Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enforcive CPA Cross Platform Auditing. Company Profile Formed in 1983 Pioneer in IBM mainframe and midrange security Offices in New Jersey, Toronto and.

Published byJuliana Wetherill Modified over 9 years ago

Similar presentations

Presentation on theme: "Enforcive CPA Cross Platform Auditing. Company Profile Formed in 1983 Pioneer in IBM mainframe and midrange security Offices in New Jersey, Toronto and."— Presentation transcript:

1 Enforcive CPA Cross Platform Auditing

2 Company Profile Formed in 1983 Pioneer in IBM mainframe and midrange security Offices in New Jersey, Toronto and Israel 80 Resellers in 60 countries Global distribution agreement with IBM Thousands of installations worldwide, including Fortune 500 companies Expertise in Compliance and Event auditing – cross platform

3 Customers Around the World

4 CPA Customers

5 Banking Finance Insurance Automotive Electronics Pharmaceutical Healthcare Transportation Manufacturing Others Customers from Many Segments

6 Enforcive Cross Platform Security Offering 6 CPS Cross Platform Security ES for IBM i Enterprise Security MF/CICS & DB2CPA Cross Platform Audit CPC Cross Platform Compliance PSS Password Self Service All products work together and can be operated through a common GUI manager Host Based Security, Audit & Compliance for IBM i Log Management & Database Activity Monitoring GRC Password Synchronization - SSO Host Based Security & Audit for IBM mainframe Access Management Field Encryption Log Management Compliance Management For IBM i Windows Unix (AIX & Solaris) Linux OS400 z/OS MS SQL Server Oracle DB2 Sybase My SQL Progess Syslog Flat File Format Windows AIX IBM i (OS400 & DB2) MS SQL Server Oracle IBM i Windows Access Management Field Masking Log Management for z/OS – CICS VSE – CICS DB2 VSAM

7 Goodbye Haystacks. Find the needles you’ve been looking for. Easy Said. Easy Done.

8 What is the Cross-Platform Audit™? An enterprise-wide Compliance Event Monitor. The CPA is all about practical organizational security. It provides log monitoring for your computer systems, and databases; collecting and consolidating data from across the enterprise. Many sources available including: Windows, Mainframe, IBM i, Unix, DB2, SQL, Oracle and Progress. The CPA filters then collects the events into a single database and presents them in an intuitive GUI for ease of analysis and investigation.

9 The Need Monitoring of the organization in order to satisfy regulatory policies in a multi-platform environment. Administrators need minimal platform specific expertise to achieve their goals. Reduces the need to use local disk to store historical log files. Simplifies forensic investigation by correlating seemingly unconnected events into an audit trail indicating a possible breach of security.

10 Differentiators A single Management Console is used to manage the central repository as well as the individual systems that are being monitored. Focus is on critical information, for example the important data changes performed in the database. High visibility of changes using before and after images. Specialized IBM i logs – covering many unique event categories, with a high level of granularity. Specialized IBM Mainframe logs – covering a large amount of event categories, with a high level of granularity.

11 Features of the Cross-Platform Audit™ Collection of diverse data formats into a uniform database. Comprehensive monitoring in a multi-platform environment. Reporting real user activity utilizing all the user’s identities. Graphical analysis of security information statistics. Powerful filtering to pinpoint events with specific characteristics. Event information drill-down to the field change level, incorporating ‘before’ & ‘after’ images. Audit information from different systems available all in one place. Comprehensive audit information for every critical event, showing exactly who did what, when and how.

12 Collection Flow

13 All Sources System Audit File and Field Audit Alerts Application Audit SQL Statement IP Filter Compliance Message Queue History Log View Data SMF TELNET SMF FTP SMF VSAM SMF RACF TCP/IP Application Audit (FTP and Telnet) DB2 SMF DB2 LOG (Data Audit) DB2 CICS (SQL Data Capture) DB2 BATCH (SQL Data Capture) System Audit UNIX DB2 System Audit X86 System Audit 86_64 System Audit IA64 System Audit PPC64 System Audit PPC System Audit S390X System Audit S390 System Audit SQL Statements SQL System Audit SQL Data Audit SQL Statements Oracle System Oracle Admin Oracle Profiles/Users Oracle Procedures Data Audit DB2 SMF – MF DB2 LOG (Data Audit) – MF DB2 CICS (SQL Data Capture) – MF DB2 BATCH (SQL Data Capture) – MF DB2 System Audit – i, AIX, LUW DB2 SQL Statement Audit – i, AIX, LUW System Audit Data Audit Windows Event Logs: Security, Application, DNS, and more Windows Active Directory Compliance ISA Server logs DHCP logs IIS Web Server logs Exchange Server System Audit SYSLOG Sources Routers Firewalls Antivirus Other SYSLOG senders Audit Connect Query Prepare Execute Shutdown Quit No audit Init DB Other

