• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Cilasoft Polishes IBM i Security And Compliance Auditing Software

    February 1, 2017 Dan Burger

    Regulatory compliance mandates have forced many companies to examine their security policies and procedures. But even companies without compliance issues are concerned their data security may be inadequate considering the increased sophistication of the attacks, the integration of their systems of record with their systems of engagement, and the realization that IBM i is not an inherently secure system. The security landscape has changed, says Guy Marmorat, president of Cilasoft, which just updated its security software.

    Additional reporting and automation capabilities are at the top of the list along with expanded integration points and an emphasis on cross-platform security information and event management (SIEM) solutions. “This new release is just the initial deployment of many innovative and powerful features that are slated to be released during 2017, all of which will make the job of managing security and compliance tasks easier and more effective for IBM i operations staff,” Marmorat said during a telephone interview with IT Jungle.

    The Cilasoft Audit and Security Suite provides auditing, traceability, privacy data, data protection and access control.

    The new software release, designated 5.18R, includes five integrated software products designed to audit database and system changes, control system access, manage job authorities, and perform other critical security and compliance-related tasks. The products include: QJRN/400 for system and database auditing, CONTROLER for access control, EAM for authority management, DVM for read-access auditing, and CENTRAL for log consolidation and distribution.

    “It used to be true that IBM i shops believed hackers stayed away from IBM i,” Marmorat says. “That’s a lot less true now. The IBM i used to be separated from the other servers, but in many shops, it is integrated now. It is accessed by a wider group of people than ever before.”

    As the system becomes more integrated and accessible, it will become a more frequent target for hackers. And companies that want to integrate IBM i with other parts of the infrastructure also want the capability to monitor security across all systems, Marmorat says.

    Another change that’s taking place is that security is being viewed as an investment and a benefit, not just a step toward gaining an audit approval.

    “Sometimes compliance is very easy to accomplish,” he says. “If you have good documentation, you can get audit approval. But being secure is different. Shops can be compliant without being secure.”

    That type of focus loses sight of the return on investment and does little if anything to reduce the risks associated with the loss of sensitive and business-critical information.

    In many instances of responding to regulatory compliance mandates, companies rely on labor intensive security reviews. To help IBM i shops become compliant and secure, Cilasoft added numerous features that automate security assessments and security management.

    QJRN/400 includes a feature called System Examiner that identifies and organizes journal information for auditing purposes. It provides pertinent details from sources such as user profiles, system values, object attributes, object authorities, IFS attributes, IFS authorities, authorization lists, commands, exit points, DB2 files, job descriptions, libraries, spooled files, jobs, and PTFs. System Examiner is shipped with a set of 31 pre-configured queries and repository definitions. These templates can be customized to highlight certain information that is of greater interest to specific users.

    A new command called RUNQJFIL has also been added to QJRN/400. It can be used to execute a variety of commands over the contents of any database file. RUNQJFIL can run in conjunction with a QJRN/400 query or as a stand-alone command. It includes a simulation mode that lets users test actions before running them.

    A simple example would be a company using QJRN/400 to extract from a list of group profiles those profiles that have not signed on to a particular system for more than 90 days. The RUNQJFIL command could expire the passwords for the identified user profiles. It additionally produces a result file that shows what was executed for each line in the file, its context, and the end result (success/fail.)

    Other new commands are RUNQJF, which including a parameter to specify an additional time unit of seconds, and RUNQJ, which is useful when running reports on consolidated data coming from Cilasoft’s CENTRAL software.

    QJRN/400 was also given a new security information and events management (SIEM) interface, which is said to be optimized interface for the leading SIEM products, including IBM QRadar, and similar products from vendors such as HPE, Splunk, and LogRhythm. All the aforementioned vendors are listed in Gartner’s Magic Quadrant for SIEM.

    Marmorat expects big things to be happening in SIEM and hinted that Cilasoft soon would be announcing product enhancements in that area.

    Additional features in the just-released 5.18R include exit programs for password validation and open database files. The password validation would be useful when multiple user profile password policies exist. The open database file exit point feature was optimized to boost performance on heavily used files. These enhancements were made to Cilasoft’s CONTROLER software.

    Additional parameters have been added to Cilasoft’s EAM reporting commands and the RUNQJCMDS command in the company’s CENTRAL software now has the capability to run multiple commands in a single step.

