Join us June 8th to hear first-hand experiences from Bain Capital’s VP and CISO, Mark Sutton, in our webinar “Lessons Learned Building Bain Capital’s Insider Threat Program.” Register Now
At a Glance
ObserveIT is a best-of-breed enterprise solution that deploys on your choice of Windows and Unix/Linux platforms.
ObserveIT Gateway Monitoring records all user activity across the entire network from a single collection point on a gateway server, and analyzes user activity to generate real-time alerts about any suspicious or out-of-policy behaviors.
- Full video recording and playback of all on-screen user activity, in all applications and system areas
- Keyword-searchable activity logs of every user action
- Customizable real-time alerts regarding any sensitive, unusual, suspicious or malicious user activity provide proactive warnings to security personnel
- Privileged user identification, identity theft detection and other security features
- Tight integration with log management, SIEM, NMS and ticketing systems
ObserveIT creates detailed audits for every user action, even within applications that do not produce any logs of their own. It captures all activity no matter what connection protocols are used to access the gateway or to jump from the gateway to the target machine. It can be deployed on Linux, Unix or Windows gateway machines.
To see a full visual replay of the user session, simply click on the Replay icon.
- Replay Window: The replay window shows exactly what took place on-screen
- Command Summary List: Quick navigation list showing each command the user typed
- DVD-like navigation: Navigate quickly through any session, using fast-forward/rewind or by jumping between each user command (similar to DVD chapter).
- Start replay mid-session: You can launch the replay at the exact location that you need. (ex. If user spent 2 hours in a session, and you see a suspicious command at the 90 minute mark in the Audit List, launch the replay at that exact time.)
User activity alerts are powerful and flexible rules which specify the circumstances in which a user’s action will cause an alert to be generated. The rich user behavior analytics generated by ObserveIT allow alerts to be based on both login events and on specific user actions that occur during a session. Alerts are highlighted during session video playback, generate emails and are highlighted in relevant locations throughout the ObserveIT console.
By making important user activity events visible in real time, it is possible to quickly and effectively respond to any deliberate or inadvertent threats to IT security, system integrity, regulatory compliance or company policies.
ObserveIT generates textual activity logs of every user action, allowing fast activity review plus searching for specific activities using keywords matching:
- names of programs run
- titles of windows opened
- names of files accessed
- URLs accessed
- names of buttons and checkboxes clicked
- text typed/edited/pasted
- system commands executed
Jump directly from activity log entries or search results to relevant portions of recorded session videos.