SlideShare ist ein Scribd-Unternehmen logo

Social Distance Your IBM i from Cybersecurity Risk

Als PPTX, PDF herunterladen
Precisely
Precisely

The continuous news of personal information stolen from major retailers and financial institutions have driven consumers and regulatory bodies to demand that more action be taken to ensure data protection and privacy. Regulations such as PCI DSS, HIPAA, GDPR, and FISMA require that personal data be protected against unauthorized access using technologies like encryption, tokenization, masking, secure file transfer and more. With all the options available for securing IBM i data at rest and in motion, how do you know where to begin? Register to get up to speed on the key concepts you need to know about assuring data privacy for your customers, business partners and employees. Topics will include: - Protecting data with encryption and the need for strong key management - Use Cases that are best for tokenization - Options for permanently deidentifying data - Securing data in motion across networks - Complete security solution for IBM I (AS/400)

Technologie
1 von 40
Social Distance Your IBM i from Cybersecurity Risk Dang Pacis, EVP Sales & Marketing - Questronix Bill Hammond, Senior Product Marketing Manager - Precisely Dawn Winston, Product Management Director - Precisely Sidney Wong, Senior Sales Engineer - Precisely TG Falsis, Systems and Technology Head- Questronix
Housekeeping Webcast Audio • Today’s webcast audio is streamed through your computer speakers • Audio lines will be muted during the presentation Questions Welcome • Submit your questions at any time during the presentation using the Q&A box. Questions will be answered at the end. Technical assistance • If you need technical assistance with the web interface or audio, please reach out to us using the Q&A box • You can move and resize the different webinar panels Resources, Recording and slides • The Resource List contains brochures which you can download and read later • This webcast is being recorded. You will receive an email following the webcast with a link to the recording
Agenda Opening Dang Pacis, EVP Sales & Marketing- Questronix Key Concepts for Protecting the Privacy of IBM i Data Bill Hammond, Senior Product Marketing Manager - Precisely Dawn Winston, Product Management Director - Precisely Complete security solution Sidney Wong, Senior Sales Engineer - Precisely Closing TG Falsis, Systems and Technology Head- Questronix Q&A
Key Concepts for Protecting the Privacy of IBM i Data Bill Hammond, Senior Product Marketing Manager - Precisely Dawn Winston, Product Management Director - Precisely
1. Marketplace Trends 2. Common regulatory requirements 3. Data Privacy solutions that align with regulations Topics
Complete security solution Sidney Wong Senior Sales Engineer - Precisely
Introducing Assure Security 7 A comprehensive solution that addresses all aspects of IBM i security and helps to ensure compliance with cybersecurity regulations. Whether your business needs to implement a full set of security capabilities, or you need to address a specific vulnerability, Assure Security is the solution.
8 Assure Security addresses the issues on the radar screen of every security officer and IBM i admin Compliance Monitoring Gain visibility into all security activity on your IBM i and optionally feed it to an enterprise console Access Control Ensure comprehensive control of unauthorized access and the ability to trace any activity, suspicious or otherwise Security Risk Assessment Assess your security threats and vulnerabilities Data Privacy Protect the privacy of data at-rest or in-motion to prevent data breaches
9 Choose the full product Choose a feature bundle Or select a specific capability Assure Security Assure Data Privacy Assure Encryption Assure Secure File Transfer Assure Monitoring and Reporting Assure Db2 Data Monitor Assure Access Control Assure System Access Manager Assure Elevated Authority Manager Assure Multi-Factor Authentication Assure Security Risk Assessment Assure Compliance Monitoring
10 Risk Assessment Assure Security Risk Assessment Tool Thoroughly check all aspects of IBM i security and obtain detailed reports and recommendations Security Risk Assessment Service Let Syncsort’s team of security experts conduct a thorough risk assessment and provide a report with remediation guidance
Security Risk Assessment 11 What It Is • A security risk assessment is a thorough check of all aspects of system security, including (but not limited to): • Security settings in the OS • Default passwords • Disabled users • Command line users • Distribution of powerful users • Library authorities • Open ports • OS exit points • Risk assessments tools or services provide detailed reports on findings, explanations and recommendations for remediation • Assessment summary for non- technical management summarizes findings Benefits • Helps to satisfy the requirement for annual risk assessments found in regulations such as PCI DSS and HIPAA • Results in reports that inform management and administrators about security vulnerabilities and remedies • Saves time by automating (tool) or offloading (service) the process of conducting as assessment • Using a service or tool that encapsulates extensive experience can fill skillset gaps • Provides separation of duties between administrator and auditor
12
13 Access Control Secure all points of entry into to your system including network access, database access, command line access and more • Multi-Factor Authentication Strengthen login security by requiring multiple forms of authentication Elevated Authority Management Automatically elevate user authority as-needed and on a limited basis Assure Access Control
Assure System Access Manager 14 Comprehensive control of external and internal access • Network access (FTP, ODBC, JDBC, OLE DB, DDM, DRDA, NetServer, etc.) • Communication port access (using ports, IP addresses, sockets - covers SSH, SFTP, SMTP, etc.) • Database access (open-source protocols - JSON, Node.js, Python, Ruby, etc.) • Command access Powerful, flexible and easy to manage • Easy to use graphical interface • Standard configuration provided for out-of-the-box deployment • Powerful, flexible rules for controlling access based on conditions such as date/time, user profile settings, IP addresses, etc. • Simulation mode for testing rules without impact to the users • Provides alerts and produces reports • Logs access data for SIEM integration Secures IBM i systems and enables regulatory compliance • Supports regulatory requirements for SOX, GDPR, PCI-DSS, HIPAA, and others • Satisfies security officers by securing access to IBM i systems and data • Significantly reduces the time and cost of achieving regulatory compliance • Enables implementation of security best practices • Quickly detects security incidents so you can efficiently remediate them • Has low impact on system performance
