Intellinx.z watch

  • 1,089 views
Uploaded on

An overview of the Fraud and Forensics User Activity monitor called Intellinx. The version that runs on z/OS is called zWatch.

An overview of the Fraud and Forensics User Activity monitor called Intellinx. The version that runs on z/OS is called zWatch.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,089
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
24
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • 05/03/11 04:24 Shearer SLM.ppt
  • 05/03/11 04:24 Shearer SLM.ppt System z Solution Edition for Security: Example: Fraud Forensics, Analysis and Prevention via Intellinx (which exploits the zAAP) In a recent example, a local police department encountered an embarrassing leak when a police officer made unlawful inquiries into the National and State Wants and Warrants database to uncover “dirt” on the VP candidate – Joe Biden, in the hopes of selling the information to the tabloids. The fraud was detected through forensics, and the offending officer was terminated and charged accordingly. In a similar case involving an law enforcement, a State Police employee leaks information on planned arrests in a homicide case investigation to one of the suspects (a friend)
  • 05/03/11 04:24 Shearer SLM.ppt System z Solution Edition for Security: Example: Fraud Forensics, Analysis and Prevention via Intellinx (which exploits the zAAP) In a recent example, a large hospital chain encountered an embarrassing leak when a nurse made unlawful inquiries into the Patient Medical Database and then sold the information about a high-profile celebrity to a Tabloid magazine. In this particular case, the celebrity was Paris Hilton, who successfully sued the Hospital for failing to secure her medical records as required by law (HIPPA). Everyday, high-profile patients are admitted to the hospital or visit their local Doctor’s office. It need not be Paris Hilton for a curious or greedy employee to want to access the medical records. Fraud Forensic tools, as those delivered via the Solution Edition for Security will help identify the offending party and deter future unlawful access. Failure to implement such tools, when they are easily implemented, will constitute “negligence”, which may lead to punitive damages costing millions and millions of dollars
  • 05/03/11 04:24 Shearer SLM.ppt When everyone thinks about mainframe security they only think about RACF. System z Security includes a comprehensive set of products and solutions that provide unmatched security capabilities that span data privacy, compliance and audit, and platform infrastructure – and we extend these capabilities beyond the mainframe and into the enterprise. These are a sample of the products and solutions that provide the enterprise capabilities.
  • 05/03/11 04:24 Shearer SLM.ppt
  • This chart represents the business components of a large North American Bank
  • This chart represents the business components of a large North American Bank
  • 05/03/11 04:24 Shearer SLM.ppt
  • 05/03/11 04:24 Shearer SLM.ppt Each of the solution slides focus on the leading customer challenges addressed by this solution, the specific solution capabilities achieved by implementation of the solution, and a list of the recommended solution components. Intellinx zWatch is a vendor product that we can order separately for this solution. At this time it is not a core element o the solution however we can include it separately. We are considering adding this into the solution as a core component in the future.

Transcript

  • 1. Intellinx zWatch November 8, 2010
  • 2. System z Solution Edition for Security – Fraud Reference Case
    • Client Scenario : State Criminal Justice System, Bullet-proof Mainframe security, Many access points
    • IBM Sales Team targets the CIO and CFO:
      • “ Experience has demonstrated that insider leaks may be utilized to help criminals escape prosecution or to release information about celebrities or high ranking government officials”.
    “ Your current IT infrastructure is exposed to these leaks which will likely result in civil and criminal penalties” “ At this very moment, policemen or detectives may be leaking information to criminals or the media. Also you are currently exposed to illegal access of sensitive information. Most alarming is that you may only become aware of such illegal access after your department has become fodder for the Tabloids. In such cases, departments have suffered high-level resignations and civil penalties
    • Policemen access Driver information from portal within Police cruiser
    • Detectives track case data via Cognos Analytics application
    • Courts manage search warrants and court cases
    Provocation: zIIP zAAP Solution Edition for Security Mainframe Security Extended end-to-end across the Enterprise “ Joe Biden selected as Obama’s running mate” Wants and Warrants Database Illegal queries Compliance Insight Manager
  • 3. System z Solution Edition for Security – Secure Infrastructure
    • Client Scenario : Large Healthcare Provider, Rigorous HIPAA compliance, huge patient records
    • IBM Sales Team targets the CIO and CFO:
      • “ Experience has demonstrated that insider leaks may be the biggest exposure to HIPAA compliance, especially when there is an opportunity to profit from disclosing patient records to third parties”
    “ Your current IT infrastructure is exposed to these leaks which will likely result in civil and criminal penalties” “ At this very moment, nurses, Doctors, or administrative personnel may be accessing patient records for the purpose of selling the information to a Tabloid. Such leaks are not only embarrassing and tarnish the Corporate image, they most certainly will result in substantial compliance and legal penalties, impacting the bottom-line. Failure to address this issue will expose you to negligence charges.”