14 Event Sources (click category to expand) IBM Systems Open Systems Databases Microsoft Servers Syslogs (view all)

15 IBM Systems IBM System i (AS/400) IBM System z (Mainframe) IBM System p (AIX) <Return

16 IBM Systems Operating system: V5R1M0 and above System Audit File and Field Audit Alerts Application Audit SQL Statement IP Filter Compliance Message Queue History Log View Data IBM System i (AS/400) IBM System z (Mainframe) IBM System p (AIX) <Return

17 IBM Systems Operating system: z/OS v 1.9 and above SMF TELNET SMF FTP SMF VSAM RACF (according to operating system) SMF RACF Communication Server (TCP/IP) (according to operating system) TCP/IP Application Audit (FTP and Telnet) DB2 v8, v9 and above DB2 SMF DB2 LOG (Data Audit) DB2 CICS (SQL Data Capture) DB2 BATCH IBM System i (AS/400) IBM System z (Mainframe) IBM System p (AIX) <Return

18 IBM Systems Operating system: IBM AIX 5.3 System Audit UNIX DB2 IBM System i (AS/400) IBM System z (Mainframe) IBM System p (AIX) <Return

19 Open Systems Linux Solaris *Coming SoonSolaris <Return

20 Open Systems Linux Solaris *Coming SoonSolaris <Return Operating system: Linux all distributions (Red Hat, CentOS) Kernel version >= 2.6 System Audit X86 System Audit 86_64 System Audit IA64 System Audit PPC64 System Audit PPC System Audit S390X System Audit S390

21 Cross-Platform Security™ Enterprise-wide Compliance Event Monitor Updated: October, 2013

22 Open Systems Linux Solaris *Coming SoonSolaris <Return System Audit

23 Databases Agentless collection SQL Server Oracle Server Progress OpenEdge DB2 Sybase <Return

24 Databases Agentless collection SQL Server Oracle Server Progress OpenEdge DB2 Sybase <Return SQL Server 2005/2008 SQL Statements SQL System Audit SQL Data Audit SQL Server 2000 SQL Data Audit

25 Databases Agentless collection SQL Server Oracle Server Progress OpenEdge DB2 Sybase <Return V10 and up SQL Statements Oracle System Oracle Admin Oracle Profiles/Users Oracle Procedures Data Audit

26 Databases Agentless collection SQL Server Oracle Server Progress OpenEdge DB2 Sybase <Return V10, V11 System Audit Data Audit

27 Databases Agentless collection SQL Server Oracle Server Progress OpenEdge DB2 Sybase <Return DB2 v8, v9 and above DB2 SMF DB2 LOG (Data Audit) DB2 CICS (SQL Data Capture) DB2 BATCH DB2 LUW (Linux UNIX Windows) DB2 System Audit DB2 SQL Statement Audit

28 Databases Agentless collection SQL Server Oracle Server Progress OpenEdge DB2 Sybase <Return V15.7 System Audit

29 Microsoft Servers Agentless collection Windows Server 2008 Windows Server 2003 Windows Server 2000 Windows 7 Windows XP <Return

30 Microsoft Servers Agentless collection Windows Server 2008 Windows Server 2003 Windows Server 2000 Windows 7 Windows XP <Return Windows Event Logs: Security, Application, DNS, and more Windows Active Directory Compliance ISA Server logs DHCP logs IIS Web Server logs

31 Microsoft Servers Agentless collection Windows Server 2008 Windows Server 2003 Windows Server 2000 Windows 7 Windows XP <Return Windows Event Logs: Security, Application, DNS, and more Windows Active Directory Compliance ISA Server logs DHCP logs IIS Web Server logs

32 Microsoft Servers Agentless collection Windows Server 2008 Windows Server 2003 Windows Server 2000 Windows 7 Windows XP <Return Windows Event Logs: Security, Application, DNS, and more Windows Active Directory Compliance ISA Server logs DHCP logs IIS Web Server logs

33 Microsoft Servers Agentless collection Windows Server 2008 Windows Server 2003 Windows Server 2000 Windows 7 Windows XP <Return Windows Event Logs: Security, Application, DNS, and more Windows Active Directory Compliance

34 Microsoft Servers Agentless collection Windows Server 2008 Windows Server 2003 Windows Server 2000 Windows 7 Windows XP <Return Windows Event Logs: Security, Application, DNS, and more Windows Active Directory Compliance

35 Syslogs Routers Firewalls Antivirus Other Syslog senders <Return

36 Syslogs Routers Firewalls Antivirus Other Syslog senders <Return Standard Syslog messages can be picked up by the Enforcive Syslog Connector, then forwarded to the CPA Manager. If required CPA can act as a SYSLOG server.

