PowerTech Delivers IBM i Security Data to HP ArcSight SIEM

July 30, 2013 Dan Burger

PowerTech, one of the security software divisions under the Help/Systems umbrella, has taken another step toward multi-platform interoperability with its recent announcement that it has received Hewlett-Packard ArcSight Common Event Format (CEF) certification. Interact allows users to monitor, capture, and send security-related events from IBM i servers to the HP ArcSight platform.

This capability allows HP ArcSight users to correlate event data in real time from several sources including the IBM i security audit journal (QAUDJRN), the IBM i operating system, Apache Web logs, and PowerTech Network Security & Authority Broker, which runs on the IBM midrange platform.

The wider visibility provides a higher degree of security prioritization and a more timely response to potential security threats, where there is growing concern in organizations concerned with cyber crime and its potential impacts.

Robin Tatam, director of security technologies for PowerTech, said in a Help/Systems press release, the HP ArcSight CEF certification “makes events from IBM i security-related activities, such as changes to system values or user profiles, more visible by escalating them in syslog format to the HP ArcSight platform for insightful analysis and reporting.”

PowerTech Interact is designed to monitor more than 500 security events from the audit journal, operating system, and network. It sends reports to operators when it identifies threats. Security information and event management (SIEM) solutions, such as the HP ArcSight platform, can then correlate and aggregate the IBM i events with logs from many different sources. It also saves disk space by allowing selection and omission of events based on key characteristics.