Blog
Understanding CVE 2023-30990: The Vulnerability Exploiting the DDM
By Amneris Teruel on Tue, 07/25/2023
Discover CVE-2023-30990 - Unauthenticated RCE in IBM i DDM Service. Learn what this vulnerability is, how it impacts the IBM i, and how you can prevent as well as assess your exposure to it.
Guide
Fortra's Complete Guide to Layered Offensive Security
Most organizations have a decent understanding of the types of defensive security tactics they need to employ to thwart cyberattacks. But offensive security techniques are just as important for detecting existing vulnerabilities that a threat actor has yet to discover and exploit.
Learn how to approach offensive security from the ground up, including the value of using a...
Guide
Integrating IBM i Security Events into Your SIEM
This guide discusses the technical issues relevant to logging IBM i security data and offers a solution for real-time awareness of security events and integration with SIEM solutions.
Blog
Three Lessons Learned from A Data Breach
By Bob Erdman on Mon, 02/24/2020
Simple lessons learned from the many breaches we’ve observed, like careless employees and unusual attack vectors, and ways they can be avoided.
Guide
Download "The Complete Guide to Securing IBM i Exit Points"
Exit points and exit programs aren’t new concepts, but we get more questions about them than any other topic related to IBM i security. Most people who work with IBM i have heard of them but aren’t sure if they need to use them.
This guide is designed to equip IBM i pros with information about what exit points are and how exit programs work,...
Blog
Exit Points and Why Menu Security Isn’t Enough
By Robin Tatam on Wed, 05/30/2018
How do interfaces like FTP side-step IBM i menu security and give users uncontrolled data access through exit points? Robin Tatam explains in this short video.
Blog
Could Ransomware Like WannaCry Hit IBM i?
By Robin Tatam on Thu, 01/04/2018
Security expert Robin Tatam explains how WannaCry and similar ransomware can affect the unique IBM i operating system.
Blog
How to Apply IDS/IPS to IBM i
By Robin Tatam on Fri, 05/12/2017
IPS/IDS are common cybersecurity terms, but how does that pertain to the IBM i environment?
Guide
Download "Secure Inside and Out: Maximizing Intrusion Detection and Prevention on IBM i"
Data leaks and operational disruptions can come from any source—internal or external.
To protect sensitive data from modern cyberthreats, all organizations need a robust intrusion detection and prevention system (IDS/IPS).
The IBM i operating system includes advanced capabilities for detecting and preventing external threats, but there are still gaps that must be filled.
...
Blog
How Exit Programs Make the Greatest Impact on IBM i Security
By Robin Tatam on Tue, 03/28/2017
What do exit points have to do with cybersecurity? How do exit programs work? Robin Tatam provides a clear explanation in this video.
Blog
Cracking the Problem of Endpoint Security
By Robin Tatam on Fri, 03/24/2017
Endpoint security has been a hot topic in the technology and corporate sectors for a few years. Especially with the emergence of bring-your-own-device practices, it has become even more critical to put safeguards in place to ensure the security of sensitive information.
Blog
The DDoS Deception You Need to Know About
By Robin Tatam on Wed, 03/08/2017
A denial-of-service attack is any attempt to interrupt or inflict downtime upon IT systems, but a basic DoS threat is smaller in scale than its DDoS counterpart. With the former, the influx of traffic may come from a single source, while in a DDoS attack, traffic comes from numerous sources – making it more difficult to deal with.
Blog
How “Smash and Grab” Compromises IBM i
By Robin Tatam on Wed, 03/08/2017
During an audit a few years ago, I revealed to the client’s security team that corporate payroll information on every employee, including the CEO, was being archived in an output queue (called PAYROLL) for weeks at a time. Due to poor configuration, this information was accessible to every employee.
Blog
What is the Value of SIEM?
By Robin Tatam on Wed, 03/08/2017
As is often the case in the technology industry, the details surrounding security information and event management can be a little unclear. While vendors may offer solutions of varying complexity, there is still a basic idea behind most SIEM products…
Guide
Download “Identity & Access Management for IBM i”
Insiders are responsible for 34 percent of data breaches—and insiders are also the most difficult threat to control control on IBM i. You can't lock them out completely because your IBM i users need at least some level of access to do their jobs.
So, how do you ensure users have only the access they need without overburdening IT with manual...
Guide
Build vs. Buy: The Argument Against Developing a Solution for Exit Point Security
Before you commit the resources to develop an in-house solution for exit point security, read our list of issues to consider. You might decide it’s neither easy nor cost-effective to set up and monitor your own in-house solution.
Guide
Controlling SQL Updates Using Powertech Exit Point Manager for IBM i
Over the years, users have relied on commands like STRSQL and RUNSQL to provide instant and powerful access to the data on their Power Systems™ servers. All types of users—from programmers to system administrators to end users—use these commands as their primary interface for extracting and updating data.
However, allowing a user to view, update, and even delete data without...
Blog
IT Security Compliance 101
By Robin Tatam on Sun, 08/21/2016
In this compliance 101 primer, we'll look at three high-profile breaches from the past year, each of which shows what can go wrong when data oversight isn't up to snuff. Along the way, we'll discuss some basic fixes that can help shore up network defenses.