Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Access Monitoring (DAM) for IBM System i (a.k.a. POWER Systems / iSeries / AS/400) How to Protect Your Corporate Data and Comply With Regulations.

Similar presentations

Presentation on theme: "Data Access Monitoring (DAM) for IBM System i (a.k.a. POWER Systems / iSeries / AS/400) How to Protect Your Corporate Data and Comply With Regulations."— Presentation transcript:

1 Data Access Monitoring (DAM) for IBM System i (a.k.a. POWER Systems / iSeries / AS/400) How to Protect Your Corporate Data and Comply With Regulations Easily October, 2011 © Tango/04 Computing Group, Inc. Date

2 How do you “audit” your bank? You have no idea if your bank is using firewalls, antivirus, etc. But you just need to see your account transactions to know if there is anything suspicious Movement Date EurosAccount Balance

3 Why audit your corporate data? Legal and regulatory pressure keeps growing People’s rightsLaws and regulations Inspectors and auditors Food & drug industry Healthcare industry Publicly traded U.S. companies, their international branches and other related businesses (Japan: J-SOX) Banking & finance Companies operating in California EU companies using personal data Credit Card companies 21 CFR Part 11 HIPAA Sarbanes-Oxley (SOX) Basel II SB 1136 European Privacy Laws PCI

4 How to audit your corporate data? Available methods Pros and cons

5 Access control is insufficient Greatest threat comes from legitimate users Most internal security breaches go undetected Most cases of data loss or corruption are caused by human error It does not comply with SOX requirements It does not comply with other regulatory requirements It does not meet best practice codes It does not protect data against the most common vulnerabilities How to audit your corporate data?

6 Application logs Incomplete (changes can be done by direct access) SQL Analysis / Sniffing Complex, incomplete, does not provide before/after images at field level, very difficult to understand, cannot set alerts based on data values, may not access encrypted SQL Custom Application changes Cumbersome, incomplete, requires development and maintenance Database Triggers Cumbersome, slow, may create security risk Native methods for every database system Optimal! Journals in System i are very efficient, and usually they are already in use How to audit your corporate data? Field-level data audit methods

7 Auditing Your Corporate Data with Tango/04 New Tango/04 Data Monitor

8 Both External AND Internal Users are controlled There is no protection here A firewall for your corporate data WithoutWith Any change can be audited in real-time, including those performed by DBAs and legitimate users

9 New Tango/04 Data Monitor Prevent fraud, accidents and fines –Record-level data auditing solution Who, What, When, Where? –Capture all changes… and read access, too! –Rapid, easy deployment –Detailed information: User Real user (to control ODBC accesses, for instance) Timestamp Transaction type Enriched data (with virtual field support) IP address Library, Job, Process –Low resource consumption and TCO –Flexible reporting

10 New Tango/04 Data Monitor – Advanced Reporting Flexible reporting simplifies your job –Enforce your security policy –Detect fraud and misuse of data –Comply with regulations –Easy to read, color coded, customizable reports

11 New Tango/04 Data Monitor – Advanced Reporting –Before/after image –Data masking (protect sensitive fields) –Data enrichment (from any other table) Advanced reporting capabilities Changes are clearly marked Sensitive fields can be hidden shown (Salaries, Credit Cards, etc.

12 Why are Security Officers modifying customer data? Group summaries –Per user class New Tango/04 Data Monitor – Advanced Reporting

13 Advanced Reporting Group summaries –Per real user Quickly spot suspicious activity –Per application –Per accounting code

14 Group summaries –Per transaction type New Tango/04 Data Monitor – Advanced Reporting

15 It is easy to spot “strange” things here (such as DFU programs) Group summaries –Per application New Tango/04 Data Monitor – Advanced Reporting

16 State-of-the-Art, Unparalleled Report Manager Rapidly select what you want to see –By date, time, user, file, operation type, key value, user group… Select transactions when a field has been modified, or a condition is met – Example: FIRSTNAME = “John”, ADRESS LIKE “Beverly Hills %”, STATE <>“NY”, SALES >= 5000, YEAR < 2000 Create and use multiple Calendars to fine-tune your reports –Detect suspicious changes during local holidays, weekends, unusual hours… iPad-compatible Report Manager

