VISUAL Message Center:
iSeries Security Agent

The iSeries Security Agent is vital for any iSeries system security project. It provides the monitoring and auditing capabilities that you need to protect your data.

Real-time Security Alerts

The iSeries Security Agent alerts you to possible security threats in real-time, and even responds to security breaches by taking preventive action before damage is done.

Guard Your System, Unattended, Day and Night

You can make your security policy more aggressive and more proactive with the Smart Console automated actions, closing down security holes immediately, around the clock, without operator intervention.

For example, you can protect against changes to key system values; e.g., if the system security level is unexpectedly changed from 50 to 30, the Security Agent can automatically:

change the security level back to 50
end the job that made the change
disable the user profile that was used
send an alert describing what occurred, all done in seconds

The Security Agent also provides auditing reports that identify weaknesses and limitations, allowing continuous improvement of your security policy. It even reveals security holes caused by vendor packages, so you can demand modifications.

Identify Real Security Issues

The advanced filter criteria allow you to fine-tune the Security Agent to pinpoint real security issues, rather than everyday user mistakes. For example, apparently isolated events may be received in a short space of same time — a failed sign-on attempt, rejected object or spool file access. Those things can happen all the time on your system. But the Smart Console will notice that they all came from the same user profile, or from the same device, or the same IP address… and warn you, or take action.

Integrate with Other Security Systems

It is a valuable complement to other systems, such as exit-point security, firewalls etc.; those technologies control entrance to your system, like a country's "customs control." The Security Agent is your internal "police" force, monitoring the activities of users inside your system.

Unlike other dedicated security solutions on the market, the VISUAL Message Center product also manages your iSeries system messages, Windows Event Logs, TCP/IP services and more. You can achieve significant benefits in efficiency and service level by consolidating security with these operations management tasks.

Technical Overview

The iSeries Security Agent configures system auditing rules, and then manages security-relevant audit messages using powerful filters. The enriched messages can be used to send immediate alerts, take automated actions, audit system security and analyze possible weaknesses. The Security Agent detects events, system-wide or by user.

Object Auditing

Changes and access to objects; e.g., delete, copy, rename, restore, authority change, read, edit. Examples include:

Delete, copy or edit database file containing customer data
Read or copy spool file containing salary information

Command Auditing

Any command line entries, for example:

Commands run by suspect user profile
Use of sensitive commands

System Configuration Auditing

Creation, modification of user profiles; e.g., creation of suspicious new profile
Changes to system auditing
Changes to system values; e.g., changes to system date, time, security level, IPL info, action for number of failed sign-on attempts, etc.
Use of DST (Dedicated Services Tools); e.g., changes to system configuration

Action Auditing

Authority failures; e.g., persistent failed sign-on attempts, object access denied
Programs changed to adopt authority
Users obtaining adopted authority
Profile swapping

Filters simplify event detection and customization by allowing you to identify particular objects, user profiles, commands. There is support for generic, wildcard, date and time, text string, and through extensive logical functions.

Detect unauthorized attempts to access your company's information in real time
Program automated actions to react to events
Audit your security policy for weaknesses and limitations
Analyze attempted security violations
Plan migration to a higher security level

VISUAL Message Center Agents/Modules
Smart Console	Centralizes the collection and management of information from all networked servers and agents
Notifier	Ensure high system availability with two-way SMS messaging and escalation lists
iSeries Server Agent	Collects and manages batch messages from any iSeries message queue (e.g., QSYSOPR). Monitors job activity and status, job queues, devices, history log (QHST)
Server Agent for Windows^®	Collects and manages application, system and security events from any Windows server (NT, 2000, XP)
iSeries Interactive Agent	Collects and manages all interactive iSeries user error messages
iSeries Performance Agent	Collects and manages critical performance parameters from iSeries servers. Includes powerful graphical console
iSeries Security Agent	Detects and audits possible threats to system and data integrity
iSeries Support Agent	Remote problem diagnosis tool for operators. Provides unique capabilities for resolving problems in production processes
TCP/IP Services Agent	Monitors availability and performance of any networked TCP/IP service, including POP3 email, SMTP, FTP more. Includes graphical Java console
Reporting System	Create over 40 graphical historical reports of your systems direct from the Smart Console. Reports on performance, events, systems usage, security, errors, users, and more.