IBM Support

Security and Compliance with PowerSC

General Page

This professional consulting service assists clients with deploying numerous general security measures for mitigating cybersecurity risk on AIX, VIOS, Linux, HMC, and IBM i. The PowerSC Graphical User Interface (GUI) server provides browser-based centralized management of these security measures deployed on endpoints configured with the PowerSC GUI agent.

Multiple consulting service options are available for this service. Options range from minimal 
proof-of-concept (PoC) to full deployment across the entire enterprise.

Relevance to "Cost of a Data Breach Report 2023" 1

  • Cloud misconfiguration was the initial attack vector in 11% of all breaches, with an average cost of USD 4 million. 1
  • Use of EDR tools reduced the average cost of a breach by USD $174,267. 1
  • Security system complexity was the highest factor that increased the average cost of the breach. On average, it added USD 240,889 to the average cost of a breach. 1
  • Average cost of a breach for organizations with high levels of compliance failures was USD 5.57 million. 1
  • Noncompliance to regulations added USD 218,915 to the average cost of a breach. 1
  • IBM Security recommends, “Companies should seek data security and compliance technologies that work on all platforms, allowing them to protect data as it moves across databases, applications and services deployed across hybrid cloud environments. ” 1
  • “Security AI and automation were shown to be important investments for reducing costs and minimizing time to identify and contain breaches. Organizations that used these capabilities extensively within their approach experienced, on average, a 108-day shorter time to identify and contain the breach. They also reported USD 1.76 million lower data breach costs compared to organizations that didn’t use security AI and automation capabilities. ” 1

Relevance to Zero Trust

  • “Inspect and log all traffic before acting – Establish full visibility of all activity across all layers from endpoints and the network to enable analytics that can detect suspicious activity.” 2
  • The NSA stated that one of the requirements to adequality address the modern dynamic threat environment is to have “Coordinated and aggressive system monitoring, system management, and defensive operations capabilities.” 2
  • The NSA states, “Create security policies and apply them consistently across all environments.” 2
  • “Thus, security professionals must verify and secure all resources, limit and strictly enforce access control, and inspect and log all network traffic.” 3
  • The NSA states, “Further, analytic capabilities continuously monitor for anomalous activity in accounts, devices, network activity, and data access.” 2
  • “By implementing a modern cybersecurity strategy that integrates visibility from multiple vantage points, makes risk-aware access decisions, and automates detection and response actions, network defenders will be in a much better position to secure sensitive data, systems, applications, and services.” 2
  • “A mature Zero Trust environment will afford cybersecurity defenders more opportunities to detect novel threat actors, and more response options that can be quickly deployed to address sophisticated threats.” 2
  • The NSA states, “When properly and fully implemented, Zero Trust should be able to prevent, detect, and contain intrusions significantly faster and more effectively than traditional, less integrated cybersecurity architectures and approaches.” 2
  • “Zero trust makes full use of automated tools and workflows that support security response functions across products and services while maintaining oversight, security, and interaction of the development process for such functions, products, and services.” 4
Depending on terms, receive assistance with the following:
Security and Compliance Automation
Learn how to change the default settings of AIX, VIOS, Linux, HMC, or IBM i running on Power with the pscxpert tool.  Pscxpert provides different types of security hardening profiles in order to fulfill the specific type of security or regulatory requirements of your organization.
 
Allowlisting
Learn how allowlisting can be implemented on AIX with trustchk and RHEL with fapolicyd.  Allowlisting is a malware prevention technique in which you require executable files to be authorized before execution.  An executable file not properly authorized would either be prohibited from execution, or an error message would be generated, depending on configuration.
 
Intrusion Detection Service
Learn how to configure the Port Scan Attack Detector (psad) tool on RHEL and SLES.  psad makes use of iptables log messages to detect, alert, and (optionally) block port scans and other suspect traffic.
 
File Integrity Monitoring
Learn how to configure the component, Real Time Compliance (RTC), on AIX to provide security file monitoring for the 300 most important AIX operating system files.  For file integrity monitoring on Linux, the auditd subsystem is configured to interface with the PowerSC GUI Server.

Endpoint Detection and Response
Learn how to configure the PowerSC functionality that is designed to continually monitor and respond to cyberthreats.  Numerous different types of security events can be centrally received by the PowerSC GUI server from PowerSC GUI agents.  PowerSC provides EDR support for responding to these events using several options.  You can learn more on How PowerSC Implements Enhanced Detection and Response.

Automation with REST API
Learn how the PowerSC GUI Server’s REST API can be used to automate security tasks.  The REST API allows execution of PowerSC tasks without needing an administrator to log in to the PowerSC GUI Server’s web interface. 

Reporting
Learn how to configure the various PowerSC reporting options.  PowerSC provides reports for the compliance and file integrity monitoring components.  The timeline report is an interactive page that reports on a single endpoint.  The Event Analysis report allows searching of security events by using various criteria for filtering events that occur on an endpoint.
PowerSC GUI Server Security
Learn how to configure authentication and access control options for the PowerSC GUI server.  The PowerSC GUI server provides several authentication options such as: local security, Lightweight Directory Access Protocol (LDAP), and Single Sign-On (SSO) using the PowerSC Multi-Factor Authentication server and OpenID Connect Protocol (OpenID).  Access control options provide group-based access for implementing granular access control using type of administrative role and endpoint set.

Miscellaneous
Learn about more topics for well-rounded PowerSC knowledge transfer.  Topics such as troubleshooting, logging, backup, etc.

Common Use Cases
  • An organization that would like assistance with initial implementation of PowerSC security and compliance measures across their entire enterprise
  • An organization that would like assistance deploying new security settings using techniques that mitigate the risk of application conflicts
  • An organization that would like a guided deep introduction to PowerSC
  • An organization that would like to learn how to install and configure PowerSC
  • An organization that would like to implement an EDR solution for their Power virtual machines
  • An organization that would like to reduce the effort and complexity of securing their VMs running on Power
  • An organization that would like to automate PowerSC using KSH, REST API, or Ansible
  • An organization that would like to evaluate PowerSC before they purchase PowerSC licensing
  • An organization that would like a centrally managed security solution for deploying cybersecurity safeguards

Engagement Process
  • Consultant arranges prep call to discuss requirements, scheduling, and agenda
  • Consultant works with client to install and configure PowerSC in client environment
  • Consultant provides advice on best practice implementation
  • Consultant works with client to verify PowerSC functions most important to the client
  • Consultant provides presentations to facilitate knowledge transfer

Deliverables
  1. Presentation Slides – an electronic copy of presentation slides
  2. Configuration documents – an electronic copy of configuration documents
  3. Scripting – scripting provided, depending on terms, to facilitate specific subsets of PowerSC implementation
References
  1. Ponemon Institute – Cost of a Data Breach Report 2023. (July 2023)
  2. National Security Agency – Embracing a Zero Trust Security Model. (Feb 2021)
  3. Forrester – No More Chewy Centers: The Zero Trust Model of Information Security. (March 2016)
  4. Cybersecurity & Infrastructure Security Agency – Zero Trust Maturity Model v2.0. (April 2023)
For questions, please contact AIX/Linux Security consultant, Stephen Dominguez, at email

[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSB2BD2","label":"IBM PowerSC"},"ARM Category":[],"Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"All Versions"}]

Document Information

Modified date:
10 July 2024

UID

ibm16591523

Page Feedback