Presented by Snir Hoffman

Who is AIG? Journey to User Activity Monitoring Brief Introduction to ObserveIT 5.7 Q & A

AGENDA

WHO IS AIG?

Over 88 million customer

64,000 employees worldwide

AIG Israel has 1,000 Employees

Infrastructure Architect

A loyal customer for 2 years

WHY USER ACTIVITY MONITORING?

“Requirement 10: Monitor Access to Network Resources and Cardholder Data”

“Requirement 12: Maintain Policy that Addresses IT Security for all Personnel”

Bought it for PCI Compliance

Initially “Set it and forget it”

Was our “insurance policy”

OUR PCI REGULATED ENVIRONMENT 40+ Servers / 10+

Desktops

All PCI providers get a virtual Citrix workstation with minimal applications

Try to minimize RDP access and usage

FIRST INSURANCE CLAIM:PRODUCTION ISSUE Discovered that a config

file was changed, but didn’t know who or why?

Went to all our vendors and they all said they didn’t do it.

ObserveIT showed definitive proof of who did what

EXPANDED COVERAGE TO ALL VENDORS Record all of our external

vendors, not just PCI

Turn on notification of recording for transparency and privacy

Noticed a change in behavior and realized the power of deterrence

Mitigated risk across all vendors who access our systems

COMPLETE COVERAGE Cover All Users – risk from internal users larger than

external vendors

Integrate User Context - To SIEM and our ticketing system

Get proactive - setup alerts for users within key applications and systems

LESSONS LEARNED Infrastructure monitoring only tells half the picture

Even trusted vendors are a major risk - verify all activity

Activity monitoring is a real deterrent that changes behavior

Vendors aren’t the only risk, any privileged access is a potential threatDON’T FORGET ABOUT

YOUR PRIVILEGED USERS!

GO-FORWARD ADVICE1. Limit what vendors can do – VDI restricted

environment

2. Leverage user monitoring to deter risk and threats

3. Don’t ignore your biggest risk, privileged access!

USER ACTIVITY MONITORING:

OBSERVEIT 5.7 BRIEF INTRO

Presented by Dimitri Vlachos

76% OF DATA BREACHES INVOLVE ACCOUNTS WITH ACCESS TO SENSITIVE DATA Trustwave Global Security

Report

INFRASTRUCTURE-CENTRIC

HISTORIC APPROACH:

WE FORGOT ABOUTOUR USERS!

WHO DID WHAT?

Capture & record all user activity

WHO DID WHAT?

Monitor, Detect and Respond to

user-based threats

Session activity alerts

Session alert summary

Alert indication per screenshot on the timeline

Alert indication per activity

Message suspicious users, and terminate sessions

1,200+ CUSTOMERS

Q&ATRY IT TODAY!

WWW.OBSERVEIT.COM/TRYITNOW