Change Control For IBM i
Security For IBM i
Development For IBM i
Support For IBM iIBM i Security and Auditing
Enforcive is a module based enterprise security application that runs on the IBM i (iSeries & AS400). The following modules make up the product:-
- Enforcive Application Access Control
- Enforcive Application Audit
- Application analyzer
- IBM i System Audit(QAUDJRN)
- Inquiries
- IBM i Database File Audit
- Message Queue audit
- QHST audit
- Central audit
- Enforcive Security Event Report Generator
- SQL statement audit
- Enforcive Alert Center
- User profile management
- Object authorization manager
- Session Timeout Management
- In-Active User Management
- Security policy replication across partitions
- Policy compliance manager
- Field encryption
- Field masking
- Firewall
- Cross platform audit
- Password Self Service
Enforcive In-Active User Management
Defines a policy for handling in-active user profiles.
Architecture
- Management thru a proprietary system of users and groups, integrated with operating system parameters
Highlights
- Different handling for different users and groups
- Disabling of user profiles following a specified period of inactivity
- Option for calling a user defined program
- Handling of a system policy for users without specific definitions
Organizational Benefits
- Allows the organization to easily implement important security best practice, which would be highly time consuming with systems with many user profiles
- Affords the organization a means of automatically controlling and eliminating/disabling unused user profiles
IBM i Security Session Timeout
A flexible policy for forcing session timeouts in native green screen application sessions
Architecture
Management of session timeout events through a proprietary system of users and groups and operating system parameters
Highlights
- Different session timeout criteria for different user groups (as opposed to "one size fits all" option provided in the operating system)
- System defaults for users without specific definitions
- Specification of specific idle time
- Specification of action to take when timeout occurs
- Optional sending of messages to the system administrator
Organizational Benefits
- Allows the organization to easily implement important security best practices, which would otherwise be highly time consuming tasks
- Meeting of regulatory compliance requirements (GDPR and others)
Enforcive Alert Center
Rich and unique system of alerts, following a wide range of IBM i system conditions and events. Alert delivery can take a number of different forms including email, on screen display and others
Architecture
- Alerting of a variety of events including authorized and unauthorized access at exit point level, compliance checks, system health checks, database field changes, message queue messages and system journal events
- Handling of collected event information by the IBM i or by windows based alert handler
- Events covered: Exit point, system journal, file journal, message queues, Policy Compliance Manager deviations, SQL Statements
Highlights
- Granular condition definition. Alerts can be conditioned from general to highly specific triggering criteria, such as specific SQL statements or FTP sub-functions on a specific library or file
- Multiple alert actions including email, writing to windows event log, displaying on screen, SNMP traps and output to syslog
- Multiple pro active alert actions including calling a program, disabling a user profile, changing user authority etc
- Database field value change alert
Organizational Benefits
- Automatic alerting of breeches
- Fast reaction to security incidents
- Automatic blocking of suspicious users
- More control of events in the system
- Meeting of regulatory compliance requirements
