Defending against the increasing sophistication and complexity of today’s security threats requires a comprehensive, multi-layered approach. The key is to maximize the strength of each layer of your defenses, and then ask yourself “If this layer is breached, what do I have in place to prevent further damage?”
Even if you have implemented the proper layers of protection, effective security still requires a thoughtful and comprehensive approach to monitoring and reporting. Monitoring plays a critical role in any effective IT security strategy. It's like having a security guard constantly patrolling your digital infrastructure, vigilantly watching for suspicious activity and potential threats. Security monitoring allows you to detect threats as soon as possible, giving you a better chance of responding quickly and effectively.
Join us for this webinar we will cover:
• The best practices for monitoring your IBM i environment.
• The benefits of combining your IBM i monitoring with other IT systems
• A demonstration of a new Assure Security Monitoring and Reporting interface
5. Key findings from report
5
Average total cost of a
breach
• The average cost of a data
breach reached an all-time high
in 2023 of USD 4.45 million.
• This represents a 2.3% increase
from the 2022 cost of USD 4.35
million.
• Average cost has increased
15.3% from USD 3.86 million in
the 2020 report
Percentage of
organizations planning
to increase spending
• Participants were almost equally
split on whether they plan to
increase security investments
because of a data breach.
• The top areas identified for
additional investments
• Incident response (IR)
• Planning and testing
• Employee training
• Improving threat detection
The effect of extensive
security AI and
automation
• Results in, on average, a 108-
day shorter time to identify and
contain the breach.
• Experienced lower data breach
related costs of roughly USD 1.76
million
6. Additional
information
from study
1 in 3 USD 1.02M
Number of breaches identified by
an organization’s own security
teams or tools
Average cost difference between
breaches that took more than 200
days to find and resolve, and those
that took less than 200 days
53.3% 82%
Since 2020, healthcare data
breach costs have increased 53.3%
The percentage of breaches that
involved data stored in the cloud—
public, private or multiple
environments
10. Understanding monitoring vs. visibility
Security Monitoring
• The process of collecting and
analyzing data from security
systems and networks to detect
and respond to security threats.
• Data is gathered from a variety
of sources, such as firewalls,
access detection systems, and
SIEM (Security Information and
Event Management)
• Data is analyzed to identify
suspicious activity or threats
• Enabling an informed response
to the threat
Security Visibility
• The ability to see all aspects of
an organization's IT environment,
including networks, systems, and
applications
• Includes having visibility into all
of the IT infrastructure including
the users and devices
• Security visibility is essential for
security monitoring, as it allows
security teams to identify and
investigate suspicious activity.
12. Monitoring Security is Essential
Monitoring changes to systems and data is necessary for:
• Rapid response to security and data integrity issues
• Preventing deviations from compliance and security policies
• Ensuring application integrity and performance
Monitoring and logging enables forensics and auditing goals
• Proactively identifying subtle patterns of malware and ransomware
• Supporting discussion of security issues with executive teams
• Establishing and improving Data Governance practices
Regulations require that you track changes to your system and its data
• PCI DSS
• HIPAA
• GDPR
• SOX
• CCPA
• 23 NYCRR 500
• and many more
13. Monitoring IBM i Security
13
A strong IBM i security foundation requires solutions that
monitor all system and data activity in detail – and capture
vital security data in log files
IBM i offers many detailed and secure audit logs
• System Journal – QAUDJRN
• Database (Application) Journals – for Before and After Images
• Other IBM Journals are available
• QHST Log Files – DSPLOG Command
• System Message Queues – QSYSOPR, QSYSMSG
Turn on auditing, save journal receivers, and take advantage
of everything the operating system can log for you!
15. Assure Monitoring & Reporting
15
Comprehensive monitoring of system and database activity
• Provides security and compliance event alerts via e-mail popup or syslog
• Forwards security data to Security Information and Event Management
(SIEM) consoles including
• IBM QRadar, ArcSight, LogRhythm, LogPoint, and Netwrix
• Includes out-of-the-box, customizable models for ERP applications or
GDPR compliance
• Serves as a powerful query engine with extensive filtering
• Produces clear, easy-to-read reports continuously, on a schedule or on-
demand
• Supports multiple report formats including PDF, XLS, CSV and PF formats
• Distributes reports via SMTP, FTP or the IFS
• No application modifications required
16. Assure Monitoring and Reporting
16
Key Benefits:
• Comprehensive system and database activity monitoring
• Enables quicker reaction to security incidents and compliance
deviations when they occur
• Supports integration of IBM i into enterprise SIEM systems
• Helps establish and enforce segregation of duties
• Simplifies analysis of complex journals and enables more frequent
and detailed reporting
• Enables compliance with GDPR, SOX, PCI DSS, HIPAA and other
regulations and industry standards
• Provides a stronger foundation for Data Governance and Data
Integrity
20. OBJECTIVE
• Consolidate multiple vendors into a single
solution
• Move IBM i security to a centralized corporate
department
• Leverage existing skills on security tools they were
already using (IBM QRadar SIEM)
CHALLENGES
• Required global security logging, but lacked a
centralized global solution for collecting IBM i
security logs
• Highly complex high-transaction banking
applications that are managed by different
teams worldwide
• Inability to collect, filter, consolidate and
forward key IBM i security logs to IBM QRadar
SIEM
• Need for standardized, centralized, corporate-
wide solution with minimal impact to
performance
SOLUTION
• Assure Monitoring and Reporting and
IBM QRadar
• Assure Monitoring and Reporting for required
security reports via email in CSV or PDF
BENEFIT
• Corporate security team can manage IBM i
security logging across the enterprise without
having specialized IBM i skills
• Have a single vendor and solution to provide
unmatched expertise for both IBM i security and
IBM QRadar
• Corporate security team can use the same tools
and workflow that they use throughout the
enterprise (IBM QRadar SIEM)
20
Multi-national
Financial Services
Firm