ObserveIT Integration Use Case

Use Case for AlienApp Build
Purpose of AlienApp

To integrate with a third-party application that will provide deep granular information into user activity from multiple aspect across an enterprise network.

Why ObserveIT

Integration with ObserveIT would provide deep granular user movement and activity at a level that USM Anywhere currently does not have. The software employs similar traits to USM Anywhere in its simplicity of installation, speed of deployment, short-term/high-vale proposition and broad array of insider threat indicators. ObserveIT also provides visibility across a similar-platforms and utilizes similar architectures to achieve its end result.

Competitive Advantage

USM Anywhere does not currently have an integration that allows for a deep granular view of user activity and insider threat activity. Insider threats are an ever-increasing attack vector for criminal actors in today’s security landscape. An integration with ObserveIT would alleviate this shortcoming in the platform and further productize the USM Anywhere solution.

Drivers

There are daily requests via pre-sales demonstrations for deeper visibility into user activity through event log ingestion, behavioral analytics across the entire environment and actionable remediation procedures that would allow security staff and analysts to deter and react to insider threats carried out either by design or by third party threat actors.

USM Anywhere currently does not have plugins for syslog ingestion of this third-party vendors software.

An integration with ObserveIT would match and surpass the integrations with many direct competitors and further extend the competitive advantage of USM Anywhere by combining the speed of deployment and fast actionable data of USM Anywhere and the deep user activity visibility of ObserveIT. This combination would make for a very valuable integration that would make the decision to choose AlienVault easier than ever before.

Current Integrations

Splunk, LogRhythm, QRadar, Exabeam, ArcSight, Securonix, Lieberman Software, ServiceNow and RSA. ObserveIT also provides an Open API which enables extensible integration with a wide variety of tools.

ObserveIT is built to help large enterprises identify and eliminate insider threats.

• Lightweight Architecture
  No appliance or hardware installation. Ultra-efficient, low footprint. 
• Rapid Deployment
  A standard deployment takes hours or days—not weeks or months.
• Immediate Value
  Gain instant, out-of-the-box insight into user behavior and stop data loss.

1. Lightweight Agents
   ObserveIT’s software agents monitor and capture key data about insider threats. ObserveIT records user sessions (including screen, mouse, and keyboard activity, as well as local and remote logins) and transmits captured data to the application server in real time.

• • Easy to deploy and manage (silent install, no reboots)
  • Minimal footprint and no impact on performance
  • Ultra-efficient data storage
• OPERATING SYSTEMS
• • Windows
  • Mac OS
  • Linux
  • Unix
• VIRTUALIZED PLATFORMS
• • VMWare
  • Citrix

2. Web Dashboard
   ObserveIT’s web-based dashboard serves as the primary interface point for your organization. ObserveIT enables you to detect insider threats, investigate anomalies, educate and deter users, and protect privacy.  The easy-to-use dashboard also helps satisfy compliance requirements and integrate with other security and logging tools as needed.

• User-friendly design
• Easy-to-configure alerts
• Textual records of user activity
• Session recording and playback
• Valuable analytics and reporting

3. Application Server
   ObserveIT’s application server collects data from agents and delivers it to your web dashboard.  The application server not only communicates actively with our agents, but also delivers configuration updates, monitors system health, and archives data. It can also be used to generate reports.

• Highly scalable
• Deploys quickly
• Small footprint
• Optimized for virtualization

4. SQL Database
   ObserveIT employs Microsoft SQL Server for data storage. This way, we are able to receive data transmitted by agents, encrypt it, analyze it, and generate relevant alerts seamlessly. ObserveIT can also be configured to store video replay screenshots in file system storage.

   With ultra-efficient data storage, ObserveIT uses SQL Server to store:

• User analytics data
• User activity metadata
• Application & configuration data

Use Case

Data doesn’t leave an organization on its own.

Employees, privileged users, and third parties may—intentionally or accidentally—move data to locations where it does not belong. Regardless of intent, data leakage can result in financial, legal and reputational trouble for your organization.

