Attachmate Hooks Fraud-Fighting Tool to SIEM
October 9, 2012 Alex Woodie
Attachmate has given its customers better tools for fighting fraud. With last month’s update to Luminet, the company is hooking the user-monitoring and anti-fraud software to network security tools, specifically security information and event management (SIEM) software, thereby enabling better sharing of information and, hopefully, better detection of coordinated attacks on enterprise applications.
Luminet is an anti-fraud software solution that uses “sniffer” technology to capture all screen displays, keystrokes, and messages communicated between workstations and servers. The software, which is based on software Attachmate OEMs from Intellinx, has been deployed in the financial services industry, and is designed to work with IBM i servers, mainframes, and other platforms.
With Luminet version 4.4, the software can now present its user activity logs for consumption by SIEM engines. Matching Luminet with SIEMs would seem to be a good thing, because Luminet can gather a very fine-grained history of user activity at any point in time, a feature that has been likened to “TiVo for the mainframe.”
Most importantly, Luminet provides the details and context that can be missed when just looking at logs gathered by SIEMs. For example, plain vanilla security logs may not detect simple reads of database information. Luminet can tell you exactly what the user was looking at on the screen, eliminating one more way that crafty insiders can steal company information.
The match with SIEMs also looks good from the other point of view. Luminet wasn’t designed to detect activity occurring outside of enterprise applications, such as in Web servers, Web browsers, email servers, Windows apps, firewalls, or IDS/IPS systems. SIEMs excel at providing a high level view of all activity that could pose a security threat, and connecting the dots to identify complex, coordinated attacks.
“The SIEM integration was undertaken because of strong market demand and requests from existing customers to add the user activity data within Luminet to SIEM solutions across the board,” Attachmate’s vice president of marketing and product management Tom Bice says in a press release. “By taking this step, we’ve made it possible for traditional SIEM engines to see data they don’t typically see, which builds context around user activity and enhances overall data monitoring.”
Attachmate would love to sell Luminet customers on its own SIEM product, called Sentinel 7. That product is offered through NetIQ, which is one of four companies that make up the Attachmate Group, the others being Attachmate, Novell, and SuSE.
Luminet 4.4 is available now. The software runs on Windows, Unix, and Linux servers, and costs from about $100,000.