Enforcive /Cross-Platform Audit

Transcription

1 Enforcive /Cross-Platform Audit

2 Enterprise-Wide Log Manager and Database Activity Monitor Real-time Monitoring Alert Center Before & After Change Image Custom Reports Enforcive's Cross-Platform Audit (CPA) is built on the principles of database activity monitoring and log management, but focused on providing practical and relevant information about an organization s critical systems. The Enforcive CPA consolidates platform specific audit events and presents them through a powerful and intuitive dashboard, empowering auditors and system administrators alike as they can easily identify critical issues that could impact the business. The CPA is all about practical organizational security. It provides log monitoring for computer systems & databases; collecting and consolidating data from across the enterprise. Sources include; Windows, Mainframe, IBM i, DB2 (all flavors), AIX, UNIX, Linux, Sybase, Solaris, SQL, Oracle and Progress. The CPA collects the important events into a single database and displays them in an intuitive GUI for ease of detection and investigation. Features & Benefits: Efficiency: One-stop location for the critical audit information Clarity: Only selected critical events will make it into the central data repository Simplicity: Diverse data stored in a uniform format Flexibility: Multi-criteria filtering to help pinpoint events with specific characteristics Visibility: Graphical analysis of security data statistics Unity: Correlation of seemingly disparate events into an exposure analysis Granularity: Actual data changes are highlighted for focused investigations Real-time Monitoring The CPA filters raw transactional data, collects the critical items, and consolidates them to a centralized event repository. The resulting data can be interrogated online, or by report, to provide meaningful information for the business. Without this, it would be nearly impossible to identify the critical items in the flood of events logged by each system on a daily basis. Enforcive's CPA includes a Security Operations Center (SOC) which is a customizable set of screens that provide a high level summary of activity across the enterprise. Security officers use this as a starting point for analyzing the central data repository. Events from across the enterprise can be filtered, amalgamated and sorted into a host of different combinations based upon source, IP address, user identity, transaction status and date. Graphs can be built dynamically, selecting the parameters through an easy to use wizard. Enforcive also recognizes activity by user identity; linking together all the logon IDs attributed to a person so that reporting can show, step by step, where the user went and what they did. 2

3 Every component of the on-screen graphs in the SOC can be expanded to show the actual audit events behind the statistics. Each audit event can be drilled into to show its detail, including before and after images where relevant. The graphs and summary tables can be displayed on screen, printed, sent by , or saved in a variety of formats. Figure 1: CPA s Security Operation Center (SOC) Alert Center Security officers can define specific parameters to be watched for, so that any event which meets particular criteria will generate an alert. Notifications can be sent by , as well as by a screen pop-up, or by routing to a Syslog server. Examples of User-Created Alerts: IBM i - Application Audit FTP Put Successful Windows - Audit Policy Change Mainframe DB2 - Database Authorization Failure MSSQL - SQL Delete Statement Before & After Change Image In addition to filtered, and summary data, the administrators benefit from drill down capabilities that will highlight the "before" and "after" image of change events. Where possible, data is presented in technology neutral terms, avoiding the need for the user to be a technical specialist in all platforms and applications. Figure 2: Before and After Screenshot 3

4 CPA architecture Log Analysis - Aggregation - Classification - Correlation Event Management - Real-time Monitoring - Alert Center - Before & After Change Image Reporting - Scheduled Distribution - Packaged Compliance Reports - Custom Reports Log Analysis Event Management Reporting Central Repository Security Operation Center (SOC) Event Type Breakdown Activity Trend View Warning/Reject Dashboards 4

5 Custom Reports Multi-source reporting highlights the power of the CPA by saving security administrators time and effort when building and using the reports the organization requires.. Over 200 reports are available out of the box. These reports can also be customized to the organizations specific requirements as well as branded to display company/department names and logos. Reports can be created and run in real-time, then viewed online, printed or exported to a variety of file formats. Once a report is created, the CPA can be scheduled to run such a report at future intervals and automatically distribute the report to pre-selected contacts. Out of the box reports include: Windows Failed Login Attempts Windows - Disabled Accounts of Terminated Staff SQL Server Executed Statements SQL Server Data Audit Linux Program Failures AIX Objects Deleted IBM i - Authority Failures IBM i - Network Access Login Report Mainframe - DB2 Before and After Data Changes Mainframe - Violations for RACF and DB2 Oracle Login Failure Oracle Index Creation Failure Figure 3: Windows Disabled Accounts (Terminated Employees) 5

6 Figure 4: IBM i Network Access Attempts via TELNET Figure 5: LINUX Object Deleted 6

7 SUPPORTED DATA SOURCES AIX* Windows - Windows Event Logs: Security, Application, DNS and more - Windows Active Directory Compliance - ISA Server Logs - DHCP Logs - IIS Web Server Logs - Exchange Server Solaris* Linux* X86 86_64 IA64 PPC64 PPC S390X S390 SYSLOG Sources - Routers - Firewalls - Antivirus - Other SYSLOG Senders * Agent Required Microsoft SQL Server - SQL Statements - SQL System Audit - SQL Data Audit ORACLE - SQL Statements - Oracle System - Oracle Admin - Oracle Profilles/Users - Oracle Procedures - Data Audit DB2 LUW MySQL - Audit - Connect - Query - Prepare - Execute - Shutdown - Quit - No Audit - Init DB - Other Progress Open Edge - Data Audit SYBASE IBM i* - File and Field Audit - Alerts - Application Audit - SQL Statement - IP Filter - Compliance - Message Queue - History Log - View Data DB2-z/OS* - DB2 SMF - MF - DB2 LOG (Data Audit) - MF - DB2 CICS (SQL Data Campture) - MF - DB2 BATCH (SQL Data Capture) - MF - DB2 System Audit - i, AIX, LUW - DB2 SQL Statement Audit - i, AIX, LUW z/os* - SMF TELNET - SMF FTP - SMF VSAM - SMF RACF - TCP/IP Application Audit (FTP and Telnet) - DB2 SMF - DB2 LOG (Data Audit) - DB2 CICS (SQL Data Capture) - DB2 BATCH (SQL Data Capture) About Enforcive Enforcive provides comprehensive security solutions to help businesses reduce workloads, satisfy auditors and improve responsiveness to security threats. For over two decades, Enforcive has been providing solutions within mission critical environments using platforms solutions to our customers. Enforce your policy by: Implementing comprehensive and demonstrable security and compliance policies Automating compliance related administration tasks regulations including SOX, PCI and COBIT Addressing your medium to long term audit log archiving requirements Enforcive, Inc. Toll Free USA: International: info@enforcive.com 24/7 Global Support Live technical support available at or support@enforcive.com Copyright Enforcive, Inc. - All Rights & Privileges Reserved Enforcive is a registered trademark of Enforcive, Inc. All trademarks are property of their respective owners. v