The Challenge
Network and database administrators could leverage their privileged access to systems, putting customer data, intellectual property, and infrastructure integrity at risk.
 

Why You Need Raytheon
  • Monitor the enterprise for the type of behavior an employee leaving for a competitor might exhibit, such as unusual spikes of sensitive data being offloaded to mobile storage devices.
  • Create very specific policies for administrators that monitor activity within applications, such as logons, user account creation, and log file alterations.
  • Document and replay for investigation acts of clear malice, such as deliberate data theft, creating backdoor access, or planting harmful code.

Privileged Users Pose Potentially Higher Risk for Organizations

In most organizations, the vast majority of employees don’t put the company at risk. Raytheon’s primary role is to monitor for accidental violations or deliberate policy violations, where perhaps an employee is cutting corners to get legitimate work done within a tight deadline. However, there are always certain employees who—because of their job function—could use their privileged access to intentionally harm the company. Since these employees pose a greater threat potential, they deserve more focused observation.

Raytheon Provides Unsurpassed Monitoring of Privileged User Activity

A system administrator at a financial services organization could use his access rights combined with sheer technical knowledge to easily evade most security solutions. Many of his harmful actions may not even involve the obvious transfer of data or data theft; and it is relatively easy for him to mask deliberate, malicious behavior by altering or deleting log files.

To ensure all corporate data is protected, Raytheon ships with a policy pack designed specifically for high-risk, privileged users to monitor for actions around activities such as application logons, creation of user accounts, or log file access.

Raytheon Catches Both the Incident and Violators “Covering Their Tracks”

A disgruntled system administrator in the financial services company's IT department decides to take advantage of his privileged access to set up backdoor access to take revenge after he’s left the company. He then modifies all log entries to cover his tracks. To prevent violations like this from happening, the company customized several of Raytheon’s pre-built policies to monitor all system administrators’ logons and track any unauthorized changes to log files.

Since the company believed any malicious activity would take place when most employees were gone, the policy was enhanced to capture in video replay “all user activity one hour after any logon taking place off-hours or on weekends." Another policy was deployed to alert whenever the system administrator altered or deleted any Windows server log files. By capturing the incident in progress—the trigger being a logon taking place at 2 a.m. on a weekend—the company was able to review the entire incident in full context and stop the user before any damage could occur.

Monitor High-Risk Users

 

 

Raytheon Monitors High Risk

SureView captures all endpoint activities and provides incident replay and the evidence necessary to investigate further.

Raytheon Services will help design specific policies, train internal staff to spot leading indicators, and assist in investigations.

Top of the Page