Latest in dW Security: Play in the brand new sandbox and create a machine-learning, security front end
If you haven't checked it out yet, make sure to read the two newest articles on developerWorks Security:
Another tutorial we recently published, Crea
This provides service for new DB2 region security settings, new SMF log event records, and a new DB2 object privilege.
You can find technical details on the Service Management Conncet - System z blog, in this entry.
The IBM Security zSecure team published a service stream enhancement (SSE) providing this Access Monitor data feed on March 30, 2017.
The IBM Operations Analytics for z Systems team published Insight Pack 3 providing the capability to interpret the data feed on March 29, 2017.
Technical details can be found in this blog entry by Jeroen Tiggelman on the Service Management Connect - System z blog.
In this new tutorial, the Guardium team describes how you can audit and keep track of privileged users and how they might be compromised. This tutorial combines the power of Guardium with IBM Security Privileged Identity Manager so that you can start building a secure immune system.
You'll learn the benefits of fusing Guardium with PIM, the solution architecture, and how you can enhance reports with data configured from PIM.
I'm happy to announce that we have just published a new article regarding the new function AppScan Standard integrated with Application Security on Cloud.AppScan Standard 188.8.131.52 can integrate with Application Security on Cloud (ASoC). It is now possible to upload scans and templates (SCAN or SCANT files) to Application Security on Cloud to run scans.This article will introduce how to configure and run a scan in AppScan Standard to Application Security on Cloud.
Increasing demand from today’s employees for a flexible experience that affords them the option to use the mobile technology of their choosing has disrupted traditional approaches to IT management and security.As a first response, it’s not uncommon for companies to launch brin
Join guest speaker, Forrester Senior Analyst Chris Sherman, and IBM MaaS360 portfolio marketing leader, Jonathan Dale as they share best practices for securing and empowering your mobile workforce.
You will learn:
Rolling out large enterprise software across any organization requires a smart infrastructure plan and an eye towards future scalability if the deployment is going to be a success. With IBM BigFix Software, there are some specific challenges that need to be met when designing a deployment from a performance perspective. Here is how one team within IBM faced a performance challenge and solved it using a smart infrastructure plan.
Read the full paper by authors Shaun T. Kelley and Mark Leitch:
Shadow IT refers to the information technology solutions used inside an organization without the explicit approval of the organization. In recent years, the advent of cloud computing has made it easier for employees to circumvent IT department and use a variety of cloud applications without the knowledge or approval of the organization. Despite the high visibility of recent data breaches, most employees still choose to use cloud services to be able to do their job more efficiently. In a study conducted by IBM Security, it was found that 1 in every 3 Fortune 1000 employees regularly saves and shares company data to third- party cloud-based platforms that are not explicitly approved by their organization . This figure is expected to increase as the workplace demographic starts to change and millennials who are greater users of cloud applications  make up more and more of the workforce.
It provides security intelligence and analytics improvements:
* a near real-time SMF event feed to IBM Security QRadar SIEM
* a zSecure Admin Access Monitor feed to zSecure Alert
* performance and scalability improvements
It extends support for these security standards:
* Security Technical Implementation Guide (STIG) 6.29
* Payment Card Industry Data Security Standard (PCI-DSS) 3.2
It provides currency support for:
* CA-ACF2 16 and CA-Top Secret 16
* MQ 9
* Service stream security enhancements for z/OS and RACF
Details can be found on Service Management Connect - System z in this blog entry by Jeroen Tiggelman.
In this tech note, the authors' purpose is to provide best practices on the topic of enabling DB2 native encryption in an HADR environment. Additionally, the note provides a simplified set of working steps, with examples. These steps are designed to minimize the downtime at the database service.
z/VM V6R4 was announced on October 25, 2016 with a planned availability date of November 11, 2016.
A summary of the toleration fixes that have been made available for zSecure can be found on the Service Management Connect - System z blog.
They apply to zSecure Manager for RACF z/VM 1.11.1 and 1.11.2, and to zSecure for z/OS 2.1.0, 2.1.1, and 2.2.0.
In an exci
Be sure to check out presentations from Dave Stewart and Eitan Worcel on Tuesday, November 15th at 11:00am ET.
In this live webinar, you will learn how you can:
For more information, visit:
In his new article, Yang Qi demonstrates how you can apply the Node.js application ot the new enhancements of the Auto-Scaling for Bluemix® service.
So what does this mean for security enthusiasts? It means that you can actually improve the elasticity of your applications with the features on the Auto-Scaling service. It means that you can customize your policy and automatically increase or decrease the CPU threshold, thus maintaining a healthy condition without wasting resources.
This tutorial also shows you just how easy it is to utilize the new metric types, heap and throughput.
Check out the article today!
The TRS Q3 cash payment recipients have just been announced. A huge congratulations to these Security contributors who have been recognized:
by Nandkishor V Gitte and Joseph Fitterer
This workbook contains a series of lab exercises to introduce you to JK Enterprises, which uses the features of IBM Security Identity Manager virtual appliance 184.108.40.206.
The objective of the lab exercises is to provide you with hands-on experience with the configuration and operation of IBM Security Identity Manager 220.127.116.11.
The workbook is designed to complement the presentations that cover each of the features. More detailed information on IBM Security Identity Manager 18.104.22.168 features and functions are found in these presentations. More information is also available in the product documentation on IBM Knowledge Center.
We've all been hearing more and more about BigFix®. If you're an IBM BigFix administrator, you'll want to read on. (Even if you're not, you'll find this interesting!). Here, we have an article from Marco Mattia where he outlines Virtual Relays and the instructions on how to use the this feature. You'll learn the benefits and advantages as well to using a BigFix Virtual Relay.
Check out the PDF links below. Happy reading!
Ever experienced a situation like this image of numerous tests and heavy server load? Minimize time wasted on "noise."
Common false positives waste developers' time and energy--with this new tutorial by by Akash Shetty and others, you can root out those common problems.
IBM Security AppScan® is an automated web application security assessment tool that identifies prominent security vulnerabilities, including OWASP Top Ten and SANS 25 vulnerabilities. The tool also provides detailed reports on security issues along with advisory and fix recommendations. With the help of this tutorial, AppScan users can significantly reduce the number of false positives reported.
We have a new tutorial up on the Security hub: "Ass
In this tutorial, author Madhusudhan Rajappa shows you an effective way of conducting a vulnerability assessment of the web applications and network of any organization. This tutorial also shows how to proactively defend the organization from cyber attacks by using a combination of enterprise-grade and trustworthy vulnerability scanners. The scanners that will be discussed in this tutorial are the Tenable™ Nessus® Scanner and the IBM AppScan® Enterprise. Read
Have you visited the Tech
"I’d like to share some information about a TRS dW Content challenge option that we don’t see many of you taking: developerWorks Recipes.
Creating a dW Recipe is one of the fastest and easiest choices in the TRS program to both contribute technical content AND possibly earn a cash payment.
dW Recipes help developers solve specific problems using IBM products and services. Your Recipe should help developers create something useful, walking them through each part of the process."
Try it today, in three simple steps!
Need inspiration before you begin? Check out this selection of popular Recipes:
In this blog post, Mark Leitch demonstrates the BigFix® Query capability and the topology "power" of the infrastructure.
IBM BigFix is a powerful security product able to manage hundreds of thousands of endpoints. BigFix has recently delivered the BigFix Query capability, offering more insight and control over your business. We will give an introduction to BigFix Query, and then demonstrate how it leverages the time tested and field proven BigFix infrastructure to provide impressive results at scale! To read more about this topic, read the blog post in full here: