iSecurity AP-Journal: Database Security Monitoring

iSecurity AP-Journal is an Application Security and Business Analysis Solution for the IBM i.

AP-Journal protects business-critical information from insider threats as well as external security breaches. It keeps managers closely informed of important changes in their business-critical data and streamlines journaling procedures.

Users can integrate information from various files and view all changes relating to a specified business item. In addition, AP-Journal helps enforce business rules by triggering external functions.

With its unique technology, AP-Journal logs database access (READ operations) directly into the journal receivers. This functionality, which OS/400 journaling does not provide, constitutes an important component of compliance.

By providing a timeline report of all changes relating to application data, AP-Journal reduces unauthorized activity and enables users to meet regulatory requirements. It also issues real-time alerts to inform managers of any changes in application databases or unapproved access to critical data.

• Addresses PCI, SOX, HIPAA, etc. requirements
• Long-term storage of sensitive information, independent of journal receiver lifecycle
• Advanced filtering enables saving only important information, to suit storage limits
• READ operations selectively added to Journal, for compliance with PCI requirements
• Real-time alerts on changes in business-critical data & access, sent as operator messages, e-mail, SMS, SYSLOG; CL Scripts execution
• Timeline and cross-application reports based upon user-defined business items
• Report data can include key fields, description fields and modified fields (highlighted)
• Output as Online, Print, HTML, PDF, Outfile & Email
• Filter according to “before” or “after” values of each database field. Boolean And/Or, EQ, GT, LE… N/LIKE, N/LIST… conditions refer to percentage or absolute value changes
• Runs on a High Availability system, reducing performance impact on Production Systems
• Real-time or scheduled operation mode

• Who modified file PAYMENTS between 20:00 and 06:00 during vacation; among those, who reduced the PAYMENT_AMOUNT by more than 15%?
• Who worked on the SALARY file during non-standard business hours, and accessed employees whose salaries exceed $5,000 monthly?
• Provide John with a timeline report of all changes made to his MORTGAGE (covering the dozens of files in the MORTGAGE application), during the past 25 years.
• Send an SMS message and e-mail to the company’s Chief Security Officer when the PRICE_OF_ITEM changes by more than 4%.
• Send a SYSLOG message and operator message when the PRICE_OF_ITEM for an ITEM shipped last month changes by more than $6.20.
• Send an e-mail when anyone accesses the record of an employee whose monthly SALARY is greater than $5000.
• What users who are not in the HR department modified the SALARIES table?
• What changes to the hospital’s PATIENTS file were made via utility application DFU?