January 18, 2015
By Ryan Catambing, CSSLP – Principal Architect
Insight into activities and performance indicators to move your business even faster
Infor Lawson Security has for some time now provided a rich and robust set of functionality that allows organizations to manage their users and what resources are accessed for Infor Lawson System Foundation based Infor Lawson applications. Features range from single sign-on, identity management and provisioning including federation, to a rules-based authorization system and utmost flexibility to accommodate simple to complex business rules and of course support for a myriad number of authentication setups and platforms.
However, in the current toolset provided in Infor Lawson Security, there never was an easy way to evaluate the effectiveness of security policies implemented. One such case is not being able to assess what users actually access during their work and comparing what they actually do with current user entitlement in order to ensure that only the appropriate privileges are accorded following the principle of least privilege. Also there are few facilities to do audit and review user access and transactions. Consequently this leaves organizations and security planners wondering if their organizational security policies actually work and if security governance is really effective. It also makes it difficult to validate risk assessments with quantitative data.
Introducing Infor Security Monitoring
Infor Security Monitoring is a new feature in Infor Lawson Security and as the name connotes is intended to observe, assess and oversee security for Infor Lawson products in near real time! This brings the capability to continuously monitor your application and evaluate and assess your security posture constantly. It’s a feature completely integrated into the application stack making sure that it works seamlessly with your Infor Lawson investment. It is highly scalable and able to handle large volumes of information keeping up with your security needs.
Benefits of Continuous Monitoring
With continuous monitoring, organizations and enterprises are able to profile and categorize their Infor Lawson applications. Security policy violations and incidents of interest at the session level are reported by the system and immediately visible to decision makers. Continuous monitoring also allows Security personnel and planners through observation of available data flowing in to the system to observe, assess events, traffic, and usage. The data and observations equip the organization’s security team to create a baseline assessment of the state of security. This assessment can then be used to further improve existing security controls and procedures; in effect Infor Security Monitoring will be a valuable tool in the discovery process.
Detect Anomalies Early
Application events such as authentication, authorization, and transactions are processed; information and data gathered can be correlated. Operational metrics such as the transactions per minute being processed and the number of users currently on the system are displayed in intuitive and easy to understand reports helping make sense of what is happening in the system. Continuous monitoring, provides your team with situational awareness keeping you on top of things and giving your organization that command and control interface needed to keep watch on activities on the different applications as they happen.
Quantify Information Security
Monitoring data and information collected can be used to feed a myriad of reports and security activities such as the assessment of the effectiveness of access controls i.e. user entitlement, quantitative risk assessments and identifying unused resources. Decision makers can access all this information to make effective informed risk based decisions.
Security metrics will need to be especially chosen, and gathered to ensure alignment with information security. The appropriate metrics will help your organization not only quantify but improve your security posture as well.
How Does It Work
Sensors or clients as we sometimes call them are embedded in to the application stack. These sensors collect data from activities such as login attempts, form access and on such operations as inquiries, record updates, deletion etc. Collected data is then sent or transmitted to an instance of the Security Server with the specific role of being a monitoring server, where it will be stored, collated, processed, aggregated and analyzed. All data is stored entirely on a persistent data store configured and located within the organization’s network. Supported databases are Oracle Database Server and Microsoft SQL Server for large deployments and Derby for small scale deployments. After processing the data the resulting information is used to generate the necessary reports and populate screens.
This feature observes user sessions as sessions are created, status of sessions, log outs and disposal of orphaned sessions. The user session monitored data collected includes the session’s state, for example, whether a session is ‘active’ or ‘idle,’ the applications utilized by the user including the accessed form, and detecting and reporting the client used by the user to access the application and the client’s IP address.
Reports and Graphs
Infor Lawson Security currently reports on live sessions, application and user session usage peaks, and used resources. Infor is working to provide additional reports, cutting edge features on Information Security reporting and analysis are in the works to monitor and take action on events such as login activity and failures, vulnerability alerts and other security incidents. Embedded data analytics through Infor Business Intelligence, is also in the works. These information streams will become the reports, tools and widgets for Security Administrators enabling them to analyze and report security events.
Figure 3 Monitor how the Security Server is doing in near real-time.
Drill Down to Details
From a system level view, Security Administrators can zoom in to activities done within a user session. Figure 4 shows the current Active Sessions, from the session view an Administrator can view an additional level of detail by selecting the session and viewing the transactions captured. This allows administrators to view a user session and find out what kind of forms and records that a user has accessed in the session, even determine what kind of data was made available to the user within a transaction (See Figure 5).
Figure 4 View active and logged in user sessions at a high level.
Infor is actively improving and adding new features and one exciting new feature is Live Monitoring. Live Monitoring allows enterprises to continuously observe and oversee an Infor Lawson System Foundation environment and its applications in near real-time. It sports features such as Geolocation – allowing you to tag a user where they are, Security Events Feed – alerts administrators instantly if something is wrong, and Activity Monitoring allowing Security Administrators to examine what a user performed and the data they saw and more.
Infor Lawson Security’s User Monitoring capability is available for Infor Lawson System Foundation 18.104.22.168 and higher and for Infor Lawson System Foundation 10.0.4.0 and higher. User Interface (UI) components are delivered using Distributed Security Package (DSP) 10.1. The DSP 10.1 deliverable can be found by following this navigation path: Infor Xtreme Support Product Download Center > Infor > Technology > Lawson System Foundation > Infor Security 10.1.0.0 > Distributed Security Package (JAVA). Infor Landmark Technology Runtime platform support will be announced at a later date.
Contact your Infor Client Account Representative for more details.