ObserveIT v5.6: What’s New
At a GlanceObserveIT Enterprise v5.6 includes many new levels of protection. The most noteworthy new capability is groundbreaking solution for catching incidents of identity theft.
New Feature: Identity Theft Detection
Adding new strength to ObserveIT's Identity Management SuitePrevious versions of ObserveIT included shared-user identification, to tie generic 'administrator' sessions to specific named users. This v5.6 release now augments our Identity Management Suite by providing identity theft detection schemes.
A new approach for controlling Identity TheftObserveIT's new Identity Theft Detection module brings a brand new approach to preventing and discovering incidents of stolen privileges. Today, security officers provide users with tools and education on how to protect their identity (ex: Two Factor Authentication, Password complexity and reset rules, etc.) But once an identity is stolen, there are no tools that can identify or track the incident the incident. The responsibility for detection lies entirely on the security officer.
How it Works
For each monitored server, ObserveIT keeps track of authorized/confirmed pairings of userids and client machines. If a user logs in to a server from a client that s/he is not already paired with, an email is sent to the user. For example:
- A hacker steals a password and logs in from a remote machine. An email is sent to the user saying "The user 'johnsmith' just logged in to server WEBSRV-PROD from unauthorized IP address 188.8.131.52. Please confirm that it was you who performed this action."
- An internal user steals the administrator's password and logs in to a server from her own desktop, generating email "The user 'johnsmith' logged in to server DBPROD-4 from unauthorized desktop KATHY-DSKTP. Please confirm that it was you who performed this action."
New Feature: Interacting with and Locking of Active Sessions
With ObserveIT, you have the ability to view live user sessions in real-time. Now starting with v5.6, you also have the ability to interact with this session:
- Send a message – Allows you to actively send an important message to the user, for training purposes or for security warning purposes. (ex: "You should not be running SQL Queries on the production database").
- Lock a session – If you observe that the user in an active session is breaking policy rules, you can simply force user desktop lock by clicking on the Lock Session icon.
New Feature: Session Storage Integrity ProtectionIf the data integrity of the ObserveIT database storage is violated (ex: if a dba succeeds in deleting an enciminating screenshot from within the entire collection), ObserveIT will now provide a warning indicator within the web console.
Data storage protection has also been enhanced for exported off-line recordings, in which all off-line data is encrypted.