For more details, please contact ObserveIT at sales@observeit.com.

Regards,

Danny David | Product Manager

ObserveIT

Tel. +972 3 5438306

danny@observeit.com  |  www.observeit.com

We’re proud to announce that we have recently been certified as ArcSight CEF compliant partners.  This is an important step for us. It expands the ways that ObserveIT User Activity log data can be utilized for building insightful security reports and dashboards.

After completing an extensive certification process, we now are integrated tightly into the HP Arcsight platform, using standards-based CEF log file communications structure.  This means that any Arcsight installation can easily display ObserveIT’s user-oriented logs, including launching  a video replay that shows user actions.

What’s more, these video replays can be automatically correlated with ANY log data, whether it comes from OS system logs, DB logs or any other source. A simple UID/server/timestamp correlation will automatically tie any system event to a video replay which shows what triggered that event.

For more information about the integration, read the technical config guide here. If you are an Arcsight user, you can also get information on the HP Arcsight user forum: https://protect724.arcsight.com/groups/cef-connectors

And go here for more details about how ObserveIT empowers your SIEM platform.

If you haven’t yet had a chance to dive into this 80 page report, I’ve summarized much of the good…er..actually…bad stuff here.

The big bummer is that 2011 had the 2nd highest data loss total since the Verizon team started publishing the Data Breach Investigations Report in 2004.

The study also finds that when attacks happen, it’s weeks or months before they are detected. That’s bad enough, but what really makes this freakout-worthy is that when these breaches do get detected, it’s by external parties (i.e. not the victimized company). 92% of breaches are MADE PUBLIC by a someone other than the one who’s been breached. Reading about yourself in the headlines is a pretty crummy way to discover you’ve got a data breach.  Point being?  We need help identifying identity theft.

Only 1% of breaches are detected by log analysis. (In large orgs the number is still very small at 8%). Clearly Log Analysis is not sufficient on its own. Even with all the dynamite SIEM products that are out there today, it’s time to re-evaluate which logs we are analyzing. Why? Because system logs are built for developers for debug, and not by security admins for security auditing.

Another frightening stat is that 88% of hacking incidents are done using remote access or remote desktop services. This again points to the fact that monitoring user sessions is the main line for security auditing.

ObserveIT provides video recordings and video analysis of every user session (whether authorized or unauthorized) that occurs on your servers. For more details, please visit observeit.com or send us an email.

Whether you use ArcSight, Splunk, CA UARM, RSA enVision or any other SIEM, you can easily generate reports, dashboards and correlations that show exact user actions (including video replay!) – not just system log reports.

Join our security audit specialists this Wednesday (March 21st) at 12:00 ET (9AM PT, 4PM GMT) for a free webinar. Sign up here:  http://gurl.im/1c8e2Np

ObserveIT Enterprise v5.6 includes many new levels of protection. The most noteworthy new capability is a groundbreaking solution for catching incidents of identity theft, which lets you turn your thousands of users into your security detection network.

v5.6 also brings live-session messaging and remote locking, more functionality in our policy messaging module, even deeper self-auditing mechanisms and added archiving functionality.

Full details can be found here.

Want to get Early Availability release later this month? Send an email to me: danny@observeit.com

If you ever wonder why you and so many other IT Security professionals are spending so much time looking at layers of applications, well the answer is equally obvious.  ‘Because that’s where the threats are.’

Over the past 18 months, IT has collectively woken up to the fact that security issues are penetrating much deeper than the network level. (Learn more here and here.)

Network Security Monitoring still matters of course, but it has become almost a commodity. Firewalls work. Packet-based threat detection works. End of conversation.

Then why do we feel even less safe than ever? We all know why, deep in our bones: Because applications are now the primary platform for tomorrow’s security threats. That is why Application Security Monitoring is landing smack-dab in the middle of the CISO’s agenda.

Now, the question must turn to the question of “How”.  How can we accomplish Application Security Monitoring, without rebuilding our entire app infrastructure?

Well, the answer is easier than you think: ASM tools that literally record all user activity (i.e. recording what they do when using the applications) give you the clarity you need for auditing and investigating threats that occur within those apps.

In other words, you don’t need a 12-step program to achieve Application Security Monitoring.

• Don’t get stuck in the (Re)Design-(Re)Code-(Re)Test cycle trying to improve the security within your apps.
• Don’t drive yourself batty trying to interpret insufficient security logs that your apps produce today. Remember that those logs were built by developers, for the purpose of debugging. They were not built by auditors for the purpose of investigating security.
• And most importantly, don’t assume that just having access control in place does enough. With distributed, mobile and modular application usage growing exponentially, the gatekeeper alone can’t keep track of what is really happening.

Just like Slick Willie’s surprisingly obvious explanation, you can also use a surprisingly obvious explanation for how to instantly ramp up your Application Security Monitoring: Just put a monitor around your applications.  Learn more about ObserveIT’s surprisingly obvious solution here.

Beyond the in-depth conference agenda, we spent many hours speaking with Security Officers, and were interested to discover how much interest there is in plugging the ‘remote vendors‘ hole in the wall.

What especially surprised us was the number of times that this concern was coming specifically as a result of PCI audits that already have taken place. If you’ve been waiting for the day that PCI requirements would turn the corner from ‘something we’ll need to deal with’ to ‘it’s on your plate right now’…. It seems that the future is now!

The folks at Komtera, our very effective partners in Instanbul, have been monitoring these developments for quite a while now, and that probably explains why so many of Istanbul’s largest financial and logistics companies are already counting on them for boosting their  security audit infrastructure.

The next drawing will  be held on Friday, March 30th. To be entered, please send us an email and schedule a 15 minute product demonstration.

Want a sneak preview? Can’t make it to SF? Join us for this sneak-peak webinar! On Tuesday Feb 14, you’ll learn highlight how it is surprisingly easy to get video replay logs of every user action, directly from within the full CA Access Control platform.

You’ll see how to:
- Capture detailed user activity logs, including video recordings of every user action
-  Address regulatory challenges, including PCI Requirement 10
- Leverage even more of the CA Access Control to improve security for remote vendor logins

Sign up here for the webinar.

BTW… Have you seen what  100+ customers are saying about Session Recording on LinkedIn? Here’s a few highlights:

• “The product is outstanding. Trust and be able to verify is essential.” – Dell
• “When we saw the product kept its promises, we deployed it to all of our server farm. Nowadays compliance is really a challenge. ObserveIT transforms the challenge into a success story.” – ING
• “When you have it in production, you see how smart product is. Small product details can solve bigger issues.” – Siemens
• “This is an essential tool. I highly recommend this for Monitoring and Auditing.” – TESCO

But once an identity is stolen, no tools can really identify or track the incident. The responsibility for detection lies entirely on the security officer. Why? Because “That’s the way we always did it!”  With identity theft running rampant, this is just plain dangerous thinking.

Why can’t we bring the user into the responsibility loop???

Consider credit card fraud, as an analogy: How does Visa/MC/Amex capture fraud? (Hint: It’s not from fancy fraud detection security software.)  The vast majority of detection is from the simple feedback loop when cardholders inform about unauthorized purchases. (i.e. Your grandma and a telephone is the ultimate fraud protection tool!)

We must do the same in IT. Identity theft incidents can be detected and neutralized much quicker if we would just give users a way to flag unauthorized logins. After all, the only person who knows what a user did is the user himself/herself!

Let’s stop doing it the old way, just cuz that’s how we always did it. Let your users be your scouts. Your grandma will be very proud of you.