SpyLogix Modules

Why is SpyLogix designed around a standardized well-formed message?

By natively capturing security data directly from the source and immediately mapping it using a standardized message format, traditional data management complexities are averted and benefits commence immediately. Data is made to be self-defining for automatic instantiation into the persistent historical record. Messages are further processed in real-time via actualization services including policy engine, alert generation, event synthesis or selective message forwarding.

What are the primary benefits of using standardized messages centralized data services?

1. 1. Automatic Data Management: The Data Management Centralized processing and management of security data is the most efficient approach. SpyLogix messages are communicated to one or more SpyLogix Platform servers for automatic advanced data processing resulting in a 100% normalized non-redundant historical data record available immediately for analysis, reporting, and sharing with services.
   2. Real-Time Data Actualization:Security message data is leveraged in real-time for organizational benefit.
   1. 1. ActionLogix services enact policies using Boolean logic filters that trigger alerts | notifications or programmed actions.
      2. Events may be synthesized and stored persistently.
      3. Persistent data is sharable with other services or tools via Web Services.
      4. Persistent data may be analyzed via the included interactive console on Windows, an Excel 2010 client,
         or a browser using SharePoint.

How does message centralization benefit my organization?

XMMessages may be centralized security message processing and data management can be automated. Immediate standardization of security data from each source eliminates complex data handling and management tasks that can drive up support costs and impact quality service delivery. For example, security data mapping step preserves included attribute names, allowing SpyLogix Enterprise Platform to automatically instantiate new data types into the database to save time and reduce security data management support burdens.

What traditional data management complexities are averted for my organization?

Traditionally centrally handling security data variety has been challenging, as data is sent to a central server in a source-specific format. With so many disparate enterprise sources holding security data, security data management quickly spun out of control and effective use of this data quickly evolved to be onerous at best. SANS security surveys have repeatedly cited complexities related to “data management” as the #1 inhibitor to effective use of centralized log data.

SpyLogix modules provide continuous multi-source native access to, and centralization of, enterprise security data without relying on log files.
 
The capture process is continuous and direct from each monitored resource so as to provide new identity and access management data for advanced processing via SpyLogix Platform. This approach means existing IT service processes can be enhanced with new data and automation not previously available using log management tools alone.

Why are log files a problem for my organization?

Well, locally stored log files by themselves are not really a problem. They provide an historical record of events. But centralized management of log data can be problematic:

• • Important enterprise wide RBAC, identity and access management (IAM entitlements) or object permissions security
    is not available.
  • Continuous monitoring and real-time processing of enterprise access management and activity data is substantially
    limited by relying on log data alone.
  • Log data may be tampered with, mismanaged or even not configured properly to collect what is needed.
  • Log management is a “set it and forget it” technology that requires constant IT support to remain current and useful.
  • It is primarily intended to record what happened, not what can happen.

SpyLogix modules are designed to continuously access multi-source security data as efficiently and effectively as possible to enhance information security governance, risk control, compliance and operational troubleshooting.

Agent-less

1. 1. SpyLogix server-side component that listens for security data via network connection to a source client API via subscription, and then builds and communicates messages to one or more SpyLogix Platform server(s) for advanced processing.
   2. SpyLogix server-side “plug-in” component that harvests security data by invoking via network connection a source API,
      and then builds and communicates messages to one or more SpyLogix Platform server(s) for advanced processing.
      
      

X-Spy is a multi-platform C agent that acquires data directly from any native source specific API, and then builds and communicates messages to one or more SpyLogix Platform server(s) for advanced processing.

C-Spy is a purpose-built Windows client or server agent that provides fully qualified user logon and logoff activity, programs executed, detailed LDAP client API invocation data, is extensible for unique application monitoring, and then builds and communicates messages to one or more SpyLogix Platform server(s) for advanced processing.