Over 1,400 Customers Worldwide ObserveIT is the Global Leader in Identifying & Eliminating Insider Threats 2016 Innovation Award ObserveIT 6.7 Release Highlights November 2016
Over 1,400 Customers Worldwide
ObserveIT is the Global Leader in Identifying & Eliminating Insider Threats
2016 Innovation
Award
ObserveIT 6.7 Release HighlightsNovember 2016
Speakers
Kevin DonovanSolutions ArchitectITPM
Michael GordoverSolutions Architect(ISC)² Associate CISSP, ITPM
John VigeantVP Sales, Americas
3
Insider Threat is a Big Problem
90%of security incidents are caused by people
58%of breaches are caused from internal incidents or with a business partner’s organization
55% of attacks are originated by an insider
Source: Verizon 2015 Data Breach Investigations Report Forrester’s Global Business Teechnographics Security Survey 2015 2015 IBM Cyber Security Intelligence Index
4
The Challenge: Visibility & Privacy
Data exfiltration (USB, printing, web)Granting / elevating access privilegesUnauthorized software access, downloadsQuestionable web activities (dark web, gambling)
… and all must meet regulatory compliance standards
Before 5.0User Activity Monitoring
5.5User Activity
Alerting
6.0Dashboard User Risk
Scoring
2006 20162014 - 2015
DETECTINVESTIGATE MITIGATEINTEGRATE ANALYZE
6.5Alert Engine Overhaul
Security Awareness
ObserveIT History
6.7Enhanced Alerts
Web CategorizationAnonymization
180 Rules to Protect Your Data
Built-in threat categories include:• Application Data Theft• Bypassing Security Controls• Creating Backdoor• Data Exfiltration• Privilege Elevation• Unauthorized Admin Tasks• Malicious Software• Shell Attack• System Tampering• Unauthorized Shell
Alert rules are automatically mapped to specific user types (e.g., privileged, remote vendors, terminated employees) with a different risk level for each specific user group (these settings can also be user-customized if desired).
Zero configuration time for most common insider risk issues
1
Auto-configuring rules to identify risk behaviors based on roles, applications, and systems
Full Web Monitoring
Know when users visit out-of-policy website categories for increased visibility into online user behavior and detection of phishing/infections
Website categories are indicated in alerts and reports for greater visibility into user behavior.
See the story, not just HTTP/S requests, including encrypted traffic and dynamic contentNo impact to business operations (versus blocking)No expensive network appliances to manage
2
Detect Data Exfiltration through PrintRule-based monitoring of print job sent to local or networked printers
What is being printed
Number of pages sent to printer
Printer name (local or network)
Large print operation
3
Guarantee Employee Privacy
Selective anonymization of user names, login accounts and computers forenhanced user privacy and regulation compliance
Process to Expose individual users for deeper inspection
Exclude specific groups from being anonymized (e.g., remote vendors)
User Identity Anonymization for GDPR compliance
4
User meta-data integration
Easily create and manage complex list-based rules
Import lists
While and black-list
5
Augment active directory roles with additional data and segmentation on users
Mac Agent SupportFull video and metadata recording on Mac desktops, laptops and servers
Brief Demo
5 Reasons to upgrade to v6.7• Full website monitoring
• New Insider Threat Library
• Track Print Jobs
• Privacy with Anonymization
• Easily import user meta-data
Contact US
• Existing Customers – free upgrade (contact Sales or Support)[email protected] or [email protected]
• New Customers – Download trial at: http://www.observeit.com/tryitnow