Powertech Exit Point Manager for IBM i Comparison Checklist

Legacy menus and application security are powerless to protect against modern network interfaces such as FTP and ODBC. Some even circumvent command line restrictions!

Exit Point Manager reduces the risk of unauthorized and unaudited server access by regulating user access to data and commands. Use this checklist to see how your current method compares. 




Comprehensive coverage of network access points including FTP, ODBC, Remote Command, and mapped drives to the IFS
Supplements object-level (resource) security and legacy security controls
Complementary to the built-in IBM i Intrusion Detection System (IDS)
Compensates for weak or missing object-level security
Permits authorized users to work with data and commands as necessary
Prevents users from circumventing legacy security controls, such as menus, application security, and command line restrictions
Powerful rules-based engine evaluates user requests to instantly identify unauthorized activities
Integrates with IBM i to invoke rules engine automatically when a transaction request is received
Incorporates auditing, reporting, and access control functionality in a single solution
No programming required; eliminates auditor concerns of “self-policing”
Compatible with HA/DR systems; can run independently on both Source and Target systems
Satisfies compliance mandates that require a firewall for logging and restricting user activity
Mobile-enabled browser interface can be accessed on any device
Dashboards show up-to-the-minute performance metrics without running reports
Enhanced filtering and search-within-a-search functionality reduce time spent looking for information




Simple wizard-based installation and upgrade process
Standalone activation procedure to permit initial installation during active server use
Supports interactive and silent activation options
Activation can be performed for all services or for selected services
Integrates with existing (supplemental) user-supplied exit programs
Work management optimization via the use of a separate subsystem
Preconfigured to audit network requests without restricting transaction requests
Log repository built upon IBM-supplied technology, which is designed to be highly tamper-resistant and regulatory compliant
Preconfigured to log events to the IBM i security audit journal (QAUDJRN)
Supports logging to a user-defined security audit journal for segregation of network and native log traffic
Preconfigured to send message alerts to the IBM system operator message queue (QSYSOPR)
Support for sending message alerts to a user-defined message queue
Product functions can be executed via the menu-driven user interface or via direct commands



Manage multiple IBM i systems across your network from a single server
Configure rules on the management system and copy them to other endpoints on the network
Access dashboards displaying transaction counts and statistics for any managed system
Run audits to identify and manage rules that have been changes on endpoints directly
Resolve discrepancies by accepting the configuration of either the endpoint or the management system
Display all events that have occurred on any managed system, including rule changes, system inclusions, and network configuration changes
Use roles to define a Powertech user’s authority over managed systems




Dynamic rule configuration allows you to implement or change rules without a TCP server restart
Virtual IP address “locations” allow rapid rule deployment and maintenance
Ability to “stack” user and location rules to monitor specific users when they connect from specific locations
Configuration duplication from one user to another user
Ability to set global access rules by user, group profile, IP address, or address range
Controls access to a specific object or multiple objects within a library or IFS directory
Rules can be applied to proprietary and third-party software
Switch profile support enables temporary increase or decrease of IBM i authority for a specific transaction, function, or service
Captures actual transactions for use as a rule template
Support for rules specified at varying levels of granularity




Segregates auditing versus notification with independent message flags
Pre-formats spooled file reports for easy reading with three selectable levels of detail
Exports transaction logs to DB2 database file or .csv format
Authorized users can report and export transaction data without being granted configuration permission
Users can filter to report only unauthorized access attempts, authorized activities, or both
Search transaction logs by user, location, and timestamp range, and by server or function
Report on processes that send remote command requests to the server
Report on processes that access or manipulate file data through network interfaces like FTP or ODBC
Can send alerts (to a predefined queue or message management tool) when a specific transaction is processed




INTEGRATION Others Exit Point Manager
Integrates with:
• Powertech SIEM Agent for IBM i for real-time event notification to a SIEM via syslog, CEF, or ISS
• Powertech Compliance Monitor for IBM i for centralized reporting
• SEQUEL ViewPoint for executive dashboards
• Any IBM i job scheduler to run scheduled reports
• Commercial message handlers including QMessage Monitor and Robot/CONSOLE for real time message escalation


Let's Get Started

See Powertech Exit Point Manager for IBM i on your system to determine how it can help you meet your security goals.

Request a free demo >