For more information on LEM, visit: http://www.solarwinds.com/log-event-manager.aspx
Watch this webcast: http://www.solarwinds.com/resources/webcasts/three-strategies-for-data-privacy-compliance-securing-your-sensitive-data.html
Join SolarWinds and Townsend Security for this overview on securing the sensitive data stored on your IBM iSeries using SolarWinds Log & Event Manager (LEM). Learn why logging is essential and how the Townsend Alliance LogAgent integrates with LEM to collect, analyze, and correlate event log data for security and compliance.
2. Broad Over 2000 Participating
experience in customers Organization
data security worldwide PCI Security
and data Standards Council
communication Strong
presence in the NIST Certified AES
Leadership Fortune 500 Encryption
averages over
30 years IT FIPS 140-2 Certified
experience Key Management
3. Breaches Happen
855 Incidents, 174 million compromised records in 2011
Less than 1% of the breaches were discovered through log
analysis
69% of these breaches were detectable via log evidence
Take Away: If you are monitoring your logs, you can detect a
breach before data is lost
- Slide 3 -
4. Logging Is Now Essential
PCI Section 10 Requires Logging
» Requirement 10: Track and monitor all access to network resources and
cardholder data
GLBA/FFIEC Data Security
» Log Transmission, Normalization, Storage, and Protection
HIPAA/HITECH Act
» Log-In Monitoring & Access Controls
5. State and Proposed Federal Privacy Notification
Some state laws reference PCI compliance
Nevada privacy law requires PCI compliance
Minnesota requires compliance with parts of PCI
(and now WA)
New Federal privacy law in the works
Modify This Footer: View -> - Slide 5 -
6. Logging on the IBM iSeries Today
Not monitoring your IBM iSeries® is a big problem
» It can lead to a finding of non-compliance
» It can leave a breach undetected
A large national retailer lost over 45 million credit
card numbers over a three-year period through
poor security and inattention
» Proper logging and review could have caught this
- Slide 6 -
7. Why Alliance LogAgent Suite?
A complete solution that can capture and forward all IBM i
security events
Built by IBM i experts specifically for SIEM integration
Robust filtering capability minimizes network impact
Strong encryption between IBM i and SIEM console
Integrated user monitoring and log forward solution
Selectively monitor data access and change activity at the
column or field level – without changing applications or user
accounts
8. What About Performance?
High performance event collection from QAUDJRN, QSYSOPR,
QHST
3,500 events per second
250 Million events per day
Buffered transmission
Simultaneous collection from multiple sources
9. Case Study
A large media and entertainment company with over 40
IBM i’s
PCI DSS regulations required they capture and store all logs
off of the system of origination
Purchased a site license of Alliance LogAgent on a
Wednesday
Installed and implemented Alliance LogAgent on all systems
by the following Monday
The IBM i’s passed the PCI DSS Audit
10. Townsend Security & Logging on the IBM iSeries
Alliance LogAgent™ from Townsend Security
» Creates logs that SolarWinds Log & Event Manager® (LEM) can read
» Forwards important information to LEM
» Uses SSL/TLS encryption to secure delivery
SolarWinds Log
& Event Manager
QSYSOPR
Encrypted
QAUDJRN QHST
IBM iSeries Image courtesy of International Business Machines Corporation.
Unauthorized use not permitted.
- Slide 10 -
15. Q: What can LogAgent database monitoring do?
A: Help you find unauthorized access to sensitive data:
<118>May 23 20:37:37 S10125BA LogAgentDB:[LGADB@0 column_name="SOCIAL" column_text="Social
Security Number" SECURITY_ALERT_user_access="yes" SECURITY_ALERT_program_access="yes"
data_type="A" action="Update" data_image="After" value_option="Hash"
value="xJv1GnJqowtC0WGdRTAAFT4FK7kf76il8A+3KI1thY0=" file_name="HRMASTER" file_library="HRLIB"
file_member="HRMASTER" timestamp="20120523203737384336" job_name="QPADEV000G"
job_user="SMITH" job_number="694320" jrn_seq="12" jrn_sys_seq="0" user_profile="SMITH"
program_name="QDZTD00001" program_library="*OMITTED"
User SMITH accessed the column SOCIAL which contains a social security
number using program QDZTD0001 which is IBM’s file editor utility. This
program was not in the list of approved applications defined by the
security administrator, thus creating this security alert.
- Slide 15 -
16. Data Collection With SolarWinds LEM
Industry leading log and event
management technology
Real-time, in memory analytics utilizing
intelligent correlation
Active Responses for immediate
remediation
High speed, high compression database
for long term retention.
Point, Click and Search historical analytics
Turn Key, Virtual Appliance
17. LEM & Compliance
More than 300 "audit-proven "
compliance reports
Comply with PCI DSS, GLBA,
SOX, NERC CIP, HIPAA,
and more
Use the built-in compliance
reporting console to easily
create reports for internal requirements
Easily store the massive amounts of data required for compliance
Prevent policy violations and enforce critical compliance requirements in
real-time
- Slide 17 -
19. Summary
Logging is now a compliance mandate
Externalizing logs from the IBM iSeries can be difficult
SolarWinds LEM
» Award winning log & event management solution
» Live by lunch, easy-to-use
Alliance LogAgent easily captures and forwards logs to LEM
You can download Alliance LogAgent now and have it running
in 30 minutes
- Slide 19 -