Kisco Hooks SafeNet Into IBM’s SIEM
May 6, 2014 Alex Woodie
Kisco Information Systems is shipping a new release of its IBM i exit point security solution that hooks into IBM‘s QRadar security information and event management (SIEM) offering. The integration will enable SafeNet/i customers to get a more complete picture of attempts to compromise perimeter defenses.
SafeNet/i is a network security tool that locks down potentially dangerous routes of access to the IBM i server, such as SQL, ODBC, and FTP connections. The software logs all exit point activity, and also uses IBM journaling to keep an irrefutable log of any configuration changes made to the security tool itself.
With version 10.11, Kisco introduced several new features, including integration with IBM’s QRadar offering, a SIEM that consolidates and correlates network security event information from multiple devices. With the new integration, IBM i security event information collected by SafeNet/i can now be made available to QRadar to provide a more accurate picture of potential cyber attacks. Kisco is not the first IBM i security software vendor to hook into QRadar, but this move gives Kisco customers more options to bolster their perimeter defenses.
The new release also brings new sequencing options that will be useful for object-level testing. Prior to this release, customers could only use the standard progression of testing provided by the software, Kisco says. With version 10.11 the company is providing “multiple sequence checking options that allow the customer to tailor object checking to their own unique needs.”
Another new feature is the capability to provide specific object authorization paths for native IBM i object checking. Previously, the product didn’t differentiate between native IBM i object authorization paths and IFS object authorization paths. Separating the two makes for easier administration and reporting, and also makes it faster.
Finally, SafeNet/i also brings new features designed to improve segregation of duties when using user profile swapping. With this release, SafeNet/i can now be set up to be server dependent, meaning a user profile can be swapped for one specific server, but not for others.
SafeNet/i version 10.11 is available now in Lite and standard versions. The standard version delivers more powerful network security at the object level; finer-grained control over SQL verbs, CL and FTP commands, and full support for the Web-Central browser interface. The Lite version costs $1,295, while the standard version starts at $2,495. For more information see www.kisco.com.