SpyLogix Enterprise

Continuous Data Access technologies are one or more SpyLogix Modules designed to natively acquire data, map it, and safely deliver as standardized messages security data to one or more SpyLogix Platform servers for advanced processing. SpyLogix Modules acquire security data from any programmatically accessible enterprise source using the most direct and effective means possible. Security data is mapped into a standardized message format, and then communicated efficiently and safely for automatic processing by one or more SpyLogix Module technologies for Continuous Data Access include:

• • Discovery Modules that are used to pro-actively create a baseline of security data to which monitored changes may be subsequently compared.
  • Resource Monitoring technologies are designed to continuously collect data natively form accessible IT sources using the most efficient means, including:
  • • Agent-less monitors consume source data accessible via a network connection;
    • Plug-in monitors query a resource, then consume source data fed over a network connection;
    • X-Spy monitors are designed to accept source data fed at high rates from an efficient and high-capacity cross-OS (Windows, Linux and UNIX) universal companion agent;
    • C-SPY monitors are specially designed to accept Windows OS security data from a proprietary client agent, including qualified user logon and logoff events, Event Viewer events, program executables, and LDAP API invocations to capture back door identity system changes. The C-SPY agent is highly extensible for customized endpoint monitoring tasks.
  • 3^rd Party monitors may be customized to consume data from any 3^rd party source.

Communication Services are available for safely communicating well-formed messages from SpyLogix Modules to Automatic Data Management and Real-Time Data Actualization layers of SpyLogix Platform for advanced processing and use.

• • Message Streaming efficiently moves messages directly to the Data Management layer for persistent storage. Furthermore, messages are made available for ActionLogix processing in real-time.
  • Message Broker a cross-platform communications broker facilitates message store/forward, 1:many routing, mirroring, and load balancing. Message broker communications enables confirmed safe mode delivery of messages over less-reliable networks and high availability configurations, or cloud-based managed services.
  • Web Services (date in) a web services interface is provided to enable applications to easily send external data into SpyLogix Platform or share data externally with other applications or IT service processes.

Data Management processes all incoming message data. Well-formed messages are 100% parsed. Selectively, Translator may be invoked to automatically change non-human readable data types into human readable form. All data types are supported. Parsed and translated data with complete meta-data is passed to the Storage Engine, a high performing component that ensures all data types are persistently recorded non-redundantly with proper date/time context.

Data is assessible via the included Interactive Console, any Odata compatible query tool, such as PowerPivot for Excel 2010, or through simple Web Services calls.

Data Actualization provides multiple post-storage processing services to effectively use incoming messages and persistently stored security data in real-time:

• • ActionLogix™ is a series of components used to enact policies in real-time based on message content and use data effectively with other software or to take automated actions.
  • • Policy Engine employs configurable policies to monitor message data automatically in real-time. Boolean logic and Python scripts may be used for advanced message data processing or customized programmed actions. Policy development expedited using exposed message meta-data, including: basic, state, RBAC, and utility.

• • • Alerts | Notifications are embellished messages generated by blending standardized text with selected message data passing the Policy Engine rules, and then can be written to email, RSS, net send, a file, an application, Windows Event Log or SQL database. New output targets may be easily added.
    • Synthesizers are Module-specific events that are generated by analyzing message payload, drawing measured conclusions and re-storing a synthesized event persistently. For example, when a user’s last login time changes, a “logon” event is created and stored in the database.
    • Message Forwarder communicates only selected messages to another network-connected SpyLogix Platform. This capability is appropriate for cloud computing infrastructures with distributed specialized support teams, managed service providers, or data aggregation for mining or enterprise monitoring purposes.
• • Web Services (Data out) provides as easy to use interface for sharing data with other software or IT processes.
  • Interactive Console enhances security intelligence visibility through an easy to use tool for data query, analysis, reports and sharing within collaborative workgroups.
  • Scheduler generates Interactive Console reports in the background. Additionally, network security assessment tools or scripts may be scheduled for Data Management and Actualization.

SpyLogix meets the performance and scalability requirements of some of the world's largest IT environments. SpyLogix Platform and Modules are designed to scale horizontally, vertically and functionally, making it possible for SpyLogix components to be distributed across computing realms to manage hundreds of thousands of users, thousands of applications and millions of entitlements.

SpyLogix Enterprise offers On-Demand Discovery and Continuous Monitoring of Key Information Security Resources with four major components, each designed with features to maximize efficiency and effectiveness when managing identity and access management or activity/event data.

Each feature is broken into more detailed descriptions with available benefits included as follows:

1. Native Data Access
   1. Standardized message design
   2. Users, network security data, identity systems and application | file systems
   3. Identity and Access Management Entitlements
   4. Objects | Permissions
   5. Activity (events)
   6.  Web services (extensible for custom data input)
   7. Benefit: Self-defining data facilitates data processing automation saving time-to-value, money and resources
   8. Benefit: Baseline and “continuous” native data access is substantially more secure
      1. Adds identity and access management (users/attributes/entitlements, object/permissions)
      2. Yields richer data (with no reliance on log data)
2. Communications - Share Nothing, Messaging Architecture
   1. Message streaming, mirroring, 1:many routing, and load balancing (data velocity)
   2. Benefit: Security data:
      1. Where it needs to be, when it needs to be there
      2. Supporting improved “time-to-value” for enterprise information security tasks
3. Automatic Data Management
   1. Message parsing, data translation, smart storage
   2.  Historical record (optimal database)
   3. LINQ | Odata provider for universal data access
   4. Benefit: Automatic data management eliminates ongoing IT staff support burden
   5. Benefit: Ensures immediate data availability in human-readable form for consumption by people, processes and technologies supporting information security efficiency, effectiveness and improved “time-to-value”
   6. Benefit: Fast database for consuming high data volume, which supports new data use/sharing opportunities
4. Real-Time Data Actualization
   1. ActionLogix™ policies analyze messages, generate customizable alerts and trigger actions
   2. Synthesizers generate new security data from incoming messages
   3. Selectively forward messages to other SpyLogix servers
   4. Web Services (simple RESTapi for sharing db data)
   5. Interactive console provides db query, analysis and reporting
   6. Benefit: Faster problem identification and resolution
   7. Benefit: Handle “big data” effectively for operational awareness, IAM visibility and activity/events
   8. Benefit: Simplified reconciliation of target identity systems with established identity management policies
   9. Benefit: Easily share new security data with people, processes and technologies