| Q |
What does DEADBOLT Explorer do? |
| A |
DEADBOLT Explorer is an enterprise
security and compliance tool that gives IT auditors and security professionals,
visibility into user identities and access rights across all the systems,
databases, directories, and applications in an enterprise—including
those running on mainframe servers. It correlates multiple identities to
single individuals, provides verification and attestation workflows, and
is easily customizable and extendable to scale to the needs of any enterprise.
|
| Q |
What are the minimum requirements for
DEADBOLT? |
| A |
DEADBOLT Explorer runs on Windows
2000 or later, Solaris, and all major Linux distributions. It requires a
MySQL 5.0, Oracle 10g or later, or Microsoft SQL Server 2005 database for
its knowledge store, and it needs a web browser for the user interface (Internet
Explorer 6 or later or Firefox 1.5 or later).
|
| Q |
Do I need to change any system
or application configurations to have DEADBOLT collect on report on identity
data? |
| A |
No. DEADBOLT will require some configuration
of its scanners so they know where to find certain user identity data and
where to find certain resource access rights, but the product doesn’t
ask you to change any DBMS, system, or application configurations.
|
| Q |
Where does DEADBOLT look for identity
and access rights data? |
| A |
There are many places in a typical
IT environment where user identity data and access rights are defined. DEADBOLT
Explorer looks for data at multiple levels. It scans for network logons,
operating system user IDs, directory server identity stores, DBMS systems,
and applications. It looks for rights granted by virtue of role, group,
or ACL. Common directories (like Microsoft Active Directory or LDAP), OSs
(like Windows, Linux, Solaris, and z/OS), DBMSs (like Oracle, SQL Server,
MySQL and Sybase), and business applications are supported out of the box.
|
| Q |
Does DEADBOLT Explorer automatically
change identity data or access rights if it spots an issue? |
| A |
No. DEADBOLT is an audit and security
tool. It is neither an identity management solution nor a system administration
dashboard. DEADBOLT is very sensitive about issues surrounding separation
of duties. An auditing tool integrated into identity management or system
administration might well fail an intense security audit if the auditor
finds that it oversteps the delineation between the auditor, the security
personnel, and the systems staff. DEADBOLT is a very lean tool with a feature
set optimized for effective, passable identity audits.
|
| Q |
Does that mean DEADBOLT won’t help
the help desk? |
| A |
Not at all! DEADBOLT is an efficient
way to help analyze group accesses and to speed provisioning of new accounts.
It’s also indispensable in verifying that de-provisioning is completely
done because it does correlate multiple user IDs across multiple systems
to a single individual, making sure that access backdoors aren’t inadvertently
left wide open.
|
| Q |
I have custom applications
and a legacy DBMS containing confidential data. Can DEADBOLT help me audit
access to those resources? |
| A |
Yes. DEADBOLT is very extensible
and includes a powerful mechanism for building custom scanners to collect
identity data from sources that are not yet supported. JME Software can
also provide custom scanners if you prefer not to do it yourself. Discuss
this option with your JME sales representative.
|
| Q |
This FAQ didn’t answer my question.
What do I do? |
| A |
If you’re already a DEADBOLT customer,
there’s a good chance the answer is in the product documentation.
If you’re not yet a DEADBOLT customer and want to know more about
how the product can secure your data and help you pass audits, contact a
JME sales representative. Email sales@jmesoftware.com or call 866.403.2838.
|
Learn how effective identity auditing practices and technologies can help your organization comply with IT regulations and privacy laws.