Enforcive Delivers Better SQL Monitoring for IBM i

April 24, 2012 Alex Woodie

Enforcive (formerly Bsafe Information Systems) last week unveiled a new release of its IBM i security suite, called Enforcive/Enterprise Security. With version 7.2, the company delivered support for monitoring interactive SQL queries in real time, providing a way to monitor the execution of both written and embedded SQL statements. This release also brings enhancements to file integrity monitoring, auditing, and alerting features of the suite.

Enforcive has helped IBM i customers keep an eye on SQL for some time. The company’s SQL monitor looks for SQL activity, including interactive SQL statements submitted by users and statements embedded in RPG, DRDA, DDM, and ODBC programs. These statements are logged in the Enforcive database for later review by the administrator or auditor.

With version 7.2, Enforcive has widened its SQL monitoring features to give customers the capability to monitor all invocations of SQL requests, regardless of how they were called. Customers can identify the SQL statements invoked when imbedded in high level languages or via QSHELL, which will aid them in understanding the routes taken to access their databases and as a result better prepare them to protect their data, the company says.

Enforcive allows managers to specify exactly which kind of internal SQL activity they want to log. They can configure their SQL monitors by various criteria, including name, job number, user, files, and type of request, such as those coming in via TCP/IP only or only those submitted via 5250.

The new features allow a company to generate a clear picture of who is gaining access to the database, where they’re accessing it from, and what the user is doing with the files, Enforcive says. The SQL capabilities can be accessed through Enforcive’s GUI, which will make them easier to use.

Enforcive CEO Shimon Bouganim says the new tools will help customers keep an eye on IBM i activity. “Lately we have been receiving more and more inquiries regarding monitoring of interactive SQL and we believe that this enhanced module is well positioned to address those requirements,” Bouganim says in a press release.

Enforcive/Enterprise Security version 7.2 also delivers enhancements to the DB2/400 monitoring feature. The company says it can detect, alert on, and prevent all types of database connections, including read-only access, data modification, and privileged operations.

The Alert Center has also been enhanced with this release. Enforcive says that any attempts to make field-level changes to DB2/400 files will now generate an alert. The product can also generate a report based on message queue activity.

The suite’s Policy Compliance Manager component has a new file integrity check feature that enables security personnel to check the “fingerprint” of objects and IFS files at regular time intervals in order to determine if changes have been made to the structure of the object or file. Enforcive says this gives organizations a quick detection method for file tampering or corruption.

Another useful new security feature is the capability to monitor non-IBM commands, such as those that an organization has written itself. In addition to monitoring for these commands (which aren’t located in the QSYS library), the Enforcive software can prevent the commands from being executed.

Last but not least, the suite’s Cross Platform Audit component has been enhanced with support for Oracle database. Enforcive says customers can track SQL statements and field-level changes made to the Oracle database without the need for an agent to be installed on the Oracle system. Cross Platform Audit also supports DB2 databases from IBM and the SQL Server database from Microsoft.