Hitachi ID Systems, Inc.

Hitachi

Security Secure User Administration Security Audit Trails

Headlines

Hitachi, Ltd. acquires M-Tech Information Technology, Inc. ... More»

Security Audit Trails

Background

No security process is perfect. Given enough time, enough systems and a sufficiently large user population, some security compromise is likely to happen. User provisioning, and user lifecycle management processes in general, are no exception to this rule.

To mitigate the business risk of a security compromise in the setup, management and teardown of user access to systems, it is important to introduce security audit trails. Audit trails record all security transactions, and allow the organization to follow up on what actually happened after a suspicious event takes place.

Audit trials can be combined with real-time alerts, for example using e-mail, instant messaging or telephony / text messaging, to trigger rapid investigation and automatic system defences, such as intruder lockouts.

Security audit trails are a core responsibility of an identity management system. Events such as failed requests and unusual access should all be logged, and should all be able to trigger real-time alerts.

ID-Synch® Logging

Over 163 events, including authentication success and failure, intruder lockouts and security change requests and approvals, for both users and administrators, are logged by ID-Synch.

All log data is directed to an internal database table (a session log), which includes time, date, event type, target system ID, requester user ID, recipient user ID, administrator ID (if any), results and any error messages.

Logging data is maintained indefinitely. It is accessible directly in the database table (xBase file / DBF format), it can be exported in a CSV format and can be accessed using any ODBC-compliant tool on the ID-Synch server itself.

Every logged event can also trigger "external systems notification." Binary integration programs are provided to propagate event data to Remedy ARS, Peregrine ServiceCenter, various other call tracking systems, ODBC databases and e-mail (via SMTP).

Events can also trigger execution of a program on the ID-Synch server, which could interface with an infrastructure management system using SNMP traps, for example.

All logged data is available both using a web-based reporting system built into ID-Synch and using direct access to log data by an authorized ID-Synch administrator.