• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Tenable Adds IBM i Support to Security and Configuration Tool

    February 28, 2012 Alex Woodie

    Tenable Network Security recently added support for the IBM i OS with Nessus Scanner, a tool that analyzes server and network systems for security holes and lax configuration settings. The new plug-ins will enable IBM i shops to do one of two things: discover shortcomings in their security configurations, or document their adherence to IBM‘s security standards for the purpose of regulatory compliance.

    Tenable claims that Nessus is the world’s most widely deployed vulnerability and configuration assessment product, and that it has become the de facto standard tool in its class among security professionals, network penetration testing teams, and auditors. While such claims may be difficult to prove, there’s no doubt that Nessus has been widely deployed, and, with 50,000 checks performed via plug-ins, that it casts a very wide net.

    The addition of IBM i support makes that net just a little wider. “We had a lot of customers and prospects who have iSeries and need to cover that with assessments,” says Dale Gardner, product marketing manager for Tenable. “We’re all about being comprehensive.”

    Gardner says Tenable has developed half-a-dozen IBM i plug-ins that examine 40 security attributes on the servers, including security level, audit level, and various password settings. Nessus follows IBM recommendations on security configuration settings, and any detected discrepancies, insecure configurations, or policy violations automatically trigger administrator alerts.

    The Nessus Scanner can now detect vulnerabilities and poor security configurations in the IBM i platform.

    Regulatory compliance, specifically the Payment Cardholder Industry (PCI) security standards, is driving the need for the additional rigmarole and automated configuration assessments. “A lot of people have their iSeries locked down pretty well, but they have to prove it,” Gardner says.

    Tenable sells several other security tools, including the Passive Vulnerability Scanner (PVS), which continuously monitors IP addresses for traffic that’s out of place, and the Log Correlation Engine (LTE), which pulls information from multiple sources, including Nessus, PVS, and Syslog entries from network devices, to do vulnerability and attack correlation.

    There is also Security Center, a visualization tool that allows users to build dashboards and reports based on information in Nessus, PVS, and LTE. Getting security-related information from a wide variety of data sources increases the chances of preventing a security incident, at worst, or even just failing a security audit.

    Tenable also funds its own security research department that looks out for the latest vulnerabilities, Internet threats, and compliance standards. This security research is used to continually update Nessus and other products to allow them to detect the latest threats. Gardner says it’s possible that there will be some research put into IBM i vulnerability discovery.

    Tenable was founded 10 years ago, and has its headquarters in Columbia, Maryland. One of its co-founders is Ron Gula, its current CEO and CTO. According to the bio on the Tenable website, Gula started his information security career at the National Security Agency (NSA) conducting penetration tests of government networks and performing advanced vulnerability research. The other co-founders are Renaud Deraison, the original developer of Nessus and currently Tenable’s chief research officer (CRO); and Jack Huffard, who heads up business development, sales, and marketing as Tenable’s president and COO.

    Nessus 5.0 is available now. Downloads are free, and businesses are charged $1,200 per year for the update feed. For more information and downloads, see the vendor’s website at www.tenable.com



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    Krengeltech

    When it comes to consuming web APIs on your IBM i, your options often boil down to one of two things:

    First, you end up having to rely on a variety of open source and non-RPG solutions. This adds developer complexity, taking away time that could have been better spent invested in other projects. Of course, open source software is free, but generally comes at the cost of no professional support, which adds an element of risk in your production environment. RXS is completely professionally supported, and is complemented by a staff of trained IBM i developers who can address your nuanced development challenges, head on.

    Second, if you choose not to pursue an open-source solution, you’re often left having to shake up your current program architecture with proprietary software, external dependencies, and partial RPG implementations – many of which are sub-par compared to RPG-XML Suite’s wide range of features. RXS aims to simplify the efforts of developers with tools like code generators, useful commands, and subprocedures written in 100% RPG – no Java. Because they are entirely RPG, the RXS subprocedures are easy to add to new or existing ILE programs and architecture, helping to cut your development time. RPG-XML Suite offers powerful capabilities in an accessible, easy-to-implement format.

    With RPG-XML Suite, you can accomplish a variety of complex tasks, such as:

    • Calling REST and SOAP web services from your IBM i
    • Offering APIs from your IBM i
    • Creating JSON & XML
    • Parsing JSON & XML
    • Text manipulation, Base64 encoding/decoding, CCSID handling, hashing and encryption functions, and more.

    To try RXS for yourself, we recommend a free proof of concept, which not only gives you access to all of RPG-XML Suite’s subprocedures and utilities but also includes a tailor-made software demonstration that can be used as a starting point for your future API implementations.

    For a free proof of concept, contact us at sales@krengeltech.com, or visit our website for more information.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    HiT Software:  Fast, easy, no programming data access and application connectivity to IBM DB2 for i
    System i Developer:  Upgrade your skills at the RPG & DB2 Summit in Fort Worth, March 26-28
    IntelliChief:  The leading provider of Paperless Process Management solutions for the IBM i

    IT Jungle Store Top Book Picks

    BACK IN STOCK: Easy Steps to Internet Programming for System i: List Price, $49.95

    The iSeries Express Web Implementer's Guide: List Price, $49.95
    The iSeries Pocket Database Guide: List Price, $59
    The iSeries Pocket SQL Guide: List Price, $59
    The iSeries Pocket WebFacing Primer: List Price, $39
    Migrating to WebSphere Express for iSeries: List Price, $49
    Getting Started with WebSphere Express for iSeries: List Price, $49
    The All-Everything Operating System: List Price, $35
    The Best Joomla! Tutorial Ever!: List Price, $19.95

    Application Maintenance Outsourcing Is On The Rise IBM Winds Down Power7 Gen 1 Entry Servers

    Leave a Reply Cancel reply

Volume 12, Number 4 -- February 28, 2012
THIS ISSUE SPONSORED BY:

CCSS
Townsend Security
HiT Software
ARCAD Software
IntelliChief

Table of Contents

  • Tenable Adds IBM i Support to Security and Configuration Tool
  • CFXWorks and Subuno Team Up to Fight Credit Card Fraud
  • Innovatum Makes ROBAR Labeling Solution Available to IBM i
  • Linoma Adds Secure Mail Module to MFT Tool
  • Altova Adds Support for DB2/400 Logical Files in MissionKit
  • Raz-Lee Updates AP-Journal Fraud-Detection Tool
  • S4i Lands Deal with Retalix Customer
  • Cat Dealer Still Likes Coda for IBM i Financials
  • IBS Touts IBM i Experience for New IBM Business Partner Status
  • IBM Releases Cognos TM1 10.1

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Guild Mortgage Takes The 20-Year Option For Modernization
  • IBM i Licensing, Part 3: Can The Hardware Bundle Be Cheaper Than A Smartphone?
  • Guru: The Finer Points of Exit Points
  • Big Blue Tweaks IBM i Pricing Ahead Of Subscription Model
  • We Still Want IBM i On The Impending Power E1050
  • DRV Brings More Automation to IBM i Message Monitoring
  • Managed Cloud Saves Money By Cutting System And People Overprovisioning
  • Multiple Security Vulnerabilities Patched on IBM i
  • Four Hundred Monitor, June 22
  • IBM i PTF Guide, Volume 24, Number 25

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2022 IT Jungle

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.