WHAT S NEW IN OBSERVEIT 5.8 ObserveIT 5.8 delivers a range of enhancements aimed at more efficiently supporting the monitoring of business users. Risky user behavior is behind the majority of breaches and security incidents happening today. When approaching the problem of user based risk, we tend to think about privileged and IT users. However, Business Users - those with access to business applications account for 84% of breaches. With business users out numbering IT users by 1 to 20, monitoring the business users requires scale and performance that can address the number of concurrent sessions and the volume of recorded activity efficiently. It is also critical to enable security automation that would handle the large quantities of data. Another important aspect to consider with business user monitoring is privacy. With permissive BYOD policies and the general blurring of the lines between business and personal information, Business users introduce personal and private information to their workspace. It is imperative for a user activity monitoring solution that addresses the business users to respect their privacy and comply with workplace privacy laws and regulations. 1. SYSTEM HEALTH MONITORING ObserveIT 5.8 includes comprehensive monitoring of all system components, providing administrators with a highlevel overview of system health, along with drill-down capabilities to quickly investigate any issues. A new Administrative Dashboard presents administrators with an overview of the most important system components and any issues requiring attention, such as communication faults, data loss, dwindling disk space, or Agent tampering. Most dashboard elements can be clicked to drill down into the details of that element. ObserveIT WHAT S NEW IN OBSERVEIT 5.8 1
It is easy to drill down from the Dashboard to the affected entity, and then directly to the individual events that led to any particular problem. Additionally, the status of the most important elements is highlighted in a minidashboard that appears at the top of every ObserveIT page, providing immediate drill-down to more details: Email alerts can be configured to inform administrators of critical issues in real time. Links in the email lead directly to the ObserveIT Web Console for further information or investigation. ObserveIT WHAT S NEW IN OBSERVEIT 5.8 2
The following types of system events are covered by the new dashboard, they can be included in email alerts and they can be integrated within a third-party SIEM system via simple integration: Agent or Service killed or stopped Agent went offline, lost data or experienced communication problems Agent tampered with Agents installed and uninstalled Application Server went offline Relevant events are also incorporated in other parts of the ObserveIT Web Console, such as the Servers List and System Events pages. The Servers List now includes specific Status details (with mouse-click drill down), and provides filtering of the list by Status. ObserveIT WHAT S NEW IN OBSERVEIT 5.8 3
2. ENHANCED PERFORMANCE IN VERY-LARGE-SCALE DEPLOYMENTS A wide range of performance improvements have been implemented in version 5.8: The Application Server can process 5X more concurrent requests. The capacity of individual ObserveIT databases has been significantly increased. User activity metadata is stored more efficiently. Search response times have been improved. The archive process is faster. 3. CONFIGURATION CHANGE AUDITING ObserveIT now provides detailed auditing reports of all critical changes made from within the ObserveIT Web Console, such as changes to recording policies and Agent configuration. These reports are valuable for security auditing and change management. ObserveIT WHAT S NEW IN OBSERVEIT 5.8 4
4. NEW CONFIGURATION-ONLY ADMIN ROLE ObserveIT now offers a Configuration-Only Admin role that allows administrative access to the Web Console without any possibility of reviewing user activity logs or screen recordings. Configuration-Only Admin users can only access certain configuration areas, and can only manage other Configuration-Only Admin user accounts. 5. IMPROVED UNIX/LINUX PACKAGING AND INSTALLATION A single installation utility now covers every supported Unix/Linux platform. The installation/uninstallation utility can now be run in an interactive mode (silent mode still available). A password can now be required to install/uninstall an Agent. All Agent installation files are now centrally located. The Agent installation path is now configurable. ObserveIT WHAT S NEW IN OBSERVEIT 5.8 5
6. NEW RECORDING OPTIONS Continuous Recording Until version 5.8, screens were only recorded when some user activity was detected. A new recording option now provides screen recording every x seconds, even when no user activity is occurring. This is useful to observe sessions containing lengthy screen output, automated activity, and other scenarios. Recording SFTP Unix sessions SFTP sessions to Unix/ Linux machines are now recorded, logged, searchable, and alert-configurable, just like SSH sessions. 7. SIEM INTEGRATION VIA DATABASE API Until version 5.8, integration of ObserveIT data with third-party systems (for example, SIEMs) was accomplished via the exporting/importing of log files at timed intervals. For real-time event processing, ObserveIT now provides an API to its database. Third-party systems can now retrieve the following types of data directly from ObserveIT s database: User Activity DBA Activity Session Activity Alerts System Events ObserveIT WHAT S NEW IN OBSERVEIT 5.8 6
8. NEW SUPPORTED PLATFORMS Solaris 11, update 2; 32/64-bit or Sparc RHEL/CentOS 5.11 32/64-bit RHEL/CentOS 6.6 32/64-bit Oracle Linux 5.11 32/64-bit Oracle Linux 6.6 32/64-bit The complete list of supported platforms can be seen on the Supported Platforms page. Note: The following platforms are being deprecated as of version 5.8. This means that Agents running on these platforms will continue to function within an ObserveIT deployment, but that new Agent versions (5.8 and later) will no longer be developed. Solaris 9 Solaris 10 update 6 and below RHEL/CentOS 5.5 and below Oracle Linux 5.5 and below AIX 5.3 SLES SuSE 10 SP3 and below ObserveIT WHAT S NEW IN OBSERVEIT 5.8 7