observeit customer webcast: aig pioneers user-centric security strategy
TRANSCRIPT
Presented by Snir Hoffman
Who is AIG? Journey to User Activity Monitoring Brief Introduction to ObserveIT 5.7 Q & A
AGENDA
WHO IS AIG?
Over 88 million customer
64,000 employees worldwide
AIG Israel has 1,000 Employees
Infrastructure Architect
A loyal customer for 2 years
WHY USER ACTIVITY MONITORING?
“Requirement 10: Monitor Access to Network Resources and Cardholder Data”
“Requirement 12: Maintain Policy that Addresses IT Security for all Personnel”
Bought it for PCI Compliance
Initially “Set it and forget it”
Was our “insurance policy”
OUR PCI REGULATED ENVIRONMENT 40+ Servers / 10+
Desktops
All PCI providers get a virtual Citrix workstation with minimal applications
Try to minimize RDP access and usage
FIRST INSURANCE CLAIM:PRODUCTION ISSUE Discovered that a config
file was changed, but didn’t know who or why?
Went to all our vendors and they all said they didn’t do it.
ObserveIT showed definitive proof of who did what
EXPANDED COVERAGE TO ALL VENDORS Record all of our external
vendors, not just PCI
Turn on notification of recording for transparency and privacy
Noticed a change in behavior and realized the power of deterrence
Mitigated risk across all vendors who access our systems
COMPLETE COVERAGE Cover All Users – risk from internal users larger than
external vendors
Integrate User Context - To SIEM and our ticketing system
Get proactive - setup alerts for users within key applications and systems
LESSONS LEARNED Infrastructure monitoring only tells half the picture
Even trusted vendors are a major risk - verify all activity
Activity monitoring is a real deterrent that changes behavior
Vendors aren’t the only risk, any privileged access is a potential threatDON’T FORGET ABOUT
YOUR PRIVILEGED USERS!
GO-FORWARD ADVICE1. Limit what vendors can do – VDI restricted
environment
2. Leverage user monitoring to deter risk and threats
3. Don’t ignore your biggest risk, privileged access!
USER ACTIVITY MONITORING:
OBSERVEIT 5.7 BRIEF INTRO
Presented by Dimitri Vlachos
76% OF DATA BREACHES INVOLVE ACCOUNTS WITH ACCESS TO SENSITIVE DATA Trustwave Global Security
Report
INFRASTRUCTURE-CENTRIC
HISTORIC APPROACH:
WE FORGOT ABOUTOUR USERS!
WHO DID WHAT?
Capture & record all user activity
WHO DID WHAT?
Monitor, Detect and Respond to
user-based threats
Session activity alerts
Session alert summary
Alert indication per screenshot on the timeline
Alert indication per activity
Message suspicious users, and terminate sessions
1,200+ CUSTOMERS