In-Depth

Audits Address Overlooked Legacy Security

Guarding against external threats is important, but don’t overlook legacy systems security.

• By Jason Turcotte
• 10/24/2006

Concerned chiefly with external threats, today’s enterprises are overlooking the importance of legacy systems security. With an internal security solution that audits and interprets access behavior within an organization, one company is helping enterprises avoid some common security pitfalls.

New York-based Intellinx offers enterprise security that accounts for the most-neglected systems—legacy systems. Intellinx, which spawned from legacy integration company Sabratec in 2005, seeks the source of information leakage, detects anomalies and suspicious behavior, and provides enterprises with a detailed analysis of everything accessed.

“Most organizations don’t invest in legacy security. Most companies assume legacy systems are out of the game because we no longer update them or rely on them,” said Nimrod Kozlovski, a security expert and consultant for Intellinx. “But legacy systems still store crucial information.”

Kozlovski is the author of The Computer and the Legal Process and co-author of Computer Crimes. Steeped in security issues, particularly Internet, privacy law, computer crimes, and search-and-seizure methods, the Yale University graduate devotes most of his time to consulting start-ups, government agencies, and tech companies such as Intellinx. He not only researches security trends but spots tools that are too often overlooked.

While legacy systems may have lost some clout with enterprises, so has internal security, Kozlovski says. “Most organizations assume the real threat of security is external.”

Once applications are coded through Intellinx, the solution detects unusual behavior by logging users’ keystrokes and delivers a real-time alert to chief security officers. For example, security officials would be alerted if an employee attempts to access applications beyond normal business hours. What may appear at first glance as a harmless inquiry could be an insider, money-laundering scheme—or worse.

“It enables us to get a lot of operational intelligence on legacy systems because it records everything done on the system,” Kozlovski says. “We try to remind you of your legacy and help you benefit from legacy business intelligence.”

Intellinx’s one-size-fits-all solution tracks information regardless of the operating system in use. It also applies security to everyone within an enterprise including, database administrators, system administrators, and developers. Simple knowledge of the solution, Kozlovski says, deters dishonest insiders.

Few vendors are supplying legacy security solutions and, Kozlovski observes, even fewer offer legacy log analysis. Intellinx’s cross-platform product not only audits the end user activity but also provides new visibility by detailing who gains access to specific values, account numbers and apps. It also lets companies customize a security policy that dictates what the solution searches for, and the data it logs and archives.

“From one consolidated results list, the auditor can visually replay user access to the specific value, whether it’s located in an internal Web application, a client/server application or a legacy application,” according to Hagai Schaffer, VP of products and marketing at Intellinx.

The company targets medium to large enterprises, particularly those in retail, public utilities, finance, government, health care, and telecommunications. According to Schaffer, Intellinx’s cost is based on the number of monitored end users. The product starts at $100,000, rising to several million dollars for large enterprises.