Gain the visibility and context you need to detect abnormal behavior, get a clear picture of the risk insiders present, and stop them from becoming a threat.
You'll learn how to Prevent Insider Threats with ObserveIT:
Observe who’s doing what and distinguish insider abuse from legitimate use Detect abnormal user behavior indicative of insiders becoming threats Prevent users from putting your business at risk
2. WHO ISOBSERVEIT?
HQ Boston, MA / R&D Tel Aviv, Israel
Founded 2006
1,200+ Customers Worldwide
$20M Invested by Bain Capital
The Leading Provider Of
User Activity Monitoring
To Prevent Insider Threats
3. Employee exposes rich clients'
information online
Call-center workers sold
customer data fined $25M
Employee charged with
stealing customer data
DBA account compromised
leaves 78.8M affected
Third-party credentials
stolen leaves 56M affected
Admin account compromised
exposed 11M Medical records
RECENTBREACHESINVOLVING INSIDERS
5. IT’SNOTA INFRASTRUCTURE PROBLEM
“We realized that infrastructure
monitoring alone was only giving
us half the picture.”
Snir Hoffman, InfoSec Architect
6. INSIDERTHREATINTELLIGENCEWITH OBSERVEIT
Collect
DetectRespond
• User Behavior Analytics
• Activity Alerting
• Visual Recording
• User Activity Logs
• Live Session Replay
• Shutdown Sessions
COLLECT CLEAR INSIDER THREAT INFORMATION
DETECT INSIDER
RISK BEFORE IT
BECOMES A THREAT
RESPOND TO USERS
PUTTING YOUR
BUSINESS AT RISK
USERS
Today we are going to talk about why User activity monitoring the most effective way to combat insider threats.
Before we jump into the presentation - here’s a little background on the company.
All five of this year largest breaches involved insiders
Morgan Stanley insider exposes rich clients' info online
AT&T fined $25 million after call-center workers sold customer data
Ex-JPMorgan Employee Charged With Stealing Customer Data
What did we learn from these?
Insiders already have credentialed access to network and services
Increased use of applications that can leak data (e.g. Web Email, Drop Box, WeTransfer)
Increased amount of data that leaves protected boundary / perimeter
Most security controls are looking at the perimeter trying to prevent outsiders from coming in.
3 out of 4 Security professionals say they Can’t distinguish between legitimate business use and abuse
Crowd-based research in cooperation with the 260,000+ member Information Security Community
3 out of 4 Security professionals say they Can’t distinguish between legitimate business use and abuse
Crowd-based research in cooperation with the 260,000+ member Information Security Community
Let’s talk about Insider Threat Intelligence with ObserveIT and what makes us different.
First, we focus on the USER – after all – Insider Threats are a People Problem. This approach allows us to provide a clear picture of the risk users present and enables you to do something about it too.
Second, we have a 3-step approach for providing the best Insider Threat Intelligence out there:
ObserveIT is an agent based solution and essentially screen scrapes all activity and index the textual information on the screen.
This includes “Collecting” the information need to distinguish abuse from legitimate use via Visual Screen Recording Technology, and transcribe what’s taking place into User Activity Logs.
Next, we have unique capabilities to detect risky insider activity with rule-based User Behavior Analytics, and Activity Alerting.
Finally, we have the ability to take action and quickly respond to users putting your business at risk with Live Session Response and Session Shutdown.
We’ll dig into each of these capabilities in the demonstration portion of this meeting, but I wanted to give you and idea of how the solution works.
Now that we talked about how the solution works at a high-level, let’s quickly cover where other customers are leveraging our solution.
From our Qualification call I know you’re interested in a specific use case, but I wanted to share other areas that might be of interest and why customer are using us.
The scope of Insider threats expands Employees, Privileged users and even trusted third-parties.
When dealing with Employees most customers are concerned data extraction and fraudulent activity within core applications. The use case can range from monitoring call center employees to individuals on HR Watch-lists.
With Privileged Users, we see customer looking to see if users are abusing their access or concerned about data leakage. It can range from Help Desk user to DBAs to enforcing Segregation of Duties. We also see a lot of customers looking to track all High Privilege Accounts like system admins on all their servers.
Third-parties is a big one and where our roots tie back too. Most customers are monitoring third-parties to trust, but verify their work and make sure IP isn’t leaving with them or that they aren’t bring down any servers. We see customers monitoring Contractors, Remote Vendors to Completely Outsourced IT shops.
Underpinning monitoring all of these groups is Audit and Compliance – whether it’s to satisfy Audit controls or map to a Security Framework.
Now that we’ve covered the use cases at a high-level, which do you feel is most relevant to cover in the next part of this discussion?
ObserveIT is a software only solution that is simple to deploy, operate and maintain:
Our Agents are simple to install and do not require you to reboot on install or on upgrade
We provide coverage for desktops, server, Jump-servers, VDI/Citrix and remote access
All reporting, analysis and visual session replay is accessed via our web based Console
All data (videos and user activity logs) are stored in a Database Server and provides easy integration into BI and SIEM/Log Management
-- Click to Next Slide ---
And these are just 4 examples of the over 1,200 customer we have using ObserveIT everyday to identify and manage their user-based risk
--click to next slide--