AP-Journal Application Security

1
AP-JournalApplication Security Business
Analysis
2
Part 1 Overview
3
Overview

• Application Security Business Analysis tool
• Keeps managers constantly informed on database
  changes
• Produces reports on changes over numerous years

Relax. AP-Journal Will Check it for You.
4
Features
Reports- based on changes to business-critical
application data
Alerts (e.g. Item price increased by more than
10)
Keeps selected updates in intermediate storage
for long periods
Cross-application activity tracking (based on
common identifiers in ERP, Finance, Shipment
applications)
Instantaneous access to data covering numerous
years
Used to meet regulatory requirements - SOX,
HIPAA, PCI (Ensures only authorized programs
update production data)
Based on patent-pending technology
Logging of Database Read Operations
5
Reports Conditions Created with AP-Journal

• Who modified file PAYMENTS between 2000 and
  0600 during vacation among those, who reduced
  the PAYMENT_AMOUNT by more than 15?
• Who made changes to production file LOANS using a
  non-approved program?
• Who worked on the SALARY file during non-standard
  business hours, and accessed records of employees
  whose salaries exceed 5K monthly?
• Provide John with a timeline report of all
  changes made to John's MORTGAGE (covering the
  dozens of files in the MORTGAGE system), during
  the past 25 years?
• Send an SMS message and e-mail to the company's
  Chief Security Officer, Manager of IT and
  Internal Auditor when the PRICE_OF_ITEM changes
  by more than 4.
• Send a SYSLOG message and operator message when
  the PRICE_OF_ITEM for an ITEM shipped last month
  changes by more than 6.20
• Send an e-mail whenever an employee record whose
  SALARY is less than 5000 is read from file
  SALARIES.
• Which users who are not in the HR department,
  modified the SALARIES table?
• What changes to the hospital's PATIENTS file were
  made via utility application DFU?
• Who made changes to field DISCOUNTS since last
  Sunday?

6
What does IBM DB-Journal Support?
7
AP-Journal Added Value
8
AP-Journal Real-Life Applications

• Alerts to Enforce Changing Business Rules and
  Policies
• Corporate management often changes customer and
  discount policies
• AP-Journal alerts ensure each salesperson handles
  only specific customers and doesnt give
  customers discounts over a certain percentage
• Long-Term Reports
• Mortgage bank uses AP-Journal to monitor the
  long-term history of all changes madeto loans
• Clerks have a user-friendly interface to produce
  single-click AP-Journal reports
• PCI Compliance
• Credit card company is required by PCI
  regulations auditors to save many files
• Accumulates 10M entries per hour, but monitors
  and issues alerts on only 5K entries per day
  using AP-Journal advanced filtering capabilities
• Using AP-Journal Containers to Save Disk Space
• Company that needs weekly reports based on
  information from journal receivers
• Limited disk capacity wont allow saving
  information from receivers for more than 1 day
• Uses AP-Journal Containers as temporary storage
  until weekly report is produced

!
9
Part 2 Alert Scenario
10
Monday Morning
Mr. Bryan Fields HR Audit Manager Insurance
Company
11
Three days later
Ms. Jane Smith Administrative Assistant Insurance
Company
12
One second later
Mr. Bryan Fields HR Audit Manager Insurance
Company
13
At the Greenspan Residence
Mr. Mrs. Greenspan Retired Senior Citizens
14
At the Bank
Mr. Michael Hill Mortgage Consultant
15
Back at the Greenspan Residence
Mr. Mrs. Greenspan Retired Senior Citizens
16
Part 3 About AP-Journal
17
Facts about AP-Journal

• Based on IBM DB-Journal receivers
• Real-time operates as soon as database update
  occurs
• No programming
• No maintenance fully automated receivers and
  containers transfer, backup and removal
• Not Based on Triggers no delay in application,
  works asynchronous to the application, can
  operate during off-peak hours
• Not intended to support QUADJRN (Security Audit
  Journal) for this see iSecurity/Audit

18
Reporting Features

• Content
• From either Receivers or Containers
• Processes information (Who, What, When)
• Records changes to data (transfer-to account
  changed)
• Compares with previous value (Quantity decreased
  gt 100)
• Covers dozens of years of application history
• Format
• Flexible filters, various levels of detail
• Timeline reporting
• Online enables extension of filters
• Printed upon request or via included Scheduler
• Emailed- in PDF or HTML formats

18
19
Alerts Features

• Content
• Real-time
• Threshold-activated
• Enables defining complex rules
• Supports comparison to group of items
• Fully editable message with field values
• Field values appear in Before/After images
• Format
• Email including alert details
• Message queue with alert details
• CL script with access to event fields

