*** Welcome to piglix ***

User Activity Monitoring


In the field of information security, User Activity Monitoring (UAM) is the monitoring and recording of user actions. UAM captures user actions, including the use of applications, windows opened, system commands executed, check boxes clicked, text entered/edited, URLs visited and nearly every other on-screen event to protect data by ensuring that employees and contractors are staying within their assigned tasks, and posing no risk to the organization.

UAM software can deliver video-like playback of user activity and process the videos into user activity logs that keep step-by-step records of user actions that can be searched and analyzed to investigate any out-of-scope activities.

The need for UAM has risen in the last decade due to the increase in security incidents that directly or indirectly involve user credentials, exposing company information or sensitive files. In 2014, there were 761 data breaches in the United States, resulting in over 83 million exposed customer and employee records. With 76% of these breaches resulting from weak or exploited user credentials, UAM has become a significant component of IT infrastructure. The main populations of users that UAM aims to mitigate risks with are:

Contractors are used in organizations to complete various IT and operational tasks. Remote vendors that have access to company data are risks to company infrastructure. Even with no malicious intent, an external user like a contractor is a major security liability.

70% of regular business users admitted to having access to more data than necessary. Generalized accounts give regular business users access to classified company data. This makes insider threats a reality for any business that uses generalized accounts.

Administrator accounts are heavily monitored due to the high profile nature of their access. However, current log tools can generate “log fatigue” on these admin accounts. Log fatigue is the overwhelming sensation of trying to handle a vast amount of logs on an account as a result of too many user actions. Harmful user actions can easily be overlooked with thousands of user actions being compiled every day.

According to the Verizon Data Breach Incident Report, “The first step in protecting your data is in knowing where it is and who has access to it.” In today’s IT environment, “there is a lack of oversight and control over how and who among employees has access to confidential, sensitive information.” This apparent gap is one of many factors that have resulted in a major number of security issues for companies.

Most companies that use UAM usually separate the necessary aspects of UAM into three major components.


...
Wikipedia

...