Owner security

Fresche fills a security gap with Trinity Guard

March 21, 2022

Alex Woodie

We live in a world full of security threats. Black hat hackers – some working for themselves and others working for the Chinese and Russian governments – are constantly probing the internet, looking for weak links in the information supply chain. With its acquisition of Trinity Guard, Fresche Solutions is determined to keep your IBM i server out of it.

It can be hard to imagine the impact that cybersecurity attacks have on the world and the enormous efforts that some organizations go to to thwart them. In 2021, ransomware caught our attention with major attacks that brought down entire swaths of industry, including oil pipelines, hospitals, food processing plants, and schools. IBM i stores, as we all know, are not immune to these threats.

While ransomware attacks decreased by 37% in January compared to December, according to NCC Group, they are still occurring at a high level and remain a priority for chief information security officers (CISOs). When you factor in incidents such as the Log4j vulnerability disclosed in December and the potential for a broader cyberwar with Russia, the potential impact of security breaches only grows. The direct cost of cybercrime topped $1 trillion for the first time last year, according to a December 2020 report from McAfee, and it would be surprising if costs dropped in 2022.

It is in this context that Fresche Solutions executed its acquisition of Trinity Guard, which we told you about last week. Trinity Guard was one of the last independent vendors of security tools for IBM i. The Houston, Texas-based company is the spiritual successor to PentaSafe, a premier provider of security tools for AS/400 and iSeries platforms.

As Fresche executives reviewed their own offerings for IBM i and the growing need for security tools, they found that Trinity Guard fitted well into their current and future plans.

“We’ve always had this portfolio gap with security,” says Marcel Sarrasin, chief product officer at Fresche. “When we look at what our customers want, surveys, whether it’s our own or HelpSystems’ surveys, security comes first. And we’ve always had a small deviation from the overall portfolio.

The acquisition of Trinity Guard gives the Montreal, Quebec-based company a full suite of security tools designed primarily for IBM i, but also with some Linux and AIX capabilities. At the top of the list is TGSecurity Suite for IBM i, which contains the three great products (you could call it the “Holy Trinity”) for locking down IBM i environments.

This includes TGSecure, which provides control over exit points, user profile management, resource control, access escalation, and idle session locking, among other features. TGDetect, on the other hand, automates IBM i security event monitoring and allows users to generate custom alerts so humans can react quickly. TGAudit completes the suite with tools to detect security vulnerabilities in the configuration of IBM i systems, as well as to comply with industry regulations. TGCentral brings all of these together, working as a centralized point of control for managing security across multiple IBM i LPARs. Trinity Guard also offers TGAudit for Linux, which can help customers ensure that their Linux servers don’t have gaping security holes or are out of compliance. Finally, the company has TGEncrypt, which it launched in late 2020 and which provides 256-bit AES encryption to data stored in Db2 for i.

The availability of Trinity security tools will be a boon for Fresche as it seeks to help IBM i stores embark on application modernization and digital enablement initiatives, but without creating new vulnerabilities in the process, Sarrasin said. .

“Lack of trust and knowledge of security is a detractor for people who modernize applications, go to the web, have a web server on your system, use open source technologies,” he said. computer jungle. “They may be hesitant because they don’t understand it. So that gives us a great link whether there are vulnerabilities in your open source software, web servers, ports, sockets, whatever – we can monitor those specific things through Trinity Guard.

Sarrasin recalls discussions he had with prospects on the platform when he broke into the business with BCD Software, which developed and sold the WebSmart product line.

“I remember 20 years ago we were just entering the web world with WebSmart, and our biggest challenge at the time was whether it was okay to have a web server on IBM i he says. “That was our whole thing. No one wanted to have a web server on the IBM i. “Oh, I open up my whole system.” At that time they didn’t know about SSL, encryption. The world is a whole different world now, and there is much more to know.

Web technology has improved dramatically since 2000, and the quality of our security tools has also increased. But misconceptions about the installed base continue to run rampant, making selling software or security services on IBM i harder than it needs to be.

“We run into this all the time. One of the common things is, “Oh, we have a firewall.” We don’t need security on IBM i,” says Pauline Brazil Ayala, co-founder of Trinity Guard and vice president of operations. “Thinking is changing a bit. We are getting there slowly. But there is still so much room for education.

A trained IBM i professional can configure the operating system to optimize security without using powerful tools, such as those offered by Trinity Guard and other security software vendors. As you start adding multiple LPARs or systems, the complexity factor and time commitment increases proportionally.

Given the great concerns expressed by IBM i stores about security, it is surprising that more of them have not adopted powerful tools to guide them through the process of having good security controls in place. and keeping them in place. According to some accounts, the penetration rate of security automation tools is only 10%, which is extremely concerning for security professionals.

Some of the conversations Brazil Ayala hears about the security on the platform and the surprisingly low adoption rate leave him scratching his head in genuine wonder.

“It’s very hard to believe. I see posts about this stuff. What are you saying? Yes, you need security on IBM i. I don’t know how else to say it. You absolutely need it and you should enforce your safety,” she says. “It’s really time people woke up and got serious about this stuff. You cannot play “as usual” in this environment.

One of the reasons Fresche was drawn to Trinity Guard was the technical acumen of its developers.

“When we look at portfolios, we look for really strong tech companies with great products, and see how our sales, marketing, reach, reputation and brand recognition can help, and that’s why it has so much sense,” says Sarrasin. “One of the things that really impressed us with Trinity Guard is how up-to-date they are and how up-to-date they are. If there’s a new operating system, they’re all over the place in new features. “What are the new compliance requirements? And they keep their reports up to date, always up to date, and I think that’s sometimes a little rare in the IBM i security space.

Brazil Ayala acknowledges that Trinity Guard has focused primarily on the task of developing security software, rather than trying to sell it.

“One of the things we’ve struggled with is the sales and marketing side. We are primarily developers. We love product development, we love the engineering side,” she says. “We have solicited our partners a lot over the years which has been great and we can plan to continue to do so as well. But we were very excited about the full scope of what Fresche has to offer and how they can take our products to the next level and really put them in front of people.

The plan calls for Trinity Guard to continue operating as an independent unit. Fresche, which recently acquired managed service provider (MSP) Abacus Solutions in October, is looking forward to bringing Trinity Guard products to this installed base, which includes managing customers’ IBM i environments in data centers. Abacus as well as in customers’ own stores. The company is currently analyzing how Trinity Guard offerings can integrate with existing products.


Fresche takes on IBM i Security with acquisition of Trinity Guard

Critical Log4j Vulnerability Hits Everything, Including IBM i Server

Trinity Guard Update Brings Joy to System Values, SIEM Integration

The close call of an IBM i Shop with ransomware

Trinity Guard unveils new tools for Linux, Db2 for i