Effective Security Monitoring for IBM i: What You Need to Know
Download as PPTX, PDF0 likes44 views
The document discusses the importance of effective security monitoring for IBM i systems, highlighting the rising costs of data breaches and the need for increased visibility and monitoring. It emphasizes that security visibility and monitoring are essential for rapid incident response, compliance, and data integrity, alongside using SIEM systems for comprehensive data analysis. Additionally, it includes information on customer success stories and the benefits of integrating IBM i security solutions for better management and compliance.
Effective Security Monitoring for IBM i: What You Need to Know
- 1. Effective Security Monitoring for IBM i: What You Need to Know Bill Hammond | Director, Product Marketing Bill Peedle | Principal Sales Engineer
- 2. Today’s Topics • Introductions • Visibility is essential • Assure Monitoring and Reporting • Demo • Customer stories • Q & A 2
- 3. Visibility is essential for effective security
- 4. https://www.ibm.com/downloads/cas/E3G5JMBP 4 IBM Security Cost of a Data Breach Report
- 5. Key findings from report 5 Average total cost of a breach • The average cost of a data breach reached an all-time high in 2023 of USD 4.45 million. • This represents a 2.3% increase from the 2022 cost of USD 4.35 million. • Average cost has increased 15.3% from USD 3.86 million in the 2020 report Percentage of organizations planning to increase spending • Participants were almost equally split on whether they plan to increase security investments because of a data breach. • The top areas identified for additional investments • Incident response (IR) • Planning and testing • Employee training • Improving threat detection The effect of extensive security AI and automation • Results in, on average, a 108- day shorter time to identify and contain the breach. • Experienced lower data breach related costs of roughly USD 1.76 million
- 6. Additional information from study 1 in 3 USD 1.02M Number of breaches identified by an organization’s own security teams or tools Average cost difference between breaches that took more than 200 days to find and resolve, and those that took less than 200 days 53.3% 82% Since 2020, healthcare data breach costs have increased 53.3% The percentage of breaches that involved data stored in the cloud— public, private or multiple environments
- 7. Costs of a data breach by industry 7
- 9. Impact of identifying the breach 9
- 10. Understanding monitoring vs. visibility Security Monitoring • The process of collecting and analyzing data from security systems and networks to detect and respond to security threats. • Data is gathered from a variety of sources, such as firewalls, access detection systems, and SIEM (Security Information and Event Management) • Data is analyzed to identify suspicious activity or threats • Enabling an informed response to the threat Security Visibility • The ability to see all aspects of an organization's IT environment, including networks, systems, and applications • Includes having visibility into all of the IT infrastructure including the users and devices • Security visibility is essential for security monitoring, as it allows security teams to identify and investigate suspicious activity.
- 11. Achieving visibility Collect the right data Use a SIEM system Implement alerting Know your assets and risks Monitor continuously
- 12. Monitoring Security is Essential Monitoring changes to systems and data is necessary for: • Rapid response to security and data integrity issues • Preventing deviations from compliance and security policies • Ensuring application integrity and performance Monitoring and logging enables forensics and auditing goals • Proactively identifying subtle patterns of malware and ransomware • Supporting discussion of security issues with executive teams • Establishing and improving Data Governance practices Regulations require that you track changes to your system and its data • PCI DSS • HIPAA • GDPR • SOX • CCPA • 23 NYCRR 500 • and many more
- 13. Monitoring IBM i Security 13 A strong IBM i security foundation requires solutions that monitor all system and data activity in detail – and capture vital security data in log files IBM i offers many detailed and secure audit logs • System Journal – QAUDJRN • Database (Application) Journals – for Before and After Images • Other IBM Journals are available • QHST Log Files – DSPLOG Command • System Message Queues – QSYSOPR, QSYSMSG Turn on auditing, save journal receivers, and take advantage of everything the operating system can log for you!
- 15. Assure Monitoring & Reporting 15 Comprehensive monitoring of system and database activity • Provides security and compliance event alerts via e-mail popup or syslog • Forwards security data to Security Information and Event Management (SIEM) consoles including • IBM QRadar, ArcSight, LogRhythm, LogPoint, and Netwrix • Includes out-of-the-box, customizable models for ERP applications or GDPR compliance • Serves as a powerful query engine with extensive filtering • Produces clear, easy-to-read reports continuously, on a schedule or on- demand • Supports multiple report formats including PDF, XLS, CSV and PF formats • Distributes reports via SMTP, FTP or the IFS • No application modifications required
- 16. Assure Monitoring and Reporting 16 Key Benefits: • Comprehensive system and database activity monitoring • Enables quicker reaction to security incidents and compliance deviations when they occur • Supports integration of IBM i into enterprise SIEM systems • Helps establish and enforce segregation of duties • Simplifies analysis of complex journals and enables more frequent and detailed reporting • Enables compliance with GDPR, SOX, PCI DSS, HIPAA and other regulations and industry standards • Provides a stronger foundation for Data Governance and Data Integrity
- 17. Assure Monitoring and Reporting UI Demo
- 18. Customer Stories
- 19. Presentation name 19 Rocky Marquiss Sr. Programmer Analyst Campbell County, Wyoming
- 20. OBJECTIVE • Consolidate multiple vendors into a single solution • Move IBM i security to a centralized corporate department • Leverage existing skills on security tools they were already using (IBM QRadar SIEM) CHALLENGES • Required global security logging, but lacked a centralized global solution for collecting IBM i security logs • Highly complex high-transaction banking applications that are managed by different teams worldwide • Inability to collect, filter, consolidate and forward key IBM i security logs to IBM QRadar SIEM • Need for standardized, centralized, corporate- wide solution with minimal impact to performance SOLUTION • Assure Monitoring and Reporting and IBM QRadar • Assure Monitoring and Reporting for required security reports via email in CSV or PDF BENEFIT • Corporate security team can manage IBM i security logging across the enterprise without having specialized IBM i skills • Have a single vendor and solution to provide unmatched expertise for both IBM i security and IBM QRadar • Corporate security team can use the same tools and workflow that they use throughout the enterprise (IBM QRadar SIEM) 20 Multi-national Financial Services Firm
- 21. Q & A