Скачать презентацию Enforcive CPA Cross Platform Auditing Company Profile Скачать презентацию Enforcive CPA Cross Platform Auditing Company Profile

994ea9c72ab2e7a3ef3baf09b6f59f00.ppt

  • Количество слайдов: 38

Enforcive CPA Cross Platform Auditing Enforcive CPA Cross Platform Auditing

Company Profile • • Formed in 1983 Pioneer in IBM mainframe and midrange security Company Profile • • Formed in 1983 Pioneer in IBM mainframe and midrange security Offices in New Jersey, Toronto and Israel 80 Resellers in 60 countries Global distribution agreement with IBM Thousands of installations worldwide, including Fortune 500 companies Expertise in Compliance and Event auditing – cross platform

Customers Around the World Customers Around the World

CPA Customers CPA Customers

Customers from Many Segments Banking Finance Insurance Automotive Electronics Pharmaceutical Healthcare Transportation Manufacturing Others Customers from Many Segments Banking Finance Insurance Automotive Electronics Pharmaceutical Healthcare Transportation Manufacturing Others

Enforcive Cross Platform Security Offering All products work together and can be operated through Enforcive Cross Platform Security Offering All products work together and can be operated through a common GUI manager CPS Cross Platform Security ES for IBM i CPA CPC PSS Enterprise Security Cross Platform Audit Cross Platform Compliance Password Self Service Host Based Security, Audit & Compliance for IBM i Log Management & Database Activity Monitoring GRC Password Synchronization - SSO • Access Management Windows IBM i • Field Encryption Unix (AIX & Solaris) AIX Windows • Log Management Linux IBM i (OS 400 & DB 2) • Compliance Management OS 400 MS SQL Server z/OS Oracle For IBM i MS SQL Server Oracle DB 2 Sybase MF/CICS & DB 2 Host Based Security & Audit for IBM mainframe • Access Management • Field Masking • Log Management for z/OS – CICS VSE – CICS DB 2 VSAM My SQL Progess Syslog Flat File Format 6

Easy Said. Easy Done. Goodbye Haystacks. Find the needles you’ve been looking for. Easy Said. Easy Done. Goodbye Haystacks. Find the needles you’ve been looking for.

What is the Cross-Platform Audit™? • An enterprise-wide Compliance Event Monitor. • The CPA What is the Cross-Platform Audit™? • An enterprise-wide Compliance Event Monitor. • The CPA is all about practical organizational security. It provides log monitoring for your computer systems, and databases; collecting and consolidating data from across the enterprise. Many sources available including: Windows, Mainframe, IBM i, Unix, DB 2, SQL, Oracle and Progress. • The CPA filters then collects the events into a single database and presents them in an intuitive GUI for ease of analysis and investigation.

The Need • Monitoring of the organization in order to satisfy regulatory policies in The Need • Monitoring of the organization in order to satisfy regulatory policies in a multi-platform environment. • Administrators need minimal platform specific expertise to achieve their goals. • Reduces the need to use local disk to store historical log files. • Simplifies forensic investigation by correlating seemingly unconnected events into an audit trail indicating a possible breach of security.

Differentiators • A single Management Console is used to manage the central repository as Differentiators • A single Management Console is used to manage the central repository as well as the individual systems that are being monitored. • Focus is on critical information, for example the important data changes performed in the database. • • High visibility of changes using before and after images. • Specialized IBM Mainframe logs – covering a large amount of event categories, with a high level of granularity. Specialized IBM i logs – covering many unique event categories, with a high level of granularity.

Features of the Cross-Platform Audit™ • • • Collection of diverse data formats into Features of the Cross-Platform Audit™ • • • Collection of diverse data formats into a uniform database. • • Audit information from different systems available all in one place. Comprehensive monitoring in a multi-platform environment. Reporting real user activity utilizing all the user’s identities. Graphical analysis of security information statistics. Powerful filtering to pinpoint events with specific characteristics. Event information drill-down to the field change level, incorporating ‘before’ & ‘after’ images. Comprehensive audit information for every critical event, showing exactly who did what, when and how.

