ObserveIT, the award winning in security forensics, is your one stop solution for user activity monitoring and audit in your servers. It is like a security camera in your server, it can playback whatever the user do in your server, and it generates a text based user activity audit log on its own even though the observed server doesn’t produce any log. ObserveIT works best in Windows, UNIX, Linux, and Citrix XenApp.
Additionally, the user activity audit log is immediately available for free-text keyword searching. Administrators and auditors can search for:
- names of the applications called
- titles of windows opened
- URLs accessed via browsers
- text typed, checkboxes and radio buttons clicked
- commands and scripts run in the CMD console
How it works?
ObserveIT has 3 major compononents :
- ObserveIT Agent. It generates complete user activity audit logs even though the observed server doesn’t produce any log, and captures video as session recording for digital forensic evidence. This audit log is shipped immediately to ObserveIT Application Server over the network, so that the user activity audit log is immune and isolated from local root tampering in the observed server.
- ObserveIT Application Server. It processes the digital forensic evidence, analyzes the data, generates alerts as necessary, encrypts and stores it in a database (local or external). Should a privileged or shared account authentication is detected in the observed server, the Application Server will also act as policy decision point whether it needs to enforce secondary authentication or not.
- ObserveIT Database Server. It stores the configurations and audit logs, as well as maintain the archival procedure.
ObserveIT is a software that provides an agent to be installed on the observed computer, the agent works as a session recording program that will record every user activity in the PC or Server, and generates log on it’s own.
Just like a security camera on your employee which can be played back like video, ObserveIT is capable to monitors and records anything the user do, keep tracks on which website the user visit on the internet with his/her web browser, and what the user do with his/her keyboard and mouse.
ObserveIT can also be used to monitor privileged user activity, it compliments the Privileged Account Management solution by providing detailed audit tracking, and it significantly simplifies the search on administrator/root account usage logs.
In some organizations, ObserveIT also implemented as administrator activity logger in as a secure gateway in order to have full documentation on what does the Network Administrator do in the data center.
You can download Gartner Report for user activity monitoring here.