Applications, Systems and Data – these are the core of your digital business ---click--- So you protect them with Firewalls, IDS, and Identity and Access Management Then you collect a bunch of system and infrastructure logs to monitor and report on what is going on And everything is secure right ? ---click--- But the problem is you have to provide access to all your users – Contractors, IT and everyday business users – for those assets to actually be useful for your business ---click--- And the problem is, your users are the biggest gateway of risk that exists in your organization today ---click to next slide---
Подрядчики
84% потери данных происходит при помощи админских учетных записей 2
62% утечек по вине администраторов просходит из-за неумышленных ошибок2 1 Verizon DBIR 2013
2 2014 IBM/Ponemon Cost of Data Breach Report 3 The 2014 Target Stores breach, not included in the VDBIR14 report
Последствия от потери данных по вине подрядчикв значительно более тяжелы и разрушительны для бизнеса3
КАРТИНА РИСКОВ
Бизнес Пользователи Сотрудники IT
76% потерь данных происходит при помощи учетные записей пользователей или использует их1
Presenter
Presentation Notes
And User Risk is behind the majority of breaches and security incidents happening today 76% of Data Breaches involve Stolen or Exploited User Accounts And this risk is coming from across your entire user population: Everyday Business Users - those with no admin rights – account for 84% of breaches We tend to always think of malicious users and hackers stealing credentials, but 62% of breaches stemming from IT Users, stem from human error Finally breaches involving contractors have significantly higher business impact So clearly the user risk landscape is one of the biggest and fastest growing security threats facing companies today --click to next slide---
Теневого IT Использование персональных облачных сервисов
Вредоносная
Фишинг, вредоносы, трояны
Удаленная
Скачки по серверам, общие аккаунты, VPN доступ
Структура ___________________________________________
__________
Требования Регуляторов
HIPPA, PCI, NERC, SOX, PHI/PII
Бизнес Процессы
CRM, Call Center, POS, EMR,
обработка претензий
Критичные данные Финансы, сотрудники и заказчики (PII, PHI, etc.)
ГРЕМУЧАЯ СМЕСЬ
Люди ____________________________________________
_________
Подрядчики
Аутсорсинг, офшорные разработчики
IT Администраторы
Глубокий доступ к сети и системам
Бизнес пользователи
2х недельная отработка, ожидание увольнения, плохие показатели по работе
Presenter
Presentation Notes
So how do we go about mitigating User Based Risk? The first step is to understand where this risk stems Historically we have tended to focus entirely on securing the infrastructure that house our critical Assets - servers, Databased, and data But this is only one piece of the risk landscape The true source of risk is the toxic combination of People, and the Activity they do that interact with those Assets ---click to next slide---
ПРИМЕРЫ ИЗ ЖИЗНИ
Люди
Структура
Активность
IT Админстраторы Пользователи Сервера, БД,
Инфраструктура Вирусы/Невидимки
Бизнес Пользователи Критичные Бизнес Приложения
Бизнес Пользователи
Теневое IT
Группы Риска Группы Риска
Вредносное поведение Критичные Бизнес Приложения
Подрядчики Удаленный доступ
Подрядчики Сервера, БД, Инфраструктура
Presenter
Presentation Notes
Let’s explores some real examples of toxic combinations that our customer have used ObserveIT to address Boston Private Bank When Boston private bank wanted to leverage contractors to help accelerate business but wanted to mitigate the risk of remote access to servers and applications with PCI regulated data – they turned to ObserveIT Starbucks Coffee When Starbucks was worried about the potential malicious and oblivious activity of their IT administrators exposing them to the risk of breaches – they turned to ObserveIT Fireman’s Fund When one of the largest re-insurance companies in the world needed to protect the 25 business critical applications that house PII customer data – they turned to ObserveIT to monitor 1,200 users using those applications Xerox When Xerox needed to monitor and investigate the malicious behavior of at-risk employees using the applications that run their ACS business – They turned to ObserveIT --click to next slide---
ObserveIT’s User Activity Monitoring Solution is made up of 3 major pillars: User Behavior Analytics Analytics profile user behavior so you understand how your users are interacting with your applications, systems and data Rule-based engine automatically detect suspicious and out of policy user behavior Reporting engine provide you the ability to audit and analyze all user activity and behavior across your entire enterprise Our Analytics are great for Detecting and Analyzing user behavior that puts your company at risk - our alerting integrates this intelligence into your security workflow Activity Alerting Be instantly notified when user activity is putting your company at risk One-click drill-down into our visual forensic details so you can SEE exactly what your users are doing LIVE You can also shutdown active users session to instantly stop the activity that is putting your company at risk When you need to drill-down into the actual forensics of your users we have visual forensics. Visual Forensics We capture all user activity regardless of where your users are or how they access applications, systems and data We capture this activity in a video-like format – you SEE exactly what the users are doing Video playback is great, but you can’t sit there and watch hours of videos, so we translate all user activity into User Activity Logs that you can search, report on and analyze --click to next slide---
КТО ЧТО ДЕЛАЕТ?
Идетнифицировать и Управлять
Управление Рисками Пользователей
Apps Keystrokes Clicks
Presenter
Presentation Notes
Our solution answers the critical questions you need to address user-based risk – “WHO’S DOING WHAT” --- Click to Next Slide ---
Presenter
Presentation Notes
ObserveIT is a software only solution that is simple to deploy, operate and maintain: Our Agents are simple to install and do not require you to reboot on install or on upgrade We provide coverage for desktops, server, Jump-servers, VDI/Citrix and remote access All reporting, analysis and video replay is accessed via our easy to use web based Console All data (videos and user activity logs) are stored in a Database Server and provides easy integration into BI and SIEM/Log Management -- Click to Next Slide ---
Индикатор предупреждения во время просмотра
Предупреждение во время работы
Сообщение для пользователя и закрытие сессии
Presenter
Presentation Notes
Our video replay provides the ability to actually see what any users did on any system being monitored by ObserveIT On the right you see the full user activity logs associated with this session ---CLICK -- Our activity alerts also show up in this view. Here a remote vendor has accessed a credit card database table they shouldn’t be and you can see precisely when it happened and hop to the exact video of when inappropriate activity occurred ---CLICK-- Alert indicators are also embedded in the user activity logs right on the screen ---CLICK -- Finally, you can actually message users in real-time and terminate their active sessions right from this view
ЕДИНАЯ ЭКОСИСТЕМА С ПРИВЯЗКОЙ К ДЕЙСТВИЯМ ПОЛЬЗОЛВАТЕЛЕЙ
Действия Пользователя
SIEM IAM ITSM
Presenter
Presentation Notes
Deploying User Activity Monitoring on its on provides tremendous value, but when the best part is you can easily integrate this user-context into your entire Security Strategy We offer by-directional integration to SIEM providing the ability to quickly triage alerts from system logs and provide alerts about true user-based risk into your SIEM for correlation We offer integration into ITSM solutions so you can record and audit all change tickets with ObserveIT We offer integration with IAM solutions to combine access control with the actual monitoring and management of what users do with that access
1,200+ ЗАКАЗЧИКОВ
Presenter
Presentation Notes
And these are just 4 examples of the over 1,200 customer we have using ObserveIT everyday to identify and manage their user-based risk --click to next slide--
