ObserveIT | Avatu

Insider threats are a big issue for all organisations - and a very tricky problem to solve. But some have already found light at the end of the tunnel. This includes Coca Cola, AIG and Xerox who are protecting their organisations against the risks caused by their own people with ObserveIT.

ObserveIT technologies

ObserveIT allows organisations to precisely identify and proactively protect against malicious and negligent behaviour of everyday users, privileged users and remote vendors. We significantly reduce security incidents by changing user behaviour through real-time education coupled with full-screen video capture of security policy violations. This greatly reduces investigation time from days sifting through logs to minutes of playing back video.

How ObserveIT works

ObserveIT is a lightweight endpoint solution that is focused on identifying and eliminating insider threats.

By continuously monitoring user behaviour, ObserveIT alerts IT and security teams about activities that put your organisation at risk. When someone does something that is outside your policy, on-screen notifications educate them with alternatives that are secure and compliant with company policy and industry standards. With full video capture and playback of any policy violation, ObserveIT reduces end-to-end investigation time from hours to minutes. No sifting through logs. No combing through data.

ObserveIT insider threat management

There is not doubt that the biggest security problem out there today is people. Whether it's intentional or unintentional, every insider on the network, from business users and privileged users to vendors and contractors, presents a threat. ObserveIT identifies and eliminates insider threats with real-time security awareness, precise visibility and fast investigations.

Real-time security awareness

ObserveIT's on-screen pop-up notifications warn end-users about actions that expose your organisation to risk, while educating them with alternatives that are secure and compliant with company policy. Whether a user is accessing a file they shouldn't, copying data to a USB drive, downloading programs, or performing other activities that invite fraud and theft, they will be immediately informed of the policy violation and given an approved alternative.

Precise visibility

ObserveIT captures and indexes where users are going and what they are doing so nothing slips through the cracks. The riskiest behaviour is displayed and prioritised based on the amount of risk exposure to the organisation. IT and security teams will see who did what and have irrefutable video evidence of out-of-policy actions.

Fast investigations

With ObserveIT, IT and security administrators can rapidly investigate and determine intent within seconds, removing the aruduous task of sifting through system event logs and machine data. Google-like search capabilities make it possible to find suspicious activity and view incidents with dynamic video recording and DVR-like playback. A picture is worth a thousand logs.

Compliance

ObserveIT can help satisfy compliance requirements for PCI, SOX, HIPAA, and NISPOM. With detailed logs and visual recordings of all user activity, ObserveIT exceeds the strictest interpretation of compliance requirements with conclusive evidence for auditors. Audit reports can be completed in a fraction of the time, with the ability to instantly search, analyse, and view the actual video-like playback of the pinpointed session. Ultimately every compliance violation can be traced back to the specific actions of an employee, privileged user, contractor, or remote vendor.

Find out more - download ObserveIT resources now

In our resources section, we have extra information, intelligence and insight to help you understand more about ObserveIT, the current insider threat landscape and ObserveIT's unique solution.

Prefer to talk to someone?

Request a demo or find out more from our security team on 01296 621121

View Resources Here

Who we work with

74% of all successful malware and ransomware attacks find their way on to IT systems and to sensitive data through email attachments. Firewalls and anti-virus software often let threats through. Glasswall, however, makes up for these failings by stripping away all the risky parts of an attachment but without changing the content. It's an essential for everyone doing business in the 21st century.

Glasswall

Lastline’s Breach Detection Platform broke records when it was the first product EVER to achieve a perfect score, detecting 100% of HTML, Email, and SMB malware with NO false positives in NSS Labs Breach Detection System Test. Lastline was also named a leader in The Forrester Wave™ Automated Malware Analysis Report. If you're serious about security, you need Lastline in your defence.

Lastline

Purplephish create security-savvy employees through interactive training modules. We deliver comprehensive security training via engaging educational videos to ensure that your employees understand how and why attacks happen. We then add in interactive follow up activities to ensure your users’ newly acquired knowledge is retained and recalled if (perhaps, when) a real-life attack happens.

Purplephish

Today, we simply can't do business without sharing sensitive data. But sharing makes us vulnerable. Our destiny is no longer in our hands...unless we use Seclore. Seclore puts you back in charge of your data - at all times - where ever it is, where ever it goes. It's used by 4m people in companies round the world and protects millions and millions of secrets and sensitive data

Seclore

BeyondTrust is a used on more than 400m endpoints round the world. This includes 1.2m at some of the world's largest banks, 700k belonging to health professionals and 500k devices at some of the most innovative tech firms. BeyondTrust is safeguarding the systems and data at 75 government agencies, 50 educational institutes, 9 aerospace leaders and 3 champion F1 teams.