    • Secured access to patient medical records
    • Patient records accessed by Doctors, Nurses, and Administration
    • All Patient information is subject to HIPAA Compliance
    Provocation: zIIP zAAP Solution Edition for Security Mainframe Security Extended end-to-end across the Enterprise Paris Hilton’s Patient Records Illegal “leak” Compliance Insight Manager
  • 4. Elements of an Enterprise Security Hub Encryption Key Management Tape encryption Common Criteria Ratings Support for Standards Audit, Authorization, Authentication, and Access Control RACF ® IDS, Secure Communications Communications Server IBM Tivoli Security Compliance Insight Manager Crypto Express 3 Crypto Cards System z SMF ITDS Scalable Enterprise Directory Network Authentication Service Kerberos V5 Compliant z/OS ® System SSL SSL/TLS suite ICSF Services and Key Storage for Key Material Certificate Authority PKI Services DS8000 ® Disk encryption DKMS DKMS TKLM Venafi Guardium Optim ™ Data Privacy Compliance and Audit Extended Enterprise Platform Infrastructure Venafi Encryption Director Venafi Encryption Director Multilevel Security TS1120 IBM Tivoli ® zSecure Suite DB2 ® Audit Management Expert Tivoli Identity Manager Tivoli Federated Identity Mgr LDAP Enterprise Fraud Solutions
  • 5. Intellinx’s Value Propositions © 2008 IBM Corporation
    • Outstanding out-of-the-box value – Immediate ROI following installation (typically only a few hours), Intellinx begins capturing all cross-enterprise user activity, allowing Internal Audit, Security and Fraud teams to perform investigations with cross-platform search with complete visual replay and generate alerts on potential suspicious insider application activity.
    • Intellinx is the only solution on the market that captures user activity to detect/prevent internal fraud and data leakage on IBM Systems z and i.
      • Customers expect IBM to lead the way on these platforms
    • Intellinx solution can handle encrypted traffic when executed natively on z/OS. A network appliance cannot do that without changing network standards.
    • Reduce Internal Fraud Losses by detecting potential fraud via real-time preventive / detective controls
    • Deter potential fraudulent users just by knowing that all their actions may be recorded
    • Improve internal audit effectiveness by alerting on detection of suspicious behavior and providing full visibility for audit
    • Enforce corporate security policies by detecting security breaches, incidents and exceptions
    • Improve compliance with privacy regulations by creating a full audit trail of all end-user activity including queries and provide accurate data for Basel II and S-Ox Risk Control Assessments
  • 6. Intellinx Architecture © 2008 IBM Corporation Switch 3270 / 5250 Intellinx Sensor MQSeries Files Host 1 2 3 4 5 Analyzer Intellinx Session Analyzer Queue Screen/ Message Recording Session Reconstruction REPLAY Actions Event Analyzer Backlog Events Repository Business Event Intellinx Reports
  • 7. Intellinx Architecture © 2008 IBM Corporation Switch 3270 / 5250 Intellinx Sensor Analyzer Intellinx Session Analyzer Screen/ Message Recording Session Reconstruction Event Analyzer Business Event Intellinx Reports MQSeries Files Host 1 z/OS
    • z/OS solution:
    • SW only install
    • 98% zAAP eligible
      • Doesn’t add to existing SW charges
    • Sysplex aware
    • High volume, low CPU %
    • Can handle non-z/OS traffic
    • Operates across VPN
      • No other solution does
    • Eliminates network distribution of SSL private keys for z/OS workloads
      • Reduces risk
    • Reduced complexity of deployment/ordering
    • Reduced overhead & latency for real time analytics
    • Leverages Mainframe security and audit of DB’s
     zWatch unique Queue REPLAY Actions Backlog Events Repository
  • 8. Deployment choices toward a Fraud & Forensic Clearing House on System z
    • Business Goals
      • A User activity monitor for forensic and fraud prevention
      • Non-invasively capture activities from a wide variety of protocols and systems
      • Stealthfully deploy, where possible
    • Intellinx in Action
      • Identified thefts from Dormant bank accounts
      • Eliminated RYO audit tools for major Police Dept
      • Stopped leakage of personally identifiable information
    • Bladecenter deployment (Equifax)
      • Over 200 blades to meet needs of large financial institution with the five distinct solution points of control
      • Weeks to configure and deploy software
      • Environmental and FTE costs are highest
