This document introduces Assure Security, a comprehensive security solution from Syncsort that addresses IBM i security. It provides an overview of the topics that will be covered in the webinar, including Assure's access control, data privacy, compliance monitoring, security risk assessment, and integration capabilities. The document discusses how Assure Security combines security capabilities from Cilasoft and Townsend Security to provide a complete security and compliance solution for IBM i. It highlights some of Assure Security's key capabilities such as access control, data privacy, compliance monitoring, and security risk assessment. Customer stories are also provided as examples of how Assure Security has helped organizations address security and compliance challenges.

1. Introducing
Assure Security
Becky Hjellming
Senior Director, Product Marketing
Jeff Uehling
Syncsort Security Expert

2. Topics for Today’s Webinar
• Introducing Assure Security
• Assure Access Control
• Assure Data Privacy
• Assure Compliance Monitoring
• Assure Security Risk Assessment
• Integration with Syncsort HA Solutions
• Professional and Managed Services
• Q&A
2

3. Introducing
Assure Security
A comprehensive solution that addresses all
aspects of IBM i security and helps to ensure
compliance with cybersecurity regulations.
Whether your business needs to implement a
full set of security capabilities, or you need to
address a specific vulnerability, Assure
Security is the solution.
3

4. Introducing Assure Security
Complete IBM i Security and Compliance
Assure Security includes
• Best in class IBM i security capabilities acquired from
Cilasoft and Townsend Security
• A common package for new installs and upgrades
• A common monitoring console with Syncsort’s HA products
For Cilasoft and Alliance customers, Assure Security
• Is the next generation product
• Seamlessly supports current capabilities (or more)
• Makes it easier to adopt new security capabilities
MILESTONES
• April 8 Global Launch
• May 2019 General Availability
4

5. Data Privacy
Protect the privacy of data at-rest
or in-motion to prevent data
breaches
Access Control
Ensure comprehensive control of
unauthorized access and the
ability to trace any activity,
suspicious or otherwise
Compliance Monitoring
Gain visibility into all security activity
on your IBM i and optionally
feed it to an enterprise console
Security Risk Assessment
Assess your security threats
and vulnerabilities
5
Assure Security
addresses the issues on every
security officer and IBM i
administrator’s radar screen

6. Assure
Security
Assure
Data Privacy
NEW BUNDLE
Assure Encryption
(Alliance AES/400
and Token Manager)
Assure
Secure File Transfer
(Alliance FTP Manager)
Assure Compliance
Monitoring
NEW BUNDLE
Assure Monitoring and
Reporting
(Cilasoft QJRN/400)
Assure Db2 Data
Monitor
(Cilasoft DVM)
Assure Security
Risk Assessment
(Security Risk Assessment)
Assure
Access Control
NEW BUNDLE
Assure System Access
Manager
(Cilasoft CONTROLER)
Assure Elevated
Authority Manager
(Cilasoft EAM)
Assure Multi-Factor
Authentication
(Cilasoft RAMi)
The best-of-breed brands
acquired by Syncsort
are coming together
in Assure Security!
6

7. Assure Security
Assure
Data Privacy
Assure Encryption
Assure Secure File
Transfer
Assure Monitoring
and Reporting
Assure Db2 Data
Monitor
Assure
Access Control
Assure System Access
Manager
Assure Elevated
Authority Manager
Assure Multi-Factor
Authentication
Assure Security
Risk Assessment
Choose the full product
Choose a feature bundle
Or select a specific capability
Assure Compliance
Monitoring
7

8. Enforcive Security Products
Enforcive Enterprise Suite for IBM i
• Fully supported independent product
• Customer-driven enhancements continue to be delivered
• May share unique capabilities with Assure Security over time
Enforcive Cross-Platform Products
• Provide audit and security capabilities for Windows, Linux,
AIX and more
• Complement Syncsort’s IBM i security capabilities
• Actively enhanced to meet customer requirements
8

