Trinity Guard Brings Security Suite Up to Speed with IBM i 7.5
September 21, 2022 Alex Woodie
IBM put a major focus on improving security with the release of IBM i 7.5 earlier this year, with stronger out-of-the-box default configurations, new password controls, and improved monitoring. With the launch of TG Suite 3.0, Trinity Guard is helping its customers get the most out of those security improvements.
IBM made a slew of security improvements with the launch of IBM i 7.5, which it unveiled in May and which shipped soon thereafter. Highlights include the elimination of security level 20, a new password level 4 that includes 512-bit encryption, the elimination of default passwords, and new table functions for audit journal entries, among other new security capabilities.
With the pending launch of TG Suite 3.0, Trinity Guard is supporting some of these new audit and security capabilities, according to Tony Perera, a co-founder of the Houston, Texas, company, which was acquired by Fresche Solutions earlier this year.
For starters, TG Suite 3.0 adds support for two journal entries added with IBM i 7.5, including one that tracks FTP certificate details and another that tracks DNS configurations, Perera says.
“[Db2 for i database architect] Scott [Forstie’s] team keeps on adding new collections. We try keep up with that and expose thorough our reporting engine security-related functionality,” Perera tells IT Jungle. “So we are now exposing those within our products so that, in one shot, our customers can utilize all the new 7.5 security features available.”
It also adds support for some of the new security-related IBM i services that IBM added in QSYS2, including one that exposes more details about the configuration of the Telnet server and another that returns more details on the operating system’s security configuration.
“They do a good job to keep on adding new services,” Perera says. “We don’t want to get backdated, and we try to keep up to date, so we are now current up to 7.5 in QSYS2 through IBM i services and security collections.”
IBM made some other changes, including adding more parameters to the user profile management functions in IBM Navigator. Trinity Guard’s tools manage IBM i user profiles and check for compliance with requirements, so the company needed to support these additional parameters, Perera says.
Ever since IBM i 7.5 shipped earlier this year, Trinity Guard has supported IBM i 7.5 with TGSuite, which includes TGSecure, TGAudit, and TGDetect. The company was part of IBM’s beta testing program, which helps vendors ensure their products work with new releases of the operating system.
However, more work was needed to actually incorporate the IBM i 7.5 security enhancements into TGSuite. That work has been complete with TGSuite 3.0, which is due out shortly. It is also the first new release since Trinity Guard was acquired by Fresche Solutions earlier this year.
Trinity Guard strives to keep its products up to date with the latest legal and industry regulations. To that end, TG Suite 3.0 also brings support for PCI DSS 4.0, the latest release of the data security standard from the payment cardholder industry group.
The PCI group rearranged and changed the numbering of the requirements that are spelled out in DSS 4.0, so Trinity Guard went through it all to ensure it tools can help automate compliance checks.
“Technology-wise it’s not a huge change because encryption was already there. But there’s more emphasis on encryption,” Perera says. “They rearranged some of the regulation to make more sense.”
Rather than expose customers to the new numbering schemes, which could be confusing for them, Trinity Guard wanted to get ahead of the ballgame and map the new numbering scheme to underlying IBM i technical capabilities, Perera says.
“Actually, that was a nightmare for us to go re-number, because PCI has all these numbering on different areas,” he says. “It’s totally confusing for a customer. So that’s why we wanted to get it out quick.”
The PCI DSS 4.0 work was done in TGAudit as well as TG Centra, the company’s centralized management console.
Lastly, the company has bolstered its support for SIEM (security information and event management) tools in TGDetect. With this release, Trinity Guard has bolstered its support for the data formats expected by SIEM tools, including for Log Event Extended Format (LEEF), which is used by IBM’s QRadar SIEM offering, as well as Common Event Format (CEF), which is used by other SIEM tools, including Splunk.
“It’s not a huge enhancement, but it’s a usability [enhancement] to make your life easier when you integrate with the SIEM,” Perera says. “That’s been one of our selling points. We’ve been very successful because we format stuff pretty well and we’ve been very successful with the SIEM part of the business.”
Trinity Guard and Fresche Solutions are seeing more interest in security among IBM i customers, including some that have suffered security breaches, says Christine McDowell, the vice president of marketing for Fresche.
“Everybody is interested. That’s the reality,” McDowell says. “With increased threats, people have actually been hit. And once they get hit, they realize that recovery is a heck of a lot more expensive than the investment you’re going to make in the tools and making sure you lock your systems down.”
Perera says he has worked with two IBM i shops recently that have had their security compromised. One of them was a local government that was protected by their exit point management solution, which prevented access via the networks. The other didn’t even have auditing turned on, so there was not a lot of information to go on.
“A lot of people ignore [security]. They have nothing or no way of even monitoring,” Perera says. “So if you don’t have software running, you don’t even know if you got hacked or attacked. Then you’re blind. Still there is a lot of education to be done, but it is happening.”