Enforcive™/Cross-Platform Audit

Enterprise-Wide Log Manager and Database Activity Monitor

2

Real-timeMonitoring

Before & AfterChange Image

Enforcive's Cross-Platform Audit™ (CPA) is built on the principles of database activity monitoring and log management, but focused on providing practical and relevant information about an organization’s critical systems. The Enforcive CPA consolidates platform specific audit events and presents them through a powerful and intuitive dashboard, empowering auditors and system administrators alike as they can easily identify critical issues that could impact the business.

The CPA is all about practical organizational security. It provides log monitoring for computer systems & databases; collecting and consolidating data from across the enterprise. Sources include; Windows, Mainframe, IBM i, DB2 (all flavors), AIX, UNIX, Linux, Sybase, Solaris, SQL, Oracle and Progress. The CPA collects the important events into a single database and displays them in an intuitive GUI for ease of detection and investigation.

Features & Bene�ts: • Efficiency: One-stop location for the critical audit information

• Clarity: Only selected critical events will make it into the central data repository

• Simplicity: Diverse data stored in a uniform format

• Flexibility: Multi-criteria filtering to help pinpoint events with specific characteristics

• Visibility: Graphical analysis of security data statistics

• Unity: Correlation of seemingly disparate events into an exposure analysis

• Granularity: Actual data changes are highlighted for focused investigations

Custom Reports

Real-time Monitoring

The CPA filters raw transactional data, collects the critical items, and consolidates them to a centralized event repository. The resulting data can be interrogated online, or by report, to provide meaningful information for the business. Without this, it would be nearly impossible to identify the critical items in the flood of events logged by each system on a daily basis.

Enforcive's CPA includes a Security Operations Center (SOC) which is a customizable set of screens that provide a high level summary of activity across the enterprise. Security officers use this as a starting point for analyzing the central data repository. Events from across the enterprise can be filtered, amalgamated and sorted into a host of different combinations based upon source, IP address, user identity, transaction status and date. Graphs can be built dynamically, selecting the parameters through an easy to use wizard.

Enforcive also recognizes activity by user identity; linking together all the logon IDs attributed to a person so that reporting can show, step by step, where the user went and what they did.

Alert Center

3

Every component of the on-screen graphs in the SOC can be expanded to show the actual audit events behind the statistics. Each audit event can be drilled into to show its detail, including before and after images where relevant. The graphs and summary tables can be displayed on screen, printed, sent by email, or saved in a variety of formats.

Before & After Change ImageIn addition to filtered, and summary data, the administrators benefit from drill down capabilities that will highlight the "before" and "after" image of change events. Where possible, data is presented in technology neutral terms, avoiding the need for the user to be a technical specialist in all platforms and applications.

Alert CenterSecurity officers can define specific parameters to be watched for, so that any event which meets particular criteria will generate an alert. Notifications can be sent by email, as well as by a screen pop-up, or by routing to a Syslog server.

Examples of User-Created Alerts:

• IBM i - Application Audit FTP Put Successful • Windows - Audit Policy Change • Mainframe DB2 - Database Authorization Failure • MSSQL - SQL Delete Statement

Figure 2: Before and After Screenshot

Figure 1: CPA’s Security Operation Center (SOC)

4

Security Operation Center (SOC)

Event Type Breakdown

Activity Trend View Warning/RejectDashboards

Log Analysis

Reporting

Event Management

Event Management- Real-time Monitoring- Alert Center- Before & After Change Image

- Scheduled Distribution- Packaged Compliance Reports- Custom Reports

- Aggregation- Classification- Correlation

Log Analysis

Reporting

Central Repository

CPA architecture

5

Custom ReportsMulti-source reporting highlights the power of the CPA by saving security administrators time and effort when building and using the reports the organization requires.. Over 200 reports are available out of the box. These reports can also be customized to the organizations specific requirements as well as branded to display company/department names and logos.

Reports can be created and run in real-time, then viewed online, printed or exported to a variety of file formats. Once a report is created, the CPA can be scheduled to run such a report at future intervals and automatically distribute the report to pre-selected contacts.

Out of the box reports include:

• Windows – Failed Login Attempts • Windows - Disabled Accounts of Terminated Staff • SQL Server – Executed Statements • SQL Server – Data Audit • Linux – Program Failures • AIX – Objects Deleted • IBM i - Authority Failures • IBM i - Network Access Login Report • Mainframe - DB2 Before and After Data Changes • Mainframe - Violations for RACF and DB2 • Oracle – Login Failure • Oracle – Index Creation Failure

Figure 3: Windows Disabled Accounts (Terminated Employees)

6

Figure 4: IBM i Network Access Attempts via TELNET

Figure 5: LINUX Object Deleted

About EnforciveEnforcive provides comprehensive security solutions to help businesses reduce workloads, satisfy auditors and improve responsiveness to security threats. For over two decades, Enforcive has been providing solutions within mission critical environments using platforms

solutions to our customers.

Enforce your policy by:

• • Implementing comprehensive and demonstrable security and compliance policies • Automating compliance related administration tasks • regulations including SOX, PCI and COBIT • Addressing your medium to long term audit log archiving requirements •

Enforcive, Inc.Toll Free USA: 877-237-8024International: +972-9-9610400info@enforcive.comwww.enforcive.com

Copyright © 2013 - Enforcive, Inc. - All Rights & Privileges Reserved

Enforcive is a registered trademark of Enforcive, Inc.

All trademarks are property of their respective owners. v.14.2.7

24/7 Global SupportLive technical support available at 1-877-272-3318 or support@enforcive.com

SUPPORTED DATA SOURCESAIX*- System Audit

Windows- Windows Event Logs: Security, Application, DNS and more

- Windows Active Directory Compliance

- ISA Server Logs

- DHCP Logs

- IIS Web Server Logs

- Exchange Server

Solaris*- System Audit

Linux*- System Audit X86

- System Audit 86_64

- System Audit IA64

- System Audit PPC64

- System Audit PPC

- System Audit S390X

- System Audit S390

SYSLOG Sources- Routers

- Firewalls

- Antivirus

- Other SYSLOG Senders

Microsoft SQL Server- SQL Statements- SQL System Audit- SQL Data Audit

ORACLE- SQL Statements- Oracle System- Oracle Admin- Oracle Profilles/Users- Oracle Procedures- Data Audit

DB2 LUW- System Audit

MySQL- Audit- Connect- Query- Prepare- Execute- Shutdown- Quit- No Audit- Init DB- Other

Progress | Open Edge- System Audit- Data Audit

SYBASE- System Audit

IBM i*- System Audit

- File and Field Audit

- Alerts

- Application Audit

- SQL Statement

- IP Filter

- Compliance

- Message Queue

- History Log

- View Data

DB2-z/OS*- DB2 SMF - MF

- DB2 LOG (Data Audit) - MF

- DB2 CICS (SQL Data Campture) - MF

- DB2 BATCH (SQL Data Capture) - MF

- DB2 System Audit - i, AIX, LUW

- DB2 SQL Statement Audit - i, AIX, LUW

z/OS*- SMF TELNET- SMF FTP- SMF VSAM- SMF RACF- TCP/IP Application Audit (FTP and Telnet)- DB2 SMF- DB2 LOG (Data Audit)- DB2 CICS (SQL Data Capture)- DB2 BATCH (SQL Data Capture)

* Agent Required