You cant catchwhat you cant see

Server Activity Surveillance:

www.heyce.com

About Heyce

Heyce Technologies is a diversified security and automation devices manufacturing company, focused on revolutionizing critical data security mechanisms and automating information recording.

As a world leader in automation technology, we integrate technologies and design into customer-centric solutions, based on elemental customer insights, incorporating latest market trends & demands.

Heyce Technologies manufactures industry leading security solutions by integrating innovative and cost effective user identification techniques that deliver beyond customer expectations. Heyce Technologies smart and modern innovations have been deployed and effectively used by every industry verticals ranging from government, semi-government, banks, manufacturing industries, automobiles, police, military, armed forces, airlines, telecommunications, shipping, hospitals, real estate, service providers, hotels, system integrators, to name a few.

We shall remain committed towards environmental sustainability by meeting the needs of today without compromising the ability of future generations to meet their own needs.

Smart User Activity Recordingwith Video Content Analysis Record, Replay, Stream and Search All User Sessions

ObserveITs session recording system captures video of all on-screen activity while users work in Windows, Unix / Linux and desktops with the most advanced technology available. ObserveIT records the activities of remote vendors and internal privileged users, in every application and system area. This allows PCI / HIPAA auditors, system administrators and IT troubleshooters to replay any session, as if someone had been standing over the users shoulder with a video camera in hand.

Video Activity AnalysisWe understand that you don't have the time to watch long & boring Hollywood movie length video of system administrator's sessions. ObserveIT goes far beyond simply recording such on-screen activities. The software transcribes every session into an easy-to-read summary so that watching the video isnt necessary to know what the user did .Clicking on any particular event in the summary launches the video playback from that exact moment.

Furthermore, detailed session data is immediately available for free-text keyword searching. You can search for:

Names of applications run Text typed, edited, pasted, selected, etc. Titles of windows opened Commands and scripts run URLs accessed Checkboxes clicked and much more.

Every resulting search hit is linked directly to the portion of the video where that action occurred! This makes it incredibly easy to find the exact moment that an action was performed from among thousands of hours of video.

Zero-Gap Recording

ObserveIT records and analyzes user activity in every application, Web page and system area, over any connection protocol (RDP, SSH, Telnet, ICA, direct console login, etc.). ObserveIT records sessions in Citrix published applications, Citrix virtual desktops and VMware environments, as well as stand-alone Windows, Unix, Linux desktops and servers.

No other product on themarket offers these must-have user auditing features!

ObserveIT - Redefine User Activity Recording

Do you share Privileged User Accounts?Statistics show that an alarming 71% of data breaches and system failures involve usage of Privileged User credentials. The trouble caused by a privileged user or the generic Administrator is untraceable due to the generous sharing of usernames and passwords among trusted IT users in most companies. If you have this problem or are unaware its occurrence, continue reading

Our Solution: ObserveIT addresses this major unease by implementing Secondary Authentication of Privileged User Accounts. No more finger pointing on who did what and wondering what was the probable cause of outage.

Do you have remote third party vendors accessing your Servers?

Dependability on third-party solution providers is unavoidable as they are responsible to manage system development, deployment and related support. To perform this role, the vendors require privileged access to corporate networks using remote applications. What steps have you taken to ensure sensitive information protection during such remote access?

Our Solution: ObserveIT records and provides precise replay of exactly what took place during each remote user session. As soon as vendors discover that all actions are being recorded, they realize the accountability for their actions. Vendor management thereby becomes a very easy task with ObserveIT.

Log analysis available, right? But have you investigated on the possible loopholes?

We are aware that windows event viewer logs most of the events. But hold on, by looking at event viewer data, can we analyze what was done few minutes ago? SIEM technology tool analyses these events to produce technical debug logs. But what about applications that do not generate logs? Example, admin tools like Registry Editor, SQL Manager, Toad, Network Config etc.; desktop applications like Firefox, Chrome, IE, MS Excel, Word, Outlook, Skype etc.; remote & virtualization applications such as Remote Desktop, VMware vSphere etc.; text editors such as vi, Notepad etc. do not produce any logs.

Our Solution: ObserveIT not only generates human understandable textual logs for applications with and without logs, but also attaches related video to them, thereby avoiding all usual blind-spots that render traditional log analysis tools inadequate.

