User Activity Monitoring from PacketMotion to Support i OS

December 1, 2009 Alex Woodie

System i shops that are concerned about the high level of access granted to systems administrators and others, but are hesitant to put controls in place for fear of slowing down transaction times, may want to consider trying out a new agent-less user activity monitoring (UAM) solution that is coming to the platform. PacketMotion recently rolled out support for TN3270 with its appliance-based UAM solution, called PacketSentry, and is close to beginning beta tests for a similar offering that will support the IBM i OS via TN5250.

The practice of over-allocating user credentials is a universal problem. It has been well documented in the System i world, where the majority of companies run with too many privileged user profiles, such as security administrator (SECADN) or all object authority (ALLOBJ), according to security vendor PowerTech‘s annual security survey.

The same kind of problem affects users of Windows, Unix, and mainframe servers, and customers are looking for solutions to deal with it, says Jonathan Gohstand, PacketMotion’s vice president of marketing.

“I see people really grappling with this in the mainframe, and we’re starting to see it on the AS/400 as well, because if they’re using an application and the application doesn’t have the proper logging, you’re awfully limited it what you can do,” Gohstand says. “You can go to the vendor and request them to add the logging. Good luck with that. Or if it’s homegrown, nobody wants to touch the software because they’re afraid they’ll mess something up.”

PacketMotion started developing PacketSentry about five years ago for the purpose of boosting user security. Along the way, the company added regulatory compliance to its repertoire. Today, the company’s approach to development and marketing leans heavily on the fact that many organizations don’t have the time or expertise to modify existing systems to improve security and achieve compliance with HIPAA, PCI, SOX, etc.

The PacketSentry solution basically monitors all of the actions that users–and “superusers” with special privileges in particular–take on critical systems for signs of suspicious or unauthorized activity, and stores that data in an integrated Oracle database that generates the required reports. Customers can also activate PacketSenry’s security functionality and block unauthorized activity.

While it’s a pre-loaded offering (and one that doesn’t require a dedicated Oracle DBA, by the way), customers can customize their PacketSenry devices to meet their specific needs. For example, the customer could instruct the software to not let anybody to sign in using the systems administrator profile if they’re coming in over VPN. Or user profiles used by outside contractors can be restricted to only allow access to certain machines, which will be heavily logged.

Most of PacketMotion’s early customers have been on Unix and Windows machines, so supporting UAM on mainframes required PacketMotion to get a little creative, according to Gohstand. What the company instituted was a system that basically keeps a screen-by-screen log of a user’s TN3270 session. Also, by correlating the mainframe audit trails with the Windows domain ID of the computer on which the telnet session was running, PacketMotion is able to eliminate any account sharing or confusion about where the session was running.

PacketMotion will use the same approach to support UAM on the System i server via 5250. General availability is tentatively planned for January, and the company is now accepting applications to participate in the System i beta test.

While hardened appliances are gaining favor for security and compliance tasks, they are not all created equally, according to Gohstand. Traditionally, a security information and event management (SIEM) or UAM appliance would be installed inline to monitor application traffic. However, this heightens the risk of an outage, because if something happens to the UAM device, then transactions cannot get through. This necessitates a second SIEM or UAM device for failover purposes, and the complexity increases.

The company gets around this problem by plugging PacketSenry Probe appliances into the monitored or “expand” ports of a switch, which duplicates all of the production network traffic, but does not impede its flow. The Probe appliance then sends the subject traffic to the PacketSentry Manager appliance, which is where the Oracle database is loaded.

“For example, you could have eight switches in front of an AS/400 or a mainframe, and have the monitored port sent to us, so we’re reporting everything going on, but we’re not inline,” Gohstand says. “The important thing is, if our solution blows up, traffic still goes through the switch to server. It’s not going to affect anything.”

PacketMotion has garnered praise from Gartner, which labeled it a “cool vendor,” and other analyst groups for its PacketSentry offering, which starts at around $50,000. For more information, visit www.packetmotion.com.

                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot

Tags:

Revolutionary Performance Management Software

At Greymine, we recognize there is a void in the IT world for a dedicated performance management company and also for a performance management tool that’s modern, easy to use, and doesn’t cost an arm and a leg. That’s why we created PERFSCAN.

PERFSCAN is designed to make your job easier. With revolutionary technology, an easy-to-read report and graphics engine, and real time monitoring, tasks that used to take days can now take minutes. This means you will know your system better and will be able to provide better service to your customers.

OUR FEATURES

PERFSCAN is full of robust features that don’t require you to take a three-day class in order to use the product effectively.

Customizable Performance Reporting

Whether you are troubleshooting a major system problem or simply creating a monthly report, PERFSCAN lets you select any combination of desired performance metrics (CPU, Disk, and Memory).

User Defined Performance Guidelines

No matter if you are a managed service provider managing complex systems in the cloud or a customer analyzing your on-premises solution, PERFSCAN gives you the flexibility to define all mission critical guidelines how they need to be.

Understanding The Impact Of Change

Tired of all the finger pointing when performance is suffering? PERFSCAN’s innovative What’s Changed and Period vs. Period analysis creates a culture of proof by correlating known environmental changes with system performance metrics.

Comprehensive Executive Summary

Creating performance graphs is easy. Understanding what they mean is another thing. With one mouse click, PERFSCAN includes an easy-to-understand executive summary for each core metric analyzed.

Combined Real-Time Monitor And Performance Analysis Tool

With PERFSCAN’s combined built in enterprise real-time monitor and historical performance analysis capability, you will always know how your mission-critical systems are performing.

Cloud Performance Reporting Is Easy

Managing performance for production systems in the cloud can be a black hole to many system administrators. The good news is PERFSCAN analyzes all core metrics regardless of the location. That’s why MSPs and customers love PERFSCAN.

Detailed Job Analysis

PERFSCAN shows detailed top job analysis for any desired period. All metrics are displayed in two ways: Traditional Report and Percentage Breakdown Pie Chart. This toggle capability instantly shows the jobs using the most system resources.

Save Report Capability

Your boss lost the report you gave to him on Friday. Now what do you do? With PERFSCAN’s save report capability, any report can be retrieved in a matter of seconds.

Professional PDF Reporting With Branding

Creating professional looking reports for your customers has never been easier with PERFSCAN. Branding for our partners and service provider customers is easy with PERFSCAN.

Check it out at perfscan.com

AMD Taps IBM Chiphead for Board of Directors Retrieving and Storing SQL Source for DB2 Database Objects

Table of Contents

Content archive

Recent Posts

Subscribe

Pages

Search