Users may attempt to exfiltrate data using:

• Cloud storage services
• Business, personal or temporary email clients
• Removable media, including USB drives
• Keyboard shortcuts, including copy/paste
• Print jobs
• & Many more vectors

Data leakage often happens on the endpoint without involving your broader network and can thus be quite difficult to identify and stop. This is where ObserveIT shines.

Our Approach

• ObserveIT’s insider threat managementplatform offers visibility into user activity and data movement.
• ObserveIT can detect users attempting to exfiltrate data through any of the vectors described above and provide full context into what has happened, when, and where.
• These capabilities are powered by ObserveIT’s library of 350+ insider threat indicators, built with the guidance of CERT’s Insider Threat Center.

User Activity Monitoring

Your people are your greatest strength, but they can also be your greatest weakness. How will you prevent critical data and assets from being compromised by your users?

To stop insider threats in their tracks, your organization must continuously monitor all user activity.

Use Case

Employees are your business’s lifeblood, and they need access to critical systems and files to do their jobs. To remain secure and compliant, you need to ensure their actions stay within policy at all times, which requires the utmost in granular visibility.

Our Approach

ObserveIT monitors and audits all actions taken by employees on a company’s systems to protect data and reduce risk. ObserveIT identifies and eliminates insider threats from employees and guarantees that your organization has clear visibility into who is doing what, when, and why.

Third-Party Monitoring

Vendors, contractors, and partners can help support your business and create a strategic advantage. Yet, giving third parties access to confidential data and key systems drastically increases the risk of costly data breaches that impact your organization’s reputation.

Are you prepared to mitigate third-party risks?

Use Case

When you bring in third parties like vendors and contractors, you need to ensure their actions stay within policy so that you can remain secure and meet compliance mandates. Logging solutions can’t offer the necessary level of granular visibility.

Our Approach

ObserveIT monitors and audits all actions by third parties, such as vendors and contractors, on a company’s systems to protect data and reduce risk. In doing so, ObserveIT identifies and eliminates insider threats from third parties, including remote vendors, contractors, and partners.

Meet & Exceed Compliance Requirements

Meeting compliance framework and law requirements is a complex and challenging task, but failing can be incredibly costly and damaging to an organization’s reputation.

Continuous user monitoring and real-time incident investigation help your organization meet stringent compliance requirements and ensure sensitive data stays where it belongs – within the organization.

What steps are you taking to ensure compliance?

Use Case

Compliance mandates are non-negotiable for many businesses across a wide range of industries. Whether you are beholden to PCI-DSS, HIPAA, GDPR, or FERPA, you must carefully monitor and respond to insider threats to remain compliant.

Interested to see how ObserveIT can assist with GDPR compliance in particular?

Our Approach

Meet PCI, HIPAA, GDPR, or FERPA compliance requirements with one platform. ObserveIT helps companies protect data and reduce risk while ensuring they meet compliance requirements by offering unmatched visibility into user activity.

MORE USE CASES

• User Activity Monitoring
• Third-Party Monitoring
• Prevent Data Loss
• Incident Response


Incident Response

When an insider threat incident occurs, your organization requires context to investigate and respond quickly and accurately.

Do you have the visibility and evidence necessary to resolve incidents before real damage is done?

Use Case

When an insider threat incident occurs, you need to know exactly where to get context about what happened. However, system, network, and log data can be difficult to sift through. Even with a SIEM tool, it’s challenging to parse data and get the context and visibility needed to respond to incidents effectively.

Our Approach

ObserveIT enables a quick and thorough response to insider threat incidents with complete visibility into user activity. It simplifies and streamlines the investigation process by providing detailed visual captures, precise activity trails, and metadata from your users.

Comparisons to Market Competitors

OBSERVEIT VS VERIATO 360 VS EKRAN SYSTEM^®

User monitoring software is designed to provide full visibility into what specific users are doing, allowing supervisors to assess employee performance and clearly detect any malicious actions. There are many such solutions on the market, each with its own technical approach, feature set, and licensing scheme designed with a specific audience in mind.

In this product review, we compare three alternatives: Ekran System, ObserveIT, and Veriato 360 (formerly Spector 360). We try to determine reasons to choose these solutions, their strong suits, and their drawbacks with an emphasis on highlighting differences between them.

