Organizations with very sensitive data don’t merely have tough network security gear; they may also go so far as recording every keystroke employees enter and monitoring for suspicious activity.
One supplier is Boston-based ObserveIT, which on Monday released version 5.7 that now includes the ability to send email alerts to responsible IT staff for investigation.
Until now ObserveIT has been used for investigation and forensics after suspicious or actual malicious activity has been detected, Dimitri Vlachos, the company’s vice-president of marketing, said in an interview.
“Now it’s not just reacting to what happened; with analytics and alerting we can notify security teams right away.”
The alert includes a hyperlink to a video recording a person’s keystrokes as well as to a searchable log of recent user activity.
Canadian customers include Avaya Canada. The company said a Canadian bank, a telco and a utility are also customers, but they can’t be named.
Other end user monitoring software (sometimes called privileged identity management) companies in this market include SpectorSoft’s Spector 360 Recon, BalaBit, BeyondTrust, CA Technologies’ Centrify, Aternity, Knoa Software, Nexthink, NetWrix User Activity Video Reporter, InterGuard and CyberArk. These and other solutions can be set to monitor only privileged accounts that have access to sensitive data or more broader monitoring.
Also new in version 5.7 is
— native integration of ObserveIT data into Hewlett-Packard’s ArcSight security information event management suite;
–new data recording policy for Unix/Linux systems, giving administrators greater control of how much data is recorded during user sessions, and how much memory is used;
— support for user activity monitoring on 64-bit Debian 6 and Debian 7 machines.
ObserveIT lets administrators search activity logs for when an individual signed into a system, what was happening on a particular PC, server or application – viewing sensitive information, changing a user privilege, installing new software, changing configuration files. Administrators can act in a number of ways, including kicking the user off the network.
Vlachos said agent-based ObserveIT only takes up to a two-per cent hit on system performance.
The solution, sold direct from the company, is priced by the agent. There are agents for desktops, servers, Citrix and others.