I happy to announce that ObserveIT supports IBM AIX 5.3 platform now!
For more details, please contact ObserveIT at sales@observeit.com.
Regards,
Danny David | Product Manager
ObserveIT
Tel. +972 3 5438306
danny@observeit.com | www.observeit.com
We’re proud to announce that we have recently been certified as ArcSight CEF compliant partners. This is an important step for us. It expands the ways that ObserveIT User Activity log data can be utilized for building insightful security reports and dashboards.
After completing an extensive certification process, we now are integrated tightly into the HP Arcsight platform, using standards-based CEF log file communications structure. This means that any Arcsight installation can easily display ObserveIT’s user-oriented logs, including launching a video replay that shows user actions.
What’s more, these video replays can be automatically correlated with ANY log data, whether it comes from OS system logs, DB logs or any other source. A simple UID/server/timestamp correlation will automatically tie any system event to a video replay which shows what triggered that event.
For more information about the integration, read the technical config guide here. If you are an Arcsight user, you can also get information on the HP Arcsight user forum: https://protect724.arcsight.com/groups/cef-connectors
And go here for more details about how ObserveIT empowers your SIEM platform.
The Verizon RISK Team has recently released the 2012 update to their Data Breach Investigations Report. More and more, it’s looking like User Activity Monitoring is rapidly becoming the best approach for Data Breach detection and prevention.
If you haven’t yet had a chance to dive into this 80 page report, I’ve summarized much of the good…er..actually…bad stuff here.
The big bummer is that 2011 had the 2nd highest data loss total since the Verizon team started publishing the Data Breach Investigations Report in 2004.
The study also finds that when attacks happen, it’s weeks or months before they are detected. That’s bad enough, but what really makes this freakout-worthy is that when these breaches do get detected, it’s by external parties (i.e. not the victimized company). 92% of breaches are MADE PUBLIC by a someone other than the one who’s been breached. Reading about yourself in the headlines is a pretty crummy way to discover you’ve got a data breach. Point being? We need help identifying identity theft.
Only 1% of breaches are detected by log analysis. (In large orgs the number is still very small at 8%). Clearly Log Analysis is not sufficient on its own. Even with all the dynamite SIEM products that are out there today, it’s time to re-evaluate which logs we are analyzing. Why? Because system logs are built for developers for debug, and not by security admins for security auditing.
Another frightening stat is that 88% of hacking incidents are done using remote access or remote desktop services. This again points to the fact that monitoring user sessions is the main line for security auditing.
ObserveIT provides video recordings and video analysis of every user session (whether authorized or unauthorized) that occurs on your servers. For more details, please visit observeit.com or send us an email.
Want to learn how to get the most out of your SIEM Platform?
Whether you use ArcSight, Splunk, CA UARM, RSA enVision or any other SIEM, you can easily generate reports, dashboards and correlations that show exact user actions (including video replay!) – not just system log reports.
Join our security audit specialists this Wednesday (March 21st) at 12:00 ET (9AM PT, 4PM GMT) for a free webinar. Sign up here: http://gurl.im/1c8e2Np
ObserveIT v5.6 EA (Early Availability), will be released by the end of March!
ObserveIT Enterprise v5.6 includes many new levels of protection. The most noteworthy new capability is a groundbreaking solution for catching incidents of identity theft, which lets you turn your thousands of users into your security detection network.
v5.6 also brings live-session messaging and remote locking, more functionality in our policy messaging module, even deeper self-auditing mechanisms and added archiving functionality.
Full details can be found here.
Want to get Early Availability release later this month? Send an email to me: danny@observeit.com
When famed bank robber “Slick Willie” Sutton was asked ‘Why do you rob banks?’, his reply was taken as humor, but it also the most ultimate truth: ‘Because that’s where the money is.’
If you ever wonder why you and so many other IT Security professionals are spending so much time looking at layers of applications, well the answer is equally obvious. ‘Because that’s where the threats are.’
Over the past 18 months, IT has collectively woken up to the fact that security issues are penetrating much deeper than the network level. (Learn more here and here.)