BeyondTrust (formerly Avecto)

Finding evidence and critical information hidden deep in computer drives, scattered around email accounts, mobile devices or the internet can be difficult and extremely time-consuming. However, it doesn't have to be this way. Nuix’s powerful and precise digital investigation and information management software enables you to take control of big unstructured data.

Nuix

Opentext (formerly Guidance Software) is world-renowned for its superb EnCase products, which are some of the most effective and comprehensive cyber and IT security technologies on the market. Opentext works with many of the largest and smartest public and private sector organisations, including 70% of the Fortune 100 companies. Clients come from industries such as finance and insurance, defence, energy, pharmaceutical, manufacturing and retail.

Opentext (formerly Guidance)

Oxygen Forensics can interrogate and forensically examine data from smart phones and other devices, providing the answers to how, when and where it’s been used. It's used worldwide by various US and European federal and state agencies and, by companies, like PricewaterhouseCoopers, Ernst & Young and many others.

Oxygen Forensics

BlackBag has developed innovative forensic acquisition, triage, and analysis software for Windows, Android, iPhone/iPad, and Mac OS X devices. BlackBag software is used by hundreds of law enforcement agencies around the world for criminal investigations, as well as leading corporations and consultants handling HR investigations and eDiscovery matters.

BlackBag technologies

SPEKTOR Forensic Triage is one of the most comprehensive digital forensic triage tools on the market and is chosen by police, military, government and commercial customers all round the world. The award-winning SPEKTOR equipment makes it possible for non-specialists to safely, quickly and forensically review the contents of computers, removable media and mobile phones. This reduces the need to find and pay for extra lab time.

Evidence Talks (makers of SPEKTOR)

"I have seen Magnet AXIOM prove itself already in relation to a people trafficking investigation where AXIOM was useful in identifying images and chat applications that were of relevance to the investigation."

Magnet Forensics

More than 1,600 organisations use ObserveIT to detect and prevent insider threats in some 87 countries across the world. ObserveIT detects threats by uncovering risky user behaviour and spotting anomalies in behaviour. It investigates suspicious user behaviour in minutes, not days. It prevents data breaches by reducing risk with real-time user alerts, blocking and ongoing user education.

ObserveIT

Paraben specialises in digital forensics, risk assessment, and security, but they love technology. The Paraben platform's data processing engines are renowned for the details it can pull from computers, email, mobile device, smartphones, and IoT devices. Paraben’s technology has been around since 1999 and they have constantly innovated. Paraben’s E3 Platform was the first tool with a unified interface to deal with all types of digital data. Paraben offers solutions that build new capabilities into digital investigations. Paraben’s workflow optimises team efforts and ensures the best data production.

Paraben

"Teeltech offers the best mobile forensic training anywhere. Keep it up. Thanks!"

Teel Technologies

Your questions

Q. How common is a security breach?

The answer to this is very common. A report published on behalf of the Department of Business Innovation and Skills said:

81% of large organisations had a security breach

60% of small businesses had a security breach

59% of respondents expect there will be more security incidents in next year than in this

Q. How much does it cost to deal with an IT or cyber security breach?

The impact of security breach can be counted in pounds and pence. But it's also measured in lost business, lost jobs, lost confidence and reputation damage. In strict cash terms, a report commissioned by the Department of Business Innovation and Skills discovered that security breaches cost up to £1.5m each to deal with and put right. For small businesses, the average cost is £65k to deal with the worst breach of the year.

Q. We hear about the very high profile hacks (like Talk Talk, Sony, Target, Microsoft etc) but how many go unreported?

Cyber security is a very sensitive subject. Revealing a hack or a data leak can bring serious reputation damage, which means that discretion is essential for everyone involved, including our partners and our clients. A report for the Department of Business Innovation and Skills revealed that 70% of all cyber attacks go unreported. We only hear about some of the super hacks, and we rarely find out about the smaller ones. But ignorance is not bliss when it comes to cyber security. Just because you don't know about it (yet), doesn't mean it's not happening or doing damage. Facing the issue head on, and looking for the threats that have already got through, might be painful in the short-term but it will equip you to deal with the future in a better way.

