Observe It Presentation

1.
ObserveIT – Record& Replay Terminal, Citrix and Console SessionsJanuary 2010

2.
The Company ina NutshellFounded in 2006Focused exclusively on People-Auditing software productsFirst GA product release – 2007Current product version - v5.0Global Presence Partners in 5 ContinentsOfficial Distributor in MalaysiaComwise Internetwork SdnBhd78A, JalanRenang 13/26Section 13, 40100 Shah Alam, Selangor.Contact : Mr TS Teh – 019-263 7311 [email protected] Kent Ng - 019-325 3248 [email protected]

3.
Our Product ina NutshellRecord and Replay of user sessionsLike a ‘security camera’ on your serversSoftware-based solutionPlayback any Remote Desktop, Citrix, VMWare or any other remote access sessionFast search and navigation to find user actions, without lengthy playback

4.
Hundreds of EnterpriseCustomersFinancialIT ServicesEducation/Gov’t/HealthcareManufacturingTelecommunications

5.
Why use ObserveIT? Compliance and SecurityTrack every access to corporate servers and databases

6.
Audit people, notjust apps

7.
Total application coveragethat grows with your growth

8.
Bulletproof evidence

9.
Precise user identification Remote Vendor Monitoring Know exactly what 3rd party vendors are doing on your servers

10.
Improve security, accountabilityand policy messaging

11.
Transparent SLA andbilling validation

12.
No more ‘Fingerpointing’ Root-Cause AnalysisKnow ‘Who did what?’: Answer the question that will really lead to problem resolution

13.
Immediate root causedetermination

14.
Alerts from withinNetwork Monitor Tools

15.
Defeat the ‘Oops’factor Who accessed the salaries spreadsheet in the past 24 hours?And what did they do?Without ObserveITWith ObserveITCheck the file system logsCheck the HR app auditCheck the finance dept. auditCheck admin support app logUnified reporting of all user activity on the HR spreadsheetI wonder if there are other access points?Instant playback of exact user actions????????

16.
 Complianceand SecurityTrack every access to corporate servers and databases

17.

18.

19.

20.

21.

22.

23.

24.

25.

26.
Defeat the ‘Oops’factor Why use ObserveIT ?What did SupportCorp do on our servers yesterday?Are they responsible for the data deletion event? Without ObserveITWith ObserveITFind the exact user sessionI have no idea……Finger pointing accusationsLengthy SLA reviewSession playback eliminates any doubtIs there anywhere we can find this information???????

27.
Why use ObserveIT? Compliance and SecurityTrack every access to corporate servers and databases

28.

29.

30.

31.

32.

33.

34.

35.

36.

37.
Defeat the ‘Oops’factor Why is our server broken?And how can I fix it? Without ObserveITWith ObserveITCheck the event logCheck the database logImmediate identification of cause of outageCheck the registryCheck the network cableAttention all admins: Who touched this server?!?%!?????

38.
Video Replay ofUser SessionsClicking on video icon launches the video replay(see next slide)ObserveIT lists every user sessionJump straight to the precise action.Replay only what you’re interested in.Within each session, details of every action taken

39.
Video Replay ofUser SessionsSee an exact video playback of the entire user session(including mouse movements, selection of UI elements and text entry)Navigate quickly within the recording(including jumping between each activity, as the user launches a new app or opens a new window)

40.
Comprehensive Searching and Navigation Search and filter according to:User ID

41.
Date of Session

42.
Specific ServerSearch andfilter according to:User ID

43.
Date of Session

44.
Specific ServerSearch andfilter according to:User ID

45.
Date of Session

46.
Specific ServerComprehensive Searching and Navigation Google-like free text search: Search for any text appearing in user sessionsApplication Name

47.
Window Titles

48.
UI Elements

49.
User generated contentSearchresults highlight exact location of user action within the user session timeline

50.
Policy-Based, Event-Driven RecordingDefinepolicies to handle each session

51.
Granular policy rulesto specify:Whether to record video

52.
What metadata tocapture

53.
If user identificationis required

54.
Specific users /applications / servers to include or excludeGranular policy rules to specify:Whether to record video

55.

56.

57.
Specific users /applications / servers to include or excludeGranular policy rules to specify:Whether to record video

58.

59.

60.
Specific users /applications / servers to include or excludeReport GeneratorCreate your own custom reportsSchedule reports to run automatically for email deliveryDeliver formatted reportor Export Excel data

61.
Design report accordingto precise requirements:Content Inclusion

62.
Data Filtering

63.
Sorting and GroupingDesignreport according to precise requirements:Content Inclusion

64.
Data Filtering

65.

66.
Data Filtering

67.

