Gantry 5

I4Log - Digital track analysis system

Theoretical approach

Operation of an organization – even it’s a financial, production or governance – is working under regulations and policies. These rules can be law enforcements, industrial standards, quality standards, standard operation procedures etc., which frames a control environment all together and impacts (enforces) the conformity of the functional processes. In this environment operational risks can be defined, which threaten the business activity, and may get the realization of the organization’s goals doubtful.
 

Prioritized risks are connectable with the affected operational processes, and the process steps inside. The work of the process executives is supported or supervised by information systems in every single process steps. The usage of these IT functions leaves several digital tracks in the whole IT infrastructure. Those can be for example the operative data, the system logs of the operations, and the status logs of the infrastructure elements.
 


To get a possible full picture about the operation of the critical processes, we used a novel approach, and mapped the digital tracks of the relevant events of diverse systems in one common event space, which we called IT Event Space.

 

With proper work up it is possible to develop a solid monitoring system, which traces the critical processes, forecasts the weaknesses of the operation, reveal the hidden correlations, and sends warnings about the unwanted events. This system can point out to the risks belonging to the functional processes; to the deviations from requirements raised by the control environment; and to the possible loss sources in many ways.

Basic conception of the I4Log

I4Log is able to process not only the logs coming from the IT systems, but all the other data, which can reliable track and re-enact all the steps of a given functional process. In accordance with our conception we imply in the category of the digital track - beyond the standard log entries - the operative data of the business applications and the system logs of these operations, moreover the uniquely composed – occasional manually created – complementary data.

I4Log track analyzing system can do near real-time and follow-up type log entry analysis as well. Thanks to the data-warehouse conception and the applied artificial intelligence solutions, the strength of the I4Log is the follow-up type analysis and the predictions.

One of our innovation goals was that the track analyzing system should be applicable in several business areas, to increase the competitiveness of the customer and parallel this, with the usage of I4Log the customer can keep the security of it’s information assets and it’s good reputation and fame. You can use our digital-track-analysis-based loss reduction solution for the following purpose:

  • automatic monitor of the critical events,
  • IT/HR risk mitigation,
  • HR risk level measurable,
  • support the compliance audit,
  • explore the misuse and fraud,
  • forecast the operational anomalies,
  • supervise and control the usage of the information systems,
  • make the operation of the company and the user activities more transparent etc.

I4Log can show how the organization complies with the expected operation, the external conformances (law, standards, regulations, etc.), or the internal policies (ISO, SOPs, etc.). It supports the continuous monitoring and the temporary audit tasks as well. Observing, and revealing the functional anomalies, I4Log backs the company management to discover the bad practice cases in time, to be able to take steps for safeguarding the efficiency, the authenticity and the prosperity of the company.

I4Log has built up on modular basis. The main functions are represented by separate system components, which can be deployed to separate physical and logical places (separate location, server, operation system, etc.) if needed. The other advantage of the modularity is that the system can be flexibly adapted with the existing information security solutions either on the input or the output side.

Logical structure of I4Log

The system contains four functional levels. These levels are able to work independently too, and can be adapted to other information security systems as well.

Collection

I4Log can receive data from any source system, a few of them as a built-in (standard) method. To collect the digital tracks, we can use our own-developed Log Concentrator solution, or the interface surface of the I4Log Centrals itself, or we can use 3rd party solutions (RSA, Sophos, Balabit, etc.) as well.

Processing

During the processing we convert the loaded data coming from different subsystems into a unified structure, which enables to compare the virtually independent information sources to each other. Serving the business-specific data mart happens on this level too.

Standard analysis

This is the main user interface. The analysts can reach all of the basic functions on this level (for example: rule management, event management, alerts and workflow setting, analysis, report definition, security logging, etc.)

Artificial Intelligence

This is the level for the sophisticated experts, where the specialty of our solution appears: the Artificial Intelligence Module. With using data mining and similarity analysis techniques, AI Module enables the complex examination of the long-drawn processes, and the dissection of the hidden contexts with using automations, with minimal human interaction (for example: automatic rule recognition, trend analysis, prediction).

Specialty of I4Log

It’s a great advantage of the I4Log digital track analysis system, that it handles the different digital tracks in one central event space. From this central scheme (data warehouse), I4Log can develop and continuously support specific data marts along different aspects (dimensions). Based on these Business Specific Data Marts, the system provides the basic data for targeted rule management, analysis, summaries, charts and compliance reports, and the basic data for the Artificial Intelligence Module as well.

Every data mart includes suggestions regarding the given business problem. It contains recommendations about the specification of the collectable digital tracks, the specific rules and event collection, and the metrics and index numbers and report templates too.

Current data marts:

  • HR risk monitoring

The main task of it is to monitor the activities of the important key employees, based on the digital tracks arisen in the IT subsystems. It helps the work of the HR risk management, the work of the internal auditors; with collecting a “digital behavior” from the key employees, and comparing the employee’s digital tracks with the “ideal employee” patterns and with automatically observing the HR risks, and handle the critical events.

  • Exploring incorrect events

This data mart is able to reveal the hidden contexts on the basis of the digital tracks coming from the abusive activities, as well as to discover the harmful actions (for example: evasion normative measurements and disciplines, providing confidential information to third parties, violation of business ethic, cooperation in unauthorized service level usage, etc.)

  • Production system operations and maintenance process support

I4Log is able to monitor not only the operation of an information system, but the operation of any processes including industrial production, for example a production line. The concept of risk can be defined similarly in this case as well, so we can build up a regulation system in reference to the process steps and the machines, and finally we can monitor the fulfillment of the rules with the help of the digital track analyzing system.

Artificial  Intelligence  (A.I.) layer

The main differentiator of the I4Log is the A.I. layer, built on data marts, supported by data warehouse technologies. The functionality of the A.I. layer significantly increases the analyzing capabilities of our product. This level is the one, where we can draw predictive conclusions from the detective data.

I4Log Similarity Analysis Module

  • helps to recognize those abnormal activities, which cannot determine with declarative rules,
  • with statistical analysis of the past events, gives ideas about the undesirable events of the future,
  • monitors the deviations from the ideal position, predicts, generate suspicion,
  • examine the context of any time series, or static data.

Own developed software

A big advantage of I4Log is that being own developed, it is easily adaptable for the quickly altering environment, as well as for the existing IT environment. Hence the customers can keep their long standing but maybe limited production information system, because we can integrate the I4Log with them, to complement their functionality. Thanks to the modularity we can offer various configurations, align with the customer needs.