Trinity Guard Update Brings Joy to System Values, SIEM Integration
December 8, 2021 Alex Woodie
IBM i administrators who ever desired more control over their system value settings will appreciate the latest gift that Trinity Guard has placed under its customer’s midrange trees. The IBM i security software vendor now has a dashboard that automatically tracks all IBM i system values, even across multiple systems or LPARs. The company is also providing a bulk data transfer to SIEMs to stay on top of the work of naughty elves with TGSecurity Suite 2.4.
The new system values module that Trinity Guard is shipping with the update to TGSecure (one of three products that make up the TGSecurity Suite) should make life a little easier for systems administrators, says Pauline Brazil Ayala, the vice president of operations and co-founder at Trinity Guard, the spiritual successor to the PentaSafe line of security products for the IBM i.
“So instead of having to go and configure your system values one by one and forget what you put in the last screen, you’ve got everything in one shot,” Ayala says. “And you can also configure what you want your gold standard to be for that system value, and hold your system to it. So that if it ever gets changed . . . you can know what you want the value to be and know what the current value is and have it enforced.”
The new TGSecure module monitors all 158 system values in the IBM i operating system. Not all of the values are security related, says Tony Perera, the president and co-founder of the Houston, Texas, company, so customers are getting a little bit of extra systems management capabilities thrown into their stocking for good measure. Nevertheless, the feature should be put to good use when it comes to avoiding lumps of coal from compliance regulators.
“You can take the security system values and say ‘Hey, this is how I want my system to look,’” Perera tells IT Jungle. “And we have a report you can schedule and you can build alerts on that to say ‘Hold on, we found these [system values] out of compliance.’ And also we have the ability to go auto fix them, if you want us. We can do the remediation for them and fix the out-of-compliance system values.”
When an IBM i administrator has multiple environments, managing the system values manually can become a real nightmare, Ayala says. Unless the administrator has good organizational skills and is keeping track of all of the settings somewhere, such as a spreadsheet, it can be pretty easy to make a mistake with the desired value for things like IBM i security level, password requirements, or auto-configuration of devices, and the actual value that exists on the servers, she says.
“We have it all on one screen. That’s one of the nice things about it,” Ayala says. “If you go through the WRKSYSVAL command interface, you’ve got to go into every single system value one by one and see what the settings are. And there’s nothing to track what you wanted it to be. Once it’s changed, you’re going back through logs or digging to try and figure out what it was supposed to be. It’s really nice to have it all on one screen. You can see what you want the system value to be, what you set it or what the gold standard is, and what the current value is.”
TGSecurity Suite 2.4 also brings good news on the SIEM (security information and event management) front. Customers who are using Trinity Guard’s software to shuttle IBM i security events into SIEMs from the leading providers, such as Splunk, Graylog, IBM QRadar, and Elastic’s ELK stack, now have the option to transfer data from the QAUDJRN in batch, instead of using Trinity Guard’s existing real-time update approach.
“We have a lot of people using our stuff, and what we found was they want bulk SIEM data sent,” Perera says. “For example, the QAUDJRN can be huge. So they don’t want to send an event at a time. They want a bulk [facility] for everything.”
Trinity Guard previously offered a real-time data loading mechanism, which would transmit IBM i security events to the central SIEM as soon as they’re detected. With this real-time approach, a new network connection was opened every time a piece of data was sent. While this works for critical events, such as network intrusion, it’s not ideal for larger data loading events, such as when users are first setting up the connection between the IBM i server and the SIEM, or otherwise need to move a lot of security data.
“If you’re trying to send a million records, if you have to do a connection every time, that slows down performance,” Perera says.
In other Trinity Guard news, the company is offering a discount to customers during the holidays. For more information on the discount, contact the company. You can find more information at the company’s website: trinityguard.com.