It provides currency support for z/OS 2.3 and RACF:
* policies for pervasive encryption of data with key labels
* connection protection with z Encryption Readiness Technology (zERT)
* extended reporting for Integrated Cryptographic Services Facility
* extended multi-factor authentication (MFA) options
It extends security intelligence and analytics capabilities:
* a zSecure Alert feed to HPE Security ArcSight
* a zSecure Admin Access Monitor feed to IBM Operations Analytics for z Systems
It provides currency support for:
* Db2 12
* Security Technical Implementation Guide (STIG) 6.31
Details can be found on the Service Management Connect - System z blog
in this blog entry by Jeroen Tiggelman.
JSON Web Tokens (JWTs) are a popular option in the authentication space, but there are some inherent risks. While you gain flexibility by using a JWT, you lose the ability to revoke a token once it’s issued. To minimize the time between an administrator locking a user account and the time at which a previously issued token expires, the JWT should be short lived. This time window, while designed to be brief is a common security concern. Traditional solutions to this problem defeat the benefits of using a portable identity. Inversoft has come up with a novel way to solve this issue in a complementary method. Brian Pontarelli will cover how to implement this JWT revoke strategy to reduce the vulnerability window.
Missed the live coding event? See the replay here: http
Here's a snippet from the article:
In addition, the authors provide you with the resources you need to recreate the steps with the popular social media sites, LinkedIn and Instagram. Comment if you recreated the steps!
The different options within Bluemix bear diverse requirements to the authentication of users. This new article explains the various possibilities on how Bluemix users are managed and authenticated. The authentication covered in this article focuses on users of the Bluemix platform, i.e., developers, administrators, or operators. Applications running on top of Bluemix can use any authentication method that is appropriate for the application’s purpose.
Jeroen Tiggelman posted a sum
The new checks are centered around CA-ACF2 data set related controls.
An overview of all available compliance controls can be found in an updated technote.
You might also be interested in rece
Latest in dW Security: Play in the brand new sandbox and create a machine-learning, security front end
If you haven't checked it out yet, make sure to read the two newest articles on developerWorks Security:
Another tutorial we recently published, Crea
This provides service for new DB2 region security settings, new SMF log event records, and a new DB2 object privilege.
You can find technical details on the Service Management Connect - System z blog, in this entry.
The IBM Security zSecure team published a service stream enhancement (SSE) providing this Access Monitor data feed on March 30, 2017.
The IBM Operations Analytics for z Systems team published Insight Pack 3 providing the capability to interpret the data feed on March 29, 2017.
Technical details can be found in this blog entry by Jeroen Tiggelman on the Service Management Connect - System z blog.
In this new tutorial, the Guardium team describes how you can audit and keep track of privileged users and how they might be compromised. This tutorial combines the power of Guardium with IBM Security Privileged Identity Manager so that you can start building a secure immune system.
You'll learn the benefits of fusing Guardium with PIM, the solution architecture, and how you can enhance reports with data configured from PIM.
I'm happy to announce that we have just published a new article regarding the new function AppScan Standard integrated with Application Security on Cloud.AppScan Standard 18.104.22.168 can integrate with Application Security on Cloud (ASoC). It is now possible to upload scans and templates (SCAN or SCANT files) to Application Security on Cloud to run scans.This article will introduce how to configure and run a scan in AppScan Standard to Application Security on Cloud.