      • Coordination across security, network and server admin teams
    • Linux on System z deployment (NYPD)
      • Multiple Linux server instances to cover the five distinct solution points of control
      • Common hardware reduces environmentals and FTEs
      • Network connections must be established to capture traffic
    • z/OS zWatch edition deployment (Standard Bank)
      • Installation in under an hour, software only
      • zIIP and zAAP eligible for 98% of processing keeps software pricing minimal
      • High volume, low CPU utilization
      • TCA and TCO are less than alternatives
      • zWatch unique capability to handle network encrypted traffic
      • With zBX, zWatch can handle non-z traffic with network admin assistance and simplify operations
      • Reduced overhead and latency for real time analytics
    Switch 3270 / 5250 / MQ / HTTP Intellinx Sensor Analyzer Intellinx Session Analyzer Queue Screen/ Message Recording Session Reconstruction REPLAY Actions Event Analyzer Backlog Events Repository Business Event Intellinx Reports MQSeries Files Host 1 2 3 4 5 z/OS
  • 9. Intellinx ™ zWatch™
    • Tracks all business transactions performed on the mainframe, generate a detailed audit trail and detect suspicious activity in real-time.
    • Creates a forensic database that can be used for detecting and preventing fraud and data leakage and for managing investigations.
    • Compliments other compliance related tools, such as IBM’s Tivoli Compliance Insight Manager, to dramatically reduce the incidents of fraud within a business.
    • Provides a cross platform enterprise hub for managing forensics and fraud, and can reduce deployment costs.
    • Provides recording available for playback of all corporate data transactions.
    • Provides an audit trail enabling compliance with government regulations, such as FACTA Identity Theft Red-Flags, PCI-DSS, Sarbanes-Oxley, Basel II, GLBA and HIPAA.
    • Runs natively on the mainframe, sniffing all inbound and outbound network transmissions and recording all end-user screens and keystrokes as well as application transactions.
    • Profiles user and account activity and generates alerts on anomalies in real-time.
    • Provides a one of a kind visual replay of user activities – by screen and keystroke.
    • Provides Google-like search of screen content stored by the system, enabling security officers and internal auditors to search, for example for all users who accessed a specific customer account and replay the specific user activity.
    • Additional information on Intellinx ™ zWatch™: http://www.intellinx-sw.com/company_news_item.asp?ID=44
    • Client Reference: http://www.intellinx-sw.com/customers_recommend.asp
  • 10. Application Architecture: The Complexity of Distributed
    • Business Objectives
    • A bank has four basic transactions
      • Credit, Debit, Transfer, Inquiry
    • And they have a variety of choices for front end interface
      • ATM, Branch Terminal, Kiosk, Web browser, PDA, Cellphone
    • Customer uses a Bladecenter to drive multi channel transformation
    • The back end processing remains the same regardless of the presentation device
    • Fully Distributed Model (if deployed)
    • Each application becomes a cluster of server images and must be individually authenticated and managed
    • Each line is a separate network connection, requiring high bandwidth and protection
    • Data is replicated across enterprise to meet scalability
    • Customer deploys/builds automation processes to facilitate system recovery with additional software – this is not trivial and requires additional software and unique development
    • High environmental needs and full time employees to manage infrastructure
    Application Server WebSphere ® Service Platform Database Connectors SQLJ Service Message Servlet Loan Applic. Bank Teller General Ledger Credit Card Processing Risk Analysis Service Service Connectors/Appliances Current Accounts Batch Programs Bill Payment Database SQLJ Currency Exchange Temp data to Electronic Data Warehouse Batch Process RMI/IIOP EJB WAS Bill Payment EJBs Authentication Server Mgt Mgt Mgt Mgt Mgt Mgt Mgt Mgt Mgt Mgt Mgt Mgt Mgt Management Considerations for an enterprise Authentication Alert processing Firewalls Virtual Private Networks Network Bandwidth Encryption of data Audit Records/Reports Provisioning Users/Work Disaster Recovery plans Storage Management Data Transformations Application Deployment How does the Virtualization Manager improve these?
