1 / 39

AP-Journal Application Security & Business Analysis

AP-Journal Application Security & Business Analysis. Part 1 Overview. Overview. Application Security & Business Analysis tool Keeps managers constantly informed on database changes Produces reports on changes over numerous years. Relax. AP-Journal Will Check it for You. . Features.

ivanbritt
Télécharger la présentation

AP-Journal Application Security & Business Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AP-JournalApplication Security & Business Analysis

  2. Part 1 Overview

  3. Overview • Application Security & Business Analysis tool • Keeps managers constantly informed on database changes • Produces reports on changes over numerous years Relax. AP-Journal Will Check it for You.

  4. Features Reports- based on changes to business-critical application data Alerts (e.g. “Item price increased by more than 10%”) Keeps selected updates in intermediate storage for long periods Cross-application activity tracking (based on common identifiers in ERP, Finance, Shipment applications) Instantaneous access to data covering numerous years Used to meet regulatory requirements - SOX, HIPAA, PCI (Ensures only authorized programs update production data) Based on patent-pending technology Logging of Database Read Operations

  5. Reports & Conditions Created with AP-Journal • Who modified file PAYMENTS between 20:00 and 06:00 during vacation; among those, who reduced the PAYMENT_AMOUNT by more than 15%? • Who made changes to production file LOANS using a non-approved program? • Who worked on the SALARY file during non-standard business hours, and accessed records of employees whose salaries exceed $5K monthly? • Provide John with a timeline report of all changes made to John's MORTGAGE (covering the dozens of files in the MORTGAGE system), during the past 25 years? • Send an SMS message and e-mail to the company's Chief Security Officer, Manager of IT and Internal Auditor when the PRICE_OF_ITEM changes by more than 4%. • Send a SYSLOG message and operator message when the PRICE_OF_ITEM for an ITEM shipped last month changes by more than $6.20 • Send an e-mail whenever an employee record whose SALARY is less than $5000 is read from file SALARIES. • Which users who are not in the HR department, modified the SALARIES table? • What changes to the hospital's PATIENTS file were made via utility application DFU? • Who made changes to field DISCOUNTS since last Sunday?

  6. What does IBM DB-Journal Support? IBM DB-Journal is generally used for: • Data integrity – handling commitment control to ensure that a transaction involving several updates is complete • High Availability – enabling Hot Backup to ensure instantaneous access to updated business-critical application data • Incremental backup – saving “before” and “after” images of file updates If IBM DB-Journal is enabled, and functioning Use it to its best advantage with AP-Journal

  7. AP-Journal Added Value Reports integrating data from multiple applications Powerful Quickly generates user-friendly printed/online reports from journals Convenient Real-time threshold-activated alerts Efficient No programming or changes to applications, no performance impact Reliable Effective storage of only user-selected data in special “containers” Cost-effective Flexible filters based on field data (e.g. Price increased by over 10%) Adaptable

  8. AP-Journal Real-Life Applications Alerts to Enforce Changing Business Rules and Policies • Corporate management often changes customer and discount policies • AP-Journal alerts ensure each salesperson handles only specific customers and doesn’t give customers discounts over a certain percentage Long-Term Reports • Mortgage bank uses AP-Journal to monitor the long-term history of all changes madeto loans • Clerks have a user-friendly interface to produce “single-click” AP-Journal reports PCI Compliance • Credit card company is required by PCI regulations & auditors to save many files • Accumulates 10M entries per hour, but monitors and issues alerts on only 5K entries per day using AP-Journal advanced filtering capabilities Using AP-Journal Containers to Save Disk Space • Company that needs weekly reports based on information from journal receivers • Limited disk capacity won’t allow saving information from receivers for more than 1 day • Uses AP-Journal Containers as temporary storage until weekly report is produced !

  9. Part 2 Alert Scenario

  10. Monday Morning “OK… Let’s define salary thresholds. Assistants: Alert at over 10%...” Mr. Bryan Fields HR Audit Manager Insurance Company

  11. Three days later… “Finally… I got a 20% raise!” Ms. Jane Smith Administrative Assistant Insurance Company

  12. One second later… Mr. Bryan Fields HR Audit Manager Insurance Company

  13. At the Greenspan Residence “Dear… Shouldn’t we be done with our mortgage already? It’s been 35 years…” Mr. & Mrs. Greenspan Retired Senior Citizens

  14. At the Bank Mortgage Timeline: Greenspan family “In just a minute, I will produce a report that covers all the information about all 35 years of your mortgage: payments, interest rates, guarantors…” 15 Aug 1973 Mortgage start 1 Oct. 1975 Change of interest rate +4% Standard payment $800 1 June 1978 Mortgage frozen 30 Nov 1981 4 Mar 1992 $15,000 installment 1 Apr 1996 Guarantor replaced Change of property 6 Jul 2001 2nd mortgage added Standard payment $1000 8 Jan 2007 1 Apr 2003 Mr. Michael Hill Mortgage Consultant

  15. Back at the Greenspan Residence “Goodness! All that information in a single report. This bank sure gives great service. “ Mr. & Mrs. Greenspan Retired Senior Citizens