Assure Elevated Authority Manager 15 Complete, automated control of elevated user authorities • Administrators can manually grant user’s requests or rules can be configured to automatically manage them • Rules can be defined for source and target profiles based on group profiles, supplemental groups, user lists and more • Rules determine the context in which authority can be granted, such as time of date, job name, IP address and more • *SWAP or *ADOPT methods are supported to elevate authority • Handles processes connecting via ODBC, JDBC, DRDA and FTP Comprehensive monitoring of elevated profiles • Monitors elevated users and duration of elevation from GUI or 5250 displays • Maintains an audit trail of elevated activity using job logs, screen captures, exit points and journals • An option is available to simply log user activity without changing authorities • Produces alerts on events such as exceeding authorized time • Generates reports in a variety of formats • Allows integration with ticketing systems Enables regulatory compliance and security best practice • Generates an audit trail of actions by elevated profiles for compliance auditors • Makes it easy to manage requests for elevated authority on demand • Enforces segregation of duties • Satisfies security officers by reducing the number of powerful profiles and maintaining a comprehensive audit trail • Produces necessary alerts and reports • Significantly reduces security exposures caused by human error • Reduces risk of unauthorized access to sensitive data
Assure Multi-Factor Authentication 16 Full-featured multi-factor authentication for IBM i • Enables you to require two or more factors for authentication: • Something the user knows • Something the user has • Something the user “is” • Relies on codes from authentication services delivered via mobile device, email, hardware token, etc. • Enables self-service profile re- enablement and self-service password changes • Supports the Four Eyes Principle for supervised changes • RSA certified (See DOC-92160 on RSA’s community site) Powerful, flexible deployment options • Allows multi-factor authentication to be enabled only for specific users or situations • Rules engine makes it easy to configure when multi-factor authentication is used • Supports multiple authenticators • Free Syncsort authenticator • RADIUS-based servers • RSA SecurID (on-prem or cloud) • Options to initiate from the 5250 signon screen or on-demand (manually or from a program) • Options for multi-factor or two-step authentication Strengthens login security and enables compliance • Adds an authentication layer above and beyond memorized or written passwords • Reduces potential for the cost and consequences of data theft and unauthorized access to systems and applications • Lowers risk of an unauthorized user guessing or finding another user’s password • Addresses regulatory requirements and recommendations in PCI DSS 3.2, NYDFS Cybersecurity Regulation, Swift Alliance Access, GLBA/FFIEC, and more
17 Assure Data Privacy Encryption Transform human-readable database fields into unreadable cypher text using industry-certified encryption & key management solutions Secure File Transfer Securely transfer files across internal or external networks using encryption Tokenization Remove sensitive data from a server by replacing it with substitute values that can be used to retrieve the original data
Assure Encryption 18 The only NIST-certified solution for IBM i encryption • Automatic encryption for Db2 data using IBM i Field Procedures (IBM i 7.1 or greater) • AES encryption algorithms are optimized for performance • Built-in masking of decrypted data based on user or group • Built-in data access auditing • Includes encryption commands for Save Files, IFS, and much more • Extensive encryption APIs for RPG & COBOL • Easily addresses issues of encrypted indexes in legacy RPG programs • Includes tokenization to replace sensitive data with substitute values or “tokens” Supports multiple key management options • Encryption keys must be protected since encryption algorithms are public • Compliance regulations require proper key management • Assure Security supports multiple key management options • Local key store provided • Built to integrate with Townsend Security’s FIPS 140-2 compliant Alliance Key Manager, available as: • VMware appliance • Hardware Security Module (HSM) • Cloud HSM (AWS, Azure) • Other OASIS KMIP compliant key management solutions Enables regulatory compliance and security best practice • Encrypts data without impacting applications • Protects data from unauthorized access by internal staff, contractors and business partners – as well as criminal intruders • Meets requirements of regulations that mandate sensitive data protection such as HIPAA/HITECH, PCI-DSS, state privacy laws and more • Builds your customer’s confidence in doing business with you through NIST validation
Assure Secure File Transfer 19 Secures data transferred with trading partners or customers • Secures data moving across internal or external networks by encrypting it before transfer & decrypting it at the destination • Encrypts any file type including Db2 database files, flat files, IFS files, Save Files, and spooled files • Supports common transfer protocols • Secure Shell (SSH SFTP) • Secure FTP (SSL FTPS) • Records all encryption and file transfer activity to meet compliance requirements • Offers a PGP option to encrypt data at the source and destination location • PGP encrypted files can be received from any other system including Windows, Linux, and UNIX Enables centralized management and automation • Automatically enforces data protection with centrally managed policies • Intelligently negotiates firewalls • Configurable in a hub-and-spoke configuration to automatically manage all your file transfer needs • Provides email, SNMP, message notifications and alerts • Supports email confirmation of transfer with distribution list • Provides APIs and commands for integration with RPG, COBOL applications and CL programs • Supports encrypted ZIP and PDF Enables regulatory compliance and security best practice • Protects data from being seen in clear text when transferred across networks • Meets requirements of regulations such as PCI, HIPAA and others that require encrypted transfer and logging of transfer activity • PGP option provides cross- platform, standards-based encryption that works with all other PGP solutions
20 Assure Compliance Monitoring System & Database Auditing Simplify analysis of IBM i journals to monitor for security incidents and generate reports and alerts Db2 Data Monitoring Monitor for views of sensitive Db2 data and optionally block data from view SIEM Integration Integrate IBM i security data with data from other platforms by transferring it to a Security Information and Event Management console
