Halcyon Bolsters IBM i Security Tool

November 1, 2011 Alex Woodie

Halcyon Software unveiled a new release of its Audit Journal Manager tool last week that should help IBM i shops keep a close watch on suspicious behavior. Enhancements in the areas of reporting and configuring rule sets should make the software easier to set up, while a performance boost helps the software function in the biggest IBM i environments.

Audit Journal Manager is a multi-pronged security product. Its core function is automatically filtering the millions of entries written to the IBM i OS’s security audit journal (QAUDJRN), and identifying entries that reflect security policy violations. When a security violation is detected, the software will immediately notify the administrator.

But the product has other related uses, including assisting with controlling which specific IBM i users can access which product function. Also, its logging and report-writing functionality gives administrators the capability to tell, in great detail, exactly what specific users did, and when, a powerful after-the-fact forensic feature that comes in handy in the postmortem analysis of a detected security breach.

The first major enhancement is related to performance. According to Ashley Giddings, senior technical services manager at Halcyon, it’s not uncommon for a company to have 3,000 entries written to the QAUDJRN every minute.

“By boosting the performance in our software, Audit Journal Manager is now able to process approximately 400,000 actions per day and the software can process the audit journal entries 18 times faster,” Giddings says in a press release. “This ensures that the software will always keep up with the busiest of computer systems and handle the continuing trend for businesses to process vast amounts of information more quickly.”

According to Halcyon, Audit Journal Manager now sports 35 pre-configured report templates. The addition of new templates will cut down on the work a customer must do to provide report coverage in a specific area. Examples of report templates include, “program changes to adopt authority,” “authority failures,” “system value changes,” “object ownership”, and “profile swap,” among others.

The third major enhancement is an expansion of the number of example rule sets to four. A rule set tells the product how to behave and what to look for in certain situations. For example, the software could be programmed through a rule set to look for unsuccessful logins during the off hours.

With this release the Audit Journal Manager now comes with four sets of example rules in the areas of auditing failure, security, service, and systems management. According to Halcyon, these new rule sets will make it easier for customers to set up and deploy.

Giddings says the new features originated from customer feedback. “The new enhancements ensure configuration, reporting, and deployment of the software is even quicker, giving reassurance that any potential security threats or breaches are being automatically and immediately detected, enabling operational staff to concentrate their time on supporting the core activities of the company,” she says.

The Audit Journal Manager is included in three Halcyon products, including the Systems Operations suite, the Advanced Automation suite, and its Operations Manager suite. It’s also sold on a standalone basis starting at £1,094, or about $1,732. For more information, see www.halcyonsoftware.com.