Enhancing your mainframe security intelligence
Melissa Stevens 270005B76W MELISSAS@US.IBM.COM | | Tags:  infosphere db2 siem qradar guardium racf zsecure ibmsecurity cics mainframe-security security
0 Comments | 5,219 Visits
This post was written by Glinda Cummings, World Wide Senior Product Manager, zSecure at IBM.
When it comes to enterprise security, no news is not necessarily good news. A lack of alerts about attempts to attack your system doesn’t mean they didn’t happen—because chances are, they did. Many large organizations track multiple attempts a week. A lack of alerts just means that while previous attacks were unsuccessful, you may not have received the information and insight you need from your security system to protect against the next attack. That next attack could be successful—and devastating. In today’s interconnected business environment, no system is immune to threats, including mainframe environments.
Security intelligence has come a long way from the early days of simple reports or using an isolated group of people in back offices, who may or may not understand the security requirements for the organization. This isolated group is manually poring over huge amounts of logs and data points. Today, the entire enterprise requires timely security intelligence in making its decisions. Security intelligence has moved from the back office to critical real-time operations. Every part of today’s corporation needs some form of decision support but the scope and complexity is a taunting tasks – from mainframe system logs, application logs, privileged us who are global, and complex models of behavior.
Only a highly integrated series of solutions, like those found in the IBM security intelligence offering, can produce the necessary visibility to safeguard the environment. Security intelligence enables the organization to better discover and respond to:
To achieve consistent reporting on vulnerabilities or threats, including monitoring privileged and non-privileged users, the organization needs centralized logging and intelligent normalization of security data. To ensure that compliance and security goals align, it needs visibility into network segments where logging may be problematic. To discover unknown, excessive or unauthorized mainframe access, it needs visibility into asset communication patterns.
Security intelligence offerings from IBM help provide organizations with comprehensive and actionable insight into threats and risks in mainframe and distributed systems environments. Applying real-time collection, normalization, and analysis of access information and other security-related data, it can reduce both the risk of security breaches and—just as important—the manual effort of security operations, freeing your team to focus on more serious incidents rather than wading through an endless stream of data without context.
IBM security intelligence solutions can strengthen mainframe security operations and enhance availability by consolidating security views to improve identification and remediation of threats. The IBM approach integrates a number of solutions including the Security zSecure Suite, InfoSphere Guardium solutions RACF, DB2, CICS ,and QRadar SIEM. These products build on the threat intelligence expertise of the IBM X-FORCE® research and development team to provide a preemptive approach to security. IBM solutions integrate with competitive products for seamless operations designed to help organizations stay ahead of today’s ever-increasing risk of advanced threats.
Mainframe Security Intelligence is no longer “nice to have”; today, it is essential in order to protect your mission critical production systems and sensitive data. Learn more by reading our new white paper "Get actionable insight with security intelligence for mainframe environments".