Assure Monitoring and Reporting 21 Comprehensive monitoring of system and database activity • Simplifies the process of analyzing complex journals • Monitoring for system and database changes available separately or together • Powerful query engine with extensive filtering enables identification of deviations from compliance or security best practice • Out-of-the-box, customizable models supplied for common ERP solutions and GDPR compliance • Application modifications not required Produces clear, easy-to-read alerts and reports • Provides security and compliance event alerts via e-mail popup or syslog • Enables easy creation of customized reports that can be generated continuously, on a schedule or on-demand • Supports multiple report formats including PDF, XLS, CSV and PF formats • Distributes reports via SMTP, FTP or IFS • Add-on available to send security data to SIEM consoles such as IBM Qradar, ArcSight, LogRhythm, LogPoint, and Netwrix • Integration of security data into Splunk for security monitoring or IT operations analytics available via Syncsort’s Ironstream product family Benefits of monitoring and for compliance & security • Quick identification of security incidents and compliance deviations • Monitors the security best practices you have implemented • Enables meeting regulatory requirements for GDPR, SOX, PCI DSS, HIPAA and others • Satisfies requirements for a journal- based audit trail • Provides real segregation of duties and enforces the independence of auditors
Assure Db2 Data Monitor 22 Gives you complete control over sensitive data access • Monitors Db2 data to inform you of who has viewed sensitive records in a file, when and how • Rich set of rules enable fine tuning of read-access detection and alerts (e.g. specific access of a specific file) • No need to change existing applications • Generates reports in multiple formats and real-time alerts • Blocking mode prevents users from reading specified information in a file • Simulation mode available for testing rules to ensure blocking doesn’t disrupt normal activities before deployment Produces clear, targeted reports on data views • Reports could show on views of: • Manager salaries • Medical data • Credit information • Reports can include information on how data was accessed, such as: • IP address • Current user • Call stack • And more • Specify only the fields you need to see in a report, not the entire record, to keeps your confidential data truly confidential Meets even the most stringent compliance and security needs • Meets the most stringent regulatory requirements for confidential data • Reduces the risk of accidental data disclosure • Deters illicit or criminal activity
23 Enforcive Cross Platform Offering
24 What is the Cross-Platform Audit™? An enterprise-wide Compliance Event Monitor. The CPA is all about practical organizational security. It provides log monitoring for your computer systems, and databases. It is collecting and consolidating data from across the enterprise. Many sources available including: Windows, Mainframe, IBM i, Unix, AIX, SQL Server and Oracle. The CPA filters then collects the events into a single database and presents them in an intuitive GUI for ease of analysis and investigation.
25 Features of the Cross-Platform Audit™ • Collection of diverse data formats into a uniform database. • Selectivity/Granularity in defining which events should be collected. • Comprehensive monitoring in a multi-platform environment. • Reporting real user activity utilizing all the user’s identities. • Graphical analysis of security information statistics. • Powerful filtering to pinpoint events with specific characteristics. • Event information drill-down to the field change level, incorporating ‘before’ & ‘after’ images. • Audit information from different systems available all in one place. • Comprehensive audit information for every critical event, showing exactly who did what, when and how.
26 Differentiators • A single Management Console is used to manage the central repository as well as the individual systems that are being monitored. • Organizations can be highly selective in deciding which information needs to be transferred for consolidation. • Focus is on critical information, for example the important data changes performed in the database. • High visibility of changes using before and after images. • Specialized IBM i logs – covering many unique event categories, with a high level of granularity. • Specialized IBM Mainframe logs – covering a large amount of event categories, with a high level of granularity.
27 Collection Flow
28 • System Audit • File and Field Audit • Alerts • Application Audit • SQL Statement • IP Filter • Compliance • Message Queue • History Log • View Data • SMF TELNET • SMF FTP • SMF VSAM • SMF RACF • TCP/IP Application Audit (FTP and Telnet) • DB2 SMF • DB2 LOG (Data Audit) • DB2 CICS (SQL Data Capture) • DB2 BATCH (SQL Data Capture) • System Audit • UNIX DB2 • System Audit X86 • System Audit 86_64 • System Audit IA64 • System Audit PPC64 • System Audit PPC • System Audit S390X • System Audit S390 • System Audit • SQL Statements • SQL System Audit • SQL Data Audit • SQL Statements • Oracle System • Oracle Admin • Oracle Profiles/Users • Oracle Procedures • Data Audit • DB2 SMF – MF • DB2 LOG (Data Audit) – MF • DB2 CICS (SQL Data Capture) – MF • DB2 BATCH (SQL Data Capture) – MF • DB2 System Audit – i, AIX, LUW • DB2 SQL Statement Audit – i, AIX, LUW • System Audit • Data Audit • Windows Event Logs: Security, Application, DNS . . . • Windows Active Directory • ISA Server logs • DHCP logs • IIS Web Server logs • System Audit SYSLOG Sources • Routers • Firewalls • Antivirus • Other SYSLOG senders • Audit • Connect • Query • Prepare • Execute • Shutdown • Quit • No audit • Init DB • Other All Sources
29 What is the Cross-Platform Compliance™? • An enterprise-wide Compliance Deviation Monitor. • The CPC is all about practical organizational security. It checks automatically if your system security settings are in line with organizational security policy. Many sources available including: Windows, AIX, Linux, IBM i, MS SQL and Oracle.
30 What is the Cross-Platform Compliance™?
31 Enforcive/Compliance Accelerator Offering • Speed up Compliance Projects • Predefined - Reports - Alerts - Policy Compliance Manager templates • Areas covered; PCI DSS, SOX, COBIT and ISO • 600+ Definitions • Based on experience of Precisely implementations and interpretation of regulations & best practices
32 CPC: Example – SQL Server Permissions Deviation
33 AIX Password Settings Deviation
34 IBM i Object Authority Deviation
35 CPC Architecture MS SQL Server LINUX Windows IBM Power: i and AIX Agent/Agent less Agent/ Agent less Agent i, Agent/Agentless AIX Cross Platform Compliance  Deviation Alerting  Deviation Reporting  Authority Manager  Password Administration  SOX, HIPAA & PCI Compliance  Enforce Policy Agent less Agent less Oracle On Windows server with MS SQL Database
36 Configuring the Compliance Policy using templates Check policy template against system actual value Policy Templates Deviation Alerts Online Inquiry Deviation Reports Deviations Inquiry Oracle MS SQL WindowsAIX and i Linux Policy Compliance Server Force Policy Update by scheduler (fix) Cross Platform Compliance Flowchart
Closing TG Falsis Systems and Technology Head Questronix
Questions?
Thank you

