Enforcive CPA Cross Platform Auditing. Company Profile Formed in 1983 Pioneer in IBM mainframe and midrange security Offices in New Jersey, Toronto and.

Slides:



Advertisements
Similar presentations
Heroix Longitude - multiplatform, automated application performance monitoring and management software.
Advertisements

Complete Event Log Viewing, Monitoring and Management.
ESafe Reporter V3.0 eSafe Learning and Certification Program February 2007.
BalaBit Shell Control Box
Complete Event Log Viewing, Monitoring and Management.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
Privileged Account Management Jason Fehrenbach, Product Manager.
1 DB2 Access Recording Services Auditing DB2 on z/OS with “DBARS” A product developed by Software Product Research.
1 Visualizer for Firewall Display & Analysis Tool.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Active Directory: Final Solution to Enterprise System Integration
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Auditing Database Activities
Chapter 7 HARDENING SERVERS.
Web Server Administration
Optinuity Confidential. All rights reserved. C2O Configuration Requirements.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Tripwire Enterprise Server – Getting Started Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology June 6, 2006.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Security Guidelines and Management
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
1 Visualizer for Firewall Graphical Business Intelligence Display & Analysis Tool.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
Network LANscape Servers & Equipment Found In a Typical Local Area Network (LAN) By George Squillace New Horizons of MichiganGeorge Squillace MCT, MCSE,
Hardware vs. Software Computer systems consist of both hardware and software. Hardware refers to anything you can physically touch. Keyboards, mice, monitors,
Kaseya Fundamentals Workshop Developed by Kaseya University Powered by IT Scholars Kaseya Version 6.5 Last updated March, 2014 DAY FOUR.
What is FORENSICS? Why do we need Network Forensics?
1 Web Server Administration Chapter 1 The Basics of Server and Web Server Administration.
Copyright ®xSpring Pte Ltd, All rights reserved Versions DateVersionDescriptionAuthor May First version. Modified from Enterprise edition.NBL.
SafeNet Protects Data at Rest
CSI-E Computer Security Investigator – Enterprise.
ESCOP ™ System Center Operations Portal Expanding SCOM 2007 Data Warehouse and ACS Function.
ARGENT SOFTWARE Product Presentation ARGENT. ARGENT SOFTWARE Argent – Company Overview Argent Software is one of the world's leading systems management.
MIS3300_Team8 Service Aron Allen Angela Chong Cameron Sutherland Edment Thai Nakyung Kim.
Highlights Builds on Splunk implementations – extending enterprise value to include mission-critical IBM mainframe data. Unified mainframe data source.
Module 7: Fundamentals of Administering Windows Server 2008.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
Firewall End-to-End Network Access Protection for IBM i.
1 Visualizer for Firewall Display & Analysis Tool.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Las Vegas, NV - Feb. 21, 2002 Amgraf User Group Meeting Amgraf, Inc. 1 I-Form Hosting and Electronic Document Security Franklin J. Garner, III Amgraf,
Christof Claessens Technology Advisor Microsoft BeLux.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
Firewall End-to-End Network Access Protection for IBM i.
DataMigrator Data Analysis with WebFOCUS. 2 Metadata Data Lineage Data Profiling Data Transformation Administration Connectivity Portability DataMigrator.
February 8, 2005IHE Europe Educational Event 1 Integrating the Healthcare Enterprise Basic Security Robert Horn Agfa Healthcare.
1 Windows 2008 Configuring Server Roles and Services.
Integrating the Mainframe Liberating Enterprise Data.
Be Microsoft’s first and best customer Enabling world-class and predictable customer, client, and partner experience Protecting Microsoft’s physical and.
ViaSQL Technical Overview. Viaserv, Inc. 2 ViaSQL Support for S/390 n Originally a VSE product n OS/390 version released in 1999 n Identical features.
Migrating Mainframe Data Liberating Enterprise Data.
Biztalk server Enn Õunapuu
Introduction to Core Database Concepts Getting started with Databases and Structure Query Language (SQL)
COMP1321 Digital Infrastructure Richard Henson March 2016.
1 SAP NetWeaver 2004s ABAP Trial Version. 2 SAP NetWeaver Application Server ABAP with MaxDB SAP NetWeaver Application Server ABAP with MaxDB This package.
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Secure Connected Infrastructure
1 DB2 Access Recording Services Auditing DB2 on z/OS with “DBARS” A product developed by Software Product Research.
Protecting Critical Data on IBM i and Beyond
2016 Citrix presentation.
Objectives Differentiate between the different editions of Windows Server 2003 Explain Windows Server 2003 network models and server roles Identify concepts.
© 2011 ZOHO Corp. All Rights Reserved
Telnet/SSH Connecting to Hosts Internet Technology.
Layers of Data Security
Net Report WMI Dashboard Summary
STATEL an easy way to transfer data
iSecurity AP Journal Training
OU BATTLECARD: Oracle Identity Management Training
Presentation transcript:

