Home » Security » Action

iSecurity Action 

Real-Time Protective Actions for iSeries Security

Action sox compliance

iSecurity Action is an essential part of the IDS (Intrusion Detection System) that includes real-time alarms and protective response mechanisms for IBM i servers. These warnings can be sent in multiple formats including email, MSGQ, SMS, Syslog, SNMP and even Twitter. User sessions can be

terminated or blocked, applications activated or reactivated and file names changed via a CL script generator.

iSecurity Action Key features

  • Identification of security breaches and intrusions with automatic, immediate warning notifications to the relevant parties.
  • Simple, intuitive mechanism for defining potential security breaches and critical system related events.
  • Real-time alerts sent via e-mail, MSGQ, SMS, Syslog, Twitter, SNMP, etc.
  • Alert messages can be event-specific, including replacement variables or standard alert messages
  • Activation of automatic, immediate responses to security events, Audit Log events, and computer status and operator messages.
  • CL Script Generator which defines corrective responses.

Action is a powerful IBM i security enhancing solution that intercepts security breaches and other events in real-time and immediately takes appropriate informative and corrective action. Actions may include sending alert messages to key personnel and/or running command scripts or programs that take corrective steps.

Action alerts can be sent as Syslog messages to any SIEM system, SMS, SNMP, e-mail, MSGQ or Twitter messages.

Raz-Lee’s Syslog capabilities are “RSA Certified” for enVision, providing an RSA-support integration between the RSA enVision and iSecurity.

In today’s business environment, it is not enough to discover and report on a security problem after it occurs. Traditional audit software provides useful historical data after the fact but often lacks state-of-the-art functionality to provide relevant managers with alerts and enable corrective specific corrective actions.

Action provides a comprehensive, easy-to-use solution. For example, if a user attempts to copy a critical file, Action can send an SMS message to the security officer’s mobile phone and automatically sign off and disable the offending user. Scripts can even initiate actions that execute if an appropriate response does not occur within a specified period of time!

Action real-time detection continuously monitors the system for a wide variety of security and other system events, including:

  • Events detected by Audit real-time auditing
  • Transactions detected by Firewall network security rules
  • Viruses detected by Anti-Virus, suspicious data changes by AP-Journal and more
  • Active job status and checking for jobs that are not active
  • Current system and memory pool status

It is extremely easy to define rules and actions with the Action Rule Wizard feature. Rules trigger actions and alerts based on one or more parameters associated with a particular event.  Examples of selection parameters include user, date, time, job, workstation, library, object name, IP address, command, job name, etc. 

Rule criteria use many different boolean operators such as: equal/not equal, greater than /less than, like/not like, “contained in list”, “starts with”, etc., and even Group/Item. For example “NE ALLUSERS/MANAGER” would filter events which were initiated by a non-manager! No other security alert/action system offers such power and flexibility.

Action includes additional security features such as automatic disabling of inactive users, restricting user access during planned absences and control over creating and running programs that use adopted authority.

  • Alert messages sent via Syslog, SNMP, e-mail, SMS, MSGQ or Twitter
  • Automatically takes corrective actions by running command scripts or programs
  • Rule Wizard makes definition process simple for non-technical users
  • Rules can use many different selection criteria
  • Built-in command script interpreter with replacement variable support
  • Responds to events detected by Audit, Firewall, AP-Journal, Anti-Virus, Authority on Demand, etc.
  • Responds to current system status parameters and active jobs
  • Restrict user access during vacations, holidays and other planned absences
  • Automatically disables inactive user profiles
  • Tight control over authority adoption
  • Specially designed for use by non-technical users such as auditors, managers and administrators
  • Alerts keep security officers and administrators informed about security breaches in real-time
  • Automatic corrective actions minimize damage from security breaches and prevent recurrence
  • You determine exactly what will happen, when it will happen, and under what conditions
  • User access control features ensure that authorized users have access to the system only at appropriate times
  • Adopted authority control prevents users from bypassing system security
  • Superior human engineering ensures security implementation quickly, efficiently, and without requiring expensive security consultants

Related IBM i Auditing Products

Audit compliance with gdpr

Audit

Read more

Visualizer ibm i audit

Visualizer

Read more