The world's largest and most secure intelligence organizations have deployed Autonomy's Intellectual Asset Protection System (IAS) Connectors to safeguard their most sensitive information assets. Autonomy provides all aspects of security management, including front-end user authentication, back-end entitlement checking and secure encrypted communication between the IDOL Server and its client applications with 128-bit Block Tiny Encryption Algorithm (BTEA). IDOL's mapped security model is the only empirically proven index security model that scales in the enterprise.
"One factor that has set the Autonomy search apart from the crowd for Fineagan is security. Whatever security exists on the application layer, she says, Autonomy acknowledges it."
Carol Fineagan, CIO of EnergySolutions, CIO Magazine, July 2008
Unmapped Security
There are three general security models currently available:
1. Unmapped Security
Unmapped security is the traditional method used by source repositories and search engines. For every potential match to a given query, a call is made via the native repository's API (e.g. Documentum) to ascertain the access privileges for that particular document. A single query consequently bombards the native repository with document privilege requests as the retrieval system attempts to assemble a relevant results list from thousands of candidate hits. This method presents significant performance and scalability problems.
Autonomy recommends mapped security but also offers the choice between mapped, unmapped and a hybrid of both. Autonomy also supplies plug-in sample code, so that customers, OEMs and partners are able to develop and implement their own form of security plug-in.
2. Cached Security
Cached security is the method of choice for legacy systems. Cached security only marginally relieves the scalability problem of unmapped security by storing results for queries it has already seen. Consequently, when a user repeats a query, the result set can be retrieved from the cache rather than triggering a network-mediated request. However, this approach still relies on calling out across the network directly to the repository for each new query. In addition, it also misses potential results, as the result sets stored within its memory do not dynamically update new information.
3. Autonomy's Unique IAS Mapped Security
Only Autonomy offers mapped security - a highly configurable, secure, accurate, and fast method for respecting third party security entitlements. IDOL maps the underlying security model in the form of ACL, group, role, protective markings, etc. from all of the underlying repositories directly into the kernel of the IDOL engine itself, and stores the information in an encrypted field. As a result, IDOL does not need to send any requests across the network to the data stores when building up a results list. What the user is allowed to see is assessed "inline" within the IDOL kernel at speeds that exceed the response times of the native repository. Unlike other techniques, the security model is never out of date as the transitional signaling mechanism within the connector layer informs IDOL in real-time of any updates or changes to permissions within the underlying content.
Mapped Security
Since IDOL's architecture is inherently modular by design, it requires multiple subsystems to communicate with each other, often across insecure networks. All communication between these processes may be encrypted (Secure Sockets Layer), so that packet sniffers who are able to break past a firewall are unable to read the content of traffic between IDOL modules. All of the system's modules are capable of operating in a secure communications mode providing, at minimal processing overhead, the protection of 128-bit encryption. Additionally, IDOL can leverage SSL for both aggregation and querying of content, including access to SSL encrypted sites.
Summary: ...Causeway, Northern Ireland Justice Agency, Case Study. Based on Microsoft technologies, information sharing is achieved by managing the distribution of messages and incorporating payload, in line with a defined business rules and a permissions model. Microsoft BizTalk® Server 2004 manages message routing...
Summary: ...and contextual understanding of all the data in the system, whatever format it is in and wherever it is held. In conjunction with HOLMES 2, IDOL can access information from various underlying police content repositories, such as Exchange, FileSystem, HTTP and Oracle, and automatically collate all the...
Summary: ...AHA Case Study. Case Study cs_aha_singlepgs.indd 1 10/23/07 1:12:45 PM cs_aha_singlepgs.indd 2 10/23/07 1:12:47 PM “Interwoven is critical to our success and to our business model. We could not have met our portal goals effectively without a sound, robust, and fl exible content management platform in...
Summary: ...years now, ranging from Mainframe archiving to e-billing and document management. “The Web client version 4 provides an ideal, practically ‘out of-the-box’ solution and helped us to deliver a Web site using RSA SecurID and SSL technologies. Access to particularly sensitive documents can be very...
Summary: ...other systems. They are able to start reviews immediately and move between cases quickly. This enables them to deploy staff strategically and speed up the initiation process, providing real value to clients. “With Introspect, you get exactly what it says on the tin. Introspect gives us confidence that...
Summary: ...to achieve storage effi ciency with centralized, automated control for documents stored in email servers. EAS’ scalability and fl exibility is fully realized by the underlying architecture of the EAS product, which features highly effi cient storage structure and a distributed processing model.
...
