Trinity Guard Unveils New Tools for Linux, Db2 for i
November 18, 2020 Alex Woodie
Trinity Guard is on the move. The Houston, Texas, based security software company, which is the spiritual successor to the PentaSafe products, is rolling out a full auditing solution for Linux. It’s also developing a Linux version of its security management tool, TGCentral, with an AIX version up next. Plus it’s months away from releasing an encryption solution for Db2 for i.
2020 has not been easy for anyone, but it’s not stopping the folks at Trinity Guard from moving forward on its roadmap items. Near the top of that list is increased support for running on Linux, which has become the dominant operating system for business servers around the world.
The new TGAudit for Linux solution provides a full-fledged auditing solution for a variety of Linux environments, including Linux running on Power, X86, and ARM servers. The offering will interrogate a customer’s Linux environment and return a report that shows exactly how its security settings are configured, says Randy Bowie, the vice president of engineering at Trinity Guard.
“[It includes] pretty much everything you need to cover industry standard practices, things like Center for Internet Security type benchmarks and NIST standards, which are mapped into regulations like PCI, HIPAA, and SOX,” Bowie says.
The software is built around OS Query, an open source query tool that is built on the SQL Lite database. TGAudit maps all of the security settings for a given Linux server into the database, and the query tool powers a set of best-practice reports included with the software.
“There are 220 reports to start with. It’s easy for us or customers to extend that and add their own reporting for different things they want to provide evidence for,” Bowie says. “We also have things like Delta Reports, so we can share with you, for that particular subsystem, what’s changed since the last time you checked it.”
TGAudit monitors every security configuration for the Linux kernel, as well as subsystems and services that may be running against it. Like on IBM i, there can be too much data at times, so customers sometimes find they need to whittle the monitoring down to a more manageable level.
“We have access to pretty much every subsystem,” Bowie says. “With Linux you’ve got everything but the kitchen sink sometimes and you really want to limit that down to the things that you need to monitor, the [critical] modules and things like file systems that that have vulnerabilities.”
The software will also integrate with popular SIEMS, such as Graylog, Elastic, and Splunk, just like Trinity Guard’s IBM i products do. In a subsequent release of the product, TGAudit for Linux will provide more security event management capabilities of its own.
Trinity Guard’s roadmap calls for developing other security tools for Linux, once the auditing tool is in place. Just as it offers network security product (TGSecure) and event monitoring and alerting (TGDetect), it also has plans to offer those types of capabilities for Linux as well.
“Like with iSeries, we are just coming with the audit stuff first, then we’ll come with Detect and Security layers,” says Tony Perera, president and co-founder of Trinity Guard.
Following Linux, the plan calls for developing auditing and security software for AIX. There are a number of IBM i shops that are moving to AIX, based in part on the cost of their ERP software, Perera says.
Trinity Guard is also supporting the TGCentral server running on Linux. TGCentral provides a common point for managing multiple Trinity Guard products, including TGAudit, TGSecure, and TGDetect. It powers a Web browser that surfaces insights from all of those products, and provides pre-defined reports that map to major regulations, like HIPAA and SOX.
While the TGCentral dashboard could be accessed from a Web browser running on any client device, the server component of TGCentral only installed on Windows before. Now it’s running on Linux too, to go along with TGAudit for Linux and the forthcoming development of other security tools for Linux and AIX.
Finally, Trinity Guard is delivering a field-level encryption solution for Db2 for i, called TGEncrypt. The software will leverage the industry-standard AES-256 encryption algorithm, as well as IBM’s field procedure, which reduces the amount of work required to adapt an existing IBM i application to use database encryption.
In addition to encrypting, the software will mask or scramble data. It will encrypt or otherwise protect data based on the role of the user trying to access it, or according to the IP address of the computer they’re using to access the Db2 for i database. TGEncrypt will keep an audit trail of all activity, and send alerts to TGCentral or to a SIEM.
Users can use a third-party key management system to manage encryption keys for TGEnrypt, or they can use an internal key management functionality. The internal key management works but is not too elaborate. “We tried to keep it simple for a small customer to use encryption,” Perera says.
TGEncrypt is expected to ship in January. For more information, see the company’s website at www.trinityguard.com.