Enhance Security Through Monitoring and Notification
Heighten security beyond the traditional solutions.
by Mike Grant
Security applications and monitoring/notification applications often come from different vendors, and as a result it is easy to view them as distinct and separate. However, the two go hand in hand, and monitoring/notification products play a significant role in security. While security largely centers around keeping would-be thieves or destructive viruses away from sensitive information, keeping a vigilant eye on activity and knowing immediately when something happens is essential to success. In this TechTip, we'll look at how to combine traditional security solutions with automated monitoring/notification and real-time user monitoring.
Start with the Basics
Establishing a solid security framework is key to making monitoring effective. Let's start by reviewing the essential elements of a System i security plan.
Perimeter security via firewalls and exit point security are obvious first steps. But in addition, internal network security that allows you to control information flow and access down to the object level is critical. It allows you to establish solid policies that do not unnecessarily disrupt workflow and to maintain proper records to assist in security audits—a key element of regulatory compliance. Chances are you already have such a system in place or are considering implementation.
The next component that is essential in today's System i environment is virus protection. Because System i can serve as a quiet, symptom-free host for viruses and malicious code, it is very important to protect it with native anti-virus software, just as would be done for servers running other operating systems.
An additional component that can make your security more effective is a solution that allows you to monitor users in real time. This tool provides you with the ability to investigate and collect evidence that can be used as a follow-up to suspicious activity by insiders.
Keeping in the Loop
Now that we've covered the basic security components, let's look at how automated monitoring and notification can make your security efforts stronger by keeping you in the loop.
The most obvious benefit is to be notified when a blatant breach has occurred. Because you cannot be in the computer room or onsite at all times—and because hack attempts may occur in the middle of the night—an automated monitoring solution can act as your eyes and ears. If an access attempt is made that violates your security policy, a monitoring solution can notify you immediately by pager, BlackBerry, cell phone, email, or a variety of other methods. You can act upon this notification immediately to reduce the likelihood of a successful break-in or loss of assets.
Of course, with nearly two-thirds of security breaches and data theft originating from inside the firewall, not all cases are going to be as clear-cut as the one above. You may have a trusted insider who has legitimate access to information yet, unbeknownst to you, poses a serious security threat. This is where the versatility of automated monitoring software comes into play.
Suppose you need to keep an eye out for activity occurring at unusual times of day or unusually large amounts of data being transferred from specific directories. You create specific monitors to log such activity and notify you when it occurs. While this alone won't prevent the theft of data, it can allow you to react to events in progress and investigate patterns of suspicious activity.
Under the Microscope
So you've identified a pattern that leads you to believe that inside security violations may be occurring. This calls for further enhancement of your security with a tool that gives you the ability to see everything happening on another user's screen in real time. A product like Bytware's PeekPlus—often viewed as a training tool—can achieve this. Because you can monitor this activity without the user's knowledge, it is a much more elegant solution than busting into the room in an attempt to catch someone red-handed, and it allows you to piece together a trail of evidence that can be used to recover lost information and hold the insider accountable.
Bringing It All Together
So, as you can see, there are obvious security tools and not-so-obvious ones at your disposal. The well-rounded security policy will make use of not only network security and firewalls, but also anti-virus, automated monitoring and notification, and real-time user monitoring to create an unobtrusive yet highly effective safety net for IT operations.
This article was originally published on MC Press Online.