Product Review: Summary

Each of the three solutions in this comparison presents different features and benefits, with each vendor targeting a slightly different audience.

ObserveIT provides large companies with advanced insider threat detection tools, while its high price makes it cost-prohibitive for smaller businesses.

Veriato 360 is an affordable solution that focuses heavily on employee monitoring with the ability to review employee performance data and detect insider threats. But it doesn’t offer much in terms of incident response. Some Veriato reviewers also say that it can have scalability issues with large deployments, and the product impacts server performance.

Ekran System provides a robust and stable feature set for a lower price than ObserveIT, making it an easy recommendation for SMBs and large companies. Its comprehensive user activity monitoring, PAM, multi-tenancy support, action logging, and incident response capabilities make Ekran System a strong Veriato 360 alternative for employee monitoring.

 Market and Focus Overview

ObserveIT, Veriato, and Ekran System are close competitors using the same technical approach. However, each has a different feature set and licensing model that we’ll look at in more detail.

Pricing and Deployment

ObserveIT pricing

ObserveIT is the most expensive of these three solutions. Its price is based on the number of monitored endpoints and includes a fixed management tool fee. The high management tool fee makes deployments costly, which may pose problems for smaller companies with small or medium-sized deployments.

Ekran System and Veriato 360 Pricing

Ekran System provides two types of licenses. The price of the Standard license is based only on the number of monitored endpoints—the same as the Veriato 360 pricing scheme.

Additionally, Ekran System provides an Enterprise license with a pricing scheme similar to ObserveIT, with an additional fixed charge for the management panel. This license offers additional functionality specifically designed for large enterprises, such as SIEM and ticketing system integration, one-time passwords, high availability, and multi-tenancy support.

The Ekran System is the most affordable of the three solutions. Both Ekran System and Veriato 360 feature floating licensing distribution, which allows users to easily transfer licenses between different endpoints.

Additionally, the Ekran System allows for automatic licensing provision, which was specifically designed with virtualization environments in mind. This allows users to maximize the use of a single license by automatically transferring it upon termination of a virtual machine.

Feature and Usage Scenario Overview

Recording Functionality

Ekran System, OvserbeIT, and Veriato 360 (formerly Spector 360) all use a similar agent-based architecture.

They provide video recordings of everything a user sees on the screen without any limitations for any target endpoint where the monitoring agent is installed.

The resulting recordings contain indexed video and searchable metadata, such as

• keystrokes,
• application titles, and
• visited websites.

The main difference between Veriato 360 vs ObserveIT and Ekran System lies in how they treat their data streams. While Ekran System and ObserveIT present video as the main data stream, accompanied by relevant synchronized metadata, Veriato 360 presents all data equally, with video serving mainly as an illustration of the larger metadata.

Incident Response Features

Incident response functionality differs significantly different between Ekran System and ObserveIT vs Veriato 360 (formerly Spector 360).

Alerting

While Veriato features customizable alerts, allowing for efficient insider threat detection, itn’t does not provide much in the form of incident response tools.

Ekran System and ObserveIT, as Veriato competitors, feature comparable alert functionality, including predefined sets of recommended alerts and functionality to develop custom rules.

USB Management

Moreover, Ekran System allows security personnel to automatically (as an alert about a suspicious activity is generated) or manually block users, stopping the current session and preventing them from initiating a new one. It also features automatic USB blocking, which helps to protect from mass storage devices and malware distributed via USB sticks.

ObserveIT, on the other hand, can alert or show a block messaging upon a connection of a mobile phone or USB storage device. When a suspicious event is detected, ObserveIT also allows forcibly message the user and informing them that a specific security policy has been breached. Security personnel can also block a user’s session if necessary. 

Access Management

Veriato, ObserveIT, and Ekran System all allow you to clearly distinguish between users of shared accounts by employing additional authentication measures.

Ekran System offers multi-factor authentication. Additionally, it provides extended access control functionality in the form of one-time passwords and a privileged account and session management (PASM) module.