9. Assure Security’s
Marketing-Leading Capabilities

10. Multi-Factor
Authentication
Strengthen login security by
requiring multiple forms of
authentication
Elevated Authority
Management
Automatically elevate user
authority as-needed and on a
limited basis
Access Control
Secure all points of entry into to
your system including network
access, database access,
command line access and more
Assure
Access Control
10

11. Assure Multi-Factor
Authentication
Full-featured multi-factor
authentication for IBM i
• Enables you to require two or more
factors for authentication:
• Something the user knows
• Something the user has
• Something the user “is”
• Relies on codes from authentication
services delivered via mobile device,
email, hardware token, etc.
• Enables self-service profile re-
enablement and self-service password
changes
• Supports the Four Eyes Principle for
supervised changes
• RSA certified (See DOC-92160
on RSA’s community site)
Powerful, flexible deployment
options
• Allows multi-factor authentication to be
enabled only for specific users or situations
• Rules engine makes it easy to configure
when multi-factor authentication is used
• Supports multiple authenticators
• Free Syncsort authenticator
• RADIUS-based servers
• RSA SecureID (on-prem or cloud)
• Options to initiate from the 5250 signon
screen or on-demand (manually or from a
program)
• Options for multi-factor or two-step
authentication
Strengthens login security and
enables compliance
• Adds an authentication layer above and
beyond memorized or written passwords
• Reduces potential for the cost and
consequences of data theft and
unauthorized access to systems and
applications
• Lowers risk of an unauthorized user
guessing or finding another user’s
password
• Addresses regulatory requirements and
recommendations in PCI DSS 3.2, NYDFS
Cybersecurity Regulation, Swift Alliance
Access, GLBA/FFIEC, and more
11

12. CHALLENGE
• Complex, massive global financial services
company
• Must comply with with PCI DSS and 23 NYCRR
500 regulations
• Implemented multi-factor authentication on
other platforms for remote and privileged
users, but needed solution for IBM i
SOLUTION
• Assure Multi-Factor Authentication
• Mix of RSA tokens (already in use for other
platforms) and built-in authenticator
BENEFITS
• Regulatory compliance
• Multi-factor authentication at login provides a
higher level of login security for their business
• Implementing the four-eyes principle for
transactions that require high privilege
Compliance, confidence
and increased security
with Assure Multi-Factor
Authentication
Customer
Story
12

13. Complete, automated control
of elevated user authorities
• Administrators can manually grant user’s
requests or rules can be configured to
automatically manage them
• Rules can be defined for source and target
profiles based on group profiles,
supplemental groups, user lists and more
• Rules determine the context in which
authority can be granted, such as time of
date, job name, IP address and more
• *SWAP or *ADOPT methods are supported
to elevate authority
• Handles processes connecting via ODBC,
JDBC, DRDA and FTP
• Monitors elevated users and duration of
elevation from GUI or 5250 displays
• Maintains an audit trail of elevated
activity using job logs, screen captures,
exit points and journals
• An option is available to simply log user
activity without changing authorities
• Produces alerts on events such as
exceeding authorized time
• Generates reports in a variety of formats
• Allows integration with ticketing systems
Enables regulatory compliance
and security best practice
• Generates an audit trail of actions by
elevated profiles for compliance auditors
• Makes it easy to manage requests for
elevated authority on demand
• Enforces segregation of duties
• Satisfies security officers by reducing the
number of powerful profiles and
maintaining a comprehensive audit trail
• Produces necessary alerts and reports
• Significantly reduces security exposures
caused by human error
• Reduces risk of unauthorized access to
sensitive data
Comprehensive monitoring of
elevated profiles
Assure Elevated
Authority Manager
13

14. CHALLENGE
• Large division of a global manufacturing
organization in the Asia Pacific region
• Required to comply with Financial Instruments
and Exchange Law (J-SOX)
• Failed audit dry run as their manual process
for managing vendor authorities failed to
consistently revoke authorities
SOLUTION
• Assure Elevated Authority Manager
• Closed vendor access to M3 by default
• If M3 access is granted, it is automatically
revoked after a period of time
BENEFITS
• Regulatory compliance
• Eliminated human error through automation
• Increased security
Compliance and
automation of authority
management tasks with
Assure Elevated
Authority Manager
Customer
Story
14

