Cross-Platform Audit

 

Enterprise-Wide Log Manager and Database Activity Monitor

The Enforcive Cross-Platform Audit (CPA) solution consolidates audit log events from all of your computing platforms into a powerful, enterprise-wide security monitoring system. Presented through an intuitive GUI, CPA makes it easy for auditors and system administrators to rapidly identify, investigate, and resolve critical security issues. Audit sources include Windows, Mainframe, IBM i, DB2 (all types), AIX, UNIX, Linux, Sybase, Solaris, MS SQL Server, Oracle, and Progress.

 

Real Time, Cross-Platform Security Monitoring and Alerts

CPA collects, filters, and organizes the flood of raw transactional events logged daily by each system in the enterprise. Administrators can then implement their own filtering, grouping, and sorting parameters based upon source, IP address, user identity, transaction status, and date. Because CPA recognizes activity by user identity, it is able to link together all logon IDs attributed to a user so that reporting can show, step by step, where the user went and what was done. Wherever possible, data is presented in technology-neutral terms, avoiding the need for administrators to have a technical understanding of all platforms and applications within an organization..

Cross-Platform Audit - Architecture

 

Security Operations Center

At the heart of CPA is the Security Operations Center (SOC), a customizable set of GUI screens that provide a high-level summary of activity across the enterprise. Security officers and administrators often use the SOC as a starting point for analyzing the central data repository for critical events. Every component of the on-screen graphs within the SOC can be expanded to show the actual audit events behind statistics that are displayed, while providing further drill-down capabilities into each audit event to see its details, including before and after images where relevant. Graphs can be built dynamically by selecting desired parameters through an easy-to-use wizard, and all graphs and summary tables can be displayed on screen, printed, distributed by e-mail, or saved in a variety of common formats.

Security officers can also define parameters for specific types of events that should trigger alerts. Notifications can be sent by e-mail, displayed via screen pop-up, or routed to any designated syslog server.

 

Robust, Multi-Source Reporting

Over 200 reports are included with CPA and any report can be customized to the specific requirements of the organization. The powerful, multi-source reporting capabilities of CPA save security administrators time and effort. All reports can be created in real time and then printed, viewed online, or exported to a variety of common file formats. Reports can also be scheduled to run automatically at predefined intervals and distributed to preselected contacts.

Examples of included reports by platform:

  • Windows – Failed Login Attempts, Disabled Accounts of Terminated Staff
  • SQL Server – Executed Statements, Data Audit
  • Linux – Program Failures
  • AIX – Objects Deleted
  • IBM i - Authority Failures, Network Access Login Report
  • Mainframe - DB2 Before and After Data Changes, Violations for RACF and DB2
  • Oracle – Login Failure, Index Creation Failure
 

Key Benefits:

  • Efficiency: You have a one-stop location for critical audit information.
  • Clarity: Only selected types of critical events make it into the central data repository.
  • Simplicity: Diverse data is stored in a uniform format.
  • Flexibility: Multi-criteria filtering pinpoints events with specific characteristics.
  • Visibility: Security data statistics are shown through a graphical analysis.
  • Unity: Disparate events are correlated into an exposure analysis.
  • Granularity: Data changes are highlighted for focused investigations.