BUSINESS USER MONITORING OBSERVEIT 5.8

Firewall

IDS

IAM

SIEM

Business Users IT Users

USERS ARE GATEWAYS OF RISK

Contractors

SystemsApps Data

RISK = APPS+ USERS

Systems

Applications

Data

Maintain backend application systems, DBs, and infrastructure for business users

Risks• Remote Access• Configuration

Changes• Audit &

Compliance

IT Users

User variety of applications everyday to drive business

Risks• App Data

Extraction• Shadow IT • Audit &

Compliance

Business Users

USER RISK LANDSCAPE

ContractorsBusiness Users ITApp Admins

Users

ManufacturingHealthcare

Banking Insurance

Energy

RetailApplications

IAM Firewalls SIEM

Infrastructure

DLPData

BUSINESS USER

BUSINESS USER RISK

Source: Gartner 2013 Key IT Metrics Report 

IT USER

5% 95%

84% of Insider based breaches involve users with no admin rights

ENTERPRISE SCALE FOR BUSINESS USER MONITORING Scale Storage and Performance Scale Management Security Automation Maintaining User Privacy

ScaleSTORAGE AND PERFORMANCE

IMPROVED PERFORMANCE

Over 10,000 concurrent users 1,500 screenshots per second 3,500 Unix system calls per second

ScaleMANAGEMENT

ADMIN DASHBOARDMini Dashboard – preview 

important stuff

See what is currently deployed Recent agents installed / 

uninstalled

Get status of critical services

Application Server status

Agent status:- Attempts to stop or kill- Offline, unreachable- Unregistered, uninstalled- Tampered with- Data loss

MONITORED DEVICE LIST

Show agent status

Tampering and data loss indications

Flexible filters

Drill down to specific events

EVENTS, AND NOTIFICATIONS

Large list of detailed events

Full support for Unix/Linux agent

Email notifications (per event, digest – similar to Alerts)

Integrate with SIEM via Monitor Log and API

SECURITYAUTOMATION

User Context

SIEM IAMITSM

EVENT AND ACTIVITY API

Real-time event and activity stream via Direct DB connection

Support all user activities, alerts and system events

Fully supported and documented API

Partners and integrators can provide additional value to customers

MAINTAINING USER PRIVACY

NEW PRIVACY CONTROLS

Secure audit of critical configuration changes

Detailed auditing reports the changes

Unable to view any recorded data

Can also manage ‘Configuration Admin’ users

Role for Configuration Only

Configuration Change Auditing

ADDITIONAL ENHANCEMENTS

ENHANCED RECORDING

Common way to transfer data on hosted servers

SFTP application agnostic

Can search, report and alert

Record SFTP

Time based recording, even without user activity

Now you also know what did the user sees

Configured via Server Policy

Continuous Recording

NEW PLATFORMS

Solaris 11 RHEL/CentOS/Oracle Linux 5, 6

Support latest updates for:

SQL Server 2014 Citrix XenDesktop and Citrix XenApp 7.6 Amazon Linux Fedora 19, 20 RHEL/CentOS/Oracle Linux 7 SLES SuSE 12, Ubuntu 14.04

Post GA (5.8 SP1 and beyond)

THANK YOU