You are currently on IBM Systems Media’s archival website. Click here to view our new website.

Sponsored Advertising Content - Key Considerations for IBM i SIEM Integration

The IBM i is increasingly becoming an integral part of the “big picture” for enterprise security and integration with security information event management (SIEM) solutions.

With the expectation that many large enterprises as well as small to medium companies will integrate IBM i data with a SIEM, consider the following three points when thinking about the integration:

  1. It’s more than just QAUDJRN. Additional types of security information that can be sent from the IBM i include information related to exit point activity, anti-virus results, QSYSOPR messages, authority changes, field-level database changes in applications and more.
  2. Be granular. Establish the right data points and configure the right data to go to the enterprise SIEM solution. A “send everything” strategy takes up more resources, is less effective and often doesn’t help a security team uncover threats.
  3. Focus. Enterprise security teams want to correlate data across the enterprise, but aren’t necessarily looking to step into the IBM i world. Providing the right data to an enterprise SIEM and security team is only one step in the process. In addition to sending data to SIEM, focus on alerts local to the IBM i to keep multiple checks in place.

Jatin Thakker
COO, Software Engineering of America

As COO at SEA for 11 years, Jatin has helped hundreds of customers achieve enterprise-scale security, auditing and monitoring on the IBM i platform.

Advertisement