Application Log Monitoring

Out of the 257 known cases of actual data breaches investigated by the US Secret Service, Verizon Data Breach Investigations report for 2010 concluded that 98% of all data breached came from servers and that 86% of victims had evidence of the breach in their log files. Most organizations have managed to centralize the collection of their logs from platforms (unix, windows) and to some degree from network devices (switches, routers), security products (firewall, intrusion detection systems). However, the primary target for attackers are the crucial business applications where your transactions occur. In most cases, organizations have failed to adequately secure these applications that are running on legacy mainframes, traditional client-server technologies and modern web based architectures. For the most part, the log collection and analysis for these applications is ignored because there are no signatures or fingerprints to look for. Securonix focuses on finding anomalies in these business applications and detect fraudulent and suspicious activities for these applications.

Log Collection

Securonix provides support for application log files and audit data in any format. Simply specify the fields that you want to capture from your application log files and choose to import these using our standard data collectors. Alternatively, use the drag and drop expression builder on the Securonix user interface to build your own rules for importing the data. Make this process repeatable by choosing to bring updated activity data on any predefined interval

Correlation

Securonix correlates all activities conducted on the application to a single user so you can know who did what on the application. The powerful correlation engine uses a combination of static rules and fuzzy logic to correlate the activities to users. By correlating activities to users, the Securonix solution enables easy comparison of activities across multiple peers to identify suspicious activities.

Visibility

Get unprecedented visibility on your critical business applications. You can monitor who has what access on your applications and see what they are doing with that access. See a listing of all transactions and navigate to the suers that are doing those activities. See application usage behavior to see when your applications are used, who uses them and even what network sources are used to conduct these activities.

Detect Suspicious Activities

Use the Securonix technology to identify data breaches and fraudulent transactions conducted on your critical applications. Using the advanced behavior based anomaly detection technology, you can get alerts on activities that do not match previously seen behavioral patterns.

Use the Securonix technology to specify your own set of security policies spanning user identity, access privileges, resources, activities and network sources. Use the simple drag and drop policy engine interface to start monitoring security policies that you want for your own business

Capabilities

Use Securonix Risk and Threat Intelligence for monitoring your critical applications and get up to date information on identity, access, activity and alerts in your organization:

  • Import application logs in any format fron any source
  • Advanced Correlation: Use static rules and dynamic fuzzy logic for correlating accounts to User identities
  • 360″ Cube Views: Drill down into the data cube from any entity and view all interconnections for Users, Applications, hosts, databases, Peers, Access privileges, Activities and even network sources
  • Behavior based detection of fraudulent transactions
  • Dashboard views with intuitive graphs for easy visualizations
  • Compare,contrast and set up custom searches for detailed analytics and alerts