Empfohlen

The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and Security
Precisely
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
Precisely
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
Precisely
 
Post Wannacry Update
Post Wannacry UpdatePost Wannacry Update
Post Wannacry Update
Thomas Springer
 
Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developer
Sameer Paradia
 
Dakotacon 2017
Dakotacon 2017Dakotacon 2017
Dakotacon 2017
Blue Teamer
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
IBM Security
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
MSAdvAnalytics
 

Empfohlen

The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and Security
Precisely
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
Precisely
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
Precisely
 
Post Wannacry Update
Post Wannacry UpdatePost Wannacry Update
Post Wannacry Update
Thomas Springer
 
Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developer
Sameer Paradia
 
Dakotacon 2017
Dakotacon 2017Dakotacon 2017
Dakotacon 2017
Blue Teamer
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
IBM Security
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
MSAdvAnalytics
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics
NetworkCollaborators
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
NetworkCollaborators
 
IBM Endpoint Manager for Software Use Analysis (Overview)
IBM Endpoint Manager for Software Use Analysis (Overview)IBM Endpoint Manager for Software Use Analysis (Overview)
IBM Endpoint Manager for Software Use Analysis (Overview)
Kimber Spradlin
 
Mp company overview 2014 0214 version 3
Mp company overview 2014 0214 version 3Mp company overview 2014 0214 version 3
Mp company overview 2014 0214 version 3
Ricardo Resnik
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
BeyondTrust
 
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for QualysQualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
Risk Analysis Consultants, s.r.o.
 
Cloud monitoring - An essential Platform Service
Cloud monitoring - An essential Platform ServiceCloud monitoring - An essential Platform Service
Cloud monitoring - An essential Platform Service
Soumitra Bhattacharyya
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
IBM Security
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
Karthikeyan Dhayalan
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
 
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityEssential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access Security
Precisely
 
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld
 
Introduction to Symantec Endpoint Management75.pptx
Introduction to Symantec Endpoint Management75.pptxIntroduction to Symantec Endpoint Management75.pptx
Introduction to Symantec Endpoint Management75.pptx
Arrow ECS UK
 
TM - product overview
TM - product overviewTM - product overview
TM - product overview
Jason Pears
 
IT_Security_Service Delivery_Consultant
IT_Security_Service Delivery_Consultant IT_Security_Service Delivery_Consultant
IT_Security_Service Delivery_Consultant
Saravanan Purushothaman
 
How Endpoint Security works ?
How Endpoint Security works ?How Endpoint Security works ?
How Endpoint Security works ?
William hendric
 
IBM Qradar-Advisor
IBM Qradar-AdvisorIBM Qradar-Advisor
IBM Qradar-Advisor
Luigi Perrone
 
BigFix White Paper
BigFix White PaperBigFix White Paper
BigFix White Paper
Content Rules, Inc.
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat Landscapefinal
Mahmoud Yassin
 
Cloud Security - Made simple
Cloud Security - Made simpleCloud Security - Made simple
Cloud Security - Made simple
Sameer Paradia
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
Desmond Devendran
 
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Precisely
 

Weitere ähnliche Inhalte

Was ist angesagt?

Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
BeyondTrust
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
IBM Security
 
TM - product overview
TM - product overviewTM - product overview
TM - product overview
Jason Pears
 
IT_Security_Service Delivery_Consultant
IT_Security_Service Delivery_Consultant IT_Security_Service Delivery_Consultant
IT_Security_Service Delivery_Consultant
Saravanan Purushothaman
 

Was ist angesagt? (20)

Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
 
IBM Endpoint Manager for Software Use Analysis (Overview)
IBM Endpoint Manager for Software Use Analysis (Overview)IBM Endpoint Manager for Software Use Analysis (Overview)
IBM Endpoint Manager for Software Use Analysis (Overview)
 
Mp company overview 2014 0214 version 3
Mp company overview 2014 0214 version 3Mp company overview 2014 0214 version 3
Mp company overview 2014 0214 version 3
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
 
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for QualysQualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
 
Cloud monitoring - An essential Platform Service
Cloud monitoring - An essential Platform ServiceCloud monitoring - An essential Platform Service
Cloud monitoring - An essential Platform Service
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityEssential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access Security
 
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
 
Introduction to Symantec Endpoint Management75.pptx
Introduction to Symantec Endpoint Management75.pptxIntroduction to Symantec Endpoint Management75.pptx
Introduction to Symantec Endpoint Management75.pptx
 
TM - product overview
TM - product overviewTM - product overview
TM - product overview
 
IT_Security_Service Delivery_Consultant
IT_Security_Service Delivery_Consultant IT_Security_Service Delivery_Consultant
IT_Security_Service Delivery_Consultant
 
How Endpoint Security works ?
How Endpoint Security works ?How Endpoint Security works ?
How Endpoint Security works ?
 
