ObserveIT Software acts like a "security camera" for your servers, it will allow you to watch with full video playback every step your 3rdparty contractors, developers or IT administrators takes on your servers – exactly as they happen. Watch full video playback of Remote Desktop, Citrix and VMWare Sessions View sessions in real time or from historical recordings Quickly find any user action, without playing back the entire session

1. ObserveIT – Corporate Presentation February 2011

2. ObserveIT Overview

3. Market Challenges Lack of accountability Incomplete audit logs You need to know exactly what happened!

4. ObserveIT:Like a security camera on your servers! Identify Report Record WHAT: HOW: WHY: Each shared-user session is tied to a specific named user. A visual recording of every session is captured. Audit, review, search and replay all user sessions Accountability: Knowing that a file was changed by “administrator” is insufficient for PCI, HIPPA, SOX , ISO or other audit requirements. You need to know the actual person who did it. Eliminating Blind Spots: Logs cannot cover every single action. Video recordings remove any doubt about what the user actually did. A picture is worth a thousand log entries. Fast and convenient access: Automated reports and quick drill-down to user recordings answer your questions fast, saving massive human resource efforts and satisfy compliance regulations.

5. Why video recordings? People act differently when they know they are being recorded Nanny-cams allow parents to ensure the safety of their children Would you speed on a road that has video surveillance? Recording phone calls in call centers has improved productivity

6. What you will miss without ObserveIT Precise indication of changes within files File system audit only shows that web.config file was changed ObserveIT visual replay shows that the “connection string” key was edited by the DBA while troubleshooting performance issues System changes driven by UI actions A single checkbox in a properties window can generate dozens of changes in multiple config files ObserveIT shows the exact action that caused the change, not the reverse-engineering of file changes Copy/ Export / Screen capture ObserveIT captures every on-screen activity, including copy/paste

8. Over 400 Enterprise Customers Manufacturing/Pharma Financial Telecommunications IT Services Gov’t/Utilities/Healthcare/Education

9. Key Features:What makes ObserveIT great

10. Recording Everything: Complete Protocol Coverage Agnostic to network protocol and client application Captures all Remote Sessions and also Console Sessions Telnet Terminal

11. Recording + Metadata of Windows sessions Audit List Replay Window ObserveIT lists every user session Exact video playback Within each session, details of every action taken Navigate quickly within the recording

12. Recording + Metadata of Unix sessions Audit List Launch video replay List of each user command Replay Window For each command, a detailed list of system calls Exact video playback of screen

13. Privileged User Identification ObserveIT requires named user account credentials prior to granting access to system User logs on as generic “administrator” Each session audit is now tagged with an actual name: Login userid: administrator Actual user: Daniel Active Directory used for authentication

14. Search and Filter by User, Server, Date, App Launched and more Intelligent Metadata for Searching and Navigation Textual summary of every action Launch video replay at the precise location of interest

15. User Messaging Send policy and status updates to each user exactly as they log in to server Ensure that corporate standards are understood and acknowledged NOTE: No database admin task may be performed between 0800 and 1800 GMT Please enter your support ticket number in box below. Capture admin support ticket number for issue tracking

16. Real-time Playback On-the-air icon launches real-time playback View session activity "on the air", while users are still active

17. Report Automation: Pre-built and Custom reports Canned compliance audits and build-your-own investigation reports. Schedule reports to run automatically for email delivery HTML, XML and Excel report delivery Design report according to precise requirements: Content Inclusion, Data Filtering, Sorting and Grouping

18. System Monitor Integration Instant-replay from within your network management environment Microsoft SCOM, CA-Unicenter, IBM Tivoli, HP OpenView Real-time alerts On file access/deletion, Network share, Registry edit , RDP open connection, URL access etc. ObserveIT alert in CA-Unicenter ObserveIT alert in MS SCOM Click on alert to see ObserveITvideo playback Trigger automatic email alert delivery

19. API Interface Control ObserveITAgent via scripting and custom DLLs within your corporate applications Start, stop, pause and resume recorded sessions based on custom events based on process IDs, process names or web URLs

20. Robust Security Agent ↔ Server communication AES Encryption - Rijndael Token exchange SSL protocol (optional) IPSec tunnel (optional) Database storage Digital signatures on captured sessions Standard SQL database inherits your enterprise data security practices Watchdog mechanism Restarts the Agent if the process is ended If watchdog process itself is stopped, Agent triggers watchdog restart Email alerts sent on any watchdog/agent tampering

21. Recording Policy Rules Granular include/exclude policy rules per server, user/user group or application to determine recording policy Determine what apps to record, whether to record metadata, and specify stealth-mode per user

22. Pervasive User Permissions Granular permissions / access control Define rules for each user Specify which sessions the user may playback Permission-based filtering affects all content access Reports Searching Video playback Metadata browsing Tight Active-Directory integration Manage permissions groups in your native AD repository Access to ObserveIT Web Console is also audited ObserveIT audits itself Satisfies regulatory compliance requirements