15. Assure System
Access Manager
Comprehensive control of
external and internal access
• Network access (FTP, ODBC, JDBC, OLE
DB, DDM, DRDA, NetServer, etc.)
• Communication port access (using ports,
IP addresses, sockets - covers SSH, SFTP,
SMTP, etc.)
• Database access (open-source protocols -
JSON, Node.js, Python, Ruby, etc.)
• Command access
Powerful, flexible and easy to
manage
• Easy to use graphical interface
• Standard configuration provided for out-
of-the-box deployment
• Powerful, flexible rules for controlling
access based on conditions such as
date/time, user profile settings, IP
addresses, etc.
• Simulation mode for testing rules without
impact to the users
• Provides alerts and produces reports
• Logs access data for SIEM integration
Secures IBM i systems and
enables regulatory compliance
• Supports regulatory requirements for SOX,
GDPR, PCI-DSS, HIPAA, and others
• Satisfies security officers by securing
access to IBM i systems and data
• Significantly reduces the time and cost of
achieving regulatory compliance
• Enables implementation of security best
practices
• Quickly detects security incidents so you
can efficiently remediate them
• Has low impact on system performance
15

16. CHALLENGE
• Large regional bank in Latin America
• Quick compliance with governmental and PCI
DSS regulations
• Needed to expand control of IBM i access and
transaction auditing capabilities
SOLUTION
• Assure System Access Manager
• Assure Monitoring and Reporting
BENEFITS
• Regulatory compliance
• Compliance with internal security policies
• Satisfaction with the security of their
customer’s sensitive financial information
• Measures in place to combat unauthorized
activity
• Automated reports routed to the proper
people
Assure System Access
Manager enables
compliance with internal
and external
requirements for
secured access to
sensitive financial data
Customer
Story
16

17. Secure File Transfer
Securely transfer files across
internal or external networks
using encryption
Tokenization
Remove sensitive data from a
server by replacing it with
substitute values that can be used
to retrieve the original data
Encryption
Transform human-readable
database fields into unreadable
cypher text using industry-
certified encryption & key
management solutions
Assure Data
Privacy
17

18. Assure
Encryption
The only NIST-certified solution
for IBM i encryption
• Automatic encryption for Db2 data using
IBM i Field Procedures (IBM i 7.1 or greater)
• AES encryption algorithms are optimized for
performance
• Built-in masking of decrypted data
based on user or group
• Built-in data access auditing
• Includes encryption commands for Save
Files, IFS, and much more
• Extensive encryption APIs for RPG & COBOL
• Easily addresses issues of encrypted indexes
in legacy RPG programs
• Includes tokenization to replace sensitive
data with substitute values or “tokens”
Supports multiple key
management options
• Encryption keys must be protected since
encryption algorithms are public
• Compliance regulations require proper
key management
• Assure Security supports multiple key
management options
• Local key store provided
• Built to integrate with Townsend
Security’s FIPS 140-2 compliant
Alliance Key Manager, available as:
• VMware appliance
• Hardware Security Module (HSM)
• Cloud HSM (AWS, Azure)
• Other OASIS KMIP compliant key
management solutions
Enables regulatory compliance
and security best practice
• Encrypts data without impacting
applications
• Protects data from unauthorized access by
internal staff, contractors and business
partners – as well as criminal intruders
• Meets requirements of regulations that
mandate sensitive data protection such as
HIPAA/HITECH, PCI-DSS, state privacy laws
and more
• Builds your customer’s confidence in doing
business with you through NIST validation
18

