iCompliant – IBM i Configuration Assessment Tool

-
Assess all aspects of IBM i security from system configuration to object authorization
-
Execute compliance assessments as frequently as needed
-
Implement defense-in-depth strategy that reduces the risk of exploitation even if a vulnerability occurs
IBM i (formerly AS/400) systems play critical role in the business processes of their owners. However, security testing and monitoring of these systems usually doesn’t achieve the level we expect in case of Windows, Linux or Unix hosts.
Silent Signal’s proprietary iCompliant tool helps the secure operation and hardening of IBM i systems to minimize the attack surface. To satisfy the need of in-depth IBM i security assessments, the knowledge integrated into iCompliant is based on multiple pillars:
-
Checks for industry recommendations ensure compliance with security best practices and standards (PCI-DSS, SOX, COBIT, ISO 27002).
-
Hands-on penetration testing experience enables targeted hardening against practical attacks relying on weaknesses outside the usual scope of security standards.
-
The latest results of IBM i security research at Silent Signal are integrated to deliver exclusive defensive solutions.
iCompliant applies this knowledge to examine the overall security posture of its target systems, and deliver comprehensive results about weaknesses to remediate and settings to improve.
-
Modular Architecture
Audit checks can be enabled one-by-one for each individual target. Users can develop custom, system-specific checks either themselves, or with the assistance of Silent Signal experts.
-
Zero Dependencies
Security checks can be launched from workstations or servers, from Linux or Windows. No additional software is required on the target systems.
-
Time Well Spent
Clear issue descriptions and prioritization of findings based on hands-on offensive experience ensure that defenders will work on solving the right problems.
-
Supporting the Security Process
Flexible export formats allow easy delivery of findings to existing risk management systems. Guided questionnaires help the security team to obtain accurate information from system operators.