• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Townsend Delivers Fine-Grained IBM i Log Data to SIEMs

    May 15, 2012 Alex Woodie

    It’s a big, bad, scary world out there. Cyber-criminals are constantly probing networks, looking for places to plant malware and do their nasty business. To thwart these attempts, an organization needs a good security plan, and possibly invest in a security information and event management (SIEM) program that monitors and correlates all IT activity. Townsend Security recently issued a new release of its Alliance LogAgent Suite that will help protect the IBM i platform by providing SIEMs with more detailed and fine-grained IBM i log data.

    Townsend Security president Patrick Townsend began his COMMON press conference last week with a blunt assessment of the state of security. Cyber-criminals are constantly using port scanners and other network listening devices to probe for weak points in companies’ perimeter defenses. When they can get in, they plant a piece of malware designed to exploit a vulnerability, usually in an application these days, because system makers have largely gotten their acts together.

    Townsend says he has never seen malware on an IBM i server. As you may know, the IBM i has additional layers of protection that other platforms don’t have, which prevents unsigned programs from running. However, Townsend says, that’s not to say a piece of malware couldn’t be installed on an application running on the IBM i server. A vulnerability in the Apache Web server or a malicious script showing up in PASE, he says, could provide the means for a cyber-criminal to compromise the server.

    Preventing such a breach is what companies like Townsend Security live for, and these days, a SIEM is the best tool for getting the upper hand on security. A properly configured SIEM can alert an organization almost instantly when suspicious behavior occurs across one or more monitored servers or network devices. Since many organizations are required to store log data anyway, the thinking goes, why not use a SIEM to detect potential breaches in real time, instead of doing forensics work after a cyber criminals have caused damage?

    In 2007, Townsend Security launched Alliance LogAgent, which gathers IBM i log data from various logs (QAUDJRN, QHST, QSYSOPR, and Apache, MySQL, and PHP systems), transforms them into the industry standard format (syslog RFC3164 or CEF), and then forwards them to one of the SIEMs developed by third-party software companies, such as ArcSight (acquired by HP), LogRhythm, LogLogic (being bought by TIBCO), RSA Security, the free Splunk, Symantec (which works closely with Townsend), Q1 Labs (acquired by IBM), TriGeo, and Tripwire, among others.

    Last week, the company unveiled an overhauled version of LogAgent that does its job much better. The biggest feature is the capability to monitor data access at the column or field level, providing a powerful tool for assessing exactly what piece of DB2/400 data may have been put at risk by a malicious program or a malicious user. Previously, Townsend didn’t have visibility at the field level, and had no way of knowing exactly which fields in a file (each with thousands upon thousands of records) may have been compromised.

    The new release also brings the capability to monitor multiple columns in one database table, providing even more targeted monitoring of sensitive data. Townsend says other new features include user “white lists” for granting access to data at the tables and column level; the capability to set floor and ceiling values for events; and the capability to log hashed value of changed data.

    LogAgent gathers logs from other Townsend products, including its Alliance AES encryption offering, its managed file transfer (MFT) products, and AS2 and Web services software. Any unusual activity occurring in these products will trickle up into the SIEM via LogAgent.

    The new release of Alliance LogAgent Suite is available now. Pricing is $2,200 per LPAR. For more information, see www.townsendsecurity.com.

    RELATED STORIES

    Townsend Security CEO John Earl Steps Down

    Townsend Automates IBM i Encryption with ‘Field Proc’

    PTSS First to Achieve NIST Compliance for DB2/400 Encryption

    Pat Townsend Unveils Encryption Key Appliance

    Pat Townsend Turns to Managed Services

    Pat Townsend Normalizes i5/OS Log Data for Security Analyses



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    ARCAD Software

    [Webinar] Modern IBM i: It’s more than DevOps – It’s modernizing RPG, Database, Fields and SYNON
    September 21

    IBM i modernization can be a daunting and complicated task.  It involves many aspects from modern processes with DevOps to modernizing the backend – RPG fixed- to free-format, moving from DDS to DDL, field expansion, and if you’re SYNON, modernizing code that was created in the 70s with a code generator.  They are all important topics for protecting your IBM i investment and extending it into the future.

    Join us to learn:

    • Why Modernize?
    • Where to start and determine the key areas of focus.
    • How ARCAD can help in the journey.
    • ARCAD Software has the tools and services to get you started wherever you are starting from!

    Register Now!

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    BCD:  Live Webinar May 23: Transform Green Screens into Rich Mobile Web Apps with Presto 4
    PowerTech:  FREE 2012 State of IBM i Security webinar. Wednesday, May 30. Register NOW!
    Tributary Systems:  Storage Director, a disk-to-disk-to-tape solution. Download the case study.

    IT Jungle Store Top Book Picks

    BACK IN STOCK: Easy Steps to Internet Programming for System i: List Price, $49.95

    The iSeries Express Web Implementer's Guide: List Price, $49.95
    The iSeries Pocket Database Guide: List Price, $59
    The iSeries Pocket SQL Guide: List Price, $59
    The iSeries Pocket WebFacing Primer: List Price, $39
    Migrating to WebSphere Express for iSeries: List Price, $49
    Getting Started with WebSphere Express for iSeries: List Price, $49
    The All-Everything Operating System: List Price, $35
    The Best Joomla! Tutorial Ever!: List Price, $19.95

    Connectria Adds Fourth Data Center And AIX Cloud Boolean Variables: Underused and Unappreciated

    Leave a Reply Cancel reply

Volume 12, Number 14 -- May 15, 2012
THIS ISSUE SPONSORED BY:

Profound Logic Software
PowerTech
Abacus Solutions
Tributary Systems
Tembo Application Generation

Table of Contents

  • mPainter Gets HTML5 Support
  • LANSA Moves into Native Mobile App Development
  • Townsend Delivers Fine-Grained IBM i Log Data to SIEMs
  • Raz-Lee Unloads New Products at COMMON
  • Modernization and Mobile Lead BCD Development Efforts
  • DRV Tech Delivers Report Writer with FlexTools V5
  • Zend Taps Percona to Provide Support and Maintenance for DBi
  • 10ZiG Shows Off its ‘Zignature Pad’ at COMMON
  • VAI Signs 3 Northeast Distributors to ERP Deals
  • Symtrax Launches New Template Design Tool

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • ARCAD’s Deal with IBM for DevOps In Merlin Is Exclusive
  • In The IBM i Trenches With: Maxava
  • Is The Cloud On Your IBM i Horizon?
  • Four Hundred Monitor, September 20
  • IBM i PTF Guide, Volume 25, Number 38
  • The Subscription Pricing For The IBM i Stack So Far
  • Facing The Challenges Of Upgrading Old Systems With The Cloud
  • Guru: Generating XML Using SQL – The Easy Way
  • Rocket Buys Data Integration Provider B.O.S.
  • IBM i PTF Guide, Volume 25, Number 37

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2023 IT Jungle