Upload
lorraine-atkinson
View
218
Download
0
Tags:
Embed Size (px)
Citation preview
BUSINESS USER MONITORING OBSERVEIT 5.8
Firewall
IDS
IAM
SIEM
Business Users IT Users
USERS ARE GATEWAYS OF RISK
Contractors
SystemsApps Data
RISK = APPS+ USERS
Systems
Applications
Data
Maintain backend application systems, DBs, and infrastructure for business users
Risks• Remote Access• Configuration
Changes• Audit &
Compliance
IT Users
User variety of applications everyday to drive business
Risks• App Data
Extraction• Shadow IT • Audit &
Compliance
Business Users
USER RISK LANDSCAPE
ContractorsBusiness Users ITApp Admins
Users
ManufacturingHealthcare
Banking Insurance
Energy
RetailApplications
IAM Firewalls SIEM
Infrastructure
DLPData
BUSINESS USER
BUSINESS USER RISK
Source: Gartner 2013 Key IT Metrics Report
IT USER
5% 95%
84% of Insider based breaches involve users with no admin rights
ENTERPRISE SCALE FOR BUSINESS USER MONITORING Scale Storage and Performance Scale Management Security Automation Maintaining User Privacy
ScaleSTORAGE AND PERFORMANCE
IMPROVED PERFORMANCE
Over 10,000 concurrent users 1,500 screenshots per second 3,500 Unix system calls per second
ScaleMANAGEMENT
ADMIN DASHBOARDMini Dashboard – preview
important stuff
See what is currently deployed Recent agents installed /
uninstalled
Get status of critical services
Application Server status
Agent status:- Attempts to stop or kill- Offline, unreachable- Unregistered, uninstalled- Tampered with- Data loss
MONITORED DEVICE LIST
Show agent status
Tampering and data loss indications
Flexible filters
Drill down to specific events
EVENTS, AND NOTIFICATIONS
Large list of detailed events
Full support for Unix/Linux agent
Email notifications (per event, digest – similar to Alerts)
Integrate with SIEM via Monitor Log and API
SECURITYAUTOMATION
User Context
SIEM IAMITSM
EVENT AND ACTIVITY API
Real-time event and activity stream via Direct DB connection
Support all user activities, alerts and system events
Fully supported and documented API
Partners and integrators can provide additional value to customers
MAINTAINING USER PRIVACY
NEW PRIVACY CONTROLS
Secure audit of critical configuration changes
Detailed auditing reports the changes
Unable to view any recorded data
Can also manage ‘Configuration Admin’ users
Role for Configuration Only
Configuration Change Auditing
ADDITIONAL ENHANCEMENTS
ENHANCED RECORDING
Common way to transfer data on hosted servers
SFTP application agnostic
Can search, report and alert
Record SFTP
Time based recording, even without user activity
Now you also know what did the user sees
Configured via Server Policy
Continuous Recording
NEW PLATFORMS
Solaris 11 RHEL/CentOS/Oracle Linux 5, 6
Support latest updates for:
SQL Server 2014 Citrix XenDesktop and Citrix XenApp 7.6 Amazon Linux Fedora 19, 20 RHEL/CentOS/Oracle Linux 7 SLES SuSE 12, Ubuntu 14.04
Post GA (5.8 SP1 and beyond)
THANK YOU