• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Connecting IBM i Into A Broader Security Web

    April 19, 2017 Alex Woodie

    In the on-going war between cybercriminals and everybody else, there’s no place for lone wolfs. The strength of any individual company’s security is largely dependent on the collective posture of multiple groups of actors. Luckily for IBM i shops, there are defined paths to plug into the broader shield that’s constantly evolving to keep us safe.

    The idea of collective security is nothing new. Every anti-virus engine you’ve ever owned for the past 25 years is kept up-to-date by groups of security researchers who constantly stay on the lookout for new pieces of malware and new forms of attacks.

    But viruses and malware form just one aspect of today’s security threats. Armed with the latest technology, today’s sophisticated cybercriminal operations are capable of launching widespread yet targeted attacks that can yield entry into back-office systems.

    As cybercriminals get better at breaking into computer systems and remaining undetected for months at a time, it’s up to individual organizations to step up their games to deal with the threat. No bank or retailer or manufacturer asked for this security arms race, but it’s the best alternative to giving up one’s valuable data. You don’t want to be the next Target, which lost hundreds of millions of files when cyber crooks broke into systems by using credentials stolen from an HVAC repair company (yes, in our uber-connected world, even air conditioners pose a security threat).

    To deal with this threat, organizations are turning to security solutions that can give them a bird’s eye view of every digital point of entry into back-office systems (it’s assumed you have physical security already taken care of). Called Security Information and Event Management (SIEM) solutions, these products are designed to collect log files from multiple sources, and then correlate them in a way that allows them to spot unusual activity.

    In response to threats from cybercriminals and regulators alike, large and midsize companies are moving to adopt SIEMs, including IBM i shops. Here’s a valuable data point: All of the top solutions in Gartner’s most recent Magic Quadrant for SIEM products support IBM i.

    HPE (formerly Hewlett-Packard), which Gartner put in the leader’s quadrant, supports what it calls the “eserver iSeries mainframe” with its Arcsight SIEM. LogRhythm, another leader in Gartner’s report, also supports IBM i log files. The McAfee Enterprise Security Manager, previously sold by Intel Security but now a standalone entity once again, also supports AS/400 database files. The QRadar solution from IBM also supports security log information from IBM i through what Big Blue calls its “Device Support Module for IBM AS/400 iSeries” (somebody should tell IBM what the new name of the platform is). The log file exploration and intelligence tool from Splunk also supports IBM i sources.

    While these SIEM solutions also feature some out-of-the-box support for IBM i servers, customers may opt to bolster the integration by purchasing additional tools that smooth the hand-off and upload of IBM i log files into the SIEM. Townsend Security, Raz-Lee, Arpeggio Software, and other IBM i security software vendors offer these types of tools.

    Patrick Townsend, the CEO and founder of Townsend Security and an IBM i security expert, says IBM i shops are increasingly turning to SIEM solutions to provide active security protection.

    “It goes by different names. Some people call it continuous monitoring. I tend to call it active monitoring,” Townsend tells IT Jungle. “But it’s all the same thing. It’s all SIEM. It’s collecting security and log information from a variety of systems in one place and then detecting anomalies and potential attacks.”

    Townsend Security works with close to 40 different SIEM solutions, and is certified with the top names, like QRadar, LogRhythm, McAfee, and Splunk. “Because of the approach we took to sending security events from IBM i to the SIEM, we normalize the data so every SIEM can very rapidly receive this data and start reacting to it,” Townsend says.

    While SIEM solutions have a reputation of being crabby and hard to deal with, they’re actually getting better, Townsend says. “They’re all making them easy to deploy, which means that people get better security faster through that process,” he says. “LogRhythm is a great product and is selling into IBM i shops at a very rapid clip.”

    Sending IBM i log files to a SIEM product is good, but it’s only part of the answer if you’re looking for continuous monitoring. “Our philosophy is you have to see the whole picture,” says Townsend, who recently blogged about active security monitoring. “The IBM i is only one piece of your infrastructure. You have switches, firewalls, DLP systems– all these systems. You have to see them all in one place in real time. An AS/400-only solutions is just not going to give you a security posture that can do that.”

    IBM is working to push the security envelope by adding Watson-powered cognitive intelligence into the QRadar mix. Called Watson for Cyber Security, IBM is aiming to bolster the awareness of security analysts by using Watson to comb through unstructured data sources, like blogs, websites, and research papers, and correlating any security-related tidbits it finds with the log files collected and collated by QRadar.

    Eventually, all SIEMs will be outfitted with artificial intelligence, and use machine learning algorithms to automatically detect the trail that cybercrooks will inevitably leave as they attempt to worm they’re way through our digital lives unseen.

    “I think that’s the future,” Townsend says. “The power of our security posture is going to come from those SIEMs getting smarter and smarter, and being able to detect attacks against the enterprise as a whole. AI in security products is going to be absolutely critical and IBM i customers need to line up with that strategy to have a solid security posture.”

    RELATED STORIES

    Reporting Elevated IBM i Privileges to SIEM

    IBM i 7.3: High Time For High Security

    Security Awareness: Eight More Patches For IBM i Vulns

    Don’t Overlook These Network Auditing Improvements in IBM i 7.3

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: IBM i, Malware, Security Information and Event Management, SIEM

    Sponsored by
    VISUAL LANSA 16 WEBINAR

    Trying to balance stability and agility in your IBM i environment?

    Join this webinar and explore Visual LANSA 16 – our enhanced professional low-code platform designed to help organizations running on IBM i evolve seamlessly for what’s next.

    🎙️VISUAL LANSA 16 WEBINAR

    Break Monolithic IBM i Applications and Unlock New Value

    Explore modernization without rewriting. Decouple monolithic applications and extend their value through integration with modern services, web frameworks, and cloud technologies.

    🗓️ July 10, 2025

    ⏰ 9 AM – 10 AM CDT (4 PM to 5 PM CEST)

    See the webinar schedule in your time zone

    Register to join the webinar now

    What to Expect

    • Get to know Visual LANSA 16, its core features, latest enhancements, and use cases
    • Understand how you can transition to a MACH-aligned architecture to enable faster innovation
    • Discover native REST APIs, WebView2 support, cloud-ready Azure licensing, and more to help transform and scale your IBM i applications

    Read more about V16 here.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Four Hundred Monitor, April 19 ARCAD Strengthens IBM i Modernization Portfolio

    Leave a Reply Cancel reply

TFH Volume: 27 Issue: 26

This Issue Sponsored By

  • Profound Logic Software
  • COMMON
  • ASNA
  • WorksRight Software
  • Manta Technologies

Table of Contents

  • Native Open Source: Why It’s Time for IBM i
  • ARCAD Strengthens IBM i Modernization Portfolio
  • Connecting IBM i Into A Broader Security Web
  • Four Hundred Monitor, April 19
  • IBM i PTF Guide, Volume 19, Numbers 13 And 14

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Liam Allan Shares What’s Coming Next With Code For IBM i
  • From Stable To Scalable: Visual LANSA 16 Powers IBM i Growth – Launching July 8
  • VS Code Will Be The Heart Of The Modern IBM i Platform
  • The AS/400: A 37-Year-Old Dog That Loves To Learn New Tricks
  • IBM i PTF Guide, Volume 27, Number 25
  • Meet The Next Gen Of IBMers Helping To Build IBM i
  • Looks Like IBM Is Building A Linux-Like PASE For IBM i After All
  • Will Independent IBM i Clouds Survive PowerVS?
  • Now, IBM Is Jacking Up Hardware Maintenance Prices
  • IBM i PTF Guide, Volume 27, Number 24

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle