Privileged User

Third Party Vendor

Business User

Banking / Finance Healthcare / Insurance Telecommunications

ObserveIT User Group: Cyber Security Division ObserveIT User Group: Information Security ObserveIT User Group: Enterprise Architecture
- Monitors 1,600 privileged users who access databases and extract sensitive data - Monitored over 2000 employees and 25 critical applications - Monitoring Unix/Linux sessions specifically mapped to PCI compliance
- Monitors remote vendor activity to verify they stick to service level agreements - Tracked changes to insurance claims and data movement to external drives - Focused on activities including escalating privileges and new user creation
- "The best forensic tool for Citrix VDI sessions" - Built automated reports to track any offshore vendor activity on critical servers - No other platform shows scripts and processes that are triggered by Linux sessions

ObserveIT User Group: Technical Support ObserveIT User Group: Information Security ObserveIT User Group: Infrastructure
- Monitors over 100 shared user accounts during Unix / Linux sessions - PHI protection/monitoring critical business applications (PeopleSoft etc.) - Currently deploying to track all HTC contractor access and sessions
- Investigates suspicious behavior such as running SUDO (super user) commands - Focused on applications that don't have own logging capability due to visibility gap - Access is restricted to Citrix terminal servers where all activity is monitored
- "We provide forensic visibility w/in Linux that’s unlike any other tool" - "We love the ability to maintain user privacy in apps like BoA and Gmail" - Needed proof of monitoring capabilities from Canadian government mandate

ObserveIT User Group: Infrastructure ObserveIT User Group: Information Security ObserveIT User Group: Network Infrastructure
- Troubleshooting when issues occur during third party access - Capturing all outside vendor actions when interacting with PHI data - Mandatory company policy to monitor all third party activity on VDI sessions
- Use us to avoid any "finger pointing" from 20+ vendors and contractors - Vendors have constant access to over 100 servers - Track specific vendor file access, configuration changes that are made
- "One click investigations make this incredibly easy" - They were using Symantec DLP but nothing gave them visibility like ObserveIT - Love the ability to search for specific users and date / time stamps

ObserveIT User Group: Information Security ObserveIT User Group: Enterprise Computing Services ObserveIT User Group: Information Security
- 70 outside contractors only use desktops with OIT installed - Monitoring Siemens remote vendors and privileged user activity on critical servers - Monitoring remote vendor sessions within secure environments hosted by Citrix
- Have caught several contractors lying about total hours worked - Set up alerts and report for when servers or applications go down - Smart Auditor was not a robust enough platform to handle security requirements
- Created reports whenever privileged users try to stop key services running on servers - Smart Auditor also very clunky, not well supported by Citrix. Just an add on feature

ObserveIT User Group: Information Security ObserveIT User Group: Information Security ObserveIT User Group: Network Infrastructure
- Monitors 200 IT users who can access or modify any critical banking application -Need to monitor any access to PCI data, specifically vendors that are making config changes - Their clients have mandate to record any interactions with their data
- Used to comply with FDIC audits and reduces audit times by 5x - Most concerned around investigating fraud incidents - Uses ObserveIT metadata reports and screen captures to verify data integrity
- "The fact that we can audit activity within any application is incredible" - No other product could provide this visibility on Linux / Unix servers - "ObserveIT helps us acquire new client relations due to these safeguards."

Other (Government / Technology / Casino) Retail / Media

ObserveIT User Group: Information Technology ObserveIT User Group: Infrastructure
- Monitoring server activity such as restarting servers, escalating privileges - Monitoring 400 Citrix TS servers for privileged user activity. User sessions fed into Splunk
- Previous internal audits showed gaps in monitoring cloud-based application activity - Use ObserveIT to identify root cause when apps get shut down, malware is downloaded
- ObserveIT helps fulfill key audit requirements for SOX, PCI and SSAE - "It's the best tool to gain visibility & run a fast investigation, especially for Citrix XenApp"

ObserveIT User Group: Information Technology ObserveIT User Group: Compliance and Security
- Monitoring contractors on Windows Servers & Linux/Unix - Specifically monitoring database access, change control for SOX compliance
- They had an incident on a server that wasn't covered making investigation painful - Specific high risk actions include privilege escalation, new user creation, system tampering
- "The ability of the tool to show exactly vendors are doing is unparalleled." - Also concerned with shared account hopping and large file copy events

ObserveIT User Group: Information Technology ObserveIT User Group: Information Services
- Requirement to monitoring all employees that have access to PII in hosted apps - Auditing access to HR files, folders and applications hosting PII data
- Need to know where PII data is moving via print jobs, USB access and downloads - Real time alerts set on out of policy behavior (USB activity, large copy/paste)
- "Ease of use is huge benefit. Only takes one "non-technical" person to run ObserveIT" - Highest priority target is authorized users snooping and sharing client information

ObserveIT User Group: Information Security ObserveIT User Group: Information Technology
- Court system requires monitoring of all government employees and officials - Monitoring 1,800 business user VDI sessions through Citrix
- Discovered priv users harvesting passwords, pirating movies, creating backdoor access - Had incidents with data fraud in the past with no way to investigate what was occurring
- "The best tool for full visibility and quick investigations." - OIT forensic capability works exactly as intended - ensures nothing suspicious is happening

ObserveIT User Group: Infrastructure ObserveIT User Group: Information Security

- Gaming Commission requires remote vendor keystroke logging - Monitoring business users that have access to critical apps that relate to process support
- Specific date to be collected includes access date, time, server name, support case ID - Most concerned around users that access IP and customer information
- "OIT has helped reduce time and stress from the monthly audits." - Target specific users with poor performance reviews, 2 weeks notice, & pending layoffs.