In recent years, regulatory initiatives like Sarbanes-Oxley, HIPAA, PCI, and GLBA have placed increased emphasis on the need to monitor and secure sensitive information. For example, The Payment Card Industry (PCI) Data Security Standard dictates one of the most stringent requirements of all—logs must be reviewed daily, and a minimum of three months of logs must be available for analysis.
This has led to the advent of a new class of security solution known as “Security Information and Event Management” (SIEM). Here’s how it works: SIEM solutions typically use a simple and widely accepted protocol known as syslog to gather data from devices in the network. The syslog sender sends small text messages (often less than 1024 bytes) containing “payload’” that documents a monitored event to a syslog daemon or syslog server. The SIEM solution accepts a feed from the syslog server, and uses “correlation engines” to look for trends and patterns in the payload. (Some even provide event escalation and alerting for incident management and response.)
With a customer base that includes over 98% of the Fortune 500 and an estimated 350,000 systems in service, the IBM i systems house some of the most sensitive information in the world, making interaction with a SIEM solution a critical requirement.
Powertech Interact lets you monitor, capture, and send over 500 different log events to a SEIM console. (IBM’s ISS Site Protector format is also supported.) Interact offes real-time monitoring of:
- Security Audit Journal (QAUDJRN)
- Critical OS Messages (QSYSMSG or QSYSOPR)
- PowerTech Authority Broker (Privileged User Tracking)
- PowerTech Network Security (FTP, ODBC, Remote Command)
Interact takes the raw event data and converts it into a meaningful format for easy review. Cryptic audit journal details are simplified into plain English statements such as:
“System Value QSECURITY was changed from 40 to 30” or “An invalid password was entered for user profile QSECOFR.”
You don’t need to fill your SIEM solution with unnecessary events. Interact lets you select or omit event notifications based on key characteristics:
- Event Type
- User ID
- IP Address
- Time and Day of Week
With Interact, you’ll enjoy all of the benefits of real-time event notification, while satisfying audit and regulatory requirements.
To learn more about Interact, request a free demo.