Are your compliance norms met?Corporate compliance controls require documentation of exactly what takes place on each critical server, and also to be able to explain why every action was necessary. Compliance is about people and to make sure that you know every action that people do which impacts sensitive data.

Our Solution: ObserveIT offers the following benefits for Security Compliance Regulators:

Audit people, not just apps - Cover actual user activity, not just the resulting data impact. Provides precise root cause analysis

Total application coverage - Flexible solution that is agnostic to application and protocol, eliminating need for app-specific solutions

We grow with your growth - We cover your needs even as you add new applications to your production environment

Reduced costs and ease of use - Lower resource commitment for generating compliance reports: Less effort, with faster turnaround time

Bulletproof - Unequivocal audit trail of user activity, guaranteeing authentication and non-repudiation

Precise user identification - Tie each activity to a specific user, including identity of generic "administrator" users

Salient Features

Complete Control

Record, Replay, Stream

Effective Identity Management

Active Vendor Management

Real Time Playback

Cutting-edge Scalability Multi-Platform Support (Including

Windows, Linux, Unix, Citrix, VMWare)

SIEM Integration

System Monitor Integration

Ticketing System Integration

Comprehensive Security Dual Password Session Playback Privacy

Granular User Permission

Identity Theft Detection

Active Watchdog Mechanism

Effective Analysis Video Activity Analysis

DBA Activity Audit

Threat Detection

Customized Recording Policies

Detailed Logging Intelligent Audit Logs

Advanced Key-logging

Generate Logs for Applications without Logs (E.g. Notepad, SQL Manager, Registry Editor Etc.)

Advanced Reporting Automated Report Generator

Fully Customizable Reports

Policy Messaging

Lower Cost with Rapid ROI

No Additional Hardware

Cost-effective Deployment Scenarios

No Changes in Existing IT Infrastructure

Easy Implementation

Relatively Small Footprint

Increased Productivity due to Decrease in System Availability Issues

No time to watch videos?Having recorded video of all on-screen activity is important, but what makes it really valuable is having a quick and easy way to find exactly what you are looking for in any video and across all recorded videos. Trying to find one important moment within hundreds of hours of video is worse than trying to find a needle in a haystack.

Our Solution: ObserveIT provides priceless video activity analysis. Along with the screen video, ObserveIT has sophisticated capabilities to generate textual activity data of visible every action performed by users via mouse or keyboard including information about the context in which they occurred.

To sum up, it is just logical and prudent to entrust the optimum utilization of your network with no compromise on security.

Verizon Report

Discovery methods

This report shows that only 1% of overall data breaches are discovered by log analysis! Why? Because system logs are built by DEVELOPERS for DEBUGGING and not by SECURITY ADMINS for SECURITY AUDIT.

ObserveIT gives you human readable textual logs with related videos attached to it!

y

This report shows that only 1% of overall data breaches are discovered by log analysis! Why?

Top 20 threat actions by victim region across 47,000+ security incidents

As the report shows, highest number of security incidents occurred in EMEA!

p y g y

As the report shows highest number of security incidents occurred in EMEA!

What does ObserveIT record?

Login to application Delete file Change password Start SAP transaction View Customer Detail page in CRM

Open specific URL

Access shared folder Edit system files Change OS setting Send Email Run a query on SQL Server or Oracle Database

Download file from the internet Capture a printscreen image Send files to FTP Server Open Visual Studio to change source code

and more...

See exactly what users are doing!

With so many privileged vendors accessing our

servers, it can be difficultto keep an eye on whos

doing what.Isaac Milshtein, Pelephone

Solution BenefitsBulletproof Legal Evidence - Reduce the risk of misaligned client-vendor interests by capturing bulletproof legal evidence of all vendor activity. Video replay can be used during litigation or to eliminate the need for legal action.

Third Party Monitoring - Know exactly what 3rd party vendors are doing on your servers. Improve security and ensure transparent billing validation.

Compliance Report Automation - Track every access to corporate servers and databases, with detailed usage reporting and total application coverage.

Managed Services Monitoring - Transparent accountability reporting of all outgoing support sessions provides provable SLA validation and decreased support costs.

Root Cause Analysis - Achieve fast troubleshooting when you discover the root cause of system config changes. Establish business intelligence with focused navigation and video playback.

