Real-time security alerts - vital for any security project

The iSeries Security Agent is vital for any iSeries system security project. It provides the monitoring and auditing capabilities that you need to protect your data.

It will alert you to possible security threats in real-time, and even respond to security breaches by taking preventive action before damage is done.

Guard your system unattended, day and night

You can make your security policy more aggressive and more proactive with the SmartConsole automated actions, closing down security holes immediately, around the clock, without operator intervention.

For example, you can protect against changes to key system values, e.g. if the system security level is unexpectedly changed from 50 to 30, the Security Agent can automatically: change the security level back to 50; end the job that made the change; disable the user profile that was used; send an alert describing what occurred….all done in seconds.

The Security Agent also provides auditing reports that identify weaknesses and limitations, allowing continuous improvement of your security policy. It even reveals security holes caused by vendor packages, so you can demand modifications.

Identify real security issues

The advanced filter criteria allow you to fine-tune the Security Agent to pinpoint real security issues, rather than everyday user mistakes.

For example, apparently isolated events may be received in a short space of same time - a failed sign-on attempt, rejected object or spool file access. Those things can happen all the time on your system. But the SmartConsole will notice that they all came from the same user profile, or from the same device, or the same IP address…and warn you, or take action.

Integrate with other security systems

It is a valuable complement to other systems, such as exit-point security, firewalls etc.; those technologies control entrance to your system, like a country's "customs control". The Security Agent is your internal "police" force, monitoring the activities of users inside your system.

Unlike other dedicated security solutions on the market, the Visual Security Suite product also manages your iSeries system messages, Windows Event Logs, TCP/IP services and more. You can achieve significant benefits in efficiency and service level by consolidating security with those operations management tasks.

Technical Overview

The iSeries Security Agent configures system auditing rules, and then manages security-relevant audit messages using powerful filters. The enriched messages can be used to send immediate alerts, take automated actions, audit system security and analyze possible weaknesses.

The Security Agent detects events, system-wide or by user:

Object auditing

Changes and access to objects, e.g. delete, copy, rename, restore, authority change, read, edit. Examples include:

• Delete, copy or edit database file containing customer data
  
• Read or copy spool file containing salary information

Command auditing

Any command line entries, e.g.

• commands run by suspect user profile
  
• use of sensitive commands

System configuration auditing

• Creation, modification of user profiles, e.g. creation of suspicious new profile
  
• Changes to system auditing
  
• Changes to system values, e.g. changes to system date, time, security level, IPL info, action for number of failed sign-on attempts, etc.
  
• Use of DST (Dedicated Services Tools), e.g. changes to system configuration
  

Action auditing

• Authority failures, e.g. persistent failed sign-on attempts, object access denied
  
• Programs changed to adopt authority
  
• Users obtaining adopted authority
  
• Profile swapping

Filters simplify event detection and customization by allowing you to identify particular objects, user profiles, commands. There is support for generic, wildcard, date and time, text string, and through extensive logical functions.