Collection Flow Collection Flow

All Sources • System Audit • File and Field Audit • Alerts • Application All Sources • System Audit • File and Field Audit • Alerts • Application Audit • SQL Statement • IP Filter • Compliance • Message Queue • History Log • View Data • System Audit X 86 • System Audit 86_64 • System Audit IA 64 • System Audit PPC • System Audit S 390 X • System Audit S 390 • Audit • Connect • Query • Prepare • Execute • Shutdown • Quit • No audit • Init DB • Other • SMF TELNET • SMF FTP • SMF VSAM • SMF RACF • TCP/IP Application Audit (FTP and Telnet) • DB 2 SMF • DB 2 LOG (Data Audit) • DB 2 CICS (SQL Data Capture) • DB 2 BATCH (SQL Data Capture) • System Audit • Data Audit • Windows Event Logs: Security, Application, DNS, and more • Windows Active Directory Compliance • ISA Server logs • DHCP logs • IIS Web Server logs • Exchange Server • System Audit • DB 2 SMF – MF • DB 2 LOG (Data Audit) – MF • DB 2 CICS (SQL Data Capture) – MF • DB 2 BATCH (SQL Data Capture) – MF • DB 2 System Audit – i, AIX, LUW • DB 2 SQL Statement Audit – i, AIX, LUW SYSLOG Sources • Routers • Firewalls • Antivirus • Other SYSLOG senders • System Audit • UNIX DB 2 • SQL Statements • SQL System Audit • SQL Data Audit • SQL Statements • Oracle System • Oracle Admin • Oracle Profiles/Users • Oracle Procedures • Data Audit

Event Sources (click category to expand) • • • IBM Systems Open Systems Databases Event Sources (click category to expand) • • • IBM Systems Open Systems Databases Microsoft Servers Syslogs (view all)

Cross-Platform Security™ Enterprise-wide Compliance Event Monitor Updated: October, 2013 Cross-Platform Security™ Enterprise-wide Compliance Event Monitor Updated: October, 2013

Feature: CPA as SYSLOG Server Feature: CPA as SYSLOG Server

Our Goal: Simplicity in implementation and daily use. Our Goal: Simplicity in implementation and daily use.

Implementation: Simple Steps Add Systems Tailor Reports Specify Alerts Set Audit Policy Define Data Implementation: Simple Steps Add Systems Tailor Reports Specify Alerts Set Audit Policy Define Data Transfer

Examples: Using CPA 1) 2) 3) 4) 5) 6) 7) 8) 9) Make a Examples: Using CPA 1) 2) 3) 4) 5) 6) 7) 8) 9) Make a change to table contents in SQL View that event locally View that event in the Central Repository Defining an audit policy How to define which events are collected How to alert on critical events Investigating a global user’s activities Visual analysis Correlation Reporting

1: Make a change to table contents in SQL This example demonstrates how the 1: Make a change to table contents in SQL This example demonstrates how the CPA Repository will monitor critical events within a database: A user executes an SQL statement to change the salary field in an employee record.

2: View that event locally The change appears locally, both in the SQL Statement 2: View that event locally The change appears locally, both in the SQL Statement Audit and in the Data Audit SQL Statement Audit: Data Audit: Current Previous

3: View that event in the Central Repository Once collected into the Repository the 3: View that event in the Central Repository Once collected into the Repository the information can be filtered by date, platform and user. The event will appear both as an SQL statement and a Data Audit event showing the changes Current Previous

4: Defining an Audit Policy 4: Defining an Audit Policy

4: Defining an Audit Policy 4: Defining an Audit Policy

4: Defining an Audit Policy 4: Defining an Audit Policy

4: Defining an Audit Policy 4: Defining an Audit Policy

4: Defining an Audit Policy 4: Defining an Audit Policy

5. How to define which events are collected. 5. How to define which events are collected.

6: How to alert on critical events. 6: How to alert on critical events.

7: Investigating a Global User’s Activities IBM z IBM i Windows AIX DB 2 7: Investigating a Global User’s Activities IBM z IBM i Windows AIX DB 2

8: Visual Analysis Report of currently active applications 8: Visual Analysis Report of currently active applications

8: Visual Analysis 8: Visual Analysis

9: Correlation Reporting Network Access Login: 9: Correlation Reporting Network Access Login:

9: Correlation Reporting Database contents before and after image report: 9: Correlation Reporting Database contents before and after image report:

9: Correlation Reporting Mainframe Violations in both RACF and DB 2 9: Correlation Reporting Mainframe Violations in both RACF and DB 2

9: Correlation Reporting Oracle Logon Failure Report 9: Correlation Reporting Oracle Logon Failure Report

9: Correlation Reporting Program Failures 9: Correlation Reporting Program Failures

Sneak Peek: User Identification Functionality Sneak Peek: User Identification Functionality