IBM Qradar-Advisor
IBM Qradar-AdvisorIBM Qradar-Advisor
IBM Qradar-Advisor
 
BigFix White Paper
BigFix White PaperBigFix White Paper
BigFix White Paper
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat Landscapefinal
 
Cloud Security - Made simple
Cloud Security - Made simpleCloud Security - Made simple
Cloud Security - Made simple
 

Ähnlich wie Social Distance Your IBM i from Cybersecurity Risk

Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
Desmond Devendran
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
Precisely
 
Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and Security
Precisely
 
Effective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowEffective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to Know
Precisely
 

Ähnlich wie Social Distance Your IBM i from Cybersecurity Risk (20)

Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
 
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
Security 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and DataSecurity 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and Data
 
Security 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and DataSecurity 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and Data
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
 
Contextual Security and Application Control for Virtualized Desktops
Contextual Security and Application Control for Virtualized DesktopsContextual Security and Application Control for Virtualized Desktops
Contextual Security and Application Control for Virtualized Desktops
 
Securing the cloud and your assets
Securing the cloud and your assetsSecuring the cloud and your assets
Securing the cloud and your assets
 
Chapter08
Chapter08Chapter08
Chapter08
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
 
Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and Security
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 
Design Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security GuidelinesDesign Like a Pro: SCADA Security Guidelines
Design Like a Pro: SCADA Security Guidelines
 
Secure nets-and-data
Secure nets-and-dataSecure nets-and-data
Secure nets-and-data
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3
 
Effective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowEffective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to Know
 
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 

Mehr von Precisely

How to Build Data Governance Programs That Last - A Business-First Approach.pdf
How to Build Data Governance Programs That Last - A Business-First Approach.pdfHow to Build Data Governance Programs That Last - A Business-First Approach.pdf
How to Build Data Governance Programs That Last - A Business-First Approach.pdf
Precisely
 
Zukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter MassendatenZukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter Massendaten
Precisely
 
Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10
Precisely
 
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Precisely
 
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Precisely
 
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3fTestjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Precisely
 
Data Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity TrendsData Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity Trends
Precisely
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
Precisely
 
Optimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAPOptimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAP
Precisely
 
SAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige InvestitionenSAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
Precisely
 
Automatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIsAutomatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIs
Precisely
 
Moving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and PreciselyMoving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and Precisely
Precisely
 
Automate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center ExcellenceAutomate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center Excellence
Precisely
 
5 Keys to Improved IT Operation Management
5 Keys to Improved IT Operation Management5 Keys to Improved IT Operation Management
5 Keys to Improved IT Operation Management
Precisely
 
Unlock Efficiency With Your Address Data Today For a Smarter Tomorrow
Unlock Efficiency With Your Address Data Today For a Smarter TomorrowUnlock Efficiency With Your Address Data Today For a Smarter Tomorrow
Unlock Efficiency With Your Address Data Today For a Smarter Tomorrow
Precisely
 
Navigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar DeckNavigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar Deck
Precisely
 
Mainframe Sort Operations: Gaining the Insights You Need for Peak Performance
Mainframe Sort Operations: Gaining the Insights You Need for Peak PerformanceMainframe Sort Operations: Gaining the Insights You Need for Peak Performance
Mainframe Sort Operations: Gaining the Insights You Need for Peak Performance
Precisely
 

Mehr von Precisely (20)

How to Build Data Governance Programs That Last - A Business-First Approach.pdf
How to Build Data Governance Programs That Last - A Business-First Approach.pdfHow to Build Data Governance Programs That Last - A Business-First Approach.pdf
How to Build Data Governance Programs That Last - A Business-First Approach.pdf
 
Zukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter MassendatenZukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter Massendaten
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Crucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdfCrucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdf
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10
 
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
 
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
 
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3fTestjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
 
Data Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity TrendsData Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity Trends
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Optimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAPOptimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAP
 
SAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige InvestitionenSAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
 
Automatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIsAutomatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIs
 
Moving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and PreciselyMoving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and Precisely
 
Automate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center ExcellenceAutomate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center Excellence
 
5 Keys to Improved IT Operation Management
5 Keys to Improved IT Operation Management5 Keys to Improved IT Operation Management
5 Keys to Improved IT Operation Management
 
Unlock Efficiency With Your Address Data Today For a Smarter Tomorrow
Unlock Efficiency With Your Address Data Today For a Smarter TomorrowUnlock Efficiency With Your Address Data Today For a Smarter Tomorrow
Unlock Efficiency With Your Address Data Today For a Smarter Tomorrow
 
Navigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar DeckNavigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar Deck
 
Mainframe Sort Operations: Gaining the Insights You Need for Peak Performance
Mainframe Sort Operations: Gaining the Insights You Need for Peak PerformanceMainframe Sort Operations: Gaining the Insights You Need for Peak Performance
Mainframe Sort Operations: Gaining the Insights You Need for Peak Performance
 

Kürzlich hochgeladen

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 

Kürzlich hochgeladen (20)

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 

Social Distance Your IBM i from Cybersecurity Risk

  • 1. Social Distance Your IBM i from Cybersecurity Risk Dang Pacis, EVP Sales & Marketing - Questronix Bill Hammond, Senior Product Marketing Manager - Precisely Dawn Winston, Product Management Director - Precisely Sidney Wong, Senior Sales Engineer - Precisely TG Falsis, Systems and Technology Head- Questronix
  • 2. Housekeeping Webcast Audio • Today’s webcast audio is streamed through your computer speakers • Audio lines will be muted during the presentation Questions Welcome • Submit your questions at any time during the presentation using the Q&A box. Questions will be answered at the end. Technical assistance • If you need technical assistance with the web interface or audio, please reach out to us using the Q&A box • You can move and resize the different webinar panels Resources, Recording and slides • The Resource List contains brochures which you can download and read later • This webcast is being recorded. You will receive an email following the webcast with a link to the recording
  • 3. Agenda Opening Dang Pacis, EVP Sales & Marketing- Questronix Key Concepts for Protecting the Privacy of IBM i Data Bill Hammond, Senior Product Marketing Manager - Precisely Dawn Winston, Product Management Director - Precisely Complete security solution Sidney Wong, Senior Sales Engineer - Precisely Closing TG Falsis, Systems and Technology Head- Questronix Q&A
  • 4. Key Concepts for Protecting the Privacy of IBM i Data Bill Hammond, Senior Product Marketing Manager - Precisely Dawn Winston, Product Management Director - Precisely
  • 5. 1. Marketplace Trends 2. Common regulatory requirements 3. Data Privacy solutions that align with regulations Topics
  • 6. Complete security solution Sidney Wong Senior Sales Engineer - Precisely
  • 7. Introducing Assure Security 7 A comprehensive solution that addresses all aspects of IBM i security and helps to ensure compliance with cybersecurity regulations. Whether your business needs to implement a full set of security capabilities, or you need to address a specific vulnerability, Assure Security is the solution.
  • 8. 8 Assure Security addresses the issues on the radar screen of every security officer and IBM i admin Compliance Monitoring Gain visibility into all security activity on your IBM i and optionally feed it to an enterprise console Access Control Ensure comprehensive control of unauthorized access and the ability to trace any activity, suspicious or otherwise Security Risk Assessment Assess your security threats and vulnerabilities Data Privacy Protect the privacy of data at-rest or in-motion to prevent data breaches
  • 9. 9 Choose the full product Choose a feature bundle Or select a specific capability Assure Security Assure Data Privacy Assure Encryption Assure Secure File Transfer Assure Monitoring and Reporting Assure Db2 Data Monitor Assure Access Control Assure System Access Manager Assure Elevated Authority Manager Assure Multi-Factor Authentication Assure Security Risk Assessment Assure Compliance Monitoring
  • 10. 10 Risk Assessment Assure Security Risk Assessment Tool Thoroughly check all aspects of IBM i security and obtain detailed reports and recommendations Security Risk Assessment Service Let Syncsort’s team of security experts conduct a thorough risk assessment and provide a report with remediation guidance
  • 11. Security Risk Assessment 11 What It Is • A security risk assessment is a thorough check of all aspects of system security, including (but not limited to): • Security settings in the OS • Default passwords • Disabled users • Command line users • Distribution of powerful users • Library authorities • Open ports • OS exit points • Risk assessments tools or services provide detailed reports on findings, explanations and recommendations for remediation • Assessment summary for non- technical management summarizes findings Benefits • Helps to satisfy the requirement for annual risk assessments found in regulations such as PCI DSS and HIPAA • Results in reports that inform management and administrators about security vulnerabilities and remedies • Saves time by automating (tool) or offloading (service) the process of conducting as assessment • Using a service or tool that encapsulates extensive experience can fill skillset gaps • Provides separation of duties between administrator and auditor
  • 12. 12
  • 13. 13 Access Control Secure all points of entry into to your system including network access, database access, command line access and more • Multi-Factor Authentication Strengthen login security by requiring multiple forms of authentication Elevated Authority Management Automatically elevate user authority as-needed and on a limited basis Assure Access Control
  • 14. Assure System Access Manager 14 Comprehensive control of external and internal access • Network access (FTP, ODBC, JDBC, OLE DB, DDM, DRDA, NetServer, etc.) • Communication port access (using ports, IP addresses, sockets - covers SSH, SFTP, SMTP, etc.) • Database access (open-source protocols - JSON, Node.js, Python, Ruby, etc.) • Command access Powerful, flexible and easy to manage • Easy to use graphical interface • Standard configuration provided for out-of-the-box deployment • Powerful, flexible rules for controlling access based on conditions such as date/time, user profile settings, IP addresses, etc. • Simulation mode for testing rules without impact to the users • Provides alerts and produces reports • Logs access data for SIEM integration Secures IBM i systems and enables regulatory compliance • Supports regulatory requirements for SOX, GDPR, PCI-DSS, HIPAA, and others • Satisfies security officers by securing access to IBM i systems and data • Significantly reduces the time and cost of achieving regulatory compliance • Enables implementation of security best practices • Quickly detects security incidents so you can efficiently remediate them • Has low impact on system performance
