ENFORCIVE ENTERPRISE SECURITY SUITE

v i s i o n s o l u t i o n s . c o m1

End-to-End Security and Compliance Management for the IBM i EnterpriseThe Enforcive Enterprise Security Suite for IBM i is the single most comprehensive and easy-to-use security and compliance solution for IBM i (AS/400). With over twenty fully integrated GUI-controlled security, auditing, and compliance modules, this software suite enables system administrators, security officers and auditors to easily manage security and compliance tasks efficiently and effectively.

Managing Security: Beyond the Green ScreenIn response to today’s world of privacy breaches, complex regulatory requirements and evolving threats, Enforcive enables security officers to identify suspicious behavior on the network, drill down to the appropriate user, IP address or object and take appropriate action quickly. The enterprise-wide perspective that Enforcive provides, significantly enhances current green screen reporting capabilities.

Multiple System ManagementManaging security by grouping systems significantly reduces reporting overload and simplifies enterprise level security policy implementation via:• A common interface to manage multiple servers/partitions• Access Control Policy Replication to remote systems• A User Profile Propagation across systems• Cross-System Compliance reporting and auditing

Graphical User Interface: Empowering SecurityEnforcive Enterprise Security is fully GUI-enabled. This allows security officers to easily roll out access management policies and makes journals and logs easy to manage and interpret. Security officers can monitor high-level policies enterprise-wide and drill down to the user or object in a matter of seconds. It also gives organizations the opportunity to involve “non-green screen” IT professionals in security related tasks.

Security Lockdown

Auditing

Compliance Management

Figure 1: Enforcive Enterprise Security GUI

Included Modules Within Enterprise Security Suite

• Alert Center• Application Access Control• Application Analyzer• Application Audit• Central Audit• Control Panel• ES Administration roles• File Audit• Inactive users• Inquiries• Management• Message Queue Audit• Object Authorizations• QHST Log Audit• Report Generator• Session Timeout• SOX Compliance Toolkit• SQL Statement Audit• System Audit• User Profiles

Add-On Modules

• Compliance Accelerator Package• Data Provider• Field Encryption• Firewall Manager• Password Self Service• Policy Compliance Manager

v i s i o n s o l u t i o n s . c o m2

Enterprise Security Suite: Included ModulesAlert CenterCreates instant notifications of transactions, data events, and compliance deviations.

Application Access ControlComprehensive exit point control, including ODBC, JDBC, FTP, IFS, etc.

Application AnalyzerGraphical viewpoint of application access activity to the IBM i.

Application AuditDetailed log of network and native exit point activity with powerful filtering tools.

Central AuditCombined archive and audit facility containing logged events of many kinds of activity.

Control PanelAllows you to define parameters and default values in Enterprise Security Suite.

ES Administration rolesOffloads help desk tasks while maintaining security and compliance requirements.

File AuditField level auditing of files provides comprehensive views of changes to data.

Inactive UsersUser management includes ad-hoc restoration of deleted user profiles.

InquiriesPre-defined reports of security definitions, authorities, etc., based on best practices.

ManagementHelps group systems to significantly reduce reporting overload.

Message Queue AuditAnalyze and report on the behavior of users, applications, and group messages.

Object AuthorizationsGUI-based control of native object authority.

QHST Log AuditSaves events from IBM i QHST files and makes them available for subsequent audits.

Report GeneratorProvides a complete solution for defining, optimizing, distributing, and archiving reports.

Session TimeoutCapability to set session time-outs and policies for inactive users.

SOX Compliance ToolkitSet of pre-defined alerts and reports tailored to SOX compliance auditing needs.

v i s i o n s o l u t i o n s . c o m3

SQL Statement AuditAllows you to monitor and audit internal SQL events on the system.

System AuditLog for the system journal to manage logging policies, view events, and create reports.

User ProfilesEfficient and effective portal for IBM i user management.

Enterprise Security Suite: Add-On Modules

Security LockdownEnforcive Enterprise Security provides piece of mind regarding external accessibility. Easily protect exit points, manage user profiles, and implement group policies for all enterprise systems. Lockdown is first performed in “warning mode” to allow for the gathering of pertinent security events and reveal usage patterns. Once a thorough analysis has been conducted, security lockdown and access control can commence through the use of the following modules:

Password Self Service (Green Screen Only)Enforcive’s Password Self-Service (PSS) streamlines password management into an autonomous process that enables end-users of IBM i and Windows to securely manage their passwords independently. End-users who do not remember their password for a particular system or want to synchronize a new password across all or select systems can now be given the ability to do so instantly on their own. No longer would such users need to be escalated to the helpdesk.

PSS helps your organization:• Offload administrative password management procedures from helpdesk teams• Improve overall security through highly customizable user identification processes• Enforce password criteria and expiration interval controls• Synchronize new passwords across multiple systems and platforms• Maintain an audit trail of password reset activity

Figure 2: Password Self Service - Green Screen Menu

7/23/17

v i s i o n s o l u t i o n s . c o m4

Firewall ManagerA dedicated software-based firewall for the IBM i. It incorporates a user friendly graphical user interface that simplifies the implementation of port based access policies. Firewall Manager also allows you to monitor and secure all inbound and outbound TCP/IP connections to your IBM i environments.

Field-Level EncryptionEnforcive Field Encryption is the simplest and safest way to secure IBM i sensitive data. It is a comprehensive platform for file- and field-level encryption as well as masking and scrambling.

Enforcive’s Encryption provides:• Increased Data Protection. Encryption adds a vital layer to the security of an

organization’s sensitive data. Enforcive provides GUI-Managed Field Level Security, preventing even power users from accessing data in fields that require limited access. Unauthorized users will not be able to see the encrypted data, even when they try to access it through journals.

