BSafe Introduces Cross-Platform Auditing
April 24, 2007 Alex Woodie
Companies that run multiple types of servers are faced with special challenges when it comes to collecting log data, normalizing the information, and generating audit reports. Auditing is bad enough with a single server, but the difficulties are compounded when the data resides across disparate systems. Security software vendor Bsafe Information Systems has addressed this challenge with Bsafe Enterprise Security version 5.5, which enables companies to run audit reports across i5/OS, Linux, mainframe, and Windows servers from a single screen.
There are some pretty big changes coming to Bsafe Enterprise Security. This product, which was introduced about two years ago as a replacement to the company’s OS/400 security tool, called Bsafe/Global Security, expanded the company’s reach by delivering access control and auditing capabilities to Linux as well as i5/OS environments.
But the key deliverable in Bsafe Enterprise Security for iSeries and Linux (as the product is formally called) was a new Windows-based GUI management console that gave administrators a clear picture of security settings. With the delivery of Bsafe Enterprise Security 5.5 this month, that Windows module is now being used to front the company’s mainframe security tools, as well as the i5/OS and Linux security tools. The company will still sell the old green-screen mainframe tools, Bsafe/CICS for zSeries and Bsafe/DB2 for zSeries, but it expects most new customers to adopt Bsafe Enterprise Security and get the extra capabilities that it delivers.
And one of these new tricks delivered in Bsafe Enterprise Security 5.5 is the cross-platform auditing. Instead of requiring administrators to manually write custom scripts that extract and load log data for centralized reporting, administrators in multi-platform shops can rely on Bsafe Enterprise Security to do the grunt work of collecting, consolidating, and presenting security-related log data for them.
The new cross-platform auditing function resides on a Windows server running the SQL Server database software. At intervals defined by the scheduler, the product automatically collects log data from the various Bsafe agents running on monitored servers, and summarizes it in SQL Server. A reporting tool provided by Bsafe allows users to generate audit reports from this data, which is output via e-mail, PDF, Word, Excel, and plain text.
Supported inputs on the System i include Bsafe’s system-, file-, and application-level audit journals, the Bsafe administrator audit function, SQL statements and security alerts. Input from the mainframe includes the SMF for RACF, Top Secret, and DB2 facilities, as well as the Bsafe/CICS facility. For Windows, the cross-platform audit reads the Windows security event log, maintenance logs, and the Bsafe administrator audit function.
Shimon Bouganim, founder and chief executive officer of Bsafe, says cross-platform audit functionality is unprecedented among security tools, and predicted it will be well-received by companies struggling to automate the audits of multiple platforms. “This one database includes all these monitors from different platforms,” he says. “We developed an interface, an API, that can read data from the various platforms in one format. We analyze this data, bring the data in that format, and make it easy to manage.”
An especially useful function for this cross-platform audit capability will be following the actions users take as they traverse various platforms, Bouganim says. For example, say an outside consultant logs onto your various systems remotely. “You want to know exactly what he did while on the system, but there’s no way to get the information without BSafe cross-platform auditing,” Bouganim says. “How can I understand what he did on the multiple platforms? It could drive you crazy [without Bsafe].”
Bsafe includes dozens of predefined reports with the cross-platform auditing function. Alternatively, users can create their own ad hoc reports. For example, an administrator could generate a report showing all the failed TCP/IP requests for the iSeries server. Such a report would take about five minutes to generate, Bouganim says.
Customers will also save precious disk space on their production servers by offloading audit log data to an inexpensive Windows server, Bsafe says. Users can also configure how much data the cross-platform auditing function should hold, and define rules telling the system which data it can safely eliminate. However, considering the strict data retention guidelines of the Sarbanes-Oxley Act, Bsafe expects customers will want to hang onto this data for at least five to seven years.
Future releases of the cross-platform auditing function may support additional databases besides SQL Server. The company is considering Oracle and DB2, Bouganim says. This is also the first time Bsafe has offered any type of security monitoring capability on the Windows platform. While Bsafe offers access control as well as auditing on the other platforms, the company does not expect to offer any type of access control capability for the crowded Windows market, Bouganim says.
The cross-platform auditing function is a separately priced item. Bsafe says the license fee is equal to 30 percent of the base price customers are paying for their iSeries/Linux or mainframe products. Pricing for BSafe Enterprise Security for iSeries and Linux is tier-based and ranges from $5,000 to $50,000, for an unlimited number of users and LPARs. Pricing for the mainframe product ranges from $100,000 to $1 million. For more information, visit www.bsafesolutions.com.