In the world of Robotic Process Automation (RPA), software robots are working as intelligently as humans.
With so many users on so many devices, how do you keep track of all the activities? Who's running a bot? When did the bot start? When did the bot terminate? What changes were made to the systems? The answer is logs.
Logs are the key for system administrators to keep a pulse on security, integration, operational efficiency, and compliance. All system and network administrators need logs to track who did what, when, where, and why.
All network devices generate logs — these logs send information to the syslog server. The server does all of the monitoring and reporting when things seem right, as well as when things are wrong.
We need logs for the sake of compliance — to keep track of all activity, along with bots and operational processes. Logs are an important necessity for companies that need to comply with regulations such as the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act of 2002 (SOX), Gramm-Leach-Bliley Act (GLBA), Payment Card Industry Data Security Standard (PCI DSS), and Federal Information Security Management Act (FISMA).
RPA complements the human worker for automating labor-intensive and repetitive tasks. If you're like most system administrators, you probably dread the time wasted providing logs for an audit. As a system admin, you can now let the bot do the heavy lifting and use your free time for other more important obligations.
An important security requirement in many environments and security/compliance frameworks is centralized audit consolidation and reduction. The requirement describes how key systems and audit logs must be forwarded to a central location for storage and subsequent analysis. Analysis by many frameworks includes periodic review for events that indicate security-related changes in systems.
An example would be a system generating a higher level of failed login attempts, possibly indicating a brute force attack, or an expired password for some system account. Each of the major security/compliance frameworks, including PCI DSS, FISMA, HIPAA, and the International Organization for Standardization (ISO) 27001, have requirements around logging and centralized consolidation and analysis. (See references to standards and sections below.)
A big challenge with auditing in many organizations is efficiently sifting through all of the logs. There are vendors that specialize in providing dedicated tools for log management and storage. They also provide privacy for protecting the confidentiality, integrity, and availability of logs.
Security information and event management (SIEM) systems can collect logs and provide specific analysis, including advanced searching, reporting, and alerting. Examples of SIEM tools include IBM QRadar, Splunk, LogRhythm, and the open-source Graylog.
Integrating the RPA platform with SIEM is a vital step in reducing the overhead of compliance as it offloads the audit records — as required by the security frameworks — automatically.
At Automation Anywhere, we strive to deliver efficiency for complex processes and integrate seamlessly with third-party tools and systems. Since RPA requires logs to be generated for audit and compliance, we can forward all system logs to third-party SIEM tools such as Splunk to run searches and retrieve event data in real time.
Automating log management with an effective tool can make a network administrator's life easy and less stressful. With SIEM integration, your RPA audit records are forwarded to the system you already have, allowing streamlined RPA governance and troubleshooting with the power of the SIEM searching and alerting features.
Figure 1. Architecture of RPA when integrated with SIEM
As shown in Figure 1, the Control Room is the central and primary control plane for RPA, providing role-based access control on all functions — controlling all bot deployments and forming the central point for audit logging.
From a security perspective, this centralized command and control is better than alternatives that consist of many non-centrally controlled bot runners. With Automation Anywhere Enterprise version 11.3.2, the Control Room can be configured to forward audit logs over the network to any system that can receive messages in syslog format.
Log management aggregates data from many sources, such as your network, security, servers, databases, application, and much more. It's vital to automate the gathering of compliance data and produce reports by seamlessly integrating all of your compliance requirements. The following table shows the security frameworks and the relevant sections that relate to audit logs:
The desire to be technologically advanced and unique applies to all aspects of your business. Managing a large stream of log audits can be a time-consuming and repetitive role.
Implementing RPA to get the logs generated seamlessly from nearly every computing device and securely directed to any location or remote system can increase the speed at which logs are generated. Auditing the logs securely with RPA can also help you reinvent processes without compromising or limitations.
Gautam Roy leads the product marketing and strategy of security features for the Automation Anywhere product portfolio. He has more than 20 years of experience in the industry and is a frequent speaker at conferences and events.