19. CHALLENGE
• Multi-national retailer committed to making it
safe and easy to buy their products
• Implementing strong encryption in an IT
environment with high-end servers running
24/7 and a 2B transaction per day workload
• Encryption cannot impact the customer
experience by slowing down transactions
SOLUTION
• Assure Encryption
• Assure Secure File Transfer – with PGP option
BENEFITS
• Protection of their customer’s private
information
• No performance degradation
• Encrypted and moved 12 Gigabyte file in under
45 minutes (hours faster than competitors)
• Confidence in their NIST-certified solution
Strong encryption with
minimal performance
impact was quickly
achieved using Assure
Encryption to secure
customer’s private
information
Customer
Story
19

20. Assure Secure
File Transfer
Secures data transferred with
trading partners or customers
• Secures data moving across internal or
external networks by encrypting it before
transfer & decrypting it at the destination
• Encrypts any file type including Db2
database files, flat files, IFS files, Save
Files, and spooled files
• Supports common transfer protocols
• Secure Shell (SSH SFTP)
• Secure FTP (SSL FTPS)
• Records all encryption and file transfer
activity to meet compliance requirements
• Offers a PGP option to encrypt data at the
source and destination location
• PGP encrypted files can be received from
any other system including Windows,
Linux, and UNIX
Enables centralized
management and automation
• Automatically enforces data protection
with centrally managed policies
• Intelligently negotiates firewalls
• Configurable in a hub-and-spoke
configuration to automatically manage all
your file transfer needs
• Provides email, SNMP, message
notifications and alerts
• Supports email confirmation of transfer
with distribution list
• Provides APIs and commands for
integration with RPG, COBOL applications
and CL programs
• Supports encrypted ZIP and PDF
Enables regulatory compliance
and security best practice
• Protects data from being seen in clear text
when transferred across networks
• Meets requirements of regulations such as
PCI, HIPAA and others that require
encrypted transfer and logging of transfer
activity
• PGP option provides cross-platform,
standards-based encryption that works
with all other PGP solutions
20

21. CHALLENGE
• Gaming and hospitality company
• Needed to securely send ACH funds to their
bank on a nightly basis using Secure Shell SFTP
• Struggled with manual transfer processes
SOLUTION
• Assure Secure File Transfer
BENEFITS
• All transfers are protected by encryption
• Files are automatically detected and
transferred using SFTP
• Staff is alerted by email of any transfer failures
• Files are backed up in archive to simplify
retransmissions
• Full audit trail of transfers available for
compliance
Assure Secure File
Transfer protects files
transferred over
networks from being
seen in the clear while
automation simplifies
the transfer process and
prevents human error
Customer
Story
21

22. SIEM Integration
Integrate IBM i security data with
data from other platforms by
transferring it to a Security
Information and Event
Management console
System & Database
Auditing
Simplify analysis of IBM i journals
to monitor for security incidents
and generate reports and alerts
Assure
Compliance
Monitoring
Db2 Data Monitoring
Monitor for views of sensitive
Db2 data and optionally block
data from view
22

23. Assure Monitoring
and Reporting
23
Comprehensive monitoring of
system and database activity
• Simplifies the process of analyzing complex
journals
• Monitoring for system and database
changes available separately or together
• Powerful query engine with extensive
filtering enables identification of deviations
from compliance or security best practice
• Out-of-the-box, customizable models
supplied for common ERP solutions and
GDPR compliance
• Application modifications not required
Produces clear, easy-to-read
alerts and reports
• Provides security and compliance event
alerts via e-mail popup or syslog
• Enables easy creation of customized reports
that can be generated continuously, on a
schedule or on-demand
• Supports multiple report formats including
PDF, XLS, CSV and PF formats
• Distributes reports via SMTP, FTP or IFS
• Add-ons available to send security data to
SIEM consoles such as IBM QRadar,
ArcSight, LogRhythm, LogPoint, Netwrix and
Splunk
Benefits of monitoring and for
compliance & security
• Quick identification of security incidents
and compliance deviations
• Monitors the security best practices you
have implemented
• Enables meeting regulatory requirements
for GDPR, SOX, PCI DSS, HIPAA and others
• Satisfies requirements for a journal-based
audit trail
• Provides real segregation of duties and
enforces the independence of auditors

