Extend. Manage. Secure. More than 30 years in the business. Over 65,000 customers.
Home » Solutions » Managing Enterprise Fraud » Pass the Audit
Contact Attachmate
1.800.872.2829
How to Buy
Evaluate

Pass the Audit

Traditional security controls, such as application logging, are powerless against malicious insiders with legitimate reasons for accessing applications, querying databases, and changing system configurations. You won’t get any help from your business applications either. Built without current controls or auditing functions, they can’t provide a full or accurate picture of who did what, and when.

What if you could:

Where Logging Falls Short

In the absence of true application monitoring technology, application logging has become the de facto  method used. But as enterprise applications become more distributed and encompass more complex functionality, your ability to force traditional logging to function as a modern fraud solution becomes untenable. Learn why

  • Stop scrambling to piece together incomplete data on scattered enterprise systems in order to create a complete audit trail?
  • Know for certain whether your standard operating procedures are being followed?
  • Gather clear and legally actionable forensic evidence—even weeks or months after the user activity occurred? 

With Attachmate Luminet fraud management software you can do all that and more—without adding controls or changing a single line of code. Here’s how:

  • Step 1: Capture the data
     Luminet captures a complete, real-time, over-the-shoulder view of all user activity on all enterprise applications—from the mainframe to the web. Luminet also records user activity in real time—screen by screen, keystroke by keystroke—creating an audit trail directly from the network. This audit trail includes both update and read-only actions for both regular and privileged users. 

     Luminet stores this information in a secure, digitally signed repository, from which you can conduct powerful full-text searches of current or recorded activity. These searches allow you to visually play back every screen and keystroke relevant to your audit.
  • Step 2: Analyze the data
     Luminet’s powerful analytical engine tracks user behavior in real time, detecting cross-channel patterns and visually revealing activities and relationships. In this way, it can pinpoint suspicious actions—based on business rules and weighted scores that you’ve defined—and generate real-time alerts related to questionable activity patterns. The alerts allow you to immediately zero in on anomalies and eliminate false positives.
  • Step 3: Generate the report
    Your auditors expect precise and detailed information about how the thousands of people across your enterprise are accessing sensitive information on hundreds of applications each day. This often amounts to tens of thousands of screens of data and log entries. They also expect to see this information presented in a format that aligns with their unique regulatory requirements.

    Because Luminet records all application use, you can easily access specific audit information at any time. There’s no need to manually extract more or different data from log files—or worse, force your auditor to guess what happened when log files fall short.

    You simply refine your rules to generate new charts, graphs, dashboards, and reports on demand. It’s easy to test your level of compliance prior to an external audit, or to adjust reports to meet auditor expectations. You can even use Luminet rules and alerts to demonstrate the controls you’ve established to flag noncompliant behavior in real time.

With Luminet, passing the audit just got a whole lot easier.

See Luminet in Action! Sign Up for a Live Demo

Logging Falls Short in 3 Ways

As enterprise applications become more distributed and encompass more complex functionality, your ability to force traditional logging to function as a modern fraud solution becomes untenable for three reasons:

  1. Isolated log entries
    Like your business processes, fraud is a multistep process that typically involves several applications. A transaction entered in one web application, a change to a department database through another, and a query through a mainframe system may all be part of a critical business process or a complex fraud scheme.

    By contrast, traditional logging is typically focused on a single application component, such as a database, application server, or messaging subsystem. Each component creates a different log with different levels of information defined in different formats. Information remains siloed and difficult to access.

    Isolated log entries are difficult to correlate with events recorded in other logs. Even a server with an out-of-sync clock can complicate the integration of data from two logs—and damage your audit trail. What’s more, logs do not share common data types or formats, so linking data depends on lucky guessing as much as sound logic.

  2. Incomplete information
    Only a fraction of the activity that occurs between employees and applications is captured by traditional logging—which means that a significant amount of potential evidence is missing from your investigations. For example, many logs fail to capture:
    • Queries and read-only actions
      Most existing logs track only updates and lack crucial access information such and queries and read-only actions.
    • Comprehensive update information
      Let’s say a database trigger logs an account update, recording an original monetary value and a new value. While useful for IT system administration, this update is missing information that is crucial to investigators:
      • The identity of the user performing the update.
      • The application module used to initiate the update.
      • Links to events that occurred prior to and following the update.

      Even if application developers wanted to include some of this information, it’s often missing at the database level.
  3. Disparate systems
    To create a complete audit trail, you must be able to audit access and usage of all your business systems. For example, let’s say you want to audit a single business process—the process of updating customer accounts. This might require you to gather and correlate separate log data from several applications, including a legacy mainframe app, an internally developed client-server app, and a web-based app.

    But these applications were developed at different points in time using vastly different technologies. The logging data they produce is formatted differently, with varying levels of detail. Reconciling the differences and then constructing a cohesive and accurate audit trail is tedious, time-consuming, and sometimes impossible. The problem becomes exponentially more complex when you have to track multiple business processes, each dependent on a new set of applications.

Fortunately, technology does exist that can help you overcome these challenges. It’s called Attachmate Luminet.

See Luminet in Action! Sign Up for a Live Demo