Cilasoft, a leading developer of security and compliance software products for the IBM i platform, announces the immediate availability of version 5.18.R of Cilasoft Suite, the company’s comprehensive auditing and security solution for IBM i.
New features included in 5.18.R have been created to enhance reporting, automation, flexibility, system performance and more. In addition, the new release includes an expansion of integration points with leading cross-platform security information and event management (SIEM) solutions.
“We are continuously working to expand the capabilities, ease-of-use, and integration points of the Cilasoft Suite, and 5.18.R marks a significant milestone in that regard”, says Guy Marmorat, Cilasoft’s president. “In fact, this new release is just the initial deployment of many innovative and powerful features that are slated to be released during 2017, all of which will make the job of managing security and compliance tasks easier and more effective for IBM i operations staff.”
The Cilasoft Suite includes five individual, yet integrated software products that allow managers to comprehensively audit database and system changes, control system access, manage job authorities, and perform other critical security and compliance-related tasks. These products are: QJRN/400 (system and database auditing), CONTROLER (global access control), EAM (elevated authority management), DVM (read-access auditing), and CENTRAL (log consolidation and distribution).
Major enhancements included with version 5.18.R of the Cilasoft Suite are listed below. A comprehensive list of 5.18.R features can be obtained by submitting a request at www.cilasoft.com/en/contact.html.
- System Examiner. The same capabilities in QJRN/400 that help users easily identify and organize journal information for auditing purposes have been extended to include a whole variety of other static sources, including: user profiles, system values, object attributes, object authorities, IFS attributes, IFS authorities, authorization lists, commands, exit points, DB2 files, job descriptions, libraries, spooled files, jobs, PTFs, and more. The ability to access pertinent details about these sources within QJRN/400 allows users to extract other meaningful data for a all kinds of auditing reports and alerts. System Examiner is shipped with a set of pre-configured queries and repository definitions, although custom extracts and alerts can be built over any of the included static sources.
- RUNQJFIL command. RUNQJFIL is a powerful new command that can be used to execute a wide variety of commands over the contents of any database file. RUNQJFIL can run in conjunction with a QJRN/400 query or as a stand-alone command, and also includes a simulation mode that lets users test actions before running them.
An example: QJRN/400 is used to extract into a file a list of user profiles that have not signed on to a particular system for more than 90 days and are part of a list of group profiles. From this, the RUNQJFIL command is used to take action on the file by automatically expiring the password for each user profile listed. The command also produces a result file that shows what was executed for each line in the file, its context and the end result (success/fail.)
The above is a fairly simple scenario but all kinds of complex scenarios are possible where the RUNQJFIL command is quite useful. And when combined with the data extract capabilities of System Examiner, RUNQJFIL can automate security-related processes in nearly unlimited ways.
- RUNQJF command. Has various optimizations including a parameter to specify an additional time unit of seconds.
- RUNQJ command. Includes a new parameter, RESUMEFPR, which is very useful when running reports on consolidated data coming from CENTRAL.
- SIEM interface. Includes a more intelligent, flexible, and optimized interface for all of the leading SIEM products.
- New exit programs. Several have been added for password validation, which are useful in complex environments where multiple user profile password policies exist.
- Optimization of the Open Database File exit point. This exit point has been improved in two very useful ways:
1) Data-centric protection has been considerably optimized so that heavily used files have a significantly lower impact on performance.
2) The process that audits and prepares candidate files has been streamlined through the addition of SQL scripts.
- New report selection criteria. A variety of new parameters have been added to EAM reporting commands.
- Enhanced integration. Integration has been enhanced both with CONTROLER as well as the secured customizable menu feature within the Cilasoft Suite.
- RUNQJCMDS command. This command has been enhanced with the ability to run multiple commands in a single step.