    Version 5.18.R of Cilasoft Suite supports all releases of IBM i from 5.4 to 7.3. Software and documentation is downloadable from the company’s extranet.

    RELATED STORIES

    Cilasoft Offers No Cost Job Log Exploration Tool

    Cilasoft Introduces Single View Of Data From Multiple Systems

    Cilasoft Sales Boosted by Security Migrations

    Cilasoft Monitors Additional Exit Points with IBM i Security Tool

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: Cilasoft

    Sponsored by
    PERFSCAN

    Revolutionary Performance Management Software

    At Greymine, we recognize there is a void in the IT world for a dedicated performance management company and also for a performance management tool that’s modern, easy to use, and doesn’t cost an arm and a leg. That’s why we created PERFSCAN.

    PERFSCAN is designed to make your job easier. With revolutionary technology, an easy-to-read report and graphics engine, and real time monitoring, tasks that used to take days can now take minutes. This means you will know your system better and will be able to provide better service to your customers.

    OUR FEATURES

    PERFSCAN is full of robust features that don’t require you to take a three-day class in order to use the product effectively.

    Customizable Performance Reporting

    Whether you are troubleshooting a major system problem or simply creating a monthly report, PERFSCAN lets you select any combination of desired performance metrics (CPU, Disk, and Memory).

    User Defined Performance Guidelines

    No matter if you are a managed service provider managing complex systems in the cloud or a customer analyzing your on-premises solution, PERFSCAN gives you the flexibility to define all mission critical guidelines how they need to be.

    Understanding The Impact Of Change

    Tired of all the finger pointing when performance is suffering? PERFSCAN’s innovative What’s Changed and Period vs. Period analysis creates a culture of proof by correlating known environmental changes with system performance metrics.

    Comprehensive Executive Summary

    Creating performance graphs is easy. Understanding what they mean is another thing. With one mouse click, PERFSCAN includes an easy-to-understand executive summary for each core metric analyzed.

    Combined Real-Time Monitor And Performance Analysis Tool

    With PERFSCAN’s combined built in enterprise real-time monitor and historical performance analysis capability, you will always know how your mission-critical systems are performing.

    Cloud Performance Reporting Is Easy

    Managing performance for production systems in the cloud can be a black hole to many system administrators. The good news is PERFSCAN analyzes all core metrics regardless of the location. That’s why MSPs and customers love PERFSCAN.

    Detailed Job Analysis

    PERFSCAN shows detailed top job analysis for any desired period. All metrics are displayed in two ways: Traditional Report and Percentage Breakdown Pie Chart. This toggle capability instantly shows the jobs using the most system resources.

    Save Report Capability

    Your boss lost the report you gave to him on Friday. Now what do you do? With PERFSCAN’s save report capability, any report can be retrieved in a matter of seconds.

    Professional PDF Reporting With Branding

    Creating professional looking reports for your customers has never been easier with PERFSCAN. Branding for our partners and service provider customers is easy with PERFSCAN.

    Check it out at perfscan.com

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Power Systems Is Now Cognitive Systems 2017 IBM i Predictions: Take Three

    Leave a Reply Cancel reply

TFH Volume: 27 Issue: 5

This Issue Sponsored By

  • BCD Software
  • T.L. Ashford
  • COMMON
  • WorksRight Software
  • Manta Technologies

Table of Contents

  • Lack Of Ciphers In IBM i 7.1 Raises Concern
  • See Something, Say Something
  • IBM i Priorities For 2017: Pivot To Defense
  • 2017 IBM i Predictions: Take Three
  • Cilasoft Polishes IBM i Security And Compliance Auditing Software

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Fortra Issues 20th State of IBM i Security Report
  • FNTS Launches Managed Services for Power Servers in IBM Cloud
  • Total LTO Shipped Capacity Up Slightly in 2022
  • Four Hundred Monitor, May 24
  • Update On Critical Security Vulnerability In PowerVM
  • Critical Security Vulnerability In PowerVM Hypervisor
  • IBM Power: Hosted On-Premises Or In The Cloud?
  • Guru: Watch Out For This Pitfall When Working With Integer Columns
  • As I See It: Bob-the-Bot
  • IBM i PTF Guide, Volume 25, Number 21

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2023 IT Jungle