User Activity Monitoring

ObserveIT Enterprise

ObserveIT is a powerful monitoring and detection solution that is designed for use in multi-server enterprise environments. It provides visibilities into user activities such as Microsoft Terminal Services and Citrix, without requiring any architecture changes.

When remote vendors, system administrators and business users access your network, you need the full picture of what really happened. ObserveIT gives you video playback of user actvity, tied directly to your event logs. Even a detailed log entry of file change timestamps is not enough. Did the user Copy/Paste data? Edit XML elements? Change an Excel formula? ObserveIT shows you precisely what was done.

products_howitworkspic

Method

Identify: ObserveIT identifies all remote and terminal users

As soon as a user starts a session (using any connection protocol), ObserveIT identifies the precise user id. Shared users (ex: ‘administrator’) must provide secondary credentials of a specific named user.

Record: ObserveIT records every user action

ObserveIT captures a video recording of every user action. Exact visual capture of each UI action is recorded, plus textual metadata info about each action. Each change in UI appearance generates a new image capture. Metadata captured includes application names, files and resources affected and more.

Report: ObserveIT produces pre-built and customizable compliance reports

Authorized users can access the audit recordings any way they wish. Ad hoc searching for relevant sessions, automated canned reports, textual summaries and full video replay are at your fingertips.

Technology

Core Architecture

The ObserveIT Agent is installed on each monitored server. The Agent captures data (screenshot and metadata) for every user action. Metadata includes info on the state of the operating system and the application program being used, which allows ObserveIT to precisely identify what the user is doing. By default, the Agent communicates with the Management Server via HTTP POST (TCP port 80). All content is encrypted. The Agent architecture includes a Watchdog service to prevent it being shut off.

The ObserveIT Management Server is an ASP.NET application in IIS that collects all data delivered by the Agents, where it is analyzed and sent to the Database Server to be stored and indexed. The Management Server communicates with the Agents for configuration update. It also can integrate easily with LDAP for user validation, with SIM to link video replay from within textual log file listings, and with Network Management systems to allow for system alerts and updates based on user activity.

The ObserveIT Web Console is an ASP.NET application in IIS that serves as the primary interface for accessing information (video replay, reporting, etc.) in ObserveIT. It is also used for configuration and administration tasks. Config data is also stored in the Database Server. The Web Console includes granular policy rules for limiting access to sensitive data.

The Database Server is a Microsoft SQL Server database that stores all configuration data, metadata and screenshots captured by ObserveIT Agents. Both the Management Server and Web Console apps connect via standard TCP port 1433.

Features

Record and Replay Windows Sessions

• Record and Replay Unix/Linux Sessions

• Privileged User Identification

• Intelligent Metadata Text Log

• User Messaging

• Real-time Playback

• Agent API Interface

• Report Generator

• Complete Coverage

• System Monitor Integration

• Robust Security

• Event-Driven Rules

• Pervasive User Permissions

• Small Footprint

Benefits

Bulletproof legal evidence – Reduce the risk of misaligned client-vendor interests by capturing bulletproof legal evidence of all vendor activity. Video replay can be used during litigation or to eliminate need for legal action.

Increased self-reliance – Video recordings document all vendor activity, allowing you to reduce reliance and dependency. Eliminate the ‘mystery’ and know what they do. Improve flexibility when ending contracts, adjusting agreements or setting SLA expectations.

Improve in-house knowledge – An indexed database of user session recordings becomes a best-practices repository for critical business operations.

Overcome poor communications – Reduce the need for verbal descriptions, hand-holding, and email explanations: 30 seconds of video explains more than hours of training, phone calls and emails.

Reduce geopolitical risks – Your business is exposed to risk if security or political events prevent off-shore vendors from providing services. Video playback of prior activities provides path for temp/emergency staff to step in mid-stream. Enhance your System Management infrastructure – Tie a precise video replay to every textual log entry in your SIM log management

Immediate Compliance for all new apps – Every new app (ex: customized CRM module) is automatically monitored and ready for compliance auditing. No need to modify code / config to achieve log requirements.

Desktop Auditing – Monitor all user actions, even if they are only working on their own Desktops, without touching corporate servers.