Summary: ...ZANTAZ and Boehringer Ingelheim Leading Pharmaceutical Prescribes Archiving to Cure Email Growth.. EAS gave us the choice of using either Microsoft SQL or Oracle. We chose Oracle because this is our corporate standard database. In fact the archive database actually runs on a Unix system. How are users...
Summary: ...model has a different audience and buyer, and each responds differently to things like text, color, and layout,” says Shlauter. “The same types of things don’t necessarily work for every model, and even minor changes can have a bigger impact than you’d expect. You can’t really know what will...
This is a small selection of the Autonomy case studies available, please visit our publications site at http://publications.autonomy.com/ for more information.
Summary: ...in its native form directly in the kernel of the engine itself, with automatic updates to keep the security data current. This sharply contrasts with other security models that store security information in the original repositories, requiring communication between the search engine and the underlying...
Summary: ...scalability within enterprise applications is the ability to manage entitlement checks in a scalable manner. IDOL stores security information in its native form directly in the kernel of the engine itself, with automatic updates to keep the security data current. This sharply contrasts with other security...
Summary: ...IDOL Enterprise Desktop Search Technical Brief. IDOL Enterprise Desktop Search employs Autonomy’s mapped security, providing high-performance automatic verification against user, group and role level entitlement and advanced user authentication, including the facility for an administrator to disable...
Summary: ...Autonomy KeyView IDOL. All security information is retrieved in its native form at the time of filtering, ensuring that security will be fully respected and not be compromised by any loss of data. Autonomy uniquely provides mapped security – the only index security model empirically proven to scale...
Summary: ...of filtering, ensuring that security will be fully respected and not be compromised by any loss of data. Autonomy uniquely provides mapped security – the only index security model empirically proven to scale in the enterprise. Number of Supported File Types 2000 2008 Stellent Oracle Stellent Autonomy...
Summary: ...online environment for simple to complex litigation, multi-party cases and full production in one highly flexible hosted service. With the most robust security model in the business, Introspect Review and Production manages all types of documents, including native electronic files, scanned paper documents...
Summary: ...Autonomy Legal Hold. Unlike legacy solutions that require a constant connection to the network, ALH uses a distributed model which relies on the custodian PC to process and identify data through the power of Autonomy's Intelligent Data Operating Layer (IDOL). If a machine is offline and not connected...
Summary: ...up or down) but also to observe its environment and all aspects of its operation. For example, IDOL connectors that synchronize IDOL with underlying data repositories such as Exchange, Notes and NT will report at the most atomic level of detail. A connector will record just how many embedded objects have...
Summary: ...meaning of the content. Clustering Visualization These conceptual groupings can be represented visually through several different interfaces, including the spectrograph and the 2D/3D cluster map.
...
Summary: ...Detection, Real-time and Forensic Continuous, event, scheduled and manual recording Real-time alerting Lip-synchronised audio recording IP full remote access including offline configuration Varying access levels configurable for 1000 users Secure encrypted streams and verification key for evidential purposes...
Summary: ...constitutes over 80% of all enterprise data. This includes emails, blogs, IMs, audio and videos. This platform is highly secure and is used by the largest and most secure intelligence organizations in the world. The security model is very flexible and can map to an organization’s security entitlements....
Summary: ...on corporate policies, parameters for data retention and disposition, or the duty to preserve. These policies can even provide protection in the event of theft or loss of a corporate laptop by automatically triggering the encryption or deletion of sensitive corporate information. www.autonomy.com Copyright...
This is a small selection of the Autonomy Product Briefs available, please visit our publications site at http://publications.autonomy.com/ for more information.
Summary: ...of mapped security, IDOL maps the underlying security model in the form of ACL, group, role, protective markings, etc. from the underlying SharePoint repositories directly into the kernel of the IDOL engine itself. As a result of this unique solution, IDOL does not need to send any requests across the...
Summary: ...File System Fetch is IASTM (Intellectual Asset Protection SystemTM) compatible: • Supports mapped and unmapped Microsoft NT Security • Supports mapped and unmapped UNIX/ Netware Security • Read Access rights to poll directories required • ACLCheck plug in automatically updates security www.autonomy....
Summary: ...criteria, including wildcards, size and link limits • Intelligent updating: prediction and calculation of page changes • Support for SSL and proxy • HTTP and Proxy / Firewall authentication • Built-in Import module Autonomy IAS Security HTTPFetch is IASTM (Intellectual Asset Protection SystemTM)...
Summary: ...format specific search functionality. Over 1,000 different document formats are supported, including a wide variety of audio and video formats. The IDOL search engine can empirically scale up to billions of files and hundreds of thousands of users with fully mapped security. Connecting to All Enterprise...
Summary: ...IDOL 7 Server Technical Brief. Competing standards, varied and numerous sub-systems and differing policies all vie with each other in an environment marked by heterogeneous networks and underlying hardware. Providing security at isolated points within this complex environment does not answer the challenge....
Summary: ...IBM FileNet Connector. All rights reserved. Other trademarks are registered trademarks and the properties of their respective owners. Product specifications and features are subject to change without notice. Use of Autonomy software is under license. [20090922_PI_TB_IBM_FileNet_Connector] Autonomy Inc....
Summary: ...processing • Import parameters compatible with any other Autonomy indexing process • Handles attachments • Encrypted communications between POP3 Fetch and POP3 mail server • Import module built-in (see Import Module Technical Brief). Technology Overview POP3 Fetch is an Autonomy connector which...
Summary: ...usage. Information flows into: IDOL server™ Information received from: Front end Modules it can communicate with: DiSH™, IDOL server™ Requirements Platforms Supported: Microsoft Windows 2000 SUN Solaris Linux (kernel 2.4.18 or above) Any other POSIX compliant of UNIX available on request Minimum...
Summary: ...data formats • Synchronized Siebel security to allow accurate reflection of entitlements • Siebel Fetch behaves as a standard Autonomy Service and can be used in conjunction with DiSH. Features Siebel Fetch Siebel Fetch is an Autonomy connector which enables Siebel 2000 customers to seamlessly integrate...
This is a small selection of the Autonomy Technical Briefs available, please visit our publications site at http://publications.autonomy.com/ for more information.
Summary: ...advanced document level ACL models. Kerberos and SSL Encryption PKI (Public Key Infrastructure) is a protocol methodology for ensuring integrity between two correspondents who are using an insecure channel for communication. Popular PKIs differ with regard to technical specifications, but they all ensure...
Summary: ...through results encryption and image watermarking. Full audit tracking enables authorized personnel to gain immediate visibility into the history associated with any record in the system. Intellectual Asset Protection System (IAS) Virage’s Intellectual Asset Protection System (IAS) is a comprehensive...
Summary: ...Autonomy K2 Roadmap. In addition, security map is updated as soon as permissions change in the underlying repository. This means the security is never out of date. Mapped Security respects third-party security entitlements without caching or last-minute, query time checks against the native repository....
Summary: ...uses the only indexing security model empirically proven to scale in the enterprise. Its unique mapped security stores the data’s security information at indexing time within the IDOL engine itself so that no communication with the native repository is necessary at query time, ensuring rapid and scalable...
Summary: ...performance overhead, this approach offers sufficient protection for use inside the enterprise. For deployments that cross the firewall, SSL encryption is recommended. SSL OpenDeploy offers up to 168-bit SSL encryption, using X509.v3 digital certificates and SSL v3, and supports both RSA and DSA certificates....
Summary: ...about PCI ComplianceD,” ecember 7, 2006, by Avivah Litan and John Pescatore 3 Visa CISP Bulletin, T“op Five Data Security Vulnerabilitie” s,August 29, 2006 Encryption Autonomy etalk encrypts recordings using 256-bit AES encry-p tion. This is a symmetric encryption algorithm, using keys generated...
Summary: ...architecture that has multiple design attributes in place to form an optimal solution to the complex problem of entitlement resolution. Autonomy is the only technology in the world to offer Mapped Security, a highly configurable, secure, accurate, and fast method for respecting third-party security entitlements....
Summary: ...against user, group and role level entitlement. Encrypted inter-machine and intra-process communication protocols are woven into the fabric of Autonomy's modular design at a fundamental level, providing secure transmission of information throughout the architecture. Autonomy’s Intellectual Asset Protection...
Summary: ...technology necessary to comply with the latest regulatory demands. It fails to be forensically sound in several areas: • It cannot search for every piece of relevant data because it does not index all critical content due to its lack of connector support.
...
Summary: ...with the latest regulatory demands. It fails to be forensically sound in several areas: • It cannot search for every piece of relevant data because it does not index all critical content due to its lack of connector support.
...
Summary: ...to update content n Personalization n Interactive, collaborative environment n Scalable to thousands of clients To safeguard client information and firm systems and comply with government regulations, firms should pay close attention to security. At minimum, a portal technology should provide: n SSL encryption...
Summary: ...searches to native search engines, one assumes that these engines are capable of effectively searching their own data. Given that many repositories rely on out-dated, end-of-life search products for their native search, this is not a reasonable assumption to make. These search engines rarely search all...
This is a small selection of the Autonomy White Papers available, please visit our publications site at http://publications.autonomy.com/ for more information.
Related Case Studies
.pdf.png)