  16. Part 3 About AP-Journal

  17. Facts about AP-Journal • Based on IBM DB-Journal receivers • Real-time – operates as soon as database update occurs • No programming • No maintenance – fully automated receivers and containers transfer, backup and removal • Not Based on Triggers – no delay in application, works asynchronous to the application, can operate during off-peak hours • Not intended to support QUADJRN (Security Audit Journal); for this see iSecurity/Audit

  18. Content From either Receivers or Containers Processes information (Who, What, When…) Records changes to data (“transfer-to account” changed) Compares with previous value (Quantity decreased > 100) Covers dozens of years of application history Format Flexible filters, various levels of detail Timeline reporting Online – enables extension of filters Printed – upon request or via included Scheduler Emailed- in PDF or HTML formats Reporting Features 18

  19. Alerts Features • Content • Real-time • Threshold-activated • Enables defining complex rules • Supports comparison to group of items • Fully editable message with field values • Field values appear in Before/After images • Format • Email including alert details • Message queue with alert details • CL script with access to event fields

  20. Business Analysis Features • Patent Pending • Traces customer activities throughout all applications: • Mortgage bank: reports containing timeline of all mortgage activity (payments, returns, guarantors) across 7 years • Insurance Company: reports integrating data from policy, collection, claims and accounting applications • Accesses data exceptionally fast • Special-purpose Containers store and index customer-selected business items for quick retrieval • Can also function based upon the IBM Journal Receivers

  21. Part 4 Technology

  22. Business Analysis: Integrating Data from Multiple Databases Payments Guarantors Interest Rates Loan No. 1 Loan No. field is identified in all databases & indexed Time Operation DB Loan No. Output 20 Apr 01 03 Jan 03 17 Feb 05 12 Mar 05 24 Jun 07 11 May 08 Update Add Add Change Update Update Interest Payments Guarantors Payment Interest Payments 1 2 1 8 9 1 Screen Report All changes to Loan No. 1 are integrated into a single report

  23. Processing of Receivers in Real time (or at night) AP-Journal Technical Overview DB1 DB2 DB3 Business Items B Journal A Long-time storage for critical data DB-Reads C D Alert Before E F Alert After Receivers Containers G Reporting System G Reporting System Screen Email & HTML Print-out

  24. Annotation of Technical Overview • DB changes are journaled into journal receivers using OS/400 facilities. • Read access actions are added to journal receivers. This unique AP-Journal feature allows for filtering only the necessary Reads. • For performance purposes, AP-Journal reads only the required files from the journal receivers. • Alerts can be generated using strong filtering capabilities; alerts sent as operator messages, SMS, SYSLOG, etc. • Important journaled data is kept for long periods in database files which are protected and emulate journal receivers. • Alerts on data stored in containers; alerts sent as in 4 above. • Single report definition can run on either journal receivers or containers.

  25. Technical Features • *BEFORE / *AFTER journal types • Remote Journal • Performance optimized for High Availability (HA) Journals containing tens of millions of entries • Operates in parallel to HA software • Automatic exchange of Journal Receivers • Automatic exchange of Containers (AP-Journal’s proprietary database) • Automatic backup of containers • Tracking offline containers

  26. Part 5 AP-Journal Screens

  27. AP-Journal Filtering Interface See explanation on following slides. Either price or quantity differences of more than 10% will trigger this event. Both header (pink) and fields (black) can be filtered. Note “RR” in Entry field, enabling filter of Reads in addition to Deletes, Updates, etc.

  28. AP-Journal Filtering Capabilities Column "BEFORE=B" in the previous slide is used to specify if the field value to be compared is the value Before or After the field update. Further explanations to the line in the previous slide beginning “Test:” : • EQ NE LE GE LT GT are standard Boolean operators • N/LIST checks whether the field value appears in the supplied list of values • N/LIKE checks if the field value resembles the value entered. If the % wildcard (signifying any number of characters) is not the first character, the value to be compared is position specific (i.e. the first character in the field will be compared to the first character specified in the filter condition). • N/START checks that the field value does not begin with the characters entered

  29. AP-Journal Filtering Capabilities Explanations Continued: • N/ITEM checks if the field value appear as an item in the GROUP/MEMBER specified • N/SAME checks that the Before and After values are the same • DIFxx checks if the difference between the Before and After values as entered in the Value column complies with the Boolean operator xx (EQ, NE, LE, etc.) • DIF%xx checks if the difference in percentage between the Before and After values as entered in the Value column complies with the Boolean operator xx (EQ, NE, LE, etc.)

  30. Alert Message Definition Screen Define a Generic Alert message

  31. Alert Recipient & Format Define who receives alerts and in what format (email, message queue, SYSLOG, etc.)

  32. Optional Alert Action Script Capture the offending user’s screens and after 5 minutes terminate the session.

  33. Display of Database Update Display data before & after any changes which were made from a specific IP address

  34. Full Report Displaying All Changes Printable report highlighting the before & after data in fields which were changed

  35. Defining journal file operations Easy to read summary table of journalactivities per file/library.

  36. Modify file operations Define file operations and relatedparameters.

  37. Alert conditions and SYSLOG message Define alert conditions and appropriate message for SYSLOG/e-mail/msg.

  38. View SYSLOG real-time alerts Note SYSLOG messages as receivedin SIEM product.

  39. Thank You! Please visit us at www.razlee.com

More Related