ObserveIT

Insider Threat Detection

• Uncover risky user activity by identifying anomalous behavior in real time.
• Insider Threat Rules
• Rely on hundreds of carefully calibrated, out-of-the-box Insider Threat Rules
• Gain insight into 25 risk categories (all customizable by user group)
• Categorize website visits and enable alerts based on risky activity
• Insider Threat Intelligence & Reporting
• Enhance security operations and regulatory compliance with detailed reports
• Investigate and view information about any user’s activities
• Secure Key-Logging
• Detect inappropriate activity in real time
• Trigger alerts  on sensitive keywords and commands typed
• Detect data exfiltration attempts when users type protected keywords

Incident Investigation

• Investigate risky user activity in minutes—not days. Gain a comprehensive, 360-degree view into user behavior.
• User Session Recording
• Record user sessions for visual  playback of exactly  what happened, when, where, and why
• Rich, user-centric metadata provides full context of any user session
• Precise activity trails show every user action
• Receive easy-to-understand alerts based on user activity
• Easily search through captured sessions and get a breakdown of each user session

Insider Threat Prevention

• Reduce risk with real-time user notifications and blocking. Directly enforce company security policy—automatically and in real time—to promote security awareness and prevent insider threats.
• Block Out-of-Policy Actions
• Block user activities that breach security or violate company policies
• Stop incidents before they can progress
• Real-Time User Notifications
• Warn users against proceeding with actions that violate policy
• Notify users that policy violations will be recorded and reviewed
• Reduce non-compliant actions by 80% with real-time warnings
• Optimize security and IT processes by collecting user feedback

Monitoring and Management of Privileged Users

• Precise visibility helps security account for all user activity and is crucial for root cause analysis, regulatory compliance audit reporting, and proactive user monitoring on high-risk users.
• Get user audit trails of everything that happens on your critical systems
• Monitor, record and analyze any privileged user action
• Monitor critical system access & activity on any system including:
• Windows Server
• 31 Distributions of Unix/Linux
• Citrix, VMware, and Hyper-V
• AWS/Azure Systems
• Detect Privileged Escalation & System Access
• Monitor remote connections such as Remote Desktop, Terminal Services, VMware, GoToMyPC, LogMeIn, SSH, Telnet, ICA, and local logins
• Alert security and IT teams to abnormal, suspicious or malicious privileged user activity
• Account for any service or shared account with secondary identification

Compliance

• ObserveIT helps organizations meet appropriate compliance requirements across a range of frameworks.
• Secondary Authentication
• Require a secondary challenge-response for user using shared account IDs
• Increase visibility into who did what, even when credentials are shared by team members
• Secure shared accounts
• DBA Auditing
• Monitor SQL queries executed by DBAs against production databases
• Capture SQL query activity
• Review SQL queries performed by date and other criteria
• Reporting
• Generate basic reports from preconfigured templates
• Produce flexible application usage reports and trend analysis reviews
• Create comprehensive customized reports based on their own requirements
• Aggregate or summarize  information about all monitored user activity

User Privacy Protection

• Anonymize user data to protect employee and contractor privacy, meet regulations, and  maintain trust with your users.
• Anonymization Mode
• Encrypt and obfuscate all personal user information
• In anonymization mode, information remains hidden unless specifically 
• requested and approved by an authorized administrator
• Meet stringent privacy laws, including the EU General Data Protection Regulation

Tool Integration ObserveIT natively integrates with major SIEM tools, ticketing systems, log management applications, and more. Integrations Gain a holistic view of your organization’s IT security Enable deeper insight into what’s going on across systems Access ObserveIT data quickly via top SIEM & automation tools Integrate ObserveIT insight into:

• Splunk
• HP ArcSight
• IBM QRadar
• LogRhythm
• Securonix
• Exabeam
• ServiceNow
• Lieberman