17 New Tango/04 Data Monitor Use this data firewall to implement custom data auditing controls –All changes to a sensitive table –Detect DFU/SQL changes –Who changed the SALARY table while logged in as a powerful user? –Have any of these changes been made by someone not from the HR group? –What changes have been made by programmers or security officers? –What data has been deleted from the PAYMENTS file? –Changes made without using the company’s ERP –Changes during the weekend or after working hours –All SALES table changes to the DISCOUNT field after invoice creation –All SALES entered with a DISCOUNT within the normal range –Changes made not using PRODUCTION/CHG05RPG program –How many records were added/deleted/modified in the MASTER table during peak hours? –Who is looking to the SALARY data? –Number of deletes/adds/updates by user group, program, user class, etc. –Are there any movements affecting dormant bank accounts? –And much more!

18 New Tango/04 Data Monitor Easily implement advanced COBIT controls –SOX, J-SOX –ISO Compliance

19 Data Monitor for IBM i Some Technical Highlights

20 Maximum, Unmatched Power Ultrafast Audit Report Comprehension –Add calculated data –Add “virtual fields” with data from other tables to make compliance reports easier to read (see full names instead of codes) Key Description Customer Data, Country Name, Maximum Discount, User Department, User Status (has this employee been fired?) Cross-analyze transactions to see if they are valid Correlate Human Resource or Sales Policies data Is this employee on vacations? Is he/she in the building? Is the discount correct? Detect fraud, impersonation, etc. Smart filtering for storage savings –Save only relevant transactions if desired Ex: CustomerType = “A” –Save only relevant fields if desired Ex: TotalPrice not equal zero

21 Unlimited Automation: 360º Protection Automation for Total Protection –Execute actions when an expression is true (or always) –Examples: If DISCOUNT = ‘Y’, then TOTAL := TOTAL * 0.8 If an expression is true, send a message to a Message Queue –If (Too Much Discount) then Alert the Sales Manager –If (Change Outside the Application or After Hours) then Alert the Security Officer If an expression is true, execute a command automatically –Order a low-stock item –Supports For/While cycles and External Program Calls for maximum flexibility –Supports multiple record formats

22 Zero-Touch Administration! Advanced Record Format Management for faster Deployment –Format Autodiscovery! –Can automatically load record formats –Can automatically detect and update record format changes Automatable Data Repository Cleaning for easier Maintenance –Clear roll-backed transactions –Clear historical data By date range Keep a number of days –Automatically! Automated Report Delivery to make Auditors Happy – , Web/Intranet (HTML format) –Multiple format conversions –Flexible scheduling

23 Data Journal PrimarySecondary OS/400 Remote Journal Data Monitor Audit File New Tango/04 Data Monitor Near-zero impact on system performance –Reusing your existing journals for data auditing in iSeries –Remote journal support The Data Monitor repository can be located at the Primary System or at the backup LPAR IBM i OS

24 IBM i OS Data Monitor Audit File Data Monitor Audit File PrimaryAudit Server Data Journal Oracle, SQL Server, etc… (This also adds more security to the audit data base) Minimal use of disk space in production systems –Saving your audit trail files on an external server (remote journaling) New Tango/04 Data Monitor

25 And Much More Application enrichment –Use Data Monitor to have a history of changes of customer accounts with no programming –Including web-based reports! Read-only access auditing –Requires an additional license (Beware! Auditing all reads in a heavily utilized application it is VERY CPU intensive!) Business Rules control / BAM / Operational Business Intelligence –Alerts immediately to anything out of the ordinary! Send alerts to Tango/04 SmartConsole (sold separately) and/or message queues in real time –Easy definition of rules “Stock below minimum levels” “Dormant account was modified by user JSMITH” “Purchase Order totaling more than 2,000 US$ approved by a user with no credit approval permission” –Collect KPIs with virtually no performance impact!

