Insider threats remain one of the most overlooked risks in enterprise security. According to the 2024 Verizon Data Breach Investigations Report, 35% of breaches originate from within organizations. On IBM i systems, this risk is amplified when users hold powerful authorities such as *ALLOBJ, *AUDIT, and *SECADM. These authorities can allow individuals to bypass audit logging, effectively hiding changes to critical objects.
That’s why it’s essential to know when such high-level authorities are assigned or modified. Even a single profile with overly broad permissions can introduce significant risk if left unchecked.
Introducing a New AAG Security Check
Our monitoring software (AAG) now includes a dedicated check designed to detect and alert on profiles with these elevated authorities. Here’s how it helps:
- Regular scanning of user profiles for *ALLOBJ, *AUDIT, and *SECADM capabilities
- Real-time notifications when new profiles are created or existing ones are modified to include these authorities
- Threshold-based alerts when the number of privileged profiles exceeds defined parameters
This proactive monitoring ensures that administrators are immediately aware of potential risks before they can be exploited.
Real-World Impact
One of our clients recently discovered dormant user profiles that still held these authority settings. These accounts had been overlooked for months and posed a serious insider risk. With the new AAG check, the system flagged the issue immediately, allowing the client to revoke unnecessary privileges and tighten their security posture.
This example highlights how automated monitoring doesn’t just save time — it actively prevents vulnerabilities from becoming breaches.
Why Automated Checks Matter
Manually reviewing authorities is time-consuming and resource-intensive. By automating these checks, organizations can:
- Reduce administrative overhead
- Ensure consistent, scheduled monitoring without human error
- Free up IT resources for higher-value tasks
- Maintain compliance with security and audit requirements
Protecting Your IBM i Environment
Keeping IBM i secure from attack requires vigilance. Automated monitoring provides the early warnings you need to respond quickly, while reducing the burden on your team. With our software, you can be confident that hidden risks won’t slip through the cracks.
Ready to see it in action?
Schedule a demo today and discover how our monitoring software can help safeguard your IBM i environment against insider threats.