Network Security Monitoring still matters of course, but it has become almost a commodity. Firewalls work. Packet-based threat detection works. End of conversation.
Then why do we feel even less safe than ever? We all know why, deep in our bones: Because applications are now the primary platform for tomorrow’s security threats. That is why Application Security Monitoring is landing smack-dab in the middle of the CISO’s agenda.
Now, the question must turn to the question of “How”. How can we accomplish Application Security Monitoring, without rebuilding our entire app infrastructure?
Well, the answer is easier than you think: ASM tools that literally record all user activity (i.e. recording what they do when using the applications) give you the clarity you need for auditing and investigating threats that occur within those apps.
In other words, you don’t need a 12-step program to achieve Application Security Monitoring.
Don’t get stuck in the (Re)Design-(Re)Code-(Re)Test cycle trying to improve the security within your apps.Just like Slick Willie’s surprisingly obvious explanation, you can also use a surprisingly obvious explanation for how to instantly ramp up your Application Security Monitoring: Just put a monitor around your applications. Learn more about ObserveIT’s surprisingly obvious solution here.
On Feb 23, ObserveIT and our partner Komtera had an eye opening experience at the IDC Security Roadshow in Istanbul, Turkey.
Beyond the in-depth conference agenda, we spent many hours speaking with Security Officers, and were interested to discover how much interest there is in plugging the ‘remote vendors‘ hole in the wall.
What especially surprised us was the number of times that this concern was coming specifically as a result of PCI audits that already have taken place. If you’ve been waiting for the day that PCI requirements would turn the corner from ‘something we’ll need to deal with’ to ‘it’s on your plate right now’…. It seems that the future is now!
The folks at Komtera, our very effective partners in Instanbul, have been monitoring these developments for quite a while now, and that probably explains why so many of Istanbul’s largest financial and logistics companies are already counting on them for boosting their security audit infrastructure.
Congratulation to our first Apple® iPad® 2.0 contest winner, Todd LeBloch. To get entered in the raffle, all Todd did had to do was schedule a 15min product demo for himself at two of his colleagues, then answer a short (5 question) product feedback survey.
The next drawing will be held on Friday, March 30th. To be entered, please send us an email and schedule a 15 minute product demonstration.
The RSA Conference is coming up soon! We’ll be there, as part of the CA Technologies booth, unveiling the latest in our groundbreaking Session Recording integration with CA.
Want a sneak preview? Can’t make it to SF? Join us for this sneak-peak webinar! On Tuesday Feb 14, you’ll learn highlight how it is surprisingly easy to get video replay logs of every user action, directly from within the full CA Access Control platform.
You’ll see how to:
- Capture detailed user activity logs, including video recordings of every user action
- Address regulatory challenges, including PCI Requirement 10
- Leverage even more of the CA Access Control to improve security for remote vendor logins
Sign up here for the webinar.
BTW… Have you seen what 100+ customers are saying about Session Recording on LinkedIn? Here’s a few highlights:
There are lots of tools and procedures that we arm our users with to protect their identity. (ex: Two Factor Authentication, Password complexity and reset rules, etc.)
But once an identity is stolen, no tools can really identify or track the incident. The responsibility for detection lies entirely on the security officer. Why? Because “That’s the way we always did it!” With identity theft running rampant, this is just plain dangerous thinking.
Why can’t we bring the user into the responsibility loop???
Consider credit card fraud, as an analogy: How does Visa/MC/Amex capture fraud? (Hint: It’s not from fancy fraud detection security software.) The vast majority of detection is from the simple feedback loop when cardholders inform about unauthorized purchases. (i.e. Your grandma and a telephone is the ultimate fraud protection tool!)
We must do the same in IT. Identity theft incidents can be detected and neutralized much quicker if we would just give users a way to flag unauthorized logins. After all, the only person who knows what a user did is the user himself/herself!
Let’s stop doing it the old way, just cuz that’s how we always did it. Let your users be your scouts. Your grandma will be very proud of you.