Enforcive CPA Cross Platform Auditing

Company Profile Formed in 1983 Pioneer in IBM mainframe and midrange security Offices in New Jersey, Toronto and Israel 80 Resellers in 60 countries Global distribution agreement with IBM Thousands of installations worldwide, including Fortune 500 companies Expertise in Compliance and Event auditing – cross platform

Customers Around the World

CPA Customers

Banking Finance Insurance Automotive Electronics Pharmaceutical Healthcare Transportation Manufacturing Others Customers from Many Segments

Enforcive Cross Platform Security Offering 6 CPS Cross Platform Security ES for IBM i Enterprise Security MF/CICS & DB2CPA Cross Platform Audit CPC Cross Platform Compliance PSS Password Self Service All products work together and can be operated through a common GUI manager Host Based Security, Audit & Compliance for IBM i Log Management & Database Activity Monitoring GRC Password Synchronization - SSO Host Based Security & Audit for IBM mainframe Access Management Field Encryption Log Management Compliance Management For IBM i Windows Unix (AIX & Solaris) Linux OS400 z/OS MS SQL Server Oracle DB2 Sybase My SQL Progess Syslog Flat File Format Windows AIX IBM i (OS400 & DB2) MS SQL Server Oracle IBM i Windows Access Management Field Masking Log Management for z/OS – CICS VSE – CICS DB2 VSAM

Goodbye Haystacks. Find the needles you’ve been looking for. Easy Said. Easy Done.

What is the Cross-Platform Audit™? An enterprise-wide Compliance Event Monitor. The CPA is all about practical organizational security. It provides log monitoring for your computer systems, and databases; collecting and consolidating data from across the enterprise. Many sources available including: Windows, Mainframe, IBM i, Unix, DB2, SQL, Oracle and Progress. The CPA filters then collects the events into a single database and presents them in an intuitive GUI for ease of analysis and investigation.

The Need Monitoring of the organization in order to satisfy regulatory policies in a multi-platform environment. Administrators need minimal platform specific expertise to achieve their goals. Reduces the need to use local disk to store historical log files. Simplifies forensic investigation by correlating seemingly unconnected events into an audit trail indicating a possible breach of security.

Differentiators A single Management Console is used to manage the central repository as well as the individual systems that are being monitored. Focus is on critical information, for example the important data changes performed in the database. High visibility of changes using before and after images. Specialized IBM i logs – covering many unique event categories, with a high level of granularity. Specialized IBM Mainframe logs – covering a large amount of event categories, with a high level of granularity.

Features of the Cross-Platform Audit™ Collection of diverse data formats into a uniform database. Comprehensive monitoring in a multi-platform environment. Reporting real user activity utilizing all the user’s identities. Graphical analysis of security information statistics. Powerful filtering to pinpoint events with specific characteristics. Event information drill-down to the field change level, incorporating ‘before’ & ‘after’ images. Audit information from different systems available all in one place. Comprehensive audit information for every critical event, showing exactly who did what, when and how.

