Get real-time automated security analytics on your mainframe

Share this post:

Time is of the essence

Our security operations centers are inundated with records that might include information relevant to potential security breaches. The amount of data to be analyzed is overwhelming.  We must defend against malware, ransomware, privileged user abuse, hackers and other threats: often zero-day vulnerabilities which can be exploited immediately and run undetected for months.  To combat these threats, we need automated real-time analytics to sort out potential threats from the background noise of harmless activities and to react as quickly as possible to keep our enterprises safe.  Time is of the essence when you are defending your enterprise.

This is easier said than done, especially on mainframes, which host mission-critical applications and much of the world’s critical production information.  Mainframes generate massive collections of security activity records that must be analyzed and prioritized as quickly as possible.  Analysis takes place natively on the z/OS platform and collectively within the entire enterprise, using a security information and event management (SIEM) tool to determine potential large-scale patterns. Enterprise-scale security analytics are now required to effectively monitor and defend against these “needle in a haystack”-type threats.

Automated real-time analytics are no longer a luxury. They are a necessity.  On the mainframe platform, you should analyze, prioritize and remediate threats using a product such as IBM Security zSecure Audit, and create real-time alerts with IBM Security zSecure Alert.

In addition, you should use zSecure Audit (or IBM Security zSecure Adapters for QRadar SIEM) to collect, enrich and share (in real time), local mainframe security event information with enterprise-wide SIEM IBM QRadar to correlate local events with large-scale patterns of abuse and threats.  Extended QRadar capabilities that can also greatly enrich mainframe security intelligence include:

  • Vulnerability threat assessment with IBM QRadar Vulnerability Manager. It can discover security vulnerabilities, add context and support the prioritization of remediation and mitigation activities.
  • Diving deeper into security event tracking with IBM QRadar Incident Forensics. It allows you to retrace the actions of a potential attacker and can quickly and easily conduct a forensic investigation.
  • Detection of insider threats by analyzing typical user behavior to detect anomalies such as weakened access, location changes and more. IBM QRadar User Behavior Analytics (UBA) can analyze the usage patterns of insiders to determine if their credentials or systems have been compromised by cyber criminals.
  • Cognitive analytics using IBM QRadar Advisor with Watson augment a security analyst’s ability to identify and understand sophisticated threats by tapping into unstructured data (like blogs, websites and research papers) and correlating that information with local security offenses.

These capabilities bring mainframe security out of isolation and into the enterprise-wide security operations center with greater automation, sophisticated in-depth analytics and real-time responses.   It’s time to introduce your mainframe operations center to state-of-the-art real-time cognitive security capabilities.  Time is of the essence in security threat detection.

To learn more about real time mainframe analytics read: Outthink threats with analytics and security intelligence for IBM z Systems.

IBM Senior Marketing Manager, IBM z Systems

Add Comment
No Comments

Leave a Reply

Your email address will not be published.Required fields are marked *

More Security stories

Accelerating value in the API economy with mainframe

In today’s vastly interconnected world, the places for lone islands of business to prosper are few and far between. Organizations are built on trade, and market leaders collaborate for new opportunity, innovation and competitive advantage. Over 70 percent of CxOs are seeking to increase their partnerships, and in this digital marketplace, application programming interfaces (APIs) […]

Continue reading

IBM unveils new cloud-ready mainframe based on single-frame design

Today, IBM announced its newest cloud-ready mainframes — the IBM z14 Model ZR1 and IBM LinuxONE Rockhopper II, the latest additions to its family of servers announced in 2017. The new systems feature a 19-inch industry standard, single-frame design allowing for easy placement into cloud data centers and for private cloud environments. This will bring […]

Continue reading

Architecting the future with IBM Z Technical University

We are currently at an inflection point for a massive industry shift fueled by data. Exponential growth of data is coming together with exponential growth in the capabilities to apply analytics and machine learning to data. The world is becoming digital and intelligent. Nearly all existing business processes can be augmented with artificial intelligence (AI) […]

Continue reading