IBM Support

AIX, Linux, and Red Hat OpenShift Security Services

General Page

This support page provides a top-down approach for describing the standard AIX, Linux, and Red Hat OpenShift Security Services provided by IBM Technology Expert Labs.

Insights from "Cost of a Data Breach 2022" 1

  • “Reaching an all-time high, the cost of a data breach averaged USD 4.35 million in 2022.” 1
  • “Eighty-three percent of organizations studied (550) have experienced more than one data breach, and just 17% said this was their first data breach.” 1
  • 59% of organizations don’t deploy Zero Trust. They incur an average of USD 1 million in greater breach costs compared to those that do deploy Zero Trust 1
  • “Healthcare breach costs hit a new record high. The average breach in healthcare increased by nearly USD 1 million to reach USD 10.10 million.” 1
  • “Eleven percent of breaches in the study were ransomware attacks, an increase from 2021, when 7.8% of breaches were ransomware, for a growth rate of 41%.” 1
  • NOTE: The following services can be provided under the IBM Expert Assist program, https://ibm.biz/expertassist.
    For questions, contact systems-expert-labs@ibm.com.
  • Security Assessment
    • AIX Security Assessment

      This service provides a comprehensive security analysis designed to identify security measures that can be implemented by an enterprise that is seeking to improve the cyberdefense of their AIX infrastructure.
      This service consists of 2 parts:

      • Part one: an assessment of over 50 security policies to be used across the AIX infrastructure
      • Part two: an assessment of over 300 security settings of a single AIX or VIOS instance

      The assessment requires only a few hours of the client’s time.  The security recommendations for this service are derived from Center for Internet Security (CIS) Controls and the CIS benchmark for AIX.  The consultant provides a presentation of the findings, and the client receives a set of electronic documents of all findings.

      Click for full Details     PDF(777KB)

      • Linux Security Assessment

        This assessment service, which requires only a few hours of your time, provides a comprehensive security analysis of a single Red Hat Enterprise Linux (RHEL), or SUSE Linux Enterprise Server (SLES) instance.  This service is designed to identify security safeguards that can be implemented to mitigate security risk on your Linux systems.  The security recommendations for this service are derived from Center for Internet Security (CIS) Controls and the CIS benchmarks for RHEL, and SLES.

        Click for full Details     PDF(786KB)

        • OpenShift Security Assessment

          This assessment service, which requires only a few hours of your time, provides a comprehensive security analysis of a single Red Hat OpenShift Container Platform (OCP) cluster.  This service is designed to identify security safeguards that can be implemented to mitigate security risk on your OCP clusters.  The security recommendations for this service are derived from the Center for Internet Security Red Hat OpenShift Container Platform v4 Benchmark.

          Click for full details     PDF(273KB)
           

        • PowerSC
          • Security and Compliance with PowerSC

            This implementation service provides a deployment of the PowerSC Graphical User Interface Server and Agents in your environment.  This solution provides centralized management of numerous security and compliance-related safeguards designed to mitigate security risk on AIX, VIOS, Linux, IBM i, and HMC.

            Click for full details     PDF(103KB)

            • AIX Patch Management with PowerSC

              This implementation service provides a deployment of PowerSC Trusted Network Connect and Patch Management (TNC) in your environment.  TNC is designed to provide continuous patch management for AIX and VIOS.  TNC provides update capabilities for interim fixes, service packs, technology levels, and open source packages.

              Click for full details     PDF(317KB)

              • Malware Defense with PowerSC

                This implementation service is designed to mitigate the security risk of viruses and malware, including ransomware.  This service provides deployment of three measures for malware defense: Threat Hunting, Allowlisting, and ClamAV.  Threat Hunting provides scanning for malware that uses hashes not registered to virus databases.  ClamAV is an open source antivirus engine that provides scanning for over 8.6 million known trojans, viruses, malware, and other malicious threats.  Allowlisting provides detection or prevention of the launching of unauthorized software.  These security measures can be implemented for PowerSC managed AIX or Linux endpoints.

                Click for full details   

                • Multi-Factor Authentication with PowerSC

                  This implementation service adds an authentication safeguard to prevent attackers from gaining unauthorized access that can result in a security incident, including a ransomware attack.  This solution can be implemented for AIX, Linux, VIOS, HMC, and IBM i

                  Click for full details     PDF(249KB)

                • Identity, Credential, and Access Management
                  • LDAP Integration with Microsoft Active Directory

                    This LDAP integration service is designed to provide centralized management of user accounts, group accounts, and passwords by using Microsoft Active Directory.  This solution can be used across your entire AIX and Linux environments.

                    Click for full details     PDF(182KB)

                    • LDAP Integration with IBM Security Directory Server

                      This LDAP integration service is designed to provide centralized management of user accounts, group accounts, and passwords by using IBM Security Directory Server.  This solution can be used across your entire AIX and Linux environments.

                      Click for full details     PDF(290KB)

                      • LDAP Login Control Automation

                        This service provides tools and consulting to add LDAP-based host access for LDAP users to their existing LDAP-based centralized user management solution.  Once this solution is implemented, you no longer need to manage login access locally on each individual AIX or Linux host. 

                        Click for full details     PDF(49KB)

                      • AIX Security
                        • AIX Trusted Execution

                          If you are faced with the challenge of mitigating the security risk of malware, including ransomware, this consulting service assists you with deploying AIX Trusted Execution.  AIX Trusted Execution is designed to detect or prevent not just ransomware, but all types of malware on AIX.

                          Click for full details     PDF(105KB)

                          • Enhanced Role Based Access Control

                            If you are faced with the challenge of mitigating the security risk of excessive administrative privilege, this consulting service assists you with deploying Role Based Access Control (RBAC) on AIX.  RBAC is designed to significantly mitigate the risk of excessive administrative privilege on AIX.

                            Click for full details     PDF(46KB)

                            • AIX Auditing

                              If you are faced with the challenge of detecting malicious activity on AIX, this consulting service assists you with properly configuring the AIX Auditing subsystem.  The AIX Auditing subsystem provides you with a powerful solution to collect detailed logs of security events on AIX.

                              Click for full details     PDF(43KB)

                            All Services PDF (1.7MB)

                            NOTE: If you would like to make a request for a professional security service not listed on this site, forward your request to your local IBM Technology Expert Labs team.
                            Contact us at systems-expert-labs@ibm.com or your local IBM Technology Expert Labs team
                            References
                            1. Ponemon Institute - Cost of a Data Breach Report 2022. (July 2022)

                              [{"Type":"MASTER","Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"ARM Category":[{"code":"a8m0z000000cvzhAAA","label":"Security"}],"Platform":[{"code":"PF002","label":"AIX"}],"Version":"All Versions"}]

                              Document Information

                              Modified date:
                              08 November 2023

                              UID

                              ibm16584155

                              Page Feedback