Tango/04 Records Database Reads with Data Monitor 2.0
Published: May 30, 2006
by Alex Woodie
A new release of Tango/04 Computing Group's data auditing tool should give iSeries shops a better sense of security. Data Monitor version 2.0 builds off the first release, which allowed administrators to detect database changes, by adding the capability to spot whenever a certain file has been accessed, even if no changes were made. An improved interface, performance enhancements, and "field masking" capabilities round out the other new features.
Tango/04 launched Data Monitor last fall to provide iSeries and Windows shops with a way to demonstrate to themselves and to auditors that their data is locked down in accordance with the Sarbanes-Oxley Act, HIPAA, 21 CFR Part 11, Basel II, and other new laws affecting IT governance (see "Tango/04 Looks for Database Changes with New Tool").
With the first version, Data Monitor looked for additions, changes, and deletions to database files, including who made the changes, when the changes were made, and several other variables. The tool gave administrators the ability to answer questions, such as who modified a given database table, or what changes a given user had made lately, and generate reports in a variety of formats.
With version 2.0, the company has bolstered Data Monitor for iSeries by adding the capability to check for reads. Instead of just seeing what additions, changes, or deletions have been made, administrators can monitor the who, what, and when of standard database access. After all, a user doesn't need to modify data to put an organization at risk.
Tango/04 has also made changes to Data Monitor's green-screen interface that it says makes the product more powerful and easier to use. In the previous version, many of the features were accessible only through configuration files or manual commands, the company says, whereas the new version makes these capabilities accessible from the primary screen. Version 2.0 also brings new report grouping functions, including the capability to classify information by user type, user group, accounting code, application, file library or name, or program library or name, which the company says makes it easier to identify suspicious activity.
This release also brings a new feature called "sensitive field masking" that can help reduce security breaches. Instead of listing all related information on a report, including who made a change, when they made it, how they made it, and the original and modified values, sensitive field masking enables administrators to prevent sensitive data from appearing in a report. So instead of all 16 digits of a credit card number, the administrator can configure the report to show only the first eight digits in the report.
As is the case with any data monitoring tool, users would be wise to pick and choose which database tables and fields they want to monitor, because monitoring everything on the iSeries would likely lead to serious performance issues. Tango/04 avoided the use of triggers and designed Data Monitor around OS/400 journaling to keep the performance hit to a minimum. Just the same, the tool does take its share of CPWs, which is one reason why it can be scheduled to collect performance data during off hours.
In version 2.0, Tango/04 has further refined Data Monitor's performance parameters through support for remote journaling. When remote journaling is enabled, the bulk of the performance impact is shifted from the production box where the local receiver is located, to a secondary iSeries machine where the remote journal is located. The secondary box still takes a bit of a hit, but there's almost no hit on the production box using remote journaling.
Data Monitor is available as a stand alone product or as an integrated part of Tango/04's VISUAL Security Suite. The company also sells a version of Data Monitor for monitoring the Microsoft SQL Server database, and is expected to soon launch a new version supporting Oracle's database.
Data Monitor for iSeries works with OS/400 V5R1 and later. Stand alone pricing starts at $3,000 per iSeries processor. For more information visit www.tango04.com.