To survive and thrive in the current state of persistent threats to IT systems, the chief IT security officer requires more innovative and integrated approaches and products. That's where security intelligence comes in (SI).
This article details the IBM approach to enabling security intelligence in a mainframe environment and offers some tools to help with that implementation. (Part 1 explained IBM's concept of security intelligence, the security challenges of the mainframe environment, where mainframes intersect with SI, and four steps to enabling mainframe SI.)
The topics in this article are more fully explained in the IBM whitepaper "Get actionable insight with security intelligence for mainframe environments" (see Resources).
The path to security intelligence in mainframes
The IBM Security Framework has as a central concept the idea of security intelligence. The framework is a comprehensive approach that addresses key areas of security and compliance risk — people, data, applications, and infrastructure. The IBM approach ties the framework capabilities with other common capabilities for security intelligence and analytics to deliver a structure that lets you implement the policy management, event handling, and reporting that you need to build an enterprise, mainframe security program.
Integrating disparate security tasks (the traditional mainframe way of handling security) is the goal of IBM security intelligence. Two examples of how IBM supports its security intelligence concept in its products include QRadar® SIEM and IBM zSecure™ and Guardium® (from the original whitepaper).
Consolidate security intelligence with QRadar SIEM
QRadar SIEM provides enterprise security intelligence through full visibility and actionable insight; it lets you collect security events from the mainframe, but expands your reach by enabling you to collect from hundreds of other log and flow sources such as security devices, network devices, firewalls, operating systems, and applications.
QRadar provides a unified view of security and compliance risks. It delivers integrated log and threat management, configuration monitoring, vulnerability management, and compliance reporting using sophisticated correlation and anomaly detection analytics. QRadar SIEM can analyze events, network flows, vulnerabilities, user identities, and threat intelligence in a unified way. That way it can provide you with an exceptional level of context and insight into threats and compliance risks.
QRadar SIEM's real-time activity correlation of both events and network flows enables it to help reduce potential breaches by rapidly detecting suspicious activity that might otherwise be missed.
zSecure and Guardium database security provides insights
Tools in the IBM Security zSecure Suite feed real-time data to QRadar SIEM or other SIEM solutions to strengthen mainframe security and more easily comply with regulations — they do this by simplifying audit and reporting efforts. The zSecure consolidated view supports easier identification of and more effective reaction to threats; a forensically secure database stores event data.
The Guardium components support continuous, policy-based, real-time monitoring of database activities, including actions by privileged users, by scanning the database infrastructure for missing patches, misconfigured privileges, and other vulnerabilities.
- The topics in this article are more fully explained in the IBM whitepaper "Get actionable insight with security intelligence for mainframe environments."
- The IBM Redbook Introduction to the New Mainframe: Security provides a wealth of security fundamentals for the latest generation of mainframe hardware and software.
- Explore the IBM Security Framework for cutting-edge knowledge on IT security issues.
- Visit the IBM Security QRadar SIEM site to learn more about the technology. Learn more at the developerWorks QRadar community.
- Visit the IBM Security zSecure site to learn more about the technology. Learn more at the developerWorks zSecure community.
- Visit the IBM Security Guardium site to learn more about the technology. Learn more at the developerWorks Guardium community.
- Start your journey to implement IT security through pragmatic, intelligent, and risk-based practices at Security on developerWorks.
- Attend a free developerWorks Live! briefing to get up-to-speed quickly on IBM products and tools as well as IT industry trends.
- Follow developerWorks on Twitter.
- Watch developerWorks on-demand demos ranging from product installation and setup demos for beginners, to advanced functionality for experienced developers.
Get products and technologies
- Evaluate IBM products in the way that suits you best: Download a product trial, try a product online, or use a product in a cloud environment.
- Get involved in the developerWorks Community. Connect with other developerWorks users while exploring the developer-driven blogs, forums, groups, and wikis.