• Compliance. Requirements such as the PCI Data Security Standard (Requirement 3) specifies protection of stored cardholder data. Enforcive’s encryption and decryption mechanism uses universally accepted algorithm standards.

• Application Independence. Enforcive Field Encryption has been engineered to minimize impact on mission critical applications that could be affected by the encrypting and decrypting processes. Existing database file structures remain unchanged. Organizations will typically not require any program changes.

AuditingPowerful auditing and reporting capabilities offer a documented audit trail of your system’s security definitions, events, and activities with high granularity of user, IP address, object, field, etc. This is accomplished through the following functionality:

Data ProviderOrganizations looking to consolidate IBM i events with events from other platforms can do so using the Data Provider. Security officers can easily configure Enforcive Enterprise Security to export events in syslog format to third party log management and SIEM products.

Figure 3: Data Provider GUI

v i s i o n s o l u t i o n s . c o m

Compliance ManagementSimplify enterprise-wide compliance management and deviation monitoring with pre-defined templates that address regulatory requirements such as SOX and PCI DSS. Enforcive assists diverse teams in unifying their compliance efforts by eliminating redundancy and reducing the complexity of regulatory adherence. Compliance can be achieved by using:

Policy Compliance ManagerTemplate-based control of native definitions, deviation reporting, and remediation. Templates can be defined using every parameter provided by the operating system. Once defined, the template can be checked against the actual definitions in the system. The check produces a report showing any deviations from your template(s). After checking the deviations, you have the option of aligning the actual definitions in the system with the specified policy through a fix function. Templates can be created for password settings, object definitions, user auditing, etc. Included are also options for system responses such as disabling a user or revoking special authority status for particularly egregious violations.

Compliance Accelerator PackagesExtensive sets of predefined reports, alerts, and compliance definitions mapped to specific regulatory standards such as SOX, PCI DSS, ISO, and COBIT. This package allows companies to speed up their regulatory compliance projects by leveraging Enforcive’s experience of IBM i-based compliance.

5

Figure 4: Policy Compliance Manager Deviations

v i s i o n s o l u t i o n s . c o m

Enterprise Security Suite: Power PacksNetwork SecurityEasily protect exit points, manage ports/IP addresses, and implement group policies all for enterprise systems. Application Access Control is an independent security layer for the IBM i which can control access to the TCP/IP network, block intruders and malicious users, and reduce data corruption liability. Along with Firewall Manager and Policy Compliance Manager, users will have peace of mind regarding external accessibility.

Authority SwapAdopt authorities for specific needs without revealing the password of the adopted user. It allows you to temporarily give an individual or group of users the system object authority and the network permissions of another user. Additionally, the actions executed under swap and objects created by them are seen by the operating system as being done by the swapped user, rather than the original user.

Security MonitoringA wide variety of auditing, alerting, and reporting tools right at your fingertips.

AuditingModules enable full journal and audit log analysis while providing tools to manage event categories in journal and logs while providing its own logs for events not covered.

AlertingThe Alert Center incorporates built-in intrusion detection and alerting mechanisms for the IBM i to provide real-time security and compliance monitoring with instant email and pop-up alerts.

ReportingThe Report Generator provides a complete solution for defining, optimizing, distributing, and archiving reports within your IBM i environment. The tool provides users complete control over integrating and presenting their system data to meet the specific needs of an organization.

IBM i Log TransferAn efficient way to setup, filter, and send logs or event sets that have been collected from the system. Each of the data sources can be analyzed using unique collection criteria and administrators can choose where to send the extracted events. Administrators can also choose when data will be collected, whether it is in real time or scheduled.

Regulatory ComplianceCreate, document, and maintain compliance across an organization. The Policy Compliance Manager provides template-based control of native definition, deviation reporting, and remediation with the four regulations of the accelerator package. Also included are modules for encryption, reporting, and alerting.

6

Included Modules

Network Security• Application Access Control• Application Analyzer• Application Audit• Central Audit• Control Panel• ES Administration Roles• Firewall Manager• Management

Authority Swap• Alert Center• Application Access Control• Central Audit• Control Panel• ES Administration Roles• Report Generator• System Audit

Security Monitoring• Alert Center• Central Audit• Control Panel• ES Administration Roles• File Audit• Management• Message Queue Audit• QHST Log Audit• Report Generator• SQL Statement Audit• System Audit

IBM i Log Transfer• Application Audit• Central Audit• Control Panel• Data Provider• ES Administration Roles• File Audit• Message Queue Audit• QHST Log Audit• SQL Statement Audit• System Audit• View Data

Regulatory Compliance• Accelerator Package• Alert Center• Control Panel• ES Administration Roles• Field Encryption• Policy Compliance Manager• Report Generator

v i s i o n s o l u t i o n s . c o m7

Easy. Affordable. Innovative. Vision Solutions.

Vision Solutions is a leading provider of business resilience solutions – high availability, disaster recovery, migration, data replication and security – for IBM Power Systems. For more than 25 years, customers and partners have trusted Vision to protect and modernize their environments, whether on-premises or in the cloud.

Visit visionsolutions.com and follow us on social media, including Twitter, Facebook and LinkedIn.

Find us on:Facebook: http://www.facebook.com/VisionSolutionsIncTwitter: http://twitter.com/VSI_PowerYouTube: http://www.youtube.com/VisionSolutionsIncVision Solutions Blog: http://www.visionsolutions.com/blog

15300 Barranca ParkwayIrvine, CA 926181.949.253.6500 1.800.683.4667

visionsolutions.com

© Copyright 2017, Vision Solutions, Inc. All rights reserved. IBM and Power Systems are trademarks of International Business Machines Corporation.