Cilasoft Polishes IBM i Security And Compliance Auditing Software
February 1, 2017 Dan Burger
Regulatory compliance mandates have forced many companies to examine their security policies and procedures. But even companies without compliance issues are concerned their data security may be inadequate considering the increased sophistication of the attacks, the integration of their systems of record with their systems of engagement, and the realization that IBM i is not an inherently secure system. The security landscape has changed, says Guy Marmorat, president of Cilasoft, which just updated its security software.
Additional reporting and automation capabilities are at the top of the list along with expanded integration points and an emphasis on cross-platform security information and event management (SIEM) solutions. “This new release is just the initial deployment of many innovative and powerful features that are slated to be released during 2017, all of which will make the job of managing security and compliance tasks easier and more effective for IBM i operations staff,” Marmorat said during a telephone interview with IT Jungle.
The new software release, designated 5.18R, includes five integrated software products designed to audit database and system changes, control system access, manage job authorities, and perform other critical security and compliance-related tasks. The products include: QJRN/400 for system and database auditing, CONTROLER for access control, EAM for authority management, DVM for read-access auditing, and CENTRAL for log consolidation and distribution.
“It used to be true that IBM i shops believed hackers stayed away from IBM i,” Marmorat says. “That’s a lot less true now. The IBM i used to be separated from the other servers, but in many shops, it is integrated now. It is accessed by a wider group of people than ever before.”
As the system becomes more integrated and accessible, it will become a more frequent target for hackers. And companies that want to integrate IBM i with other parts of the infrastructure also want the capability to monitor security across all systems, Marmorat says.
Another change that’s taking place is that security is being viewed as an investment and a benefit, not just a step toward gaining an audit approval.
“Sometimes compliance is very easy to accomplish,” he says. “If you have good documentation, you can get audit approval. But being secure is different. Shops can be compliant without being secure.”
That type of focus loses sight of the return on investment and does little if anything to reduce the risks associated with the loss of sensitive and business-critical information.
In many instances of responding to regulatory compliance mandates, companies rely on labor intensive security reviews. To help IBM i shops become compliant and secure, Cilasoft added numerous features that automate security assessments and security management.
QJRN/400 includes a feature called System Examiner that identifies and organizes journal information for auditing purposes. It provides pertinent details from sources such as user profiles, system values, object attributes, object authorities, IFS attributes, IFS authorities, authorization lists, commands, exit points, DB2 files, job descriptions, libraries, spooled files, jobs, and PTFs. System Examiner is shipped with a set of 31 pre-configured queries and repository definitions. These templates can be customized to highlight certain information that is of greater interest to specific users.
A new command called RUNQJFIL has also been added to QJRN/400. It can be used to execute a variety of commands over the contents of any database file. RUNQJFIL can run in conjunction with a QJRN/400 query or as a stand-alone command. It includes a simulation mode that lets users test actions before running them.
A simple example would be a company using QJRN/400 to extract from a list of group profiles those profiles that have not signed on to a particular system for more than 90 days. The RUNQJFIL command could expire the passwords for the identified user profiles. It additionally produces a result file that shows what was executed for each line in the file, its context, and the end result (success/fail.)
Other new commands are RUNQJF, which including a parameter to specify an additional time unit of seconds, and RUNQJ, which is useful when running reports on consolidated data coming from Cilasoft’s CENTRAL software.
QJRN/400 was also given a new security information and events management (SIEM) interface, which is said to be optimized interface for the leading SIEM products, including IBM QRadar, and similar products from vendors such as HPE, Splunk, and LogRhythm. All the aforementioned vendors are listed in Gartner’s Magic Quadrant for SIEM.
Marmorat expects big things to be happening in SIEM and hinted that Cilasoft soon would be announcing product enhancements in that area.
Additional features in the just-released 5.18R include exit programs for password validation and open database files. The password validation would be useful when multiple user profile password policies exist. The open database file exit point feature was optimized to boost performance on heavily used files. These enhancements were made to Cilasoft’s CONTROLER software.
Additional parameters have been added to Cilasoft’s EAM reporting commands and the RUNQJCMDS command in the company’s CENTRAL software now has the capability to run multiple commands in a single step.
Version 5.18.R of Cilasoft Suite supports all releases of IBM i from 5.4 to 7.3. Software and documentation is downloadable from the company’s extranet.