68.
Data Filtering

69.
Sorting and GroupingImmediatelyupon logging into the server…Policy Messaging…the user receives your message(ex. Network Policy, Ticket #)NOTE: No database admin task may be performed between 0800 and 1800 GMTPlease enter your support ticket number in box below.User is required to acknowledge receipt(and optionally required to enter response)

70.
User IdentificationUser logson as generic “Administrator”

71.
ObserveIT requires usernameidentification prior to granting access to systemActive Directory used for authentication

72.
Each session isnow tagged with an actual nameLogin userid: administratorActual user: daniel

73.
Real Time Playback“OnAir” icon shows that a session is currently active

74.
Video replay ofsession is launched in Real-Time mode, with continuous updates until the session endsVideo replay of session is launched in Real-Time mode, with continuous updates until the session ends

75.
Enterprise-Ready ArchitectureComplete CoverageAgnosticto network protocol and client applicationCaptures all Remote Sessions and also Console SessionsTerminal

76.
Small FootprintUltra-efficient datastorageLess than 250GB/year for high-usage, 1000 server environmentMinimal Agent CPU utilization0% CPU when no console active1%-2% CPU, 10 MB RAM during session

77.
Integration with SystemMonitorsInstant-replay from within your network management environment Microsoft SCOM, CA-Unicenter, IBM Tivoli, HP OpenViewReal-time alertsOn file access/deletion, Network share, Registry edit , RDP open connection, URL access etc.ObserveIT alert in CA-UnicenterObserveIT alert in MS SCOMTrigger automatic email alert deliveryClick on alert to see ObserveIT video playback

78.
Pervasive User PermissionsGranularpermissions / access controlDefine rules for each userSpecify which sessions the user may playbackPermission-based filtering affects all content accessReportsSearchingVideo playback Metadata browsingAccess to ObserveIT Web Console is also auditedObserveIT audits itself Satisfies regulatory compliance requirements

79.
System ComponentsAgentCorporate ServerHTTPTraffic(by default -TCP 4884)SQL Traffic(by default -TCP 1433)AgentSwitchApplication ServerWeb Console using IIS on Windows Server 2003/2008Database Serverusing MS SQL Server 2000/2005on Windows Server 2003/2008Corporate ServerHow it WorksEach monitored desktop or server runs the ObserveIT AgentThe Agent encrypts information about user activity and sends it to the Application ServerApplication Server analyzes data and stores it in the Database ServerWeb Management Console is a web-based interface for searching and reporting on captured user activityHTTPAgentObserveIT Admin using a Web BrowserCorporate Desktop

80.
Deployment Architecture:Remote AccessGateway (Agent-less Servers)Published ApplicationsPutty.exeRDP TrafficVPNTrafficCorporate Servers(No Agent installed)VPNICATrafficCorporate Servers(No Agent installed)Terminal or Citrix Serverwith ObserveIT AgentWin2008TS GatewayRDP over SSL TrafficTelnet/SSHTrafficCorporate Servers(No Agent installed)App ServerWeb ConsoleDB Server

81.
Company: VocaLinkIndustry: Financial ServicesFounded: 2007(Merger)Headquarters: London, UKSolutionBusiness EnvironmentChallengeCase Study: Remote Access Visibility at VocaLinkPayment transaction platform distributed across Europe

82.
Supporting 60,000 ATMmachines

83.
Clearing 90,000,000 transactionsper day

84.
Control access tosystem resources, including shared privileges between two merged corporate entities during period of merger

85.
Achieve common systemmanagement and visibility

86.
2008- ObserveIT deployedto monitor and audit serve activity during merger activity

87.
2009- Successful visibilityresults from merger activity lead to system-wide deploymentCase Study: Compliance Auditing at Toshiba MedicalCompany: Toshiba Medical SystemsIndustry: Healthcare Equipment Founded: 1939 Headquarters: Tokyo, Japan (Corp HQ) Los Angeles, CA, USA (Division)SolutionBusiness EnvironmentChallengeMedical imaging products (MRI, CT, US, X-Ray) deployed at hospitals and medical centers worldwide

88.
Customer support processrequires remote session access to deployed systems

89.
Strict HIPAA complianceregulations must be enforced and demonstrable

90.
In addition, SLAcommitments require visibility of service times and durations

91.
ObserveIT deployed ina Gateway architecture

92.
All access routedvia agent-monitored Citrix gateway

93.
Actual systems beingaccessed remain agent-less

94.
Toshiba achieved 24x7SLA reports, including granular incident summaries

95.
Automatic generation ofHIPAA regulatory documentation, led to reduced compliance costs and improved customer (hospital) satisfactionThank You!For More Information, Please contact Comwise Internetwork SdnBhdMr. TS Teh 019-263 7311Mr. Kent Ng 019-325 3248

Observe It Presentation

More Related Content

What's hot

Viewers also liked

Similar to Observe It Presentation

Observe It Presentation

Editor's Notes