37 Syslogs Routers Firewalls Antivirus Other Syslog senders <Return Standard Syslog messages can be picked up by the Enforcive Syslog Connector, then forwarded to the CPA Manager. If required CPA can act as a SYSLOG server.

38 Syslogs Routers Firewalls Antivirus Other Syslog senders <Return Standard Syslog messages can be picked up by the Enforcive Syslog Connector, then forwarded to the CPA Manager. If required CPA can act as a SYSLOG server.

39 Syslogs Routers Firewalls Antivirus Other Syslog senders <Return Standard Syslog messages can be picked up by the Enforcive Syslog Connector, then forwarded to the CPA Manager. If required CPA can act as a SYSLOG server.

40 Feature: CPA as SYSLOG Server

41 Our Goal: Simplicity in implementation and daily use.

42 Implementation: Simple Steps Add Systems Set Audit Policy Define Data Transfer Specify Alerts Tailor Reports

43 Examples: Using CPA 1) Make a change to table contents in SQL 2) View that event locally 3) View that event in the Central Repository 4) Defining an audit policy 5) How to define which events are collected 6) How to alert on critical events 7) Investigating a global user’s activities 8) Visual analysis 9) Correlation Reporting

44 1: Make a change to table contents in SQL This example demonstrates how the CPA Repository will monitor critical events within a database: A user executes an SQL statement to change the salary field in an employee record.

45 2: View that event locally The change appears locally, both in the SQL Statement Audit and in the Data Audit SQL Statement Audit: Data Audit: Curren t Previou s

46 3: View that event in the Central Repository Once collected into the Repository the information can be filtered by date, platform and user. The event will appear both as an SQL statement and a Data Audit event showing the changes Curren t Previou s

47 4: Defining an Audit Policy

48

49

50

51

52 5. How to define which events are collected.

53 6: How to alert on critical events.

54 7: Investigating a Global User’s Activities IBM z IBM i Windows AIX DB2

55 8: Visual Analysis Report of currently active applications

56 8: Visual Analysis

57 9: Correlation Reporting Network Access Login:

58 9: Correlation Reporting Database contents before and after image report:

59 9: Correlation Reporting Mainframe Violations in both RACF and DB2

60 9: Correlation Reporting Oracle Logon Failure Report

61 9: Correlation Reporting Program Failures

62 Sneak Peek: User Identification Functionality

Download ppt "Enforcive CPA Cross Platform Auditing. Company Profile Formed in 1983 Pioneer in IBM mainframe and midrange security Offices in New Jersey, Toronto and."

Similar presentations

Heroix Longitude - multiplatform, automated application performance monitoring and management software.

Heroix Longitude - multiplatform, automated application performance monitoring and management software.
Complete Event Log Viewing, Monitoring and Management.

Complete Event Log Viewing, Monitoring and Management.
ESafe Reporter V3.0 eSafe Learning and Certification Program February 2007.

ESafe Reporter V3.0 eSafe Learning and Certification Program February 2007.
BalaBit Shell Control Box

BalaBit Shell Control Box
Complete Event Log Viewing, Monitoring and Management.

Complete Event Log Viewing, Monitoring and Management.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
Privileged Account Management Jason Fehrenbach, Product Manager.

Privileged Account Management Jason Fehrenbach, Product Manager.
1 DB2 Access Recording Services Auditing DB2 on z/OS with “DBARS” A product developed by Software Product Research.

1 DB2 Access Recording Services Auditing DB2 on z/OS with “DBARS” A product developed by Software Product Research.
1 Visualizer for Firewall Display & Analysis Tool.

1 Visualizer for Firewall Display & Analysis Tool.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Auditing Database Activities

Chapter 9 Auditing Database Activities
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Web Server Administration

Web Server Administration
Optinuity Confidential. All rights reserved. C2O Configuration Requirements.

Optinuity Confidential. All rights reserved. C2O Configuration Requirements.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Tripwire Enterprise Server – Getting Started Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology June 6, 2006.

Tripwire Enterprise Server – Getting Started Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology June 6, 2006.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

Similar presentations

Ads by Google