Prevent Insider Threats with User Activity Monitoring
•Download as PPTX, PDF•
0 likes•542 views
Gain the visibility and context you need to detect abnormal behavior, get a clear picture of the risk insiders present, and stop them from becoming a threat. You'll learn how to Prevent Insider Threats with ObserveIT: Observe who’s doing what and distinguish insider abuse from legitimate use Detect abnormal user behavior indicative of insiders becoming threats Prevent users from putting your business at risk
![PREVENT INSIDER THREATS
WITH USER ACTIVITY
MONITORING
Presented by [Sales Rep]](https://image.slidesharecdn.com/observeitoverview-insiderthreatsouptonuts-150730135844-lva1-app6892/85/Prevent-Insider-Threats-with-User-Activity-Monitoring-1-320.jpg)
Recommended
Recommended
More Related Content
What's hot
What's hot (18)
Similar to Prevent Insider Threats with User Activity Monitoring
Similar to Prevent Insider Threats with User Activity Monitoring (20)
More from ObserveIT
More from ObserveIT (18)
Recently uploaded
Recently uploaded (20)
Prevent Insider Threats with User Activity Monitoring
- 1. PREVENT INSIDER THREATS WITH USER ACTIVITY MONITORING Presented by [Sales Rep]
- 2. WHO ISOBSERVEIT? HQ Boston, MA / R&D Tel Aviv, Israel Founded 2006 1,200+ Customers Worldwide $20M Invested by Bain Capital The Leading Provider Of User Activity Monitoring To Prevent Insider Threats
- 3. Employee exposes rich clients' information online Call-center workers sold customer data fined $25M Employee charged with stealing customer data DBA account compromised leaves 78.8M affected Third-party credentials stolen leaves 56M affected Admin account compromised exposed 11M Medical records RECENTBREACHESINVOLVING INSIDERS
- 4. CHALLENGEWITHADDRESSINGINSIDERTHREATS “It’s Hard to Distinguish Abuse from Legitimate Use” 3 out of 4 InfoSec professionals say 260,000+ members
- 5. IT’SNOTA INFRASTRUCTURE PROBLEM “We realized that infrastructure monitoring alone was only giving us half the picture.” Snir Hoffman, InfoSec Architect
- 6. INSIDERTHREATINTELLIGENCEWITH OBSERVEIT Collect DetectRespond • User Behavior Analytics • Activity Alerting • Visual Recording • User Activity Logs • Live Session Replay • Shutdown Sessions COLLECT CLEAR INSIDER THREAT INFORMATION DETECT INSIDER RISK BEFORE IT BECOMES A THREAT RESPOND TO USERS PUTTING YOUR BUSINESS AT RISK USERS
- 7. Audit and Compliance Employees __________________________________________ Data Extraction and Fraud Third-parties __________________________________________ IP Theft and Service Availability Privileged Users __________________________________________ Access Abuse and Data leaks SCOPE OFINSIDERTHREATS
- 10. THANK YOU
Editor's Notes
- Today we are going to talk about why User activity monitoring the most effective way to combat insider threats.
- Before we jump into the presentation - here’s a little background on the company.
- All five of this year largest breaches involved insiders Morgan Stanley insider exposes rich clients' info online AT&T fined $25 million after call-center workers sold customer data Ex-JPMorgan Employee Charged With Stealing Customer Data What did we learn from these? Insiders already have credentialed access to network and services Increased use of applications that can leak data (e.g. Web Email, Drop Box, WeTransfer) Increased amount of data that leaves protected boundary / perimeter Most security controls are looking at the perimeter trying to prevent outsiders from coming in.
- 3 out of 4 Security professionals say they Can’t distinguish between legitimate business use and abuse Crowd-based research in cooperation with the 260,000+ member Information Security Community
- 3 out of 4 Security professionals say they Can’t distinguish between legitimate business use and abuse Crowd-based research in cooperation with the 260,000+ member Information Security Community
- Let’s talk about Insider Threat Intelligence with ObserveIT and what makes us different. First, we focus on the USER – after all – Insider Threats are a People Problem. This approach allows us to provide a clear picture of the risk users present and enables you to do something about it too. Second, we have a 3-step approach for providing the best Insider Threat Intelligence out there: ObserveIT is an agent based solution and essentially screen scrapes all activity and index the textual information on the screen. This includes “Collecting” the information need to distinguish abuse from legitimate use via Visual Screen Recording Technology, and transcribe what’s taking place into User Activity Logs. Next, we have unique capabilities to detect risky insider activity with rule-based User Behavior Analytics, and Activity Alerting. Finally, we have the ability to take action and quickly respond to users putting your business at risk with Live Session Response and Session Shutdown. We’ll dig into each of these capabilities in the demonstration portion of this meeting, but I wanted to give you and idea of how the solution works.
- Now that we talked about how the solution works at a high-level, let’s quickly cover where other customers are leveraging our solution. From our Qualification call I know you’re interested in a specific use case, but I wanted to share other areas that might be of interest and why customer are using us. The scope of Insider threats expands Employees, Privileged users and even trusted third-parties. When dealing with Employees most customers are concerned data extraction and fraudulent activity within core applications. The use case can range from monitoring call center employees to individuals on HR Watch-lists. With Privileged Users, we see customer looking to see if users are abusing their access or concerned about data leakage. It can range from Help Desk user to DBAs to enforcing Segregation of Duties. We also see a lot of customers looking to track all High Privilege Accounts like system admins on all their servers. Third-parties is a big one and where our roots tie back too. Most customers are monitoring third-parties to trust, but verify their work and make sure IP isn’t leaving with them or that they aren’t bring down any servers. We see customers monitoring Contractors, Remote Vendors to Completely Outsourced IT shops. Underpinning monitoring all of these groups is Audit and Compliance – whether it’s to satisfy Audit controls or map to a Security Framework. Now that we’ve covered the use cases at a high-level, which do you feel is most relevant to cover in the next part of this discussion?
- ObserveIT is a software only solution that is simple to deploy, operate and maintain: Our Agents are simple to install and do not require you to reboot on install or on upgrade We provide coverage for desktops, server, Jump-servers, VDI/Citrix and remote access All reporting, analysis and visual session replay is accessed via our web based Console All data (videos and user activity logs) are stored in a Database Server and provides easy integration into BI and SIEM/Log Management -- Click to Next Slide ---
- And these are just 4 examples of the over 1,200 customer we have using ObserveIT everyday to identify and manage their user-based risk --click to next slide--