IBM i Solutions

IBM i security and compliance monitoring solutions

Today’s world of complex regulations and evolving security threats requires simple IBM i security and compliance monitoring to alert you to security threats quickly and satisfy auditors

Comprehensive monitoring of IBM i security and compliance

IBM i journals and log files contain the data required to monitor security and prove compliance, but they’re also notoriously cryptic and voluminous. Without a way to quickly obtain insights or create reports regarding changes to critical databases, it’s nearly impossible to analyze log files for security insights or extract audit reports in a timely manner.

To further complicate matters, regulations such as GDPR require that organizations monitor and be prepared to report on users who have viewed highly confidential data – regardless of whether they have made changes. And while it’s expected that views of healthcare records, financial records, and protected consumer information are monitored and controlled, this information isn’t found in IBM i journals and logs.

Fortunately, third-party solutions are available that simplify the analysis of journal data for quick and easy reports and alerts on security activity, as well as for tracking views of particularly sensitive data.

To demonstrate compliance with internal security policy and regulatory requirements, IBM i professionals need insight into a wide variety of dynamic elements on the system. These insights include changes to system values, user profile activities, authentication failures, access attempts through the network or command lines, data encryption and decryption, the transfer of sensitive data across the network, and much more.

IBM i log sources, including journals and message queues maintained by the OS, create a comprehensive audit trail of changes. Critical log sources include the System Audit Journal (QAUDJRN), the QSYSOPR Message Queue, the QSYSMSG Message Queue, and the QHST History Log. The data contained in these log sources can be used to monitor for security and compliance deviations, as well as to generate alerts and reports on all types of security activity.

Making sense of the data written to many of these sources manually is nearly impossible. To stay compliant and monitor the security of IBM i systems, enterprises need a way to quickly identify important events and critical conditions without significant effort – or a major programming project.

Effective third-party solutions automate the analysis of IBM i log sources to extract only the pertinent data and generate clear and actionable alerts and reports on security incidents and compliance deviations for various stakeholders.

Learn how Assure Monitoring and Reporting from Precisely automates analysis of IBM i log sources to save you time and money when monitoring for regulatory compliance and detecting threats to systems and data security.

Security Information and Event Management (SIEM) solutions are integral to security strategies for many organizations today. SIEM technology aggregates data produced by security devices, network infrastructure, systems and applications, and combines it with contextual information about users, assets, threats, and vulnerabilities to enable real-time security and compliance monitoring.

Organizations that have invested in SIEM technology must integrate IBM i security information into the solution to enable early detection and threat response across all enterprise systems. However, native support for security data from IBM i systems is not available in these tools.

Unfortunately, integrating security information from IBM i systems into an enterprise SIEM platform is a challenge due to the range of IBM i log sources to monitor, proprietary data formats, and the specialized skills required to analyze and integrate the data.

Third-party solutions that automate the analysis of IBM i log sources to generate alerts and reports on security and compliance may also forward IBM i security data to SIEMs such as IBM QRadar, Solar Winds, Splunk, ArcSight, LogRhythm, LogPoint, Netwrix, and others for analysis alongside security data from other platforms.

Read IBM i Compliance and Security: Identifying the Events That Matter Most to learn more about integrating IBM i systems into your SIEM solution.

Regulations such as PCI DSS and HIPAA have long suggested the benefits of tracking access to confidential data. More recently, consumer privacy regulations like GDPR have begun to require it, and new regulations are likely to follow that lead.

For example, if a staff member at a bank views highly confidential financial information they are not authorized to see, the bank may be liable for the costs and consequences of a data breach, even if the individual claims they didn’t read the data. Customer data is not the only sensitive data that must be carefully protected. You must also ensure that unauthorized users are not viewing corporate financial data, executive compensation, employee medical data, or customer lists.

Logs are required to prove to internal and external auditors whether the data was disclosed. However, IBM i journals and history files do not record views of data – only changes. You need tools to monitor views and prevent both accidental data disclosure and intentional breaches of confidentiality.

Thanks to advances in the IBM i operating system, third-party tools are now available to monitor views of sensitive Db2 data and alert you to users who have seen sensitive records – along with how and when the data was viewed. These tools can even block records from being viewed by unauthorized users.

The most effective data view monitoring solutions will allow you to not only define the records users can see but will also give you control of the conditions under which users can view records. For example, views may only be allowed on weekdays, during certain hours, or when using a particular program. It is also critical that these solutions generate logs to satisfy the requirements of compliance auditors.

Learn more about Assure Db2 Data Monitor from Precisely

Case study: Westpac Pacific Banking

Being part of the large Global Westpac Banking Corporation, Westpac Pacific Banking needs to comply with various regulatory guidelines and therefore must have visibility into everything that happens in their entire IBM i environment.

Since the implementation of Assure Monitoring and Reporting’s system audit capabilities, auditors and internal security officers have had very positive reactions to its benefits. They are pleased with the ability of the solution to generate concise and accurate reports. Equally important is the significant increase in automation of the auditing and compliancy process – eliminating the need for IT personnel to spend hours gathering system information, managing user access and formatting the data into reports that the auditors can interpret.

Read the story of Westpac Pacific Banking’s implementation of Assure Monitoring and Reporting.

Monitoring and Reporting for IBM i Compliance and Security

Achieving optimal security on the IBM i isn’t so much a destination as a journey that’s marked by a continual series of efforts toward improvement. Organizations that run business applications on IBM i must adequately secure their systems to meet compliance regulations. However, being in compliance doesn’t mean your IBM i is fully secured.

To achieve a security posture that is a real deterrent to theft or fraud – whether perpetrated by external or internal actors – a determined, consistent effort is required that combines the right mix of technologies, expertise, and best practices.

Download this eBook to learn security challenges commonly faced by staff at IBM i shops in their efforts to harden security and pass compliance audits.

A comprehensive audit trail

IBM i log sources, including journals and message queues recorded by the IBM i OS, create a comprehensive audit trail of changes.

These critical log sources can be used to monitor for security and compliance deviations, as well as to feed IBM i log data to Security and Information Event Management (SIEM) solutions that do not natively have visibility into the platform. Critical log sources include:

  • The System Audit Journal (QAUDJRN) – contains information related to events that impact security, such as changes to system values, object authorities, profiles, authorization lists, object access attempts, and more.
  • Operator Messages (QSYSOPR Message Queue) – contains alerts that inform the operator about a condition that needs attention or about changes to the environment.
  • System and Application Messages (QSYSMSG Message Queue) – an optional message queue that issues alerts about high priority system events. It should be created and monitored continuously.

QHST History Log – message queue and several physical files that contain a list of messages that reflect specific events occurring on IBM i systems.