Q. How many of the security breaches go unnoticed until it's too late? And what can be done to catch them quicker?

According to the former FBI Director, James Comey: “There are two kinds of big companies...There are those who’ve been hacked…and those who don’t know they’ve been hacked." Cyber criminals are bombarding businesses on both sides of the Atlantic with up to 117,000 attacks a day. Still, companies continue to pin their cyber security and their valuable reputation on prevention, rather than detection. Our approach is different; it's more risk savvy and realistic. Like the former FBI chief, we accept a systems breach has probably already happened - and no doubt, will again. We help organisations fight cyber criminals on a battleground where you can win. We help growing organisations protect their systems and data with more protection beyond traditional perimeter. And help them put in place technologies which significantly reduce the threat introduced by the people within and around a business: technology which reinforces training as well as monitors and tracks risky activity which falls outside of your data policies.

Q. How can you help?

Our approach is all about managing the risk. We are technology providers but we focus less on the tech and more on the problem (and of course, finding the solution that's right for you).

We'll help you assess your current arrangements, review your strengths and weaknesses and analyse your needs and vulnerabilities - and then we'll help you fill the gaps in your strategy and technologies (naturally after you've read the evidence and seen your own individual proof of concept reviews).

Our focus is on detection and mitigation (because it's virtually impossible to stop every attack, all the time). We add to this investigation and analysis activity that makes you stronger at repelling cyber and insider attacks in the future too.

Every business has different ways of working, with different needs, and an individual appetite for risk.

We help develop the right approach to protect your business, its vital information and secrets, and your organisation's essential reputation by assessing and mitigating the risk.

Q. Are cyber threats the biggest threat to an organisation's data and secrets?

This is a hard one to answer because for some people, in some industries, the answer will be: yes, cyber criminals will be a massive threat to security (it's believed that the National Grid is under attack constantly from cyber criminals and terrorists). But for others, mistaken, rogue or malicious insiders will be a bigger threat than unknown people in far away places. But neither route can be ignored by organisations who value their reputation. The layered approach favoured by GCHQ means that approach is holistic. We focus on protection beyond the perimeter. We advocate a robust and risk-savvy cyber security defence system based on protection and detection rather than mere traditional prevention. We recommend a series of IT and data security measures which makes life difficult for any cyber attackers who do get inside the perimeter, and which reduce the impact of the careless or malicious insider too. And we have a series of digital forensic technologies, which can prove compliance and track criminal activity. It will help you identify your weaknesses and make your protection stronger in the future too.

Q. Is cyber crime only a big risk for big business or are SMEs under threat too?

SMEs are increasingly becoming a target for cyber criminals - and have always been at risk from rogue or careless insiders. Every business has data or information worth stealing, even if it's just potentially embarrassing or revealing emails between executives. Small and medium sized organisations are not always as well equipped as very big businesses to deal with the fall out. A recent study showed that 60% of small businesses fail within six months of a data breach. A layered approach to cybersecurity and IT protection is both an investment and insurance for an organisation - no matter what size they are.

John Allan, National Chairman, Federation of Small Businesses (FSB), said: “Cyber crime poses a real and growing threat for small firms and it isn’t something that should be ignored. Many small businesses will be taking steps to protect themselves but many others have not recognised the increasing threat and have neither adopted technologies nor strategies to defend against cyber crime. For those that don’t, the cost of cyber crime can be a barrier for growth and in the worst cases, can put a firm out of business. While we welcome action from the government and the wider public sector, there are clear actions that businesses can take to educate and help themselves to counteract cyber crime. The FSB would strongly encourage them to do so.”

Q. Will we already know if we've been hacked?

A. No, not necessarily. Advanced cyber or insider threats can sit on a device or network for a very long time before anyone realises they are there (as Sony, for example, found out). A study by HP, in partnership with a cyber security think tank and research centre, revealed that, on average, a threat lies undiscovered for some 170 days. The risk is, however, the longer a threat is on a system the more damage it can do. Sony are good examples of this. The hackers may well have had access for almost a year, without anyone realising it. This is the reason we recommend that detection, rather than prevention, is the cornerstone of a cyber security and IT security strategy today. It can cut down the time a threat is within the perimeter from months to minutes. It's risk management at its best. A threat has minutes to do damage instead of many months of reeking havoc.

Read all questions ›

ObserveIT - identify and eliminate insider threats