Collection Flow

All Sources System Audit File and Field Audit Alerts Application Audit SQL Statement IP Filter Compliance Message Queue History Log View Data SMF TELNET SMF FTP SMF VSAM SMF RACF TCP/IP Application Audit (FTP and Telnet) DB2 SMF DB2 LOG (Data Audit) DB2 CICS (SQL Data Capture) DB2 BATCH (SQL Data Capture) System Audit UNIX DB2 System Audit X86 System Audit 86_64 System Audit IA64 System Audit PPC64 System Audit PPC System Audit S390X System Audit S390 System Audit SQL Statements SQL System Audit SQL Data Audit SQL Statements Oracle System Oracle Admin Oracle Profiles/Users Oracle Procedures Data Audit DB2 SMF – MF DB2 LOG (Data Audit) – MF DB2 CICS (SQL Data Capture) – MF DB2 BATCH (SQL Data Capture) – MF DB2 System Audit – i, AIX, LUW DB2 SQL Statement Audit – i, AIX, LUW System Audit Data Audit Windows Event Logs: Security, Application, DNS, and more Windows Active Directory Compliance ISA Server logs DHCP logs IIS Web Server logs Exchange Server System Audit SYSLOG Sources Routers Firewalls Antivirus Other SYSLOG senders Audit Connect Query Prepare Execute Shutdown Quit No audit Init DB Other

Event Sources (click category to expand) IBM Systems Open Systems Databases Microsoft Servers Syslogs (view all)

IBM Systems IBM System i (AS/400) IBM System z (Mainframe) IBM System p (AIX) <Return

IBM Systems Operating system: V5R1M0 and above System Audit File and Field Audit Alerts Application Audit SQL Statement IP Filter Compliance Message Queue History Log View Data IBM System i (AS/400) IBM System z (Mainframe) IBM System p (AIX) <Return

IBM Systems Operating system: z/OS v 1.9 and above SMF TELNET SMF FTP SMF VSAM RACF (according to operating system) SMF RACF Communication Server (TCP/IP) (according to operating system) TCP/IP Application Audit (FTP and Telnet) DB2 v8, v9 and above DB2 SMF DB2 LOG (Data Audit) DB2 CICS (SQL Data Capture) DB2 BATCH IBM System i (AS/400) IBM System z (Mainframe) IBM System p (AIX) <Return

IBM Systems Operating system: IBM AIX 5.3 System Audit UNIX DB2 IBM System i (AS/400) IBM System z (Mainframe) IBM System p (AIX) <Return

Open Systems Linux Solaris *Coming SoonSolaris <Return

Open Systems Linux Solaris *Coming SoonSolaris <Return Operating system: Linux all distributions (Red Hat, CentOS) Kernel version >= 2.6 System Audit X86 System Audit 86_64 System Audit IA64 System Audit PPC64 System Audit PPC System Audit S390X System Audit S390

Cross-Platform Security™ Enterprise-wide Compliance Event Monitor Updated: October, 2013

Open Systems Linux Solaris *Coming SoonSolaris <Return System Audit

Databases Agentless collection SQL Server Oracle Server Progress OpenEdge DB2 Sybase <Return

Databases Agentless collection SQL Server Oracle Server Progress OpenEdge DB2 Sybase <Return SQL Server 2005/2008 SQL Statements SQL System Audit SQL Data Audit SQL Server 2000 SQL Data Audit

Databases Agentless collection SQL Server Oracle Server Progress OpenEdge DB2 Sybase <Return V10 and up SQL Statements Oracle System Oracle Admin Oracle Profiles/Users Oracle Procedures Data Audit

Databases Agentless collection SQL Server Oracle Server Progress OpenEdge DB2 Sybase <Return V10, V11 System Audit Data Audit

Databases Agentless collection SQL Server Oracle Server Progress OpenEdge DB2 Sybase <Return DB2 v8, v9 and above DB2 SMF DB2 LOG (Data Audit) DB2 CICS (SQL Data Capture) DB2 BATCH DB2 LUW (Linux UNIX Windows) DB2 System Audit DB2 SQL Statement Audit

