Simplify Security and Compliance Management with PowerSC
By Petra Buhrer and Tim Hill08/01/2019
In recent years, IBM PowerSC* security and compliance software has evolved from a command line-based product, primarily benefitting AIX* clients, into a compelling offering portfolio, including a streamlined web-based management GUI for managing security and compliance on Power Systems* (see Figure 1).
While PowerSC Standard Edition (hereafter PowerSC) 1.1.5 and PowerSC 1.1.6. focused on getting the GUI started with just AIX support, PowerSC 1.2, delivered in mid-2018, broadly extended its scope. PowerSC 1.2 allows users to manage security and compliance for AIX and Linux* on POWER* (SUSE and Red Hat distributions) VMs. It also provides powerful automation and simplification capabilities for compliance automation, real-time malware intrusion prevention, reporting, patch management and more for both OSes.
The AIX version includes pre-built profiles for myriad industry standards including PCI DSS (finance), HIPAA (healthcare), North American Electric Reliability Corporation (NERC) reliability standards, DoD STIG, SOX-COBIT and a profile to help with General Data Protection Regulation (GDPR) from an infrastructure standpoint.
The Linux profile portfolio is more limited (which will change in upcoming releases), but already provides industry standard coverage for PCI DSS and GDPR. Another recent focus is enhanced support for SAP environments. IBM recently released an SAP-AIX profile and has already started investigating adding an SAP HANA profile as well.
Malware Intrusion Prevention
PowerSC provides comprehensive capabilities in terms of malware intrusion prevention on AIX through the integration of PowerSC Real Time Compliance to alert when someone changes a security-critical file (e.g., content or permission level), and AIX Trusted Execution (TE) to provide anti-virus capabilities. PowerSC for Linux leverages the ‘auditd’ facility.
IBM is very active in the Linux community, leading the development of a security component called Integrated Measurement Architecture (IMA), which is a security module of the Linux kernel providing AIX TE-like capabilities (anti-virus capabilities via whitelisting, metadata, measurement and verification before they can be run). And IBM is investigating leveraging these capabilities via PowerSC as well to further enhance Linux malware intrusion prevention capabilities.
Another important aspect of malware intrusion prevention is effective authentication controls, such as multifactor authentication (MFA), which requires at least two distinct sets of authentication methods and/or factors (see Figure 2, below). MFA is required by an increasing number of industry standards and is a powerful mechanism to prevent a high percentage of breaches. Stolen credentials are still the most common way for hackers to get into your systems.
PowerSC MFA is the second offering within the PowerSC portfolio, available as a standalone offering or as part of IBM’s Enterprise Cloud Edition. Enterprise Cloud Edition is a compelling software bundle to simplify private cloud management, management of security and compliance, as well as high availability management on Power Systems. Learn more.
Compliance and File Integrity Monitoring (malware intrusion) information are made available via built-in reports that can be sent via email as formatted HTML or as CSV files. This functionality can be on demand or scheduled for both AIX and Linux on POWER VMs.
The latest release of PowerSC Standard Edition also added a new interactive timeline, providing the end-to-end view of security events during a VM’s lifecycle. These are events that auditors need to see, including: when the VM was brought under PowerSC management, when it was patched, when File Integrity Monitoring events occurred and when a compliance status changed. Continuous improvements within recent releases have brought in incremental enhancements such as adding configuration-change events to the timeline.
TNC Patch Management
Trusted Network Connect (TNC) Patch Management is another component that was recently partially wrapped under the UI, which now allows not only reviewing the patch status of your VMs but also to trigger updates, such as applying an iFix via the graphical UI. Functions and usability improvements since PowerSC1.1.6 include:
- Increased automation
- Increased performance by introducing the parallel updates concept
- Improved status messaging during verification with “Reboot Required”
- The ability to remove conflicting ifixes on the client automatically
- TNCPM (TNC Patch Management server) Replication in order to allow for scenarios such as having a primary TNCPM with internet access to download data and the remaining ones behind the firewall without internet access
The PowerSC product family is providing a full spectrum of security services for AIX and Linux on Power. With IBM i integration under investigation, PowerSC is on its way becoming a comprehensive security solution for Power Systems.
Learn how your organization can reap the benefits of streamlined security and compliance management and reporting with PowerSC. Visit here for more information.
Petra Bührer is part of Power Systems Offering Management team at IBM. One of her areas of responsibility is security.
Tim Hill is the director for IBM Security products at Rocket Software.