For more information on LEM, visit: http://www.solarwinds.com/log-event-manager.aspx Watch this webcast: http://www.solarwinds.com/resources/webcasts/three-strategies-for-data-privacy-compliance-securing-your-sensitive-data.html Join SolarWinds and Townsend Security for this overview on securing the sensitive data stored on your IBM iSeries using SolarWinds Log & Event Manager (LEM). Learn why logging is essential and how the Townsend Alliance LogAgent integrates with LEM to collect, analyze, and correlate event log data for security and compliance.

1. Securing Your Sensitive Data
SolarWinds® and Townsend Security
June 13, 2012

2. Broad Over 2000 Participating
experience in customers Organization
data security worldwide PCI Security
and data Standards Council
communication Strong
presence in the NIST Certified AES
Leadership Fortune 500 Encryption
averages over
30 years IT FIPS 140-2 Certified
experience Key Management

3. Breaches Happen
 855 Incidents, 174 million compromised records in 2011
 Less than 1% of the breaches were discovered through log
analysis
 69% of these breaches were detectable via log evidence
 Take Away: If you are monitoring your logs, you can detect a
breach before data is lost
- Slide 3 -

4. Logging Is Now Essential
 PCI Section 10 Requires Logging
» Requirement 10: Track and monitor all access to network resources and
cardholder data
 GLBA/FFIEC Data Security
» Log Transmission, Normalization, Storage, and Protection
 HIPAA/HITECH Act
» Log-In Monitoring & Access Controls

5. State and Proposed Federal Privacy Notification
 Some state laws reference PCI compliance
 Nevada privacy law requires PCI compliance
 Minnesota requires compliance with parts of PCI
(and now WA)
 New Federal privacy law in the works
Modify This Footer: View -> - Slide 5 -

6. Logging on the IBM iSeries Today
 Not monitoring your IBM iSeries® is a big problem
» It can lead to a finding of non-compliance
» It can leave a breach undetected
 A large national retailer lost over 45 million credit
card numbers over a three-year period through
poor security and inattention
» Proper logging and review could have caught this
- Slide 6 -

7. Why Alliance LogAgent Suite?
 A complete solution that can capture and forward all IBM i
security events
 Built by IBM i experts specifically for SIEM integration
 Robust filtering capability minimizes network impact
 Strong encryption between IBM i and SIEM console
 Integrated user monitoring and log forward solution
 Selectively monitor data access and change activity at the
column or field level – without changing applications or user
accounts

8. What About Performance?
 High performance event collection from QAUDJRN, QSYSOPR,
QHST
 3,500 events per second
 250 Million events per day
 Buffered transmission
 Simultaneous collection from multiple sources

9. Case Study
 A large media and entertainment company with over 40
IBM i’s
 PCI DSS regulations required they capture and store all logs
off of the system of origination
 Purchased a site license of Alliance LogAgent on a
Wednesday
 Installed and implemented Alliance LogAgent on all systems
by the following Monday
 The IBM i’s passed the PCI DSS Audit

10. Townsend Security & Logging on the IBM iSeries
 Alliance LogAgent™ from Townsend Security
» Creates logs that SolarWinds Log & Event Manager® (LEM) can read
» Forwards important information to LEM
» Uses SSL/TLS encryption to secure delivery
SolarWinds Log
& Event Manager
QSYSOPR
Encrypted
QAUDJRN QHST
IBM iSeries Image courtesy of International Business Machines Corporation.
Unauthorized use not permitted.
- Slide 10 -

11. - Slide 11 -

12. - Slide 12 -

13. - Slide 13 -

14. - Slide 14 -

15. Q: What can LogAgent database monitoring do?
A: Help you find unauthorized access to sensitive data:
<118>May 23 20:37:37 S10125BA LogAgentDB:[LGADB@0 column_name="SOCIAL" column_text="Social
Security Number" SECURITY_ALERT_user_access="yes" SECURITY_ALERT_program_access="yes"
data_type="A" action="Update" data_image="After" value_option="Hash"
value="xJv1GnJqowtC0WGdRTAAFT4FK7kf76il8A+3KI1thY0=" file_name="HRMASTER" file_library="HRLIB"
file_member="HRMASTER" timestamp="20120523203737384336" job_name="QPADEV000G"
job_user="SMITH" job_number="694320" jrn_seq="12" jrn_sys_seq="0" user_profile="SMITH"
program_name="QDZTD00001" program_library="*OMITTED"
User SMITH accessed the column SOCIAL which contains a social security
number using program QDZTD0001 which is IBM’s file editor utility. This
program was not in the list of approved applications defined by the
security administrator, thus creating this security alert.
- Slide 15 -

16. Data Collection With SolarWinds LEM
 Industry leading log and event
management technology
 Real-time, in memory analytics utilizing
intelligent correlation
 Active Responses for immediate
remediation
 High speed, high compression database
for long term retention.
 Point, Click and Search historical analytics
 Turn Key, Virtual Appliance

17. LEM & Compliance
 More than 300 "audit-proven "
compliance reports
 Comply with PCI DSS, GLBA,
SOX, NERC CIP, HIPAA,
and more
 Use the built-in compliance
reporting console to easily
create reports for internal requirements
 Easily store the massive amounts of data required for compliance
 Prevent policy violations and enforce critical compliance requirements in
real-time
- Slide 17 -

18. SolarWinds Log & Event Manager Demo
- Slide 18 -

19. Summary
 Logging is now a compliance mandate
 Externalizing logs from the IBM iSeries can be difficult
 SolarWinds LEM
» Award winning log & event management solution
» Live by lunch, easy-to-use
 Alliance LogAgent easily captures and forwards logs to LEM
 You can download Alliance LogAgent now and have it running
in 30 minutes
- Slide 19 -

20. Take Action Today
 Download SolarWinds Log & Event Manager
» www.solarwinds.com/LEM_download
 Download Alliance LogAgent
» www.townsendsecurity.com/products/logagent
 SolarWinds Contact:
» LEM@solarwinds.com
 Townsend Security Contact:
» info@townsendsecurity.com
- Slide 20 -