SpyLogix Enterprise

SpyLogix Interactive Dashboard is a graphical user interface enabling insightful security intelligence through powerful real-time or historical data visualization. Simple to use features include:

• Query panels enable access to multi-sourced data.
• Analysis using streaming data via grid and charts
• Report Designer reporting combines text, data and charts
• Alert | Notifications graphical configuration interface

A single interface facilitates management information, operational collaboration with colleagues or continuous compliance management initiatives. Visualization using streaming graphs, charts, heat maps, and granular security data properties reveal intrinsic relationships and ready comprehension of multidimensional data. Saved data grid/chart views are available for offline output generation.

SpyLogix Modules for Continuous Data Access
Source specific Data Access modules are designed to continuously centralize data from multiple disparate information security resources to SpyLogix Platform. Data Access modules provide capabilities including:

• • Discovery Modules of objects managed by monitored resources on-demand for pro-actively maintaining a true data baseline from which changes may be readily detected and compared.
    
    
  • Resource Monitoring using available native vendor APIs is provided for detecting object or data changes by employing:
  • • Agent-less modules that interface with source data accessible via a network connection by “subscription” or proactive query.
    • X-SPY modules that are cross-OS (Windows, Linux and UNIX) and designed for efficient, direct integration with high-capacity sources.
    • J-SPY modules are designed to integrate with JAVA environments.
    • App-SPY modules enable developers to manage application events.
    • C-SPY module is designed to collect Windows OS client or server user activity, such as user logon and logoff events.
      
      
  • Third Party  modules enable vendors to leverage SpyLogix capabilities for application events, network security report output or any 3rd party security data input.
    
    Data Access modules all employ a standardized approach for collecting data from native APIs into well-formed messages that are continuously sent to one or more centralized SpyLogix Platform server(s) using existing enterprise network communication services.
    
    

SpyLogix Platform Communication Services
Communications Services components leverage today’s enterprise networks for effectively centralizing messages. Data is safely communicated in standardized, well-formed messages from multiple SpyLogix modules which are continuously consumed and processed by SpyLogix Platform servers in real-time employing:

• • Message Streaming mode designed for efficiently moving messages continuously over high-speed enterprise networks.
    
    
  • Message Broker communications for data store/forward, mirroring, 1:many routing or load balancing. All these features include optional safe delivery of messages over less reliable networks, enable high-availability configurations or cloud-based managed service delivery. and
    
    
  • Web Services (date in) easily facilitating external data input from applications, unmanaged network security output reports or any IT service process.

SpyLogix Modules for Continuous Data Access
Data Management components automatically processes all incoming messages. Message data is parsed, selectively translated and smartly stored.

• Parser tfeature automatically parses all data types.
• Translator feature may be selectively invoked to automatically change non-human readable data types into human
  readable form.
• Data Engine feature persistently records parsed data with date/time context.
• LINQ/Odata service makes recorded data accessible to the Interactive Dashboard, PowerPivot for Excel 2010 or Odata compatible business intelligence (BI) tools.

SpyLogix Platform Real-Time Data Actualization
Data Actualization components provide real-time services for leveraged data query, analysis and sharing with enterprise IT service processes. Real-time data services improves IT service quality,
“time-to-value” and process efficiency.

• • ActionLogix™ is a series of widgets that analyze streaming messages in real-time, and then trigger configurable programmatic actions.
  • • Policy Engine employs configurable policies that monitor streaming messages in real-time. Policy development expedited using a graphical interface and exposed message meta-data properties including:

• • • Alerts | Notifications are embellished messages generated by blending standardized text with selected message data passing Policy Engine rules, and then written to email, RSS, net send, a file, an application, Windows Event Log, SQL RDBMS or other custom target.
    • Synthesizers derive new data analyzing message payload, drawing measured conclusions and re-storing new persistent data. For example, when a user’s last login time changes, a “logon” event is created and stored in the database.
    • Message Forwarder communicates selected messages to other network-connected SpyLogix Platforms; this feature is appropriate for cloud computing with distributed specialized support teams, managed service providers or aggregation for data mining.
• • Web Services (Data out) implements a RESTful-style interface for easily sharing data outward with other software tools or IT processes.

SpyLogix Enterprise offers On-Demand Discovery and Continuous Monitoring of Key Information Security Resources with four major components, each designed with features to maximize efficiency and effectiveness when managing identity and access management or activity/event data.

Each feature is broken into more detailed descriptions with available benefits included as follows:

1. Native Data Access
   1. Standardized message design
   2. Users, network security data, identity systems and application | file systems
   3. Identity and Access Management Entitlements
   4. Objects | Permissions
   5. Activity (events)
   6.  Web services (extensible for custom data input)
   7. Benefit: Self-defining data facilitates data processing automation saving time-to-value, money and resources
   8. Benefit: Baseline and “continuous” native data access is substantially more secure
      1. Adds identity and access management (users/attributes/entitlements, object/permissions)
      2. Yields richer data (with no reliance on log data)
2. Communications - Share Nothing, Messaging Architecture
   1. Message streaming, mirroring, 1:many routing, and load balancing (data velocity)
   2. Benefit: Security data:
      1. Where it needs to be, when it needs to be there
      2. Supporting improved “time-to-value” for enterprise information security tasks
3. Automatic Data Management
   1. Message parsing, data translation, smart storage
   2.  Historical record (optimal database)
   3. LINQ | Odata provider for universal data access
   4. Benefit: Automatic data management eliminates ongoing IT staff support burden
   5. Benefit: Ensures immediate data availability in human-readable form for consumption by people, processes and technologies supporting information security efficiency, effectiveness and improved “time-to-value”
   6. Benefit: Fast database for consuming high data volume, which supports new data use/sharing opportunities
4. Real-Time Data Actualization
   1. ActionLogix™ policies analyze messages, generate customizable alerts and trigger actions
   2. Synthesizers generate new security data from incoming messages
   3. Selectively forward messages to other SpyLogix servers
   4. Web Services (simple RESTapi for sharing db data)
   5. Interactive console provides db query, analysis and reporting
   6. Benefit: Faster problem identification and resolution
   7. Benefit: Handle “big data” effectively for operational awareness, IAM visibility and activity/events
   8. Benefit: Simplified reconciliation of target identity systems with established identity management policies
   9. Benefit: Easily share new security data with people, processes and technologies