20
Business Analysis Features

• Patent Pending
• Traces customer activities throughout all
  applications
• Mortgage bank reports containing timeline of all
  mortgage activity (payments, returns, guarantors)
  across 7 years
• Insurance Company reports integrating data from
  policy, collection, claims and accounting
  applications
• Accesses data exceptionally fast
• Special-purpose Containers store and index
  customer-selected business items for quick
  retrieval
• Can also function based upon the IBM Journal
  Receivers

21
Part 4 Technology
22
Business Analysis Integrating Data from
Multiple Databases
Interest Rates
Guarantors
Payments
Loan No. 1
Loan No. field is identified in all databases
indexed
Time Operation DB
Loan No. Output
Interest Payments Guarantors Payment
Interest Payments
20 Apr 01 03 Jan 03 17 Feb 05 12 Mar 05 24 Jun
07 11 May 08
Update Add Add Change Update Update
1 2 1 8 9 1
Screen
Report
All changes to Loan No. 1 are integrated into a
single report
23
AP-Journal Technical Overview
DB1
DB2
DB3
Business Items
B
Journal
A
Long-time storage for critical data
DB-Reads
Alert Before
C
D
E
F
Alert After
Receivers
Containers
Reporting System
Reporting System
G
G
Screen
Print-out
Email HTML
24
Annotation of Technical Overview

• DB changes are journaled into journal receivers
  using OS/400 facilities.
• Read access actions are added to journal
  receivers. This unique AP-Journal feature allows
  for filtering only the necessary Reads.
• For performance purposes, AP-Journal reads only
  the required files from the journal receivers.
• Alerts can be generated using strong filtering
  capabilities alerts sent as operator messages,
  SMS, SYSLOG, etc.
• Important journaled data is kept for long periods
  in database files which are protected and emulate
  journal receivers.
• Alerts on data stored in containers alerts sent
  as in 4 above.
• Single report definition can run on either
  journal receivers or containers.

25
Technical Features

• BEFORE / AFTER journal types
• Remote Journal
• Performance optimized for High Availability (HA)
  Journals containing tens of millions of entries
• Operates in parallel to HA software
• Automatic exchange of Journal Receivers
• Automatic exchange of Containers (AP-Journals
  proprietary database)
• Automatic backup of containers
• Tracking offline containers

26
Part 5 AP-Journal Screens
27
AP-Journal Filtering Interface
See explanation on following slides.
Either price or quantity differences of more than
10 will trigger this event.
Both header (pink) and fields (black) can be
filtered. Note RR in Entry field, enabling
filter of Reads in addition to Deletes, Updates,
etc.
28
AP-Journal Filtering Capabilities

• Column "BEFOREB" in the previous slide is used
  to specify if the field value to be compared is
  the value Before or After the field update.
• Further explanations to the line in the previous
  slide beginning Test
• EQ NE LE GE LT GT are standard Boolean operators
• N/LIST checks whether the field value appears in
  the supplied list of values
• N/LIKE checks if the field value resembles the
  value entered. If the wildcard (signifying any
  number of characters) is not the first character,
  the value to be compared is position specific
  (i.e. the first character in the field will be
  compared to the first character specified in the
  filter condition).
• N/START checks that the field value does not
  begin with the characters entered

29
AP-Journal Filtering Capabilities

• Explanations Continued
• N/ITEM checks if the field value appear as an
  item in the GROUP/MEMBER specified
• N/SAME checks that the Before and After values
  are the same
• DIFxx checks if the difference between the Before
  and After values as entered in the Value column
  complies with the Boolean operator xx (EQ, NE,
  LE, etc.)
• DIFxx checks if the difference in percentage
  between the Before and After values as entered in
  the Value column complies with the Boolean
  operator xx (EQ, NE, LE, etc.)

30
Alert Message Definition Screen
Define a Generic Alert message
31
Alert Recipient Format
Define who receives alerts and in what format
(email, message queue, SYSLOG, etc.)
32
Optional Alert Action Script
Capture the offending users screens and after 5
minutes terminate the session.
33
Display of Database Update
Display data before after any changes which
were made from a specific IP address
34
Full Report Displaying All Changes
Printable report highlighting the before after
data in fields which were changed
35
Defining journal file operations
Easy to read summary table of journalactivities
per file/library.
36
Modify file operations
Define file operations and relatedparameters.
37
Alert conditions and SYSLOG message
Define alert conditions and appropriate message
for SYSLOG/e-mail/msg.
38
View SYSLOG real-time alerts
Note SYSLOG messages as receivedin SIEM product.
39
Thank You!
Please visit us at www.razlee.com