Databases Agentless collection SQL Server Oracle Server Progress OpenEdge DB2 Sybase <Return V15.7 System Audit

Microsoft Servers Agentless collection Windows Server 2008 Windows Server 2003 Windows Server 2000 Windows 7 Windows XP <Return

Microsoft Servers Agentless collection Windows Server 2008 Windows Server 2003 Windows Server 2000 Windows 7 Windows XP <Return Windows Event Logs: Security, Application, DNS, and more Windows Active Directory Compliance ISA Server logs DHCP logs IIS Web Server logs

Microsoft Servers Agentless collection Windows Server 2008 Windows Server 2003 Windows Server 2000 Windows 7 Windows XP <Return Windows Event Logs: Security, Application, DNS, and more Windows Active Directory Compliance ISA Server logs DHCP logs IIS Web Server logs

Microsoft Servers Agentless collection Windows Server 2008 Windows Server 2003 Windows Server 2000 Windows 7 Windows XP <Return Windows Event Logs: Security, Application, DNS, and more Windows Active Directory Compliance ISA Server logs DHCP logs IIS Web Server logs

Microsoft Servers Agentless collection Windows Server 2008 Windows Server 2003 Windows Server 2000 Windows 7 Windows XP <Return Windows Event Logs: Security, Application, DNS, and more Windows Active Directory Compliance

Microsoft Servers Agentless collection Windows Server 2008 Windows Server 2003 Windows Server 2000 Windows 7 Windows XP <Return Windows Event Logs: Security, Application, DNS, and more Windows Active Directory Compliance

Syslogs Routers Firewalls Antivirus Other Syslog senders <Return

Syslogs Routers Firewalls Antivirus Other Syslog senders <Return Standard Syslog messages can be picked up by the Enforcive Syslog Connector, then forwarded to the CPA Manager. If required CPA can act as a SYSLOG server.

Syslogs Routers Firewalls Antivirus Other Syslog senders <Return Standard Syslog messages can be picked up by the Enforcive Syslog Connector, then forwarded to the CPA Manager. If required CPA can act as a SYSLOG server.

Syslogs Routers Firewalls Antivirus Other Syslog senders <Return Standard Syslog messages can be picked up by the Enforcive Syslog Connector, then forwarded to the CPA Manager. If required CPA can act as a SYSLOG server.

Syslogs Routers Firewalls Antivirus Other Syslog senders <Return Standard Syslog messages can be picked up by the Enforcive Syslog Connector, then forwarded to the CPA Manager. If required CPA can act as a SYSLOG server.

Feature: CPA as SYSLOG Server

Our Goal: Simplicity in implementation and daily use.

Implementation: Simple Steps Add Systems Set Audit Policy Define Data Transfer Specify Alerts Tailor Reports

Examples: Using CPA 1) Make a change to table contents in SQL 2) View that event locally 3) View that event in the Central Repository 4) Defining an audit policy 5) How to define which events are collected 6) How to alert on critical events 7) Investigating a global user’s activities 8) Visual analysis 9) Correlation Reporting

1: Make a change to table contents in SQL This example demonstrates how the CPA Repository will monitor critical events within a database: A user executes an SQL statement to change the salary field in an employee record.

2: View that event locally The change appears locally, both in the SQL Statement Audit and in the Data Audit SQL Statement Audit: Data Audit: Curren t Previou s

3: View that event in the Central Repository Once collected into the Repository the information can be filtered by date, platform and user. The event will appear both as an SQL statement and a Data Audit event showing the changes Curren t Previou s

4: Defining an Audit Policy

5. How to define which events are collected.

6: How to alert on critical events.

7: Investigating a Global User’s Activities IBM z IBM i Windows AIX DB2

8: Visual Analysis Report of currently active applications

8: Visual Analysis

9: Correlation Reporting Network Access Login:

9: Correlation Reporting Database contents before and after image report:

9: Correlation Reporting Mainframe Violations in both RACF and DB2

9: Correlation Reporting Oracle Logon Failure Report

9: Correlation Reporting Program Failures

Sneak Peek: User Identification Functionality

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.