Get real-time automated security analytics on your mainframe

Share this post:

Time is of the essence

Our security operations centers are inundated with records that might include information relevant to potential security breaches. The amount of data to be analyzed is overwhelming.  We must defend against malware, ransomware, privileged user abuse, hackers and other threats: often zero-day vulnerabilities which can be exploited immediately and run undetected for months.  To combat these threats, we need automated real-time analytics to sort out potential threats from the background noise of harmless activities and to react as quickly as possible to keep our enterprises safe.  Time is of the essence when you are defending your enterprise.

This is easier said than done, especially on mainframes, which host mission-critical applications and much of the world’s critical production information.  Mainframes generate massive collections of security activity records that must be analyzed and prioritized as quickly as possible.  Analysis takes place natively on the z/OS platform and collectively within the entire enterprise, using a security information and event management (SIEM) tool to determine potential large-scale patterns. Enterprise-scale security analytics are now required to effectively monitor and defend against these “needle in a haystack”-type threats.

Automated real-time analytics are no longer a luxury. They are a necessity.  On the mainframe platform, you should analyze, prioritize and remediate threats using a product such as IBM Security zSecure Audit, and create real-time alerts with IBM Security zSecure Alert.

In addition, you should use zSecure Audit (or IBM Security zSecure Adapters for QRadar SIEM) to collect, enrich and share (in real time), local mainframe security event information with enterprise-wide SIEM IBM QRadar to correlate local events with large-scale patterns of abuse and threats.  Extended QRadar capabilities that can also greatly enrich mainframe security intelligence include:

  • Vulnerability threat assessment with IBM QRadar Vulnerability Manager. It can discover security vulnerabilities, add context and support the prioritization of remediation and mitigation activities.
  • Diving deeper into security event tracking with IBM QRadar Incident Forensics. It allows you to retrace the actions of a potential attacker and can quickly and easily conduct a forensic investigation.
  • Detection of insider threats by analyzing typical user behavior to detect anomalies such as weakened access, location changes and more. IBM QRadar User Behavior Analytics (UBA) can analyze the usage patterns of insiders to determine if their credentials or systems have been compromised by cyber criