IntellinX Modernization Guide

IntellinX monitors user activity within applications, capturing keystrokes and screen data. It uses network sniffing to analyze traffic from protocols like TN3270, SNA LU0/LU6.2, Websphere MQ, HTTP/HTTPS, and TCP/IP. This allows organizations to gain visibility into user actions and potential security threats.

IntellinX is a security monitoring application. It is designed to provide detailed insights into user behavior and data access patterns within an organization's network. It is not a system-level tool or a development framework, but rather a focused application for security and compliance monitoring.

Organizations that need to monitor user activity for security, compliance, or fraud prevention are good candidates for IntellinX. This includes financial institutions, healthcare providers, and government agencies. Companies of all sizes can benefit, but it is particularly useful for those with complex IT environments and sensitive data.

Consider IntellinX when you need to gain detailed visibility into user activity across various applications and protocols. This is especially important when dealing with sensitive data, regulatory compliance requirements, or a need to detect and prevent fraud. If you need to monitor mainframe and distributed systems, IntellinX can provide a unified view.

Alternatives to IntellinX include network monitoring tools like Wireshark, intrusion detection systems (IDS) such as Snort, and security information and event management (SIEM) platforms like Splunk or QRadar. However, IntellinX specializes in capturing user-level activity, including keystrokes and screen data, which may not be available in other solutions.

IntellinX requires a network infrastructure that allows it to 'sniff' network traffic. This typically involves deploying it on a server connected to a network span or tap. It also requires access to the network traffic from protocols like TN3270, SNA LU0/LU6.2, Websphere MQ, HTTP/HTTPS, and TCP/IP. The monitored systems must be configured to allow IntellinX to capture the necessary data.

IntellinX runs on Microsoft Windows and UNIX platforms. It monitors activity on z/OS, z/VM, and zVSE/VSEn systems by capturing network traffic. It does not run directly on the mainframe as an LPAR, but rather monitors mainframe applications through network protocols.

IntellinX uses a network 'sniffer' to capture network traffic. It analyzes protocols like TN3270, SNA LU0, SNA LU6.2, Websphere MQ, HTTP, HTTPS, and TCP/IP. The system components communicate through network protocols, and data is stored in a database for analysis and reporting.

IntellinX exposes APIs for integration with other systems. The specific API types (REST, SOAP, etc.) and endpoint patterns would be detailed in the product documentation. Integration allows for feeding IntellinX data into SIEM systems or other security platforms.

IntellinX helps organizations meet compliance requirements by providing detailed audit trails of user activity. It can also help prevent fraud by detecting suspicious behavior and unauthorized access to sensitive data. By monitoring user actions, organizations can identify and mitigate risks before they lead to security breaches or financial losses.

IntellinX provides value by monitoring user activity across multiple platforms, including mainframe and distributed systems. This unified view allows organizations to identify patterns and anomalies that might be missed when monitoring systems in isolation. The ability to capture keystrokes and screen data provides a level of detail not found in many other monitoring solutions.

The total cost of ownership includes the licensing fees, the cost of hardware and software to run IntellinX, the cost of implementation and configuration, and the ongoing operational costs. Operational costs include monitoring, maintenance, and staffing. The specific costs will vary depending on the size and complexity of the environment.

IntellinX supports various authentication methods. The specific methods supported would be detailed in the product documentation. Access control is likely based on a role-based access control (RBAC) model, where users are assigned roles with specific permissions. Encryption is used to protect sensitive data both in transit and at rest.

IntellinX provides audit logging capabilities to track user activity and system events. These logs can be used to investigate security incidents, identify policy violations, and demonstrate compliance with regulations. The logs should include details such as the user ID, timestamp, action performed, and data accessed.

IntellinX monitors network traffic, so it is important to secure the network infrastructure to prevent unauthorized access to the captured data. Encryption should be used to protect sensitive data both in transit and at rest. Regular security audits and penetration testing should be performed to identify and address vulnerabilities.

Implementing IntellinX requires technical expertise in network monitoring, security, and database administration. Ongoing operational requirements include monitoring the system for performance and availability, maintaining the database, and analyzing the captured data. Staffing requirements depend on the size and complexity of the environment.

IntellinX is typically deployed on-premise, but hybrid deployments are possible. The deployment model depends on the organization's infrastructure and security requirements. The product documentation should provide detailed guidance on deployment options and best practices.

Common implementation challenges include configuring the network to allow IntellinX to capture the necessary traffic, integrating IntellinX with other security systems, and managing the volume of data generated by the system. Proper planning and configuration are essential for a successful implementation.