23. System Architecture

24. ObserveITAgents ObserveIT Web Console ICA SSH ObserveIT Management Server Database Server RDP Remote Users Recordings & Metadata Terminal Server optional LDAP SIEM NetworkMgmt Desktop ObserveIT Architecture

26. Captures screenshots and metadata for each user action

27. Communicates with Mgmt Server via HTTP POST

28. All content is encrypted

29. Watchdog prevents any tamperingObserveITAgents ObserveIT Web Console ICA SSH ObserveIT Management Server Database Server RDP Remote Users Recordings & Metadata Terminal Server optional LDAP SIEM NetworkMgmt Desktop ObserveITArchitecture:Agent

31. Collects all data delivered by the Agents

32. Analyzes and catorizes data, and sends to DB Server

33. Communicates with Agents for config updatesObserveITAgents ObserveIT Web Console ICA SSH ObserveIT Management Server Database Server RDP Remote Users Recordings & Metadata Terminal Server optional LDAP SIEM NetworkMgmt Desktop ObserveITArchitecture:Mgmt Server

35. Primary interface for video replay and reporting

36. Also used for configuration and admin tasks

37. Web console includes granular policy rules for limiting access to sensitive dataObserveITAgents ObserveIT Web Console ICA SSH ObserveIT Management Server Database Server RDP Remote Users Recordings & Metadata Terminal Server optional LDAP SIEM NetworkMgmt Desktop ObserveITArchitecture:Web Console

39. Stores all config data, metadata and screenshots

40. All connections via standard TCP port 1433ObserveITAgents ObserveIT Web Console ICA SSH ObserveIT Management Server Database Server RDP Remote Users Recordings & Metadata Terminal Server optional LDAP SIEM NetworkMgmt Desktop ObserveITArchitecture:Database Server

42. SIEM integration to link video replay from within textual logs

43. Network Mgmt integration to enable system alerts and updates based on user activityObserveITAgents ObserveIT Web Console ICA SSH ObserveIT Management Server Database Server RDP Remote Users Recordings & Metadata Terminal Server optional LDAP SIEM NetworkMgmt Desktop ObserveITArchitecture:Database Server

44. Gateway Deployment (Agent-less) Published Applications Putty.exe ICA VPNTraffic Terminal or Citrix Server with ObserveIT Agent RDP RDP over SSL Traffic ObserveIT Management Server Database Server SSH Corporate Servers (No Agent Installed)

45. Customer Success studies

47. Customer support process requires remote session access to deployed systems

48. Strict HIPAA compliance regulations must be enforced and demonstrable

49. In addition, SLA commitments require visibility of service times and durations

50. ObserveIT deployed in a Gateway architecture

51. All access routed via agent-monitored Citrix gateway

52. Actual systems being accessed remain agent-less

53. Toshiba achieved 24x7 SLA reports, including granular incident summaries

55. Each audit report cycle was a major effort of log collection

56. Audits were often judged incomplete when exact cause of system change was unidentified

57. Since deploying ObserveIT, audit reporting has become fully automated

59. Mission-critical ERP platform managed by an external service provider

61. Combination of visual screenshots plus full indexing of text is used for easy searching

62. Secure logging of all access to the system by remote connection

63. Fast access to the logs during the examination of each incidentPrzemysław Jasiński IT Department Manager,Elektrotim

65. Supporting 60,000 ATM machines

66. Clearing 90,000,000 transactions per day

67. Control access to system resources, including shared privileges between two merged corporate entities during period of merger

68. Achieve common system management and visibility

69. 2008: ObserveIT deployed to monitor and audit server activity during corporate merger

71. Servers are managed and accessed by various privileged user staff members

73. Reporting and searching is used to focus on critical issues

74. Fast deployment ensured quick and painless uptime: “All we needed to do was to install a small agent on the servers to be monitored and the recording starts immediately, without even requiring any configuration and settings”Robert Ng, Siemens

78. Immediate fulfillment of compliance usage reports

82. 2007: ObserveIT deployed on entire IT platform

83. 2008:ObserveIT integrated into CA-Unicenter environment

84. 2008-Present:

85. Multiple customer-facing outages solved

86. Positive ROI via elimination of revenue losses from service outages

87. Vendor billing decreased once they realized they were being recorded” Isaac MilshteinDirector, IT Operations, Pelephone

89. Each customer has different connection protocol requirements (some via VNC, some via RDP, some via Citrix, etc.)

90. After deploying ObserveIT on an outgoing gateway, all sessions on customer servers are recorded

91. Since deployment, there have been fewer accusations from customers regarding system problems

93. ObserveIT Company Details Founded in 2006 Focused exclusively on People-Auditing software products First GA product release: 2007 Current product version: v5.2 Global Presence 400 Enterprise customers worldwide Channel partners covering 5 continents OEM and Distribution agreement with Computer Associates