Enterprise Security Administrator (ESA)

Enterprise Security Administrator (ESA) is a component of the Data Security Platform. Working in combination with other Protegrity protectors, it is used to encrypt or tokenize your data.

Protegrity Data Security Platform provides policy management and data protection. It has as its main component the ESA. Working in combination with a Protegrity database protector, application protector, file protector, or big data protector it can be used for managing data security policy, key management, and auditing and reporting.

  • ESA: The ESA Manager provides information on how to install specific components, work with policy management tools, manage keys and key rotation and manage switching between Soft HSM and Key Store, configuring logging repositories and using logging tools. This document contains details for all these features.
  • Audit Store: The Audit Store is a repository for the logs generated from multiple sources, such as the kernel, policy management, member source, application logs, and protectors. The Audit Store supports clustering for scalability.
  • Insight: This feature displays forensics from the Audit Store on the Audit Store Dashboards. It provides options to query and display data from the Audit Store. Predefined graphs are available for analyzing the data from the Audit Store. It provides options for generating and saving customized queries and reports. An enhanced alerting system tracks the data in the Audit Store to monitor the systems and alert users if required.
  • Data Security Gateway: The Data Security Gateway (DSG) is a network intermediary that can be classified under Cloud Access Security Brokers (CASB) and Cloud Data Protection Gateway (CDPG). CASBs provide security administrators a central check point to ensure secure and compliant use of cloud services across multiple cloud providers. CDPG is a security policy enforcement check point that exists between cloud data consumer and cloud service provider to interject enterprise policies whenever the cloud-based resources are accessed.
Protegrity Appliance Overview

There are two major components of the Protegrity appliance, ESA and DSG.

Installing ESA

Install ESA on-premise or on a cloud platform.

Logging Into ESA

Log in to the CLI Manager or Web UI of ESA and supported authentication mechanisms.

Command-Line Interface (CLI) Manager

Web User Interface (Web UI) Management

Describes the operations performed using the Web User Interface

Trusted Appliances Cluster (TAC)

Appliance Virtualization

Appliance Hardening

Increasing the Appliance Disk Size

The steps to increase the total disk size of the Appliance.

Mandatory Access Control

Accessing Appliances using Single Sign-On (SSO)

Sample External Directory Configurations

Partitioning of Disk on an Appliance

Working with Keys

Protegrity Data Security platform uses many keys to protect your sensitive data.

Working with Certificates

Managing policies

Policies help to determine, specify and enforce certain data security rules

Working with Insight

Insight is a comprehensive system designed to store and manage logs in the Audit Store, which is a repository for all audit data and logs on the ESA. The Audit Store cluster is scalable and supports multiple nodes, allowing for secure inter-node communication using certificates. Insight provides various functionalities, including accessing dashboards, managing nodes, viewing logs, and creating visualizations. It also offers tools for analyzing data, monitoring system health, and ensuring secure communication between components.

Maintaining Insight

Maintaining the logs and indexes in Insight includes the process for archiving and creating scheduled tasks.

Installing Protegrity Appliances on Cloud Platforms

Architectures

This section describes the Logging architecture. It shows how the various components work together for processing Unprotect, Reprotect, and Protect operations, policies, and the flow of logs.

Last modified : January 31, 2025