Thurs February 25th @ 1:30 pm ET/10:30am PT
Why insider threat is a c-level priority
Featuring Eric Cole [Former CTO of McAfee]
Pelephone, Israel's #1 cellular phone carrier with 2.4 million subscribers manages a diverse IT server environment with over 1,200 servers in their Tel Aviv headquarters as well as in 3 IT hosting centers, running both customer-facing and business management applications. To achieve optimal QoS and operational efficiency, assuring server stability and uptime is a top IT priority. "Our server platform is our lifeline", commented Isaac Milshtein, Pelephone’s Director of Engineering IT Operations.
As is common in the telecom industry, Pelephone maintains many custom-tailored 3rd party applications, providing content and value-add services to Pelephone subscribers. The numerous privileged vendors who are remotely accessing these servers, and are responsible for software support and upgrades, further complicate Pelephone’s server management job. This provider used ObserveIT's Gateway solution, comprising of ObserveIT management console and multiple server agents. Hence, non-stop 24X7 SLA could be easily offered based on the detailed and granular auditing capabilities of the ObserveIT data recording solutions.
Pelephone turned to ObserveIT’s window session recording platform for the purpose of establishing visibility into remote session activity. The initial deployment was rolled out on five internal corporate applications in October of 2006. Less than one month later, ObserveIT already delivered on its promise when Pelephone’s experienced an overnight service outage on a mission-critical business application. The back-and-forth process between IT and the software vendor offered no solution. Consulting the ObserveIT session recordings not only brought immediate resolution to the problem, it also helped identify the responsible party and precise cause, thus allowing Pelephone to implement procedures to prevent its reoccurrence.
Following this incident, Pelephone deployed ObserveIT on their entire production server environment. ObserveIT’s system administration benefits helped solve system outages of high-profile customer-facing applications. For an even stronger troubleshooting impact, Pelephone integrated ObserveIT with their CA Unicenter network monitoring system. As a result, any alert in the Unicenter management console includes a link to an ObserveIT window session playback for any active session at the time the alert was fired. With this tight integration, mid-level system operators are able to identify problems that in the past were only solved by senior system administrators, thus dramatically easing the forensic reconstruction of past events and reducing mean time to repair.
The ObserveIT Agent is installed on each of Pelephone’s 1,200 servers, which include NT4.0, Win2000 and Win2003. The agent remains idle until keyboard or mouse activity is detected in an NetOP or Terminal Services session. When activated, the agent takes negligible CPU overhead, capturing each user action. Screen snapshot and metadata about the state of the OS and application is analyzed and encoded using ObserveIT’s patented algorithms, and is sent via HTTP POST to the Application Server.
The ObserveIT Application Server, an ASP.NET application running under IIS in the main Pelephone data center, accepts the data posted by the Agent, processes it, and sends it to the ObserveIT Database Server to be stored and indexed. The Application Server also periodically provides configuration information to the Agents. The ObserveIT Web Console, also an ASP.NET application, is the primary interface for Pelephone IT and Security users.
Having deployed ObserveIT throughout their entire IT server environment, Pelephone is looking to further capitalize on this infrastructure. The full production deployment is being augmented by a software release validation deployment, allowing Pelephone to monitor, check and train users regarding all aspects of new system deployment. As an additional side benefit, Pelephone will also be using ObserveIT to validate service provider billing reports by comparing reported hours to actual activity.