Bridge the Gap: How to Use an Enterprise Product You Already Own to Enhance z/OS Security
Project and Program:
Enterprise Data Center,
Security and Compliance
Tags:
Proceedings ,
SHARE in Orlando 2015 ,
2015
Mainframes are said to hold 70% of the most critical enterprise data, and IBM says 100% of all credit card transactions pass through a mainframe. Contrary to conventional wisdom, there have been documented, external successful mainframe breaches. Yet many organizations are treating their mainframe as some isolated silo, both impregnable and “off the radar” to the excellent security operations center (SOC) tools that most organizations already possess.
All security information and event management (SIEM) systems present SOC data in real time, however mainframe data for these SIEM systems continues to come in the form of nightly reporting. Nightly printed reports were good enough 20 years ago, but today you need proactive, real-time reporting of the state of your entire enterprise, not just the distributed data SIEM systems monitor.
Come to this presentation and hear how you can get real-time alerts for mainframe security events, using the SIEM system that you already own. Learn how you can monitor mainframe security violations, TCP/IP logons, DB2 events and file integrity events – with attacks on your enterprise firewalls and non-mainframe servers – in real-time. The beauty of these SIEM systems is their ability to correlate these security logs (syslogs) to uncover patterns of user and system behavior that are indicative of cyber threat. Only the most mature enterprises are capable of including real time mainframe security logs in their existing SIEM systems and we will provide some insight to how they do it during this presentation.-Charles Mills-CorreLog
Back to Proceedings File Library