2. Quick Overview of BESECURE
• Established : 2006 Regional Offices : Athens, Greece & Nicosia, Cyprus
• Client base : Large & Enterprise Government, Financial, Insurance, Telecom,
Utilities and Business Services companies throughout Southeastern Europe and
Middle East.
• Products and Services Portfolio
– Governance, Risk, and Compliance Services
– Enterprise Security Solutions
– Cloud Security Services
– Training & Awareness Programs
• Why us
– Trusted Security Services & Solutions Provider
– Commitment to Quality
– Customer-Focused Approach
– Experience and Expertise
– Innovation
3. Companies invest in access control
but once users gain access,
there is little knowledge of
who they are and what they do!
(Even though 71% of data breaches
involve privileged user credentials)
4. Why?
Because system logs are built by DEVELOPERS for DEBUG!
(and not by SECURITY ADMINS for SECURITY AUDIT)
Only 1% of data breaches are
discovered by log analysis!
(Even in large orgs with established SIEM processes,
the number is still only 8%!)
I don’t have this problem.
I’ve got log analysis! The picture isn’t quite as
rosy as you think.
4
5. Can you tell what
happened here?
Replay Video
Wouldn’t it be easier
with a ‘Replay Video’
button?
Video Replay shows
exactly what happened
5
6. System Logs are like
Fingerprints
They show the results/outcome
System Logs areof what took place
like Fingerprints
User Audit Logs are like
Surveillance Recordings
They show exactly what
took place!
Both are valid…
…But the video log goes right to the point!
6
7. And many commonly used apps don’t
even have their own logs!
• DESKTOP APPS
DESKTOP APPS ADMIN TOOLS
• Firefox / Chrome / IE • Registry Editor
• MS Excel / Word • SQL Manager
• Outlook • Toad
• Skype • Network Config
REMOTE & VIRTUAL TEXT EDITORS
• Remote Desktop • vi
• VMware vSphere • Notepad
7
8. System Logs are like Fingerprints
Challenges with Log Analysis
• Too many logs
• Logs are too technical
• Logs are designed for IT purposes, not Security
• Not all applications/activities generate logs
• Investigation with Log Analysis is resource intensive
No wonder only 1% of data breaches are
discovered via log analysis!
8
9. ObserveIT - Software that acts like a
security camera on your servers!
• Video camera: Recordings of all user activity
• Summary of key actions: Alerts for problematic activity
9
10. Our Solution
1: Video Capture
Video
‘Admin‘ Session 2: Video Content Analysis
= Alex Recording
List of apps,
files, URLs
Logs on as ‘Administrator’
X X X accessed
3: Shared-user Identification
IT
Alex the
Corporate
Admin
Server or Desktop
WHO is doing WHAT
on our network???
Cool! Now I know.
Audit Reporting DB &
SIEM Log Collector
User Video Text Log
Alex Play! App1, App2
Sam the
Security Officer
10
11. User Activity Monitoring: In Windows
This ‘diary’ will list every user session,
per server or per user
Every session that took place,
identified with user name
server, client etc.
Clear indication of every app the user
ran, and each window or action
Audit coverage includes:
• Cloud-based apps
• System utilities
• Legacy Software
Why was this user editing
the ‘hosts’ file???
Video Replay of everything the Just click the replay icon to
user did, starting at this exact view what happened!
point in time.
11
14. ObserveIT Video and Logs in Splunk
User Activity
shown on a timeline
Detailed text logs of
user actions
Click icon to launch
video replay
Dashboard
breakdowns
14
15. Business challenges that
ObserveIT addresses
Remote Vendor Compliance & Root Cause Analysis &
Monitoring Security Accountability Documentation
• Impact human behavior • Reduce compliance costs for • Immediate root-cause answers
• Transparent SLA and billing GETTING compliant and • Document best-practices
• Eliminate ‘Finger pointing’ STAYING compliant
• Satisfy PCI, HIPAA, SOX, ISO
15
16. 700+ Enterprise Customers
Healthcare / Pharma Financial
Manufacturing Retail / Service Utilities & Logistics
IT Services Government Gaming
16
17. Interested to learn more ?
• Contact BESECURE : www.besecuregroup.com
• Register to attend a webinar
• Ask for a free trial of ObserveIT : sales@besecuregroup.com
Thank you for your time
http://blog.observeit.com/2013/04/14/besecure-hosts-observeit-at-
the-3rd-infocom-security-event-in-athens/
Editor's Notes
A quick word about what is our product: The ObserveIT software solution works like a security camera on your servers.It does this via 2 primary features:First, it captures a video recording of every user action, which is bulletproof evidence of activityAnd secondly, it analyzes this video to extract details about exactly what took place, generating a detailed text audit log of the apps, windows, files, and urls accessed
So, this is ObserveIT’s intuitive approach:Today, We have an IT Admin logging on to our servers, using generic ID’s such as ‘Administrator’ or ‘dba’clickAt the same time, Sam the Security Officer is asking: Who is doing What?clickAdding ObserveIT, the situation becomes much more clear.First of all, ObserveIT provides Shared-User Identification. So now, we know that this ‘Admin’ is really ‘Alex’clickNext, ObserveIT steps in with video recording of every user action, as looking over Alex’s shoulder while he is working. The result is a video recording that can easily be played back.clickAnd even more, ObserveIT then analyzes this video session… We extract all the details of what Alex did… The apps he ran, files he opened, and more.clickThese three pieces of information: user identification, video capture, and video metadata are then collected in a centralized audit databaseclickThis of course makes Sam very happy
A quick word about what is our product: The ObserveIT software solution works like a security camera on your servers.It does this via 2 primary features:First, it captures a video recording of every user action, which is bulletproof evidence of activityAnd secondly, it analyzes this video to extract details about exactly what took place, generating a detailed text audit log of the apps, windows, files, and urls accessed
And here the ObserveIT logs are presented within Splunk.
These customers are using ObserveIT for three main business purposes:Remote Vendor Monitoring – Keeping an eye on what 3rd party users are doing when they connect to your networkCompliance Accountability – Making sure that you can truly answer government / corporate compliancy questions: “Who did What?”Root Cause Analysis – Getting to the root of what caused system changes or downtime, and documenting every system processWe’ll explore each of these in more detail after you see the product in action…
We have many Fortune 500 and Global 500 enterprise customers, across industries such as Finance, Telco, Healthcare, Manufacturing and Utilities…The common thread is that these are industries with highly-sensitive data security needs as well as regulatory oversight.Statistics – IL SA TWDutch ministry of foreign affairs