREATINTELLIGENCE

17. CUSTOMER EXAMPLES
Monitoring Privileged Users for
PCI/SOX
 Monitoring privileged users with access
to over 60 PCI/SOX applications
 Real-time monitoring of unauthorized
account creation and firewall changes
 Integrated with Lieberman Password
Vault
Remove Vendor Access to ERP
 Audit third-party ERP solution provider
 Monitor internal IT administrators
activities
 Deter negligent third-party activities

18. EHR System (EPIC) & PHI Servers
 If an employee views the patient record
of another hospital employee
 If a doctor, nurse, pharmacist, etc. views
the record of a patient not under their
care
 If a doctor, nurse, pharmacist, etc. views
the record of a high profile patient (VIP)
Policy Quoting & Claims Handling
 App data extraction (exporting
reports, large copy operations)
 Unnecessarily accessing sensitive
files (view/open/save/export)
 Business claims employees viewing
personal claims information
CUSTOMER EXAMPLES

19. 1,200+ CUSTOMERS

20. THANK YOU