AP-Journal- Application Securityadmin
AP-Journal White Paper available; click here to view the Executive Summary and download the full version.
Server Application Security & Business Analysis Solution
AP-Journal protects business-critical information from insider threats and from external security breaches. It keeps managers closely informed of all changes in their valuable information assets and streamlines iSeries journaling procedures.
Real-life Situations Where AP-Journal Can Help!
- Who modified PAYMENTS between 20:00 and 06:00 during corporate summer vacation?
- Send an e-mail whenever an employee record – whose SALARY is less than $5000 – is read from file SALARIES.
- Which users – who are not Managers – viewed the confidential PAYMENT_TERMS table since the last business day?
- What changes to the company’s production libraries were made via non application-specific utilities such as IBM DFU (this is a SOX-mandated requirement)?
- Provide a customer with a timeline report showing the change history of their MORTGAGE during the last 10 years.
- Send an SMS (and/or SYSLOG, e-mail, SMS, Twitter, SNMP and operator messages) to the company’s Chief Security Officer, Manager of IT and Internal Auditor when the PRICE_OF_ITEM changes by more than 4%.
- Sends “mass mode” real-time Syslog alerts regarding application field-level data changes to SIEM products; this support sends only Syslog messages without any additional processing and has been measured to transfer up to 2000 transactions per second to SIEM products while using less than 1% CPU
- Monitors changes to objects and members, for example in data areas and in the IFS; support implements additional journal codes such as R=Rcd, E=DA (data area), B=IFS, U=Rd (Read), F=M (member)
- Supports periodic file structure changes to application files, enables monitoring application files across changes to file structures
- Developer can code field-specific exit routines for determining, in real time, whether or not to filter specific journal records.
Alerts and Reports
- Real-time alerts indicating changes in business-critical data; these application alerts are activated by user-defined thresholds. Alerts can be sent as an operator message, SYSLOG, e-mail, SMS (text to mobile), Twitter, SNMP and more. For more about SYSLOG integration with SIEM products click here.
- Comprehensive reports displaying all application changes on a single timeline
- Reports can integrate information from all the organization’s applications
- Reports in various formats (online, print, PDF, email, etc.)
- Efficient long-term storage based on special journal containers rather than iSeries journal receivers; reports can be based on these journal containers or on receivers
- Alerts and reports enable users to meet regulatory requirements such as SOX, HIPAA, and PCI.
Other Great Features
- Flexible filtering capabilities for selection of detail level and categories
- Easy to use, requires minimal setup and disk space
- Complements high availability iSeries products by ensuring full journal receiver synchronization
- Can be OEM-ed by application vendors to provide their business-critical applications with an added level of control, compliance and alerts.
Learn about related iSecurity products: