ObserveIT v5.6: What’s New

At a Glance

ObserveIT Enterprise v5.6 includes many new levels of protection. The most noteworthy new capability is groundbreaking solution for catching incidents of identity theft.

New Feature: Identity Theft Detection

Adding new strength to ObserveIT's Identity Management Suite

Previous versions of ObserveIT included shared-user identification, to tie generic 'administrator' sessions to specific named users. This v5.6 release now augments our Identity Management Suite by providing identity theft detection schemes.

A new approach for controlling Identity Theft

ObserveIT's new Identity Theft Detection module brings a brand new approach to preventing and discovering incidents of stolen privileges. Today, security officers provide users with tools and education on how to protect their identity (ex: Two Factor Authentication, Password complexity and reset rules, etc.) But once an identity is stolen, there are no tools that can identify or track the incident the incident. The responsibility for detection lies entirely on the security officer.

How it Works

Security Verification

For each monitored server, ObserveIT keeps track of authorized/confirmed pairings of userids and client machines. If a user logs in to a server from a client that s/he is not already paired with, an email is sent to the user. For example:

  • A hacker steals a password and logs in from a remote machine. An email is sent to the user saying "The user 'johnsmith' just logged in to server WEBSRV-PROD from unauthorized IP address 11.22.33.44. Please confirm that it was you who performed this action."
  • An internal user steals the administrator's password and logs in to a server from her own desktop, generating email "The user 'johnsmith' logged in to server DBPROD-4 from unauthorized desktop KATHY-DSKTP. Please confirm that it was you who performed this action."
The user can either confirm or deny that this was his action. In parallel, an event is logged for the administrator to track and monitor unauthorized pairings. Granular security rules can be applied to specify how to manage each user confirmation.


New Feature: Interacting with and Locking of Active Sessions

Interacting with and Locking of Active Sessions Interacting with and Locking of Active Sessions

With ObserveIT, you have the ability to view live user sessions in real-time. Now starting with v5.6, you also have the ability to interact with this session:

  • Send a message – Allows you to actively send an important message to the user, for training purposes or for security warning purposes. (ex: "You should not be running SQL Queries on the production database").
  • Lock a session – If you observe that the user in an active session is breaking policy rules, you can simply force user desktop lock by clicking on the Lock Session icon.


Session Storage Integrity Protection

New Feature: Session Storage Integrity Protection

If the data integrity of the ObserveIT database storage is violated (ex: if a dba succeeds in deleting an enciminating screenshot from within the entire collection), ObserveIT will now provide a warning indicator within the web console.
Data storage protection has also been enhanced for exported off-line recordings, in which all off-line data is encrypted.

Session Storage Integrity Protection

New Feature: System Alerting Platform

The ObserveIT web console now also includes an alerting platform for managing system events. This platform indicates any events related to Identity Theft detection and agent/appserver/web console system health checks, and allows for sending emails and tracking follow-up status. The alerting platform will continue to expand in all future versions to include various user-activity specific alerting.

Feature Additions and Upgrades

Mandatory user confirmation of policy messages

Mandatory user confirmation of policy messages

ObserveIT’s Policy Messaging feature gets a new boost of enforcement in version 5.6. As in previous versions, policy update messages are presented to the user immediately upon login. But now, users can no longer access the desktop in any manner until they provide confirmation that they received the policy message. Furthermore, you can require the user to enter confirmation text within the policy alert. (ex: Support Ticket #, "I agree" confirmation, etc.)

Searching and Playback of Archived sessions

Searching and Playback of Archived sessions

ObserveIT's database archiving capabilities are even more beneficial in v5.6, with the new ability to perform searching and even to launch video playback straight from the archive.

User Recording Policy based on AD groups

User Recording Policy based on AD groups

Recording policies now have greater flexibility. In v5.6, you can specify include/exclude rules on any recording policy based on AD groups, in addition to the user, server, and application rules previously available.

Session timeouts for all user sessions (Unix and Windows)

Session timeouts for all user sessions (Unix and Windows)

Enforcing session time-out (and thus locking of desktop) is now available across every Agent OS platform.

Auditing of Failed ObserveIT Logins

Auditing of Failed ObserveIT Logins

ObserveIT's self-auditing now also will capture failed login attempts. Because security incidents are often preceded by an increased brute-force login attempts, this feature gives an important added layer of security self-audit protection.

Direct URL access for video replay within text log

When integrating ObserveIT's text logs to integrate into SIEM, Network Management and alerting platforms, you can make use of a direct URL link to launch video replay.

Support for AIX 5.3, RHEL/CentOS 5.7, 6, Ubuntu 10.4 and Solaris 10U10

ObserveIT v5.6 adds Agent support for AIX 5.3 and the latest RHEL,CentOS, Ubuntu and Solaris OS releases.

close