24. CHALLENGE
• Governmental agency responsible for valuable
natural resources
• Data security required by regulations
• Requests for reports on changes to property
records took hours of programmer time
• Programmers wasted time sifting through
database journals for audit reporting, security
monitoring, and disaster recovery
SOLUTION
• Assure Monitoring and Reporting
• Assure System Access Manager also locks
down system and command access
BENEFITS
• Met regulatory compliance requirements
• Accurate, fast, readable reports for
management
• Saves countless hours of programmer time
Assure Monitoring and
Reporting dramatically
simplified analysis of
changes to IBM i data to
produce accurate,
readable reports and
achieve compliance
Customer
Story
24

25. Assure Db2
Data Monitor
Gives you complete control
over sensitive data access
• Monitors Db2 data to inform you of who
has viewed sensitive records in a file,
when and how
• Rich set of rules enable fine tuning of
read-access detection and alerts (e.g.
specific access of a specific file)
• No need to change existing applications
• Generates reports in multiple formats and
real-time alerts
• Blocking mode prevents users from
reading specified information in a file
• Simulation mode available for testing
rules to ensure blocking doesn’t disrupt
normal activities before deployment
Produces clear, targeted
reports on data views
• Reports could show on views of:
• Manager salaries
• Medical data
• Credit information
• Reports can include information on how
data was accessed, such as:
• IP address
• Current user
• Call stack
• And more
• Specify only the fields you need to see in a
report, not the entire record, to keeps your
confidential data truly confidential
Meets even the most stringent
compliance and security needs
• Meets the most stringent regulatory
requirements for confidential data
• Reduces the risk of accidental data
disclosure
• Deters illicit or criminal activity
25

26. CHALLENGE
• Bank’s databases contained highly confidential
financial information
• When an employee viewed a critical file, the
bank could not prove whether or not critical
records in the file were compromised
SOLUTION
• Assure Db2 Data Monitor
BENEFITS
• Alerts the bank to views of critical records
• Logs views of sensitive data to satisfy
compliance auditors
• Gives the bank confidence in their security and
regulatory compliance
Security for sensitive
database records and
regulatory compliance
with Assure Db2 Data
Monitor
Customer
Story
26

27. Security Risk
Assessment Service
Let Syncsort’s team of security
experts conduct a thorough risk
assessment and provide a report
with remediation guidance
Security Risk
Assessment Tool
Thoroughly check all aspects of
IBM i security and obtain detailed
reports and recommendations
Risk
Assessment
27

28. Security Risk
Assessment
What It Is
• A security risk assessment is a thorough
check of all aspects of system security,
including (but not limited to):
• Security settings in the OS
• Default passwords
• Disabled users
• Command line users
• Distribution of powerful users
• Library authorities
• Open ports
• OS exit points
• Risk assessments tools or services
provide detailed reports on findings,
explanations and recommendations for
remediation
• Assessment summary for non-technical
management summarizes findings
Benefits
• Helps to satisfy the requirement for
annual risk assessments found in
regulations such as PCI DSS and HIPAA
• Results in reports that inform
management and administrators about
security vulnerabilities and remedies
• Saves time by automating (tool) or
offloading (service) the process of
conducting as assessment
• Using a service or tool that encapsulates
extensive experience can fill skillset gaps
• Provides separation of duties between
administrator and auditor
28
Category
# of
Checks
OK Warning High Risk
System Values 23 7 10 6
User Profiles 20 3 8 9
Object Authorities 10 1 4 5
Network Access 2 0 2 0

