TABLE OF CONTENTS:
• General Product Functionality
• Application Installation and Setup Options
• Centralized Administration
• Transaction Access Control
• Transaction Auditing, Reporting, and Notification
• Integration
Exit Point Manager reduces the risk of unauthorized and unaudited server access by regulating user access to data and commands. Use this checklist to see how your current method compares.
| GENERAL PRODUCT FUNCTIONALITY | Others | Exit Point Manager |
| Comprehensive coverage of network access points including FTP, ODBC, Remote Command, and mapped drives to the IFS | ✓ | |
| Supplements object-level (resource) security and legacy security controls | ✓ | |
| Complementary to the built-in IBM i Intrusion Detection System (IDS) | ✓ | |
| Compensates for weak or missing object-level security | ✓ | |
| Permits authorized users to work with data and commands as necessary | ✓ | |
| Prevents users from circumventing legacy security controls, such as menus, application security, and command line restrictions | ✓ | |
| Powerful rules-based engine evaluates user requests to instantly identify unauthorized activities | ✓ | |
| Integrates with IBM i to invoke rules engine automatically when a transaction request is received | ✓ | |
| Incorporates auditing, reporting, and access control functionality in a single solution | ✓ | |
| No programming required; eliminates auditor concerns of “self-policing” | ✓ | |
| Compatible with HA/DR systems; can run independently on both Source and Target systems | ✓ | |
| Satisfies compliance mandates that require a firewall for logging and restricting user activity | ✓ | |
| Mobile-enabled browser interface can be accessed on any device | ✓ | |
| Dashboards show up-to-the-minute performance metrics without running reports | ✓ | |
| Enhanced filtering and search-within-a-search functionality reduce time spent looking for information | ✓ | |
| APPLICATION INSTALLATION AND SETUP OPTIONS | Others | Exit Point Manager |
| Simple wizard-based installation and upgrade process | ✓ | |
| Standalone activation procedure to permit initial installation during active server use | ✓ | |
| Supports interactive and silent activation options | ✓ | |
| Activation can be performed for all services or for selected services | ✓ | |
| Integrates with existing (supplemental) user-supplied exit programs | ✓ | |
| Work management optimization via the use of a separate subsystem | ✓ | |
| Preconfigured to audit network requests without restricting transaction requests | ✓ | |
| Log repository built upon IBM-supplied technology, which is designed to be highly tamper-resistant and regulatory compliant | ✓ | |
| Preconfigured to log events to the IBM i security audit journal (QAUDJRN) | ✓ | |
| Supports logging to a user-defined security audit journal for segregation of network and native log traffic | ✓ | |
| Preconfigured to send message alerts to the IBM system operator message queue (QSYSOPR) | ✓ | |
| Support for sending message alerts to a user-defined message queue | ✓ | |
| Product functions can be executed via the menu-driven user interface or via direct commands | ✓ | |
| CENTRALIZED ADMINISTRATION | Others | Exit Point Manager |
| Manage multiple IBM i systems across your network from a single server | ✓ | |
| Configure rules on the management system and copy them to other endpoints on the network | ✓ | |
| Access dashboards displaying transaction counts and statistics for any managed system | ✓ | |
| Run audits to identify and manage rules that have been changes on endpoints directly | ✓ | |
| Resolve discrepancies by accepting the configuration of either the endpoint or the management system | ✓ | |
| Display all events that have occurred on any managed system, including rule changes, system inclusions, and network configuration changes | ✓ | |
| Use roles to define a Powertech user’s authority over managed systems | ✓ | |
| TRANSACTION ACCESS CONTROL | Others | Exit Point Manager |
| Dynamic rule configuration allows you to implement or change rules without a TCP server restart | ✓ | |
| Virtual IP address “locations” allow rapid rule deployment and maintenance | ✓ | |
| Ability to “stack” user and location rules to monitor specific users when they connect from specific locations | ✓ | |
| Configuration duplication from one user to another user | ✓ | |
| Ability to set global access rules by user, group profile, IP address, or address range | ✓ | |
| Controls access to a specific object or multiple objects within a library or IFS directory | ✓ | |
| Rules can be applied to proprietary and third-party software | ✓ | |
| Switch profile support enables temporary increase or decrease of IBM i authority for a specific transaction, function, or service | ✓ | |
| Captures actual transactions for use as a rule template | ✓ | |
| Support for rules specified at varying levels of granularity | ✓ | |
| TRANSACTION AUDITING, REPORTING, AND NOTIFICATION | Others | Exit Point Manager |
| Segregates auditing versus notification with independent message flags | ✓ | |
| Pre-formats spooled file reports for easy reading with three selectable levels of detail | ✓ | |
| Exports transaction logs to DB2 database file or .csv format | ✓ | |
| Authorized users can report and export transaction data without being granted configuration permission | ✓ | |
| Users can filter to report only unauthorized access attempts, authorized activities, or both | ✓ | |
| Search transaction logs by user, location, and timestamp range, and by server or function | ✓ | |
| Report on processes that send remote command requests to the server | ✓ | |
| Report on processes that access or manipulate file data through network interfaces like FTP or ODBC | ✓ | |
| Can send alerts (to a predefined queue or message management tool) when a specific transaction is processed | ✓ | |
| INTEGRATION | Others | Exit Point Manager |
| Integrates with: | ||
| • Powertech SIEM Agent for IBM i for real-time event notification to a SIEM via syslog, CEF, or ISS | ✓ | |
| • Powertech Compliance Monitor for IBM i for centralized reporting | ✓ | |
| • SEQUEL ViewPoint for executive dashboards | ✓ | |
| • Any IBM i job scheduler to run scheduled reports | ✓ | |
| • Commercial message handlers including QMessage Monitor and Robot/CONSOLE for real time message escalation | ✓ | |
Let's Get Started
See Powertech Exit Point Manager for IBM i on your system to determine how it can help you meet your security goals.
Request a free demo >