• Site Map
• Contact Us

• Home
• Our Company
  • Customers
  • Careers
  • Contact Us
  • RSS & Blogs
• Products
  • Identity Manager
  • Password Manager
  • Group Manager
  • Privileged Password Manager
  • Download evaluation
  • Releases
  • CC Certification
• Solutions
  • Security, Governance and Regulatory Compliance
  • Reduce IT Support Cost
  • Improve User Service
• Support
  • Shipping products
  • Supported versions
  • Customer Portal
  • Create Incident
• Services
  • Solution Delivery Services
  • Solution Delivery Process
  • Education
  • Upgrades
  • AdMax Program
  • Outsourced IdM Administrator Service
  • Guarantee
• News &  Events
  • Press Releases
  • Press Coverage
  • Upcoming Events
  • Archived Webinars
• Resource Center
  • White Papers
  • Independent Reviews
  • Brochures
  • Slide Decks
  • Case Studies
  • Regulatory Compliance
  • Certifications
  • Community
• Partners
  • Technology Partners
  • Certified Resellers
  • System Integrators and Consultants
  • Managed Service Providers
  • Public Sector
  • Partner Portal
  • Partner Programs

Security Secure User Administration Security Audit Trails

  

Security Audit Trails

Background

No security process is perfect. Given enough time, enough systems and a sufficiently large user population, some security compromise is likely to happen. User provisioning, and user lifecycle management processes in general, are no exception to this rule.

To mitigate the business risk of a security compromise in the configuration, management and teardown of user access to systems, it is important to introduce security audit trails. Audit trails record all security transactions, and allow the organization to follow up on what actually happened after a suspicious event takes place.

Audit trials can be combined with real-time alerts, for example using e-mail, instant messaging or telephony / text messaging, to trigger rapid investigation and automatic system defences, such as intruder lockouts.

Security audit trails are a core responsibility of an identity and access management system. Events such as failed requests and unusual access should all be logged, and should all be able to trigger real-time alerts.

Hitachi ID Identity Manager Logging

Over 179 events, including authentication success and failure, intruder lockouts and security change requests and approvals, for both users and administrators, are logged by Identity Manager.

All log data is directed to an internal database table (a session log), which includes time, date, event type, target system ID, requester user ID, recipient user ID, administrator ID (if any), results and any error messages.

Logging data is maintained indefinitely. It is accessible directly in the database table and can also be exported in a CSV file format.

Every logged event can also trigger "external systems notification." Binary integration programs are provided to propagate event data to Remedy ARS, HP Service Manager, various other incident management systems, ODBC databases and e-mail (via SMTP).

Events can also trigger execution of a program on the Identity Manager server, which could interface with an infrastructure management system using SNMP traps, for example.

All logged data is available both using a web-based reporting system built into Identity Manager and using direct access to log data by an authorized Identity Manager administrator.

© Hitachi ID Systems, Inc. . All rights reserved.