No security process is perfect. Given enough time, enough systems and a sufficiently large user population, some security compromise is likely to happen. Password management, and authentication processes in general, are no exception to this rule.
To mitigate the business risk of a security compromise in an authentication process, it is important to introduce audit trails. Audit trails record all security transactions, and allow the organization to follow up on what actually happened after a suspicious event takes place.
Audit trials can be combined with real-time alerts, for example using e-mail, instant messaging or telephony / text messaging, to trigger rapid investigation and automatic system defences, such as intruder lockouts.
Audit trails are a core responsibility of a password management system. Events such as authentication attempts and failures, successful and failed user enrollments, successful and failed password updates and more should all be logged, and should all be able to trigger real-time alerts.
Over 312 events, including authentication success and failure, intruder lockouts and security change requests and approvals, for both users and administrators, are logged by Password Manager.
All log data is directed to an internal database table (a session log), which includes time, date, event type, target system ID, requester user ID, recipient user ID, administrator ID (if any), results and any error messages.
Logging data is retained indefinitely. It is accessible directly in the database table and can also be exported via SQL or as a CSV file.
Every logged event can also trigger "external systems notification." Binary integration programs are provided to propagate event data to Remedy ARS, HP Service Manager, various other incident management systems, ODBC databases and e-mail (via SMTP).
Events can also trigger execution of a program on the Password Manager server, which could interface with an infrastructure management system using SNMP traps, for example.
All logged data is available both using a web-based reporting system built into Password Manager and using direct access to log data by an authorized Password Manager administrator.