Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Enforcive CPA Cross Platform Auditing Company Profile • • • • • • • Formed in 1983 Pioneer in IBM mainframe and midrange security Offices in New Jersey, Toronto and Israel 80 Resellers in 60 countries Global distribution agreement with IBM Thousands of installations worldwide, including Fortune 500 companies Expertise in Compliance and Event auditing – cross platform Customers Around the World CPA Customers Customers from Many Segments Banking Finance Insurance Automotive Electronics Pharmaceutical Healthcare Transportation Manufacturing Others Enforcive Cross Platform Security Offering All products work together and can be operated through a common GUI manager CPS Cross Platform Security ES for IBM i CPA CPC PSS Enterprise Security Cross Platform Audit Cross Platform Compliance Password Self Service Host Based Security, Audit & Compliance for IBM i Log Management & Database Activity Monitoring GRC Password Synchronization - SSO •Access Management Windows Windows IBM i •Field Encryption Unix (AIX & Solaris) AIX Windows •Log Management •Compliance Management For IBM i Linux OS400 IBM i (OS400 & DB2) MS SQL Server MF/CICS & DB2 Host Based Security & Audit for IBM mainframe •Access Management •Field Masking •Log Management z/OS for z/OS – CICS MS SQL Server VSE – CICS Oracle DB2 DB2 VSAM Oracle Sybase My SQL Progess Syslog Flat File Format 6 Easy Said. Easy Done. Goodbye Haystacks. Find the needles you’ve been looking for. What is the Cross-Platform Audit™? • • • An enterprise-wide Compliance Event Monitor. The CPA is all about practical organizational security. It provides log monitoring for your computer systems, and databases; collecting and consolidating data from across the enterprise. Many sources available including: Windows, Mainframe, IBM i, Unix, DB2, SQL, Oracle and Progress. The CPA filters then collects the events into a single database and presents them in an intuitive GUI for ease of analysis and investigation. The Need • • • • Monitoring of the organization in order to satisfy regulatory policies in a multi-platform environment. Administrators need minimal platform specific expertise to achieve their goals. Reduces the need to use local disk to store historical log files. Simplifies forensic investigation by correlating seemingly unconnected events into an audit trail indicating a possible breach of security. Differentiators • • • • • A single Management Console is used to manage the central repository as well as the individual systems that are being monitored. Focus is on critical information, for example the important data changes performed in the database. High visibility of changes using before and after images. Specialized IBM i logs – covering many unique event categories, with a high level of granularity. Specialized IBM Mainframe logs – covering a large amount of event categories, with a high level of granularity. Features of the Cross-Platform Audit™ • • • • • • • • Collection of diverse data formats into a uniform database. Comprehensive monitoring in a multi-platform environment. Reporting real user activity utilizing all the user’s identities. Graphical analysis of security information statistics. Powerful filtering to pinpoint events with specific characteristics. Event information drill-down to the field change level, incorporating ‘before’ & ‘after’ images. Audit information from different systems available all in one place. Comprehensive audit information for every critical event, showing exactly who did what, when and how. Collection Flow All Sources • System Audit • File and Field Audit • Alerts • Application Audit • SQL Statement • IP Filter • Compliance • Message Queue • History Log • View Data • System Audit X86 • System Audit 86_64 • System Audit IA64 • System Audit PPC64 • System Audit PPC • System Audit S390X • System Audit S390 • Audit • Connect • Query • Prepare • Execute • Shutdown • Quit • No audit • Init DB • Other • SMF TELNET • SMF FTP • SMF VSAM • SMF RACF • TCP/IP Application Audit (FTP and Telnet) • DB2 SMF • DB2 LOG (Data Audit) • DB2 CICS (SQL Data Capture) • DB2 BATCH (SQL Data Capture) • System Audit • System Audit • Data Audit • Windows Event Logs: Security, Application, DNS, and more • Windows Active Directory Compliance • ISA Server logs • DHCP logs • IIS Web Server logs • Exchange Server • System Audit • DB2 SMF – MF • DB2 LOG (Data Audit) – MF • DB2 CICS (SQL Data Capture) – MF • DB2 BATCH (SQL Data Capture) – MF • DB2 System Audit – i, AIX, LUW • DB2 SQL Statement Audit – i, AIX, LUW SYSLOG Sources • Routers • Firewalls • Antivirus • Other SYSLOG senders • System Audit • UNIX DB2 • SQL Statements • SQL System Audit • SQL Data Audit • SQL Statements • Oracle System • Oracle Admin • Oracle Profiles/Users • Oracle Procedures • Data Audit Event Sources (click category to expand) • • • • • • IBM Systems Open Systems Databases Microsoft Servers Syslogs (view all) Cross-Platform Security™ Enterprise-wide Compliance Event Monitor Updated: October, 2013 Feature: CPA as SYSLOG Server Our Goal: Simplicity in implementation and daily use. Implementation: Simple Steps Add Systems Tailor Reports Specify Alerts Set Audit Policy Define Data Transfer Examples: Using CPA 1) 2) 3) 4) 5) 6) 7) 8) 9) Make a change to table contents in SQL View that event locally View that event in the Central Repository Defining an audit policy How to define which events are collected How to alert on critical events Investigating a global user’s activities Visual analysis Correlation Reporting 1: Make a change to table contents in SQL This example demonstrates how the CPA Repository will monitor critical events within a database: A user executes an SQL statement to change the salary field in an employee record. 2: View that event locally The change appears locally, both in the SQL Statement Audit and in the Data Audit SQL Statement Audit: Data Audit: Curren t Previou s 3: View that event in the Central Repository Once collected into the Repository the information can be filtered by date, platform and user. The event will appear both as an SQL statement and a Data Audit event showing the changes Curren t Previou s 4: Defining an Audit Policy 4: Defining an Audit Policy 4: Defining an Audit Policy 4: Defining an Audit Policy 4: Defining an Audit Policy 5. How to define which events are collected. 6: How to alert on critical events. 7: Investigating a Global User’s Activities IBM z IBM i Windows AIX DB2 8: Visual Analysis Report of currently active applications 8: Visual Analysis 9: Correlation Reporting Network Access Login: 9: Correlation Reporting Database contents before and after image report: 9: Correlation Reporting Mainframe Violations in both RACF and DB2 9: Correlation Reporting Oracle Logon Failure Report 9: Correlation Reporting Program Failures Sneak Peek: User Identification Functionality