OEM Software Integration - Add session recording features to your own commercial software products or custom enterprise applications.

Who Benefits from ObserveIT?Even though the benefits of ObserveIT are immeasurable, we list a few general utilization arenas...

Compliance Officers can incorporate ObserveIT in their reporting process IT Managers can streamline troubleshooting ISVs can integrate ObserveIT into their software products, to add screen recording functionality Managed Services providers can embed ObserveIT into their IT service offerings, to strengthen reliability and SLA

What you will miss without ObserveIT:

Precise indication of changes within files

E.g. File system audit shows that web.config was changed. ObserveIT shows exactly which key was edited: DBA changed the connection string key.

System changes driven by UI action

E.g. A single checkbox in a properties window can generate dozens of changes in multiple config files. ObserveIT shows the exact action that caused the change, not the reverse-engineering of file changes.

Copy / Export / Screen Capture

E.g. ObserveIT captures every on-screen activity, including copy / paste.

ObserveIT Feature ListRecord & Replay Windows, Unix and Linux Sessions - Exact video playback of every session, including mouse movements, UI interaction, command line interaction, text entry and underlying system calls. Simple playback and navigation of recordings.

Privileged User Identification - Add additional level of system access control for sensitive resources. Require shared-id users (e.g. administrator) to add secondary login credentials. Manage users locally or tie in to Active Directory.

Intelligent Metadata Text Log - Captures details about each user action: Application name, User name, Server, Window title, File or Resource accessed, underlying system calls. Interactive drill down and fast navigation eliminates the need to replay hours of video to find what you need.

User Messaging - Send policy and status updates to each user exactly as they log in, ensuring that corporate standards are understood and acknowledged.

Real-time Playback - Session recordings are immediately available once session begins. View session activity "on air", while users are still active.

API Interface - Control the ObserveIT Agent via scripting and custom DLLs from within your corporate applications. Trigger recording activity based on process IDs, process names or web URLs.

Report Generator - Use our pre-built audit reports, or create your own custom reports. Schedule reports to run automatically for email delivery, or run ad-hoc and export to Excel or XML.

Complete Coverage - Agnostic to network protocol and client application. Captures all remote and console sessions: SSH, Telnet, Terminal Services, Citrix, Remote Desktop, PC-Anywhere, VMware, VNC, Dameware and more.

System Monitor & Ticketing System Integration - Instant replay from within network management (SCOM, Unicenter, Tivoli, OpenView and more). Real-time alerts on any user action (file access, network share, registry edit, URL access), Ticketing System Integration etc.

Robust Security - Agent-Server encryption, Digital Signatures and Watchdog mechanism ensure the highest security and reliability.

Recording Policy Rules - Granular include / exclude policy rules to set recording rules per server, user / user group or application.

Pervasive User Permissions - Granular permissions and access control affects all content access, satisfiying all regulatory requirements.

Small Footprint - Ultra-efficient data storage: Less than 250GB/year for high-usage, 1000 server environment. Minimal Agent CPU utilization: 0% CPU when no console active, 1%-2% CPU, 10 MB RAM during session).

How ObserveIT Works

Identify: ObserveIT identifies all remote and terminal users

As soon as a user starts a session (using any connection protocol), ObserveIT identifies the precise user id. Shared users (e.g. "administrator") must provide secondary credentials of a specific named user.

Record: ObserveIT records every user action

ObserveIT captures a video recording of every user action. Exact visual capture of each UI action is recorded, plus textual metadata info about each action. Each change in UI appearance generates a new image capture. Metadata captured includes application names, files and resources affected and more.

Report: ObserveIT produces pre-built and customizable compliance reports

Authorized users can access the audit recordings any way they wish. Ad hoc searching for relevant sessions, automated canned reports, textual summaries and full video replay are at your fingertips.

ObserveITs Unique Advantage:Video + Metadata places all the intelligence at your fingertips

ObserveIT lists every user session

Exact video playback

Within each session, details of every action taken

For each command, a detailedlist of system calls

List of each usercommand

Exact video playback ofcommand prompt screen

Windows Session:Metadata + Video

ObserveIT captures Window ttle, Applicaton name, files opened, URL accessed, UI element selecton and text entry

Unix/Linux Session:Metadata + Video

ObserveIT captures shell logins, including all command line activity and system calls. (if user types rm*, ObserveIT captures each file name that is deleted.

