A detailed audit trail of user access to sensitive corporate data has become a necessity for protecting the corporate brand and information assets. It is also required by government regulations, especially privacy regulations. While many organizations maintain access logs, most are insufficient due to the following limitations:
Legacy systems that were developed a decade or two ago and many newer systems were not designed for collecting detailed data access logs. Introducing a log mechanism to these can translate into hundreds of programmer-months, not including the overhead on the servers and additional maintenance.
Intellinx provides an out-of-the-box solution for internal and external user monitoring without changing any application code and with no overhead on the existing systems or network. Utilizing patented network sniffing technology the Intellinx system records and analyzes user activity at the application level. The system reconstructs all user screens and keystrokes and generates a very detailed audit trail of user access to the corporate applications and data. This audit trail is invaluable for both real-time and post-event investigations.
The system provides a Google-like search on user recorded screens enabling investigators to search for all users who accessed a specific piece of information – name, number or any other text that appeared on any screen and visually replay their actions screen by screen. It allows, for example, searching for all users who accessed a specific customer account in a specific timeframe. This search can be performed on recorded data from a specific platform (e.g. Web) or on data recorded from several platforms (e.g. Mainframe, Client/Server, Web, AS/400, etc.). It allows the investigator to access a consolidated view of user activity in multiple applications from a single query screen. The auditor can zoom in on any user session retrieved by the query and replay the user’s screen flows and keystrokes.
In addition to network sniffing, the system can collect information in a variety of ways from databases, data warehouse, log files and other sources in real-time and batch. The data captured from various sources is stored in one centralized repository and is analyzed by the Intellinx business rule engine.
The recorded user behavior is analyzed by the Intellinx analytics engine which builds profiles of behavior for various entities (customers, employees, accounts, etc.). The profiles are used for detecting anomalies in user behavior near real-time.
The system provides a highly flexible, user-friendly web based user interface which presents the results of the analyzed information in dashboards, reports and charts.