R
Cryptso�’s Audit, Analy�cs and Compliance Integra�on Module forKMIP Server lets you rapidly add Audi�ng, Analy�cs or Compliancefeatures to your KMIP solu�on. Designed as a component forCryptso�’s KMIP Server SDKs this allows configurable data collec�onfeatures for all KMIP compliant key opera�ons allowing your enterpriseto Audit, Analyze, or ensure the Compliance of your key managementsolu�on.
Cryptso�’s Audit, Analy�cs and Compliance Module for KMIP Serverallows all opera�ons from KMIP Servers and Clients that perform keyopera�ons on the KMIP server to be recorded and subsequently beinterrogated by the Audit, Analy�cs or Compliance func�ons in real-�me or processed in batch mode to inform opera�ons staff of theperformance characteris�cs of the solu�on.
KMIP Clients or Servers that request key opera�ons from a KMIP Serverwith the Audit, Analy�cs and Compliance Integra�on Module opera�ngdo not require special features to enable these enhanced capabili�esallowing vendor-independent Audit, Analy�cs or Compliancemanagement without replacing exis�ng end points.
AUDIT, ANALYTICS & COMPLIANCEIntegration Module for KMIP Server
KEY FEATURES• Full OASIS KMIP compliance
versions: 1.0, 1.1, 1.2, 1.3, 1.4, 2.0*• Guaranteed interoperability with all
released KMIP server products
• Comprehensive example code▫ Custom examples available forrapid integra�on
• Supported on over 35 differentpla�orms including Linux, Windowsand a range of embedded pla�orms▫ Custom platform ports on request
AUDITThe Audit op�on allows for the systema�c and independentexamina�on of records of key opera�ons in an organiza�on to ascertainto what degree the opera�onal reports present a true and fair view ofthe security of key opera�ons.
ANALYTICSThe Analy�cs op�on allows for the discovery and communica�on ofmeaningful pa�erns within the audited key opera�ons. This op�on isavailable in real-�me on the KMIP Server Administra�on Interface ormay be extracted as a scheduled or ad-hoc data extract for analysisusing client tools.
COMPLIANCECompliance allows your system to monitor KMIP opera�ons in a KMIPserver to determine whether the key opera�ons undertaken in theenterprise meets stated company policy, allowing you to raise alertswhen a threshold of non-compliant opera�ons is performed or actedupon by the server.
R
KEY BENEFITSAUDIT, ANALYTICS & COMPLIANCEThe Audit, Analy�cs and Compliance Integra�on Module is a fullyintegrated module that when ac�vated allows your applica�on tocapture and store detailed informa�on about all KMIP opera�onsperformed by the KMIP Server. As the server responds to all clientrequests these are also logged without requiring any changes to theapplica�on and is totally transparent in opera�on to clients.
The amount of data logged is configurable and can be limited to aspecific set of opera�ons so that your applica�on can perform theanalysis required to manage the requirements of a busy enterpriseapplica�on secure in the knowledge that the key management systemcan provide the data required to support your opera�ons.
• Low risk• Easy to use• Transparent to KMIP client
applica�ons• Fully instrumented in Server SDK• Gain access to internal KMIP
Server measurements
Year1
Year2
Year3
Year4
Year5
[email protected] WWW.CRYPTSOFT.COM+61 7 3103 0321 | US +1 650 918 4362
@CRYPTSOFTCRYPTSOFT-SECURITY-SPECIALISTS@CRYPTSOFT
Copyright © 2018 Cryptsoft Pty Ltd. All rights reserved. All trademarks, service marks, trade names, product names and logos are property of their respective owners.
2018-05
Sample Server Performance
Sample Key Operations
Data from the KMIP Server can be extracted using Cryptso� suppliedrou�nes or based on a standard schema directly from the underlyingdatabase. This data can also be loaded into your preferred sta�s�csmanagement package if preferred.
• Ac�vate• Add A�ribute• Archive• Cancel• Cer�fy• Check• Create• Create Key Pair• Create Split Key• Decrypt• Delete A�ribute• Derive Key• Destroy• Discover Versions• Encrypt
• Export1.4• Get• Get Attribute List• Get A�ributes• Get Usage Alloca�on• Hash• Import1.4• Join Split Key• Locate• Log2.0• MAC• MAC Verify• Modify A�ribute• No�fy• Obtain Lease
• Poll• Put• Query• Re-cer�fy• Recover• Register• Re-key• Re-key Key Pair• Revoke• RNG Retrieve• RNG Seed• Sign• Signature Verify• Validate
Supported KMIP Operations
Supported Encodings• TTLV• HTTPS/TTLV
• HTTPS/JSON• HTTPS/XML
Supported Databases• HSQLDB• SQLite3• MySQL 5.x• Oracle 11.x, 12.x
• SQL Server 2003+• IBM DB2 9 & 10• PostgreSQL 8 & 9