ObserveIT 5.7 – The Petri Perspective

Today we launched our exciting new release that brings behavioral analytics and alerting to User Activity Monitoring.  ObserveIT 5.7 analyzes user activity against a variety of criteria (who did what, on which computer, when and from which client) to uncover suspicious, abnormal or out-of-policy behaviors in real-time.  Our analytics detect user(s) is involved in suspicious, malicious or potentially fraudulent activities.  Here are a few examples of the types of activities that ObserveIT can detect:

  • Users accessing sensitive medical records
  • Non-management user accessing a file in a Financial Statements folder
  • A non-admin user opened a sensitive system file (e.g., hosts file)
  • A Unix user ran a program or executed a command which granted the user additional permissions (e.g., via the su or sudo commands)
  • A DBA executed a DROP TABLE or DROP INDEX command on a production database

When a possible threat is detected an alert is generated that includes a summary of the suspicious behavior, user details and an actual video of the user’s exact actions. This allows the reviewer to quickly assess the threat and take immediate action if needed. To ensure that each notification is given the attention it deserves, ObserveIT 5.7 includes configurable policies for who receives which type of alert and how often it is presented (individually, daily summaries, etc…). If an organization prefers, ObserveIT’s analytically generated alerts can be integrated into existing SIEM systems.

With this release, ObserveIT moves user activity monitoring from a purely forensics tool, to a real-time incident detection and response system fueled by actual user activity and behavioral data.  Adding these new capabilities to the company’s proven auditing and forensic capabilities makes ObserveIT 5.7 a complete user-centric security platform.

But enough of my ramblings, let’s hear from Microsoft MVP and creator of the online IT knowledge base Petri.com, about why User Activity Monitoring is such an important solution that companies need to add to their security architecture.