Join us June 8th to hear first-hand experiences from Bain Capital’s VP and CISO, Mark Sutton, in our webinar “Lessons Learned Building Bain Capital’s Insider Threat Program.” Register Now
Leumi Card Case Study
Leumi Card Ltd. provides credit card and payment solutions throughout Israel. Operating as a subsidiary of Bank Leumi, Israel's leading commercial bank with $85 billion in assets, LeumiCard is one of the largest credit card and payment solutions providers in the country.
LeumiCard's infrastructure is managed in a highly-secured data center at their corporate headquarters. The system platform runs on serveral platforms, all with sensitive mission-critical applications.
Ongoing operations and maintenance of these platforms require system access by various privileged internal users, including software developers, system and storage infrastructure managers and application managers. These users log in to production servers using RDP.
Corporate control reports require that LeumiCard be able to document exactly what takes place on each production server, and to be able to explain why the action was necessary.
LeumiCard deployed ObserveIT on their mission-critical servers in order achieve identity management, user policy messaging and session recording. The first key to the solution involves shared-account (administrator) users being asked to provide secondary named-user credentials, with userids validated via the company's Active Directory system. This feature of ObserveIT automatically guarantees that every single user session can be tied to a specific user.
Next, the user must acknowledge that s/he is aware that s/he is logging into a production server. "We discovered that this alone has dramatically decreased the number of user sessions on production machines," stated Ofer Ben Artzy, LeumiCard's Manager of Infrastructure Systems. "When you alert the users like this, they are more likely to find an alternative way to do their job via secondary test servers, which means a reduced number of entries in my daily control reports that need to be reviewed."
Finally, ObserveIT's user session video recording captures a video replay of each user session. This portion of the solution delivers the concrete evidence necessary when investigating security issues. Daily email control reports are delivered automatically to each manager, according to area of responsibility. Each of these managers can then replay the sessions that relate to their systems, if necessary. In addition, detailed control reports for any time period are issued ad-hoc according to wider auditing requirements.