AIG Case Study - Infosecurity Europe

CASE STUDY
American International Group, Inc. (AIG) is a leading international insurance organization, serving more than 88 million commercial, institutional and individual customers in
130 countries.
Industry: Insurance and Financial Services
Remote Vendor
Monitoring
One of the company’s 64,000 employees, Snir Hoffman, Infrastructure Architect,
needed to deploy a solution to monitor external vendors with access to credit card
information. AIG provides its vendors with access to 40 regulated servers via virtual
workstations that contain all the required applications. AIG needed to monitor
everything that vendors did on those servers, in order to demonstrate compliance with
PCI regulations.
Hoffman evaluated ObserveIT and CyberArk to address this challenge, and chose
ObserveIT. “We surveyed existing customers of both products and received much
better feedback about ObserveIT from surveys of existing customers,” explained
Hoffman. “ObserveIT is much faster to deploy, and it is easier to use and manage.”
Hoffman’s team initially deployed ObserveIT to provide the monitoring required by PCI,
and were satisfied with its low-maintenance reliability. However, the company
discovered how valuable ObserveIT could be in other areas following an incident that
caused an important system to fail. “While troubleshooting the downed system, we
realized we could use ObserveIT to show us what might have caused the problem,”
recalls Hoffman. “Sure enough, ObserveIT showed us precisely what happened: one of
our trusted vendors inadvertently corrupted a configuration file. This helped us restore
the system quickly, and address the matter with our vendor.”
AIG decided to expand their ObserveIT monitoring coverage to all their external
vendors, and subsequently to privileged internal employees as well. In doing so, they
realized another significant benefit: deterrence and extra caution on the part of all
users. “The notification message that appears at the beginning of each session
informing users that they are being recorded initially caused some surprise from our
vendors and admins,” explained Hoffman. “However, we saw that all users were being
more careful with their actions. It’s all about people and people are bound to mistakes.
ObserveIT helped us mitigate risk across all vendors and users who access our critical
systems.”
AIG has recently integrated ObserveIT-generated user activity data into their SIEM, RSA
Security Analytics, which can now provide important “user context” for system events.
“We realized that infrastructure monitoring alone was only giving us half the picture,”
said Hoffman.
— Snir Hoffman,
Infrastructure Architect, AIG
AIG is presently expanding their use of ObserveIT into real-time alerts. Beyond
compliance and IT troubleshooting, real-time alerts allow security staff to stop
dangerous activities before any damage is caused. “We are excited about using
ObserveIT to notify us, in real time, about changes made to sensitive configuration
files, and even particular activities performed within particular critical line-of-business
applications, such as financial and CRM,” said Hoffman. “We began using ObserveIT
specifically to address PCI regulations, but the system ended up helping us deploy a
comprehensive user-centric security strategy.”
Fast PCI compliance – All access to credit card data is monitored and tracked.
Easy IT forensics – Troubleshooting incidents is simple using keyword search
and visual forensics.
User-centric security strategy – Monitor, detect and respond to user-based risk.
observeit.com/tryitnow