  • 11. Application Architecture: A Large Enterprise
    • zNext Combinations – reducing control points
    • Assumes the Bladecenter for the multi channel transformation
    • Can leverage Websphere on either Linux for System z or z/OS
    • The Bladecenter functionality can be migrated to zBX in the future
    • TCA and TCO advantages over distributed
    • It’s the very same programming model in a different container that provides a superior operations model
    End User – Hosted Client Application Server Service Platform Desktop Framework Devices Websphere Service Platform Database Connectors SQLJ Service Message Servlet Loan Applic. Bank Teller General Ledger Credit Card Processing Risk Analysis Service Service Connectors Current Accounts Banking Portal Device Apps. XML over HTTP(S) Middleware Services Batch Programs Bill Payment Database SQLJ Desktop Framework Services Personalization Service Systems & Databases MQ Currency Exchange Temp data to Electronic Data Warehouse Batch Process RMI/IIOP EJB WAS Bill Payment EJBs Authentication Server System zNext Potential advantages of consolidating your application and data serving
    • Security Fewer points of intrusion
    • Resilience Fewer Points of Failure
    • Performance Avoid Network Latency
    • Operations Fewer parts to manage
    • Environmentals Less Hardware
    • Capacity Management On Demand additions/deletions
    With IFL With zAAP & zIIP
    • Utilization Efficient use of resources
    • Scalability Batch and Transaction Processing
    • Auditability Consistent identity
    • Simplification Problem Determination/diagnosis
    • Transaction Integrity Automatic recovery/rollback
    • Security Fewer points of intrusion
    • Connectivity Improved throughput
    • Simplification Problem Determination/Monitoring
    • Development Consistent, cross platform tools
    With zBX
  • 12. Compliance / Risk Mitigation / Secure Infrastructure: z/OS
    • Customer Challenges
      • Security breaches, identity theft are growing
      • Companies face large financial losses
      • PCI and HIPAA compliance are required by law
      • Many environments are plagued by viruses and a
      • continued cycle of patches
    • Solution Capabilities
      • Security certifications (z/OS EAL 4+, LPAR EAL 5,
      • FIPS 140-2 Level 4),
      • System z/OS integrity statement
      • Centralized security controls, auditing and administration
      • Anonymous data for development and test
    • Solution Components
      • z/OS V1 including: z/OS Security Server RACF ,
      • DFSMS, DFSORT, RMF, SDSF
      • DB2 for z/OS V9
      • WebSphere for z/OS V7
      • Optim Data Privacy Solution
      • Encryption Facility for z/OS V1
      • Data Encryption for IMS and DB2 Databases V1
      • Crypto Express3 Features
      • TKE Workstation
      • OSA Cards
      • IBM Tivoli Security Management for z/OS
    • Tivoli® Key Lifecycle Manager (TKLM)
    • IBM System Services Runtime Environment
    • for z/OS
    • IMS Audit Management Expert for z/OS
    • DB2 Audit Management Expert for z/OS
    • Optional:
    • IBM Distributed Key Management System (DKMS)
    • Intellinx zWatch
    • Venafi Encryption Director
  • 13. Enterprise Fraud Analysis Solution
    • Customer Challenges
      • Internal and external fraud cost billions of dollars in losses
      • Reduction in brand equity and substantial financial losses
      • Executives face personal fines, penalties and legal
      • repercussions
    • Solution Capabilities
      • Provides automated policy enforcement, centralized reporting
      • and analysis, centralized auditing controls, risk mitigation
        • Record and playback insider actions
        • Forensic analysis tools, real time prevention workflow
        • Discover relationships via analytics
    • Solution Components
      • IBM Tivoli zSecure Manager for RACF z/VM
      • RACF ® Security Server feature for z/VM
      • z/VM ® V5
      • z/VM V5 DirMaintTM Feature
      • ISPF V3 for VM
      • Optional: Intellinx zWatch