Bsafe Launches New i/OS Security Tools

April 6, 2010 Alex Woodie

Bsafe Information Systems recently announced the availability of a major new release of its security suite for i/OS. With Bsafe/Enterprise Security version 6.1, the company is now offering a new Identity Management module that gives administrators more powerful and finer grained control over access to System i resources. The new version also includes new multi-system capabilities, as well as a redesigned Report Generator that makes it easier to create custom security and audit reports.

Bsafe specializes in tools that help administrators manage and control the security of their i/OS and z/OS servers, although it does offer some capabilities for Windows and Linux servers, too. The company, which is based in Herzliya, Israel, has United States offices in New Jersey.

The new identity management module that debuts with Bsafe/ES version 6.1 may be the most significant new security feature out of Bsafe in years. The software, which is technically part of the Central Management System module, allows administrators to control who has access to what System i resources by using the concept of user roles, which is not a concept that’s native to i/OS (but which is increasingly how administrators prefer to view their users).

According to Shimon Bouganim, acting director of Bsafe, the Identity Manager allows an administrator to set up a role-based security policy that takes into account several underlying aspects of identity and authorization, including i/OS user and group profile settings, special authorities, and authorization lists.

The Identity Manager module also provides for user profile provisioning activities, including creating, maintaining, and removing user profiles from the system. As part of this process, the Identity Manager can be used to automatically generate passwords for users, notify users of password changes, and synchronize user passwords across different systems or LPARs.

Several improvements were also made with Report Generator. With version 6.1, Bsafe is now allowing users to choose the output format of their reports, including PDF, HTML, CSV, i/OS spool file, or DB2/400 file. In addition to output format, customers have more flexibility in defining the report elements, including which fields and values to include in the reports, among other variables.

Users also get new reporting capabilities that allow them to compare the security settings between two or more different servers or LPARs. For example, this feature will make it easier for administrators or auditors to spot differences in the use of special authorities across multiple systems, Bsafe says.

With version 6.1, the Bsafe Report Generator ships with more than 200 pre-configured reports–a number that will increase in the future, Bouganim says. The reports allow administrators and auditors to view the server’s configuration and use from many aspects, including system values, object authorization, job descriptions, and audit journal activities. The Report Generator is a component of the Bsafe Enterprise Security Manager, a Windows-based client that works with multiple System i servers or LPARs, as well as other operating systems and databases.

The company says it made several improvements to the way the product handles multi-system environments with version 6.1. In addition to the Report Generator supporting multiple systems and user profile and password synchronization capabilities mentioned above, Bsafe’s Compliance module gains the capability to check the state of i/OS objects across multiple systems or LPARs.

Several new functions added with version 6.1.1 smooth the integration of Bsafe/ES with external auditing and security systems. For starters, the Alert Center module, which functions as an intrusion detection system (IDS), can now export i/OS alerts to Windows systems that use other event log formats, including Windows Event Log, SNMP, and Syslog.

Similarly, the Cross Platform Audit (CPA) module gains the capability to distribute collected System i audit data to security information and event management (SIEM) appliances from Netforensics. This feature was also added in version 6.1.1.

Bsafe has kept a low profile for the last year or so, but that is starting to change. Bouganim, who left the company for nearly a year, is back at the helm, and says business is good.