  • 15. Assure Elevated Authority Manager 15 Complete, automated control of elevated user authorities • Administrators can manually grant user’s requests or rules can be configured to automatically manage them • Rules can be defined for source and target profiles based on group profiles, supplemental groups, user lists and more • Rules determine the context in which authority can be granted, such as time of date, job name, IP address and more • *SWAP or *ADOPT methods are supported to elevate authority • Handles processes connecting via ODBC, JDBC, DRDA and FTP Comprehensive monitoring of elevated profiles • Monitors elevated users and duration of elevation from GUI or 5250 displays • Maintains an audit trail of elevated activity using job logs, screen captures, exit points and journals • An option is available to simply log user activity without changing authorities • Produces alerts on events such as exceeding authorized time • Generates reports in a variety of formats • Allows integration with ticketing systems Enables regulatory compliance and security best practice • Generates an audit trail of actions by elevated profiles for compliance auditors • Makes it easy to manage requests for elevated authority on demand • Enforces segregation of duties • Satisfies security officers by reducing the number of powerful profiles and maintaining a comprehensive audit trail • Produces necessary alerts and reports • Significantly reduces security exposures caused by human error • Reduces risk of unauthorized access to sensitive data
  • 16. Assure Multi-Factor Authentication 16 Full-featured multi-factor authentication for IBM i • Enables you to require two or more factors for authentication: • Something the user knows • Something the user has • Something the user “is” • Relies on codes from authentication services delivered via mobile device, email, hardware token, etc. • Enables self-service profile re- enablement and self-service password changes • Supports the Four Eyes Principle for supervised changes • RSA certified (See DOC-92160 on RSA’s community site) Powerful, flexible deployment options • Allows multi-factor authentication to be enabled only for specific users or situations • Rules engine makes it easy to configure when multi-factor authentication is used • Supports multiple authenticators • Free Syncsort authenticator • RADIUS-based servers • RSA SecurID (on-prem or cloud) • Options to initiate from the 5250 signon screen or on-demand (manually or from a program) • Options for multi-factor or two-step authentication Strengthens login security and enables compliance • Adds an authentication layer above and beyond memorized or written passwords • Reduces potential for the cost and consequences of data theft and unauthorized access to systems and applications • Lowers risk of an unauthorized user guessing or finding another user’s password • Addresses regulatory requirements and recommendations in PCI DSS 3.2, NYDFS Cybersecurity Regulation, Swift Alliance Access, GLBA/FFIEC, and more
  • 17. 17 Assure Data Privacy Encryption Transform human-readable database fields into unreadable cypher text using industry-certified encryption & key management solutions Secure File Transfer Securely transfer files across internal or external networks using encryption Tokenization Remove sensitive data from a server by replacing it with substitute values that can be used to retrieve the original data
  • 18. Assure Encryption 18 The only NIST-certified solution for IBM i encryption • Automatic encryption for Db2 data using IBM i Field Procedures (IBM i 7.1 or greater) • AES encryption algorithms are optimized for performance • Built-in masking of decrypted data based on user or group • Built-in data access auditing • Includes encryption commands for Save Files, IFS, and much more • Extensive encryption APIs for RPG & COBOL • Easily addresses issues of encrypted indexes in legacy RPG programs • Includes tokenization to replace sensitive data with substitute values or “tokens” Supports multiple key management options • Encryption keys must be protected since encryption algorithms are public • Compliance regulations require proper key management • Assure Security supports multiple key management options • Local key store provided • Built to integrate with Townsend Security’s FIPS 140-2 compliant Alliance Key Manager, available as: • VMware appliance • Hardware Security Module (HSM) • Cloud HSM (AWS, Azure) • Other OASIS KMIP compliant key management solutions Enables regulatory compliance and security best practice • Encrypts data without impacting applications • Protects data from unauthorized access by internal staff, contractors and business partners – as well as criminal intruders • Meets requirements of regulations that mandate sensitive data protection such as HIPAA/HITECH, PCI-DSS, state privacy laws and more • Builds your customer’s confidence in doing business with you through NIST validation
  • 19. Assure Secure File Transfer 19 Secures data transferred with trading partners or customers • Secures data moving across internal or external networks by encrypting it before transfer & decrypting it at the destination • Encrypts any file type including Db2 database files, flat files, IFS files, Save Files, and spooled files • Supports common transfer protocols • Secure Shell (SSH SFTP) • Secure FTP (SSL FTPS) • Records all encryption and file transfer activity to meet compliance requirements • Offers a PGP option to encrypt data at the source and destination location • PGP encrypted files can be received from any other system including Windows, Linux, and UNIX Enables centralized management and automation • Automatically enforces data protection with centrally managed policies • Intelligently negotiates firewalls • Configurable in a hub-and-spoke configuration to automatically manage all your file transfer needs • Provides email, SNMP, message notifications and alerts • Supports email confirmation of transfer with distribution list • Provides APIs and commands for integration with RPG, COBOL applications and CL programs • Supports encrypted ZIP and PDF Enables regulatory compliance and security best practice • Protects data from being seen in clear text when transferred across networks • Meets requirements of regulations such as PCI, HIPAA and others that require encrypted transfer and logging of transfer activity • PGP option provides cross- platform, standards-based encryption that works with all other PGP solutions
  • 20. 20 Assure Compliance Monitoring System & Database Auditing Simplify analysis of IBM i journals to monitor for security incidents and generate reports and alerts Db2 Data Monitoring Monitor for views of sensitive Db2 data and optionally block data from view SIEM Integration Integrate IBM i security data with data from other platforms by transferring it to a Security Information and Event Management console