26 Unique Capabilities – Years ahead of the competition Differentiators –Ease of Use –Customizable –No triggers used –IBM i 7.1 ready (previous versions supported) –Flexible, Web-based, iPad-compatible Reporting System –Maximum information –Low Performance Impact –Remote Journal Support –Automatic Double-Byte Support Allows reporting in original field character code –Katakana, Chinese, Hebrew… –Independent ASPs (iASPs) Support –Changes to the schema (formats) are recorded and audited –Alerts on Table Drop (DLTPF), End Journaling, Delete All (CLRPFM)

27 How to audit your corporate data? Practical advice Conclusions

28 Business Service Management (BSM) and IT Governance IT Security Data Auditing ITIL COBIT ISO Practical Advice and Conclusions View data auditing as the basis for compliance and BSM –Data auditing is required by many regulations –Compliance is an opportunity to improve your security policy –Scale-up your project Service Level Management ITIL BSM ISO 17799/27001 –Obtain maximum functionality Audit all suspicious logs and events Unique console, advanced reports Business Impact Analysis

29 SOX Compliance –Upgrade to the Tango/04 VISUAL Security Suite (SIEM) and enjoy Real Time Dashboards, advanced alerting, multiplatform coverage, complex event correlation and much more (sold separately) and create Real-Time Security dashboards Practical Advice and Conclusions

30 SOX Compliance and beyond –COBIT Control Dashboards –KRI (Key Risk Indicators) –KPIs –Infrastructure Monitoring –Availability and Service Level Management –Business Process Optimization –Continual Service Improvement

31 Data Monitor for iSeries Case Study: High Throughput, Minimal CPU usage Large Insurance Company –Problem: strong internal auditing requirements, need to control, European privacy laws compliance –Transactions : +2 Millions per hour +1,000 Millions per month –Dozens of terabytes in hundreds of tables –Complex requirements Field preprocessing to obtain the real user id Filtering of non-critical transactions –Only 0,04% stored (99,96% discarded) CPU: less than 3% –Very rapid deployment –High customer satisfaction Later, they upgraded to the full Tango/04 VISUAL Security Suite for added protection

32 Practical Advice and Conclusions Data is your most valuable asset Audit your critical data easily and affordably –Technology is on your side Rapid, non intrusive auditing –Obtain reports and demonstrate compliance –Real time detection of deviations and breaches –Prevent fraud Detection, Forensics, Dissuasion Use automated solutions –Simplify auditing Protecting your data is protecting your business –Anti-Fraud, COBIT, ISO, SOX, J-SOX, HIPAA, 21 CFR Part 11, Central Bank Regulations, etc. Insert your project in a continuous improvement cycle –Use best practices –Let us help you! Reuse our knowledge from hundreds of worldwide projects –Tango/04 and its business partners can provide you with the support you need

33 About Tango/04

34 Tango/04 Computing Group, Inc. Software company, founded in 1991, European Leader in Service Oriented Monitoring Branch offices in: customers around the world + 50 business partners worldwide 11 out of the world’s 20 largest banks Worldwide alliance with Only monitoring solution appearing in two Gartner Magic Quadrants (ECA/SIEM) Specialized on multiplatform solutions for :  Monitoring and IT Governance  Security Compliance and Control  Business Service Management New Hampshire Paris Geneva Buenos Aires Santiago Vercelli Barcelona Sao Paulo Bogotá

35 11 out of the 20 biggest banks in the world are using Tango/04 solutions Selected Tango/04 customers worldwide –IBM –SONY –Barnes & Noble –Johnson & Johnson –VISA –Nestlé –Telefónica –Ford –Tupperware –L’Oréal –Random House –Avon –Coca-Cola –Miele –Raiffeisen Bank –Nike –Shell –Chase –Santander –Chrysler –Government of Amsterdam –Bridgestone/Firestone –Bacardi –BMW –Bayer –Volkswagen –Toyota –Novartis –BAI – Banco Africano do Investimento –3M –City Group –DeCecco –London Stock Exchange –Boehringer Ingelheim –Kia –Zurich Insurance –Honda –Danone –Mercedes Benz –Liberty –BBVA –And many more

36 “I love Tango/04! We deployed Sarbanes Oxley controls very rapidly with it.” D. Keating, IT Manager, Henry Schein (USA) For more customer quotes, case studies, and additional resources visit our web site at your convenience

37 Thank you for your attention!

Download ppt "Data Access Monitoring (DAM) for IBM System i (a.k.a. POWER Systems / iSeries / AS/400) How to Protect Your Corporate Data and Comply With Regulations."

Similar presentations

Ads by Google