ObserveIT Architecture

The ObserveIT Agent is installed on each monitored server. The Agent captures data (screenshot and metadata) for every user action. Metadata includes info on the state of the operating system and the application program being used, which allows ObserveIT to precisely identify what the user is doing. By default, the Agent communicates with the Management Server via TCP port 4884. All content is encrypted. The Agent architecture includes a Watchdog service to prevent it from being shut off.

The ObserveIT Management Server is an ASP.NET application in IIS that collects all data delivered by the Agents, where it is analyzed and sent to the Database Server to be stored and indexed. The Management Server communicates with the Agents for every configuration update. It also can integrate easily with LDAP for user validation, with SIEM to link video replay from within textual log file listings and with Network Management systems to allow system alerts and updates based on user activity.

The ObserveIT Web Console is an ASP.NET application in IIS that serves as the primary interface for accessing information (video replay, reporting, etc.) in ObserveIT. It is also used for configuration and administration tasks. Config data is also stored in the Database Server. The Web Console includes granular policy rules for limiting access to sensitive data.

The Database Server is a Microsoft SQL Server database that stores all configuration data, metadata and screenshots captured by ObserveIT Agents. Both the Management Server and Web Console apps connect via standard TCP port 1433.

Each of the three server applications can be installed on a single machine or distributed for performance and security considerations.

Deployment ScenariosObserveIT can be deployed in a number of different methods, as highlighted below.

The different methods are not mutually-exclusive, allowing for a hybrid deployment

when desired.

Standard Agent-based Deployment (Servers and Desktops) (Fig: 1)

The standard method of deployment involves deploying the ObserveIT agent

on each machine to be monitored.

An agent is installed on each machine that is being monitored, which captures

activity on the machine and feeds the video / log data to the management

server.

Jump Server Gateway (Fig: 2)

In this scenario, the ObserveIT Agent is only deployed on a gateway machine.

Users are routed via this gateway, and thus ObserveIT still records all user

sessions in which the user connects through to another target machine via RDP,

SSH or other protocol.

ObserveIT does not record any user session in which a user logs on directly to the target

machine (via local console login, or via direct RDP/SSH/etc. window that isnt routed via

gateway.) Also, the amount of textual metadata captured is less than that for a full agent

deployment scenario, due to the fact that the ObserveIT Agent on the gateway does not have

access to OS specific info on the target machine. (e.g. Cannot see the name of a file opened

within an RDP window.)

Citrix Server for Published Applications (Fig: 3)

The ObserveIT Agent can also be deployed on a Citrix Server, in order to

record all activities that take place within published applications served by

the Citrix machine.

Hybrid Deployment: Agent-based + Gateway (Fig: 4)

ObserveITs allows you to deploy any combination of these architectures

simultaneously. A gateway can be used for full network coverage, providing

an audit of all activities for the majority of users who are routed via the

gateway. Then, agents can also be deployed on specific sensitive servers

that require a more detailed audit, including any logins performed by

highly-privileged users who have direct access to the machine.

CitrixServer Server

ObserveITAgent

ObserveIT Management Server

Published Apps

Remote Access

Fig: 1

Fig: 2

Fig: 3

Fig: 4

A Selection of ObserveIT Customers

"As soon as vendors discovered that all actions are being recorded, it became much easier to manage them."

Moti LandesIT Div. CISO

"Not only was ObserveIT able to record every single user session on the servers, the recordings are also fully indexed, allowing me to zoom in on areas of interest."

Robert Ng Siemens

"To be able to keep track of what admins have done and why, the product is amazing. Trust and be able to verify is essential approach in IT work in these times."

Timo KnuutilaPro-Support Enterprise Senior Technical Analyst at Dell

"We used ObserveIT to monitor administrator activity. We started with a few agents then when we saw the product kept the promises made, we delivered ObserveIT to our entire server farm. Nowadays compliance is really a challenge, ObserveIT helps on transforming the challenge in to a successful story."

Gianfranco BalleriniICT Infrastructure Manager at ING Lease

DUBAI: Tel. : +971 4 238 4895 Fax : +971 4 238 4896JEBEL ALI: Tel. : +971 4 887 3884 Fax : +971 4 887 3886Email: observeit.mena@heyce.com Web : www.heyce.com

Security Camera For Your Servers