  • 21. Assure Monitoring and Reporting 21 Comprehensive monitoring of system and database activity • Simplifies the process of analyzing complex journals • Monitoring for system and database changes available separately or together • Powerful query engine with extensive filtering enables identification of deviations from compliance or security best practice • Out-of-the-box, customizable models supplied for common ERP solutions and GDPR compliance • Application modifications not required Produces clear, easy-to-read alerts and reports • Provides security and compliance event alerts via e-mail popup or syslog • Enables easy creation of customized reports that can be generated continuously, on a schedule or on-demand • Supports multiple report formats including PDF, XLS, CSV and PF formats • Distributes reports via SMTP, FTP or IFS • Add-on available to send security data to SIEM consoles such as IBM Qradar, ArcSight, LogRhythm, LogPoint, and Netwrix • Integration of security data into Splunk for security monitoring or IT operations analytics available via Syncsort’s Ironstream product family Benefits of monitoring and for compliance & security • Quick identification of security incidents and compliance deviations • Monitors the security best practices you have implemented • Enables meeting regulatory requirements for GDPR, SOX, PCI DSS, HIPAA and others • Satisfies requirements for a journal- based audit trail • Provides real segregation of duties and enforces the independence of auditors
  • 22. Assure Db2 Data Monitor 22 Gives you complete control over sensitive data access • Monitors Db2 data to inform you of who has viewed sensitive records in a file, when and how • Rich set of rules enable fine tuning of read-access detection and alerts (e.g. specific access of a specific file) • No need to change existing applications • Generates reports in multiple formats and real-time alerts • Blocking mode prevents users from reading specified information in a file • Simulation mode available for testing rules to ensure blocking doesn’t disrupt normal activities before deployment Produces clear, targeted reports on data views • Reports could show on views of: • Manager salaries • Medical data • Credit information • Reports can include information on how data was accessed, such as: • IP address • Current user • Call stack • And more • Specify only the fields you need to see in a report, not the entire record, to keeps your confidential data truly confidential Meets even the most stringent compliance and security needs • Meets the most stringent regulatory requirements for confidential data • Reduces the risk of accidental data disclosure • Deters illicit or criminal activity
  • 24. 24 What is the Cross-Platform Audit™? An enterprise-wide Compliance Event Monitor. The CPA is all about practical organizational security. It provides log monitoring for your computer systems, and databases. It is collecting and consolidating data from across the enterprise. Many sources available including: Windows, Mainframe, IBM i, Unix, AIX, SQL Server and Oracle. The CPA filters then collects the events into a single database and presents them in an intuitive GUI for ease of analysis and investigation.
  • 25. 25 Features of the Cross-Platform Audit™ • Collection of diverse data formats into a uniform database. • Selectivity/Granularity in defining which events should be collected. • Comprehensive monitoring in a multi-platform environment. • Reporting real user activity utilizing all the user’s identities. • Graphical analysis of security information statistics. • Powerful filtering to pinpoint events with specific characteristics. • Event information drill-down to the field change level, incorporating ‘before’ & ‘after’ images. • Audit information from different systems available all in one place. • Comprehensive audit information for every critical event, showing exactly who did what, when and how.
  • 26. 26 Differentiators • A single Management Console is used to manage the central repository as well as the individual systems that are being monitored. • Organizations can be highly selective in deciding which information needs to be transferred for consolidation. • Focus is on critical information, for example the important data changes performed in the database. • High visibility of changes using before and after images. • Specialized IBM i logs – covering many unique event categories, with a high level of granularity. • Specialized IBM Mainframe logs – covering a large amount of event categories, with a high level of granularity.
  • 28. 28 • System Audit • File and Field Audit • Alerts • Application Audit • SQL Statement • IP Filter • Compliance • Message Queue • History Log • View Data • SMF TELNET • SMF FTP • SMF VSAM • SMF RACF • TCP/IP Application Audit (FTP and Telnet) • DB2 SMF • DB2 LOG (Data Audit) • DB2 CICS (SQL Data Capture) • DB2 BATCH (SQL Data Capture) • System Audit • UNIX DB2 • System Audit X86 • System Audit 86_64 • System Audit IA64 • System Audit PPC64 • System Audit PPC • System Audit S390X • System Audit S390 • System Audit • SQL Statements • SQL System Audit • SQL Data Audit • SQL Statements • Oracle System • Oracle Admin • Oracle Profiles/Users • Oracle Procedures • Data Audit • DB2 SMF – MF • DB2 LOG (Data Audit) – MF • DB2 CICS (SQL Data Capture) – MF • DB2 BATCH (SQL Data Capture) – MF • DB2 System Audit – i, AIX, LUW • DB2 SQL Statement Audit – i, AIX, LUW • System Audit • Data Audit • Windows Event Logs: Security, Application, DNS . . . • Windows Active Directory • ISA Server logs • DHCP logs • IIS Web Server logs • System Audit SYSLOG Sources • Routers • Firewalls • Antivirus • Other SYSLOG senders • Audit • Connect • Query • Prepare • Execute • Shutdown • Quit • No audit • Init DB • Other All Sources
  • 29. 29 What is the Cross-Platform Compliance™? • An enterprise-wide Compliance Deviation Monitor. • The CPC is all about practical organizational security. It checks automatically if your system security settings are in line with organizational security policy. Many sources available including: Windows, AIX, Linux, IBM i, MS SQL and Oracle.
  • 30. 30 What is the Cross-Platform Compliance™?
  • 31. 31 Enforcive/Compliance Accelerator Offering • Speed up Compliance Projects • Predefined - Reports - Alerts - Policy Compliance Manager templates • Areas covered; PCI DSS, SOX, COBIT and ISO • 600+ Definitions • Based on experience of Precisely implementations and interpretation of regulations & best practices
  • 32. 32 CPC: Example – SQL Server Permissions Deviation
  • 34. 34 IBM i Object Authority Deviation
  • 35. 35 CPC Architecture MS SQL Server LINUX Windows IBM Power: i and AIX Agent/Agent less Agent/ Agent less Agent i, Agent/Agentless AIX Cross Platform Compliance  Deviation Alerting  Deviation Reporting  Authority Manager  Password Administration  SOX, HIPAA & PCI Compliance  Enforce Policy Agent less Agent less Oracle On Windows server with MS SQL Database
  • 36. 36 Configuring the Compliance Policy using templates Check policy template against system actual value Policy Templates Deviation Alerts Online Inquiry Deviation Reports Deviations Inquiry Oracle MS SQL WindowsAIX and i Linux Policy Compliance Server Force Policy Update by scheduler (fix) Cross Platform Compliance Flowchart
  • 37.
  • 38. Closing TG Falsis Systems and Technology Head Questronix