Trinity Guard Launches Third IBM i Product
March 27, 2019 Alex Woodie
Three is the magic number for Trinity Guard, the Houston, Texas-based security software company that just delivered its third security product for IBM i. TGDetect is a monitoring tool that alerts administrators of security issues, and also integrates with third-party SIEM solutions.
Trinity Guard was founded several years by two former Micro Focus employees, Tony Perera and Pauline Ayala, who trace their roots back to the Pentasafe and NetIQ days. Perera and Ayala left Micro Focus to develop IBM i security software at Trinity Guard. The company has been slowly rewriting the old Pentasafe products, starting with TGAudit.
TGAudit was based in part on the old PS-Audit product from Pentasafe, and provides the capability to audit the security settings of one or more servers. The company’s second product was TGSecure, a network security product that helps secure exit points on IBM i servers. This product was also based in part on an old Pentasafe product, PS-Secure.
Now with the launch of TGDetect, the triumvirate of old Pentasafe products has been reborn under the Trinity Guard banner.
“TGDetect is the newest addition and it is the piece that provides security monitoring and alerting,” says Ayala, who is Trinity Guard’s vice president of operations. “With this product release, the replacement of the old PentaSafe products is now complete.”
TGDetect addresses a common problem on the IBM i server: making sense of the huge amount of security data in a timely manner, so that administrators can determine what is acceptable usage versus what’s a sign of malicious activity.
The software monitors all the important sources of security event data, including message queues like QSYSOPR, the QAUDJRN audit journal, and the QHST history file. It also monitors the use of sensitive commands, and is integrated with TGSecurity to receive alerts of attempted violations of exit point policies.
TGDetect lets users set their own customizable filters to ensure they’re seeing the alerts that are most important to them. Customers can monitor for major events, such as failed sign-on attempts that used powerful user profiles, attempted remote connections, questionable user profile changes, and production library authority issues.
If the software detects activity that matches a filter, it will send an alert via email immediately. The software also has the capability to escalate critical security events.
Companies with existing security information and event management (SIEM) implementations can also hook TGDetect as a source for IBM i security events. The software integrates with SIEMs from Splunk, Graylog, ArcSight, QRadar, and the Elasticsearch Stack.