The SpyLogix system for information security intelligence and data actualization employs standardization, centralization, and automation to maximize savings in time, money, and resources for organizations maintaining secure access to business information assets. SpyLogix modules are designed to acquire, map, and send security data in a standardized way. SpyLogix modules acquire security data from any programmatically accessible enterprise source using the most direct and effective means possible. Security data is simply mapped into a standardized message format, and then sent efficiently to one or more centralized SpyLogix Enterprise Platform server(s).
SpyLogix Modules are essential technologies for continuous monitoring of enterprise digital assets that secure business information. Modules work in conjunction with SpyLogix Platform for organizing and using security data for operational efficiency and to effectively support of today’s efforts to thwart cyber threats.
By natively capturing security data directly from the source and immediately mapping it using a standardized message format, traditional data management complexities are averted and benefits commence immediately. Data is made to be self-defining for automatic instantiation into the persistent historical record. Messages are further processed in real-time via actualization services including policy engine, alert generation, event synthesis or selective message forwarding.
XMMessages may be centralized security message processing and data management can be automated. Immediate standardization of security data from each source eliminates complex data handling and management tasks that can drive up support costs and impact quality service delivery. For example, security data mapping step preserves included attribute names, allowing SpyLogix Enterprise Platform to automatically instantiate new data types into the database to save time and reduce security data management support burdens.
Traditionally centrally handling security data variety has been challenging, as data is sent to a central server in a source-specific format. With so many disparate enterprise sources holding security data, security data management quickly spun out of control and effective use of this data quickly evolved to be onerous at best. SANS security surveys have repeatedly cited complexities related to “data management” as the #1 inhibitor to effective use of centralized log data.
SpyLogix modules provide continuous multi-source native access to, and centralization of, enterprise security data without relying on log files. The capture process is continuous and direct from each monitored resource so as to provide new identity and access management data for advanced processing via SpyLogix Platform. This approach means existing IT service processes can be enhanced with new data and automation not previously available using log management tools alone.
Well, locally stored log files by themselves are not really a problem. They provide an historical record of events. But centralized management of log data can be problematic:
SpyLogix modules are designed to continuously access multi-source security data as efficiently and effectively as possible to enhance information security governance, risk control, compliance and operational troubleshooting.
X-Spy is a multi-platform C agent that acquires data directly from any native source specific API, and then builds and communicates messages to one or more SpyLogix Platform server(s) for advanced processing.
C-Spy is a purpose-built Windows client or server agent that provides fully qualified user logon and logoff activity, programs executed, detailed LDAP client API invocation data, is extensible for unique application monitoring, and then builds and communicates messages to one or more SpyLogix Platform server(s) for advanced processing.