APJournal Application Security

1
AP-JournalApplication Security Business
Analysis
2
Part 1 Overview
3
Overview

• Application Security Business Analysis tool
• Keeps managers constantly informed on database
  changes
• Produces reports on changes over numerous years

Relax. AP-Journal Will Check it for You.
4
Features
Reports- based on changes to business-critical
application data
Alerts (e.g. Item price increased by more than
10)
Keeps selected updates in intermediate storage
for long periods
Cross-application activity tracking (based on
common identifiers in ERP, Finance, Shipment
applications)
Instantaneous access to data covering numerous
years
Used to meet regulatory requirements - SOX,
HIPAA, PCI (Ensures only authorized programs
update production data)
Based on patent-pending technology
5
What does IBM DB-Journal Support?
6
AP-Journal Added Value
7
AP-Journal Real-Life Applications

• Alerts to Enforce Changing Business Rules and
  Policies
• Corporate management often changes customer and
  discount policies
• AP-Journal alerts ensure each salesperson handles
  only specific customers and doesnt give
  customers discounts over a certain percentage
• Long-Term Reports
• Mortgage bank uses AP-Journal to monitor the
  long-term history of all changes madeto loans
• Clerks have a user-friendly interface to produce
  single-click AP-Journal reports
• PCI Compliance
• Credit card company is required by PCI
  regulations auditors to save many files
• Accumulates 10M entries per hour, but monitors
  and issues alerts on only 5K entries per day
  using AP-Journal advanced filtering capabilities
• Using AP-Journal Containers to Save Disk Space
• Company that needs weekly reports based on
  information from journal receivers
• Limited disk capacity wont allow saving
  information from receivers for more than 1 day
• Uses AP-Journal Containers as temporary storage
  until weekly report is produced

!
8
Part 2 Alert Scenario
9
Monday Morning
Mr. Bryan Fields HR Audit Manager Insurance
Company
10
Three days later
Ms. Jane Smith Administrative Assistant Insurance
Company
11
One second later
Mr. Bryan Fields HR Audit Manager Insurance
Company
12
At the Greenspan Residence
Mr. Mrs. Greenspan Retired Senior Citizens
13
At the Bank
Mr. Michael Hill Mortgage Consultant
14
Back at the Greenspan Residence
Mr. Mrs. Greenspan Retired Senior Citizens
15
Part 3 About AP-Journal
16
Facts about AP-Journal

• Based on IBM DB-Journal receivers
• Real-time operates as soon as database update
  occurs
• No programming
• No maintenance fully automated receivers and
  containers transfer, backup and removal
• Not Based on Triggers no delay in application,
  works asynchronous to the application, can
  operate during off-peak hours
• Not intended to support QUADJRN (Security Audit
  Journal) for this see iSecurity/Audit

17
iSecurity Overview
1
7
Re-Assessment
Compliance on Demand Visualizer
6
8
3
Auditing
Audit Capture User Profile System
Control Central Admin
Compliance Regulation (PCI, HIPAA, SOX)
or Security Breach or Management Decision
Protection
Firewall Authority on Demand Anti-Virus
Screen Password Action
4
2
Assessment
5
Databases
AP-Journal View FileScope
18
Reporting Features

• Content
• From either Receivers or Containers
• Processes information (Who, What, When)
• Records changes to data (transfer-to account
  changed)
• Compares with previous value (Quantity decreased
  gt 100)
• Covers dozens of years of application history
• Format
• Flexible filters, various levels of detail
• Timeline reporting
• Online enables extension of filters
• Printed upon request or via included Scheduler
• Emailed- in PDF or HTML formats

18
19
Alerts Features

• Content
• Real-time
• Threshold-activated
• Enables defining complex rules
• Supports comparison to group of items
• Fully editable message with field values
• Field values appear in Before/After images
• Format
• Email including alert details
• Message queue with alert details
• CL script with access to event fields

20
Business Analysis Features

• Patent Pending
• Traces customer activities throughout all
  applications
• Mortgage bank reports containing timeline of all
  mortgage activity (payments, returns, guarantors)
  across 7 years
• Insurance Company reports integrating data from
  policy, collection, claims and accounting
  applications
• Accesses data exceptionally fast
• Special-purpose Containers store and index
  customer-selected business items for quick
  retrieval
• Can also function based upon the IBM Journal
  Receivers

21
Part 4 Technology
22
Business Analysis Integrating Data from
Multiple Databases
Interest Rates
Guarantors
Payments
Loan No. 1
Loan No. field is identified in all databases
indexed
Time Operation DB
Loan No. Output
Interest Payments Guarantors Payment
Interest Payments
20 Apr 01 03 Jan 03 17 Feb 05 12 Mar 05 24 Jun
07 11 May 08
Update Add Add Change Update Update
1 2 1 8 9 1
Screen
Report
All changes to Loan No. 1 are integrated into a
single report
23
AP-Journal Tech Overview
DB1
DB2
DB3
Long-time storage for critical data
Journal
Alert Before
1
2
Receivers
3
4
Alert After
Reporting System
Reporting System
5
6
Screen
Print-out
Email HTML
24
Technical Features

• BEFORE / AFTER journal types
• Remote Journal
• Performance optimized for High Availability (HA)
  Journals containing tens of millions of entries
• Operates in parallel to HA software
• Automatic exchange of Journal Receivers
• Automatic exchange of Containers (AP-Journals
  proprietary database)
• Automatic backup of containers
• Tracking offline containers

25
Part 5 About AP-Journal
26
Alert Conditions Screen
27
Alert Message Definition Screen
28
Alert Recipient Format
29
Optional Alert Action Script
30
Display of Database Update
31
Full Report Displaying All Changes
32
Thank You!
Please visit us at www.razlee.com