29. CHALLENGE
• Global insurance company was consolidating
IBM i systems into regional data centers
• Required a security assessment on any
hardware coming into the facility
• Vulnerabilities had to be remediated before
the system could go live in the data center
SOLUTION
• Security Risk Assessment from Syncsort
BENEFITS
• Assure Security Risk Assessment pointed out
vulnerabilities for each system in detail
• Syncsort Global Services provided guidance on
the report and remediation
• Threats were remediated and the servers were
consolidated into the data center
Visibility into IBM i
security vulnerabilities
with detailed guidance
on remediation using
Assure Security Risk
Assessment
Customer
Story
29

30. Integration with
Syncsort HA Products

31. • New graphical dashboard will provide a view
of status across all Assure products
• MIMIX for IBM i 9.0.9 (released January 24)
• Quick-EDD/HA
• Assure Security
New Enterprise Monitor
• Delivered as a VSP portlet, but uses its own email-based
communication method
• Ideal for monitoring status for:
• Users who could not use VSP due to firewall issues
• Users with access restrictions that prevented VSP use
• Products that don’t yet have VSP interfaces
31

32. Failover Integration
Assure Security is integrated with
• MIMIX Availability
• Quick-EDD/HA
Integration into automated failover
scripts ensure Assure Security is fully
active after a switch
Production
Server
HA/DR
Server
Syncsort HA

33. Security Services
from Syncsort

34. Flexible services offerings for security
• Security risk assessment
• Quick start services
• Quick check services
• Security update services (installing hot fixes, PTFs, new releases, etc.)
• System update services (ensuring security solution is properly configured
after system changes to IP addresses, OS versions, etc.)
• Auditor assist (supporting internal or external auditors)
• Managed security services
• A la carte consulting
Leverage Syncsort’s team of seasoned security experts!
Global Professional Services
Add Value to Your Investment
34

35. Managed Security Services
Protect your business with the highest levels of security
through Syncsort’s exclusive Managed Security Services.
Let the experts in Syncsort’s Global Services team handle
monitoring, optimization, software updates and auditing
of your security solution so that staff can focus on other
IT priorities.
• Reduce the chances of a security breach or
compliance violation
• Free your IT staff to work on other important projects
• Benefit from the vast experience of Syncsort experts
• Enjoy the latest security features through automated
software updates
• Choose the level that meets your needs
Receive all of the Gold Level services plus Daily Monitoring
of your Syncsort Security solution which includes Intrusion
Detection and we provide auditor assistance services.
PLATINUM
We conduct daily monitoring of your security settings,
manage your security configuration, and provide weekly
status reports. Plus, we’ll install hot fixes of your Syncsort
Security solution, PTFs and version upgrades.
GOLD
Our experts perform security health checks every day,
review the findings, and make approved adjustments as
needed providing a weekly report.
SILVER
We double check your security environment daily and
provide a monthly report on the health of your security
settings.
BRONZE
35

36. The Assure Security
Advantage

37. Assure Security delivers innovative capabilities that lead the
market in multiple facets of security:
✓ Comprehensive control of both legacy and modern IBM i system
access points
✓ NIST-certified encryption, including integration with FIPS-
compliant, off-platform key management from Townsend Security
✓ Powerful, flexible multi-factor authentication with RSA certification
✓ Unique and innovative new solution for monitoring views of highly
confidential data
✓ Ability to forward IBM i security data to leading SIEM solutions,
including QRadar certification
✓ Integration with Syncsort HA solutions via monitoring dashboard
and failover scripting
Assure Security Advantages
37

38. • Reduces the time and expense required to achieve regulatory compliance
• Reduces IT workloads by automating common security management tasks
• Comprehensively monitors system and database activity
• Quickly detects security incidents and compliance deviations
• Prevents unauthorized access to systems and data
• Protects data privacy at-rest and in-motion to prevents breaches
• Provides real segregation of duties
• Supports security best practices
Assure Security
Is the Clear Choice
38
S u p p o r t s C o m p l i a n c e w i t h
GDPR PCI-DSS
SOX HIPAA
GLBA HITECH
23 NYCRR 500 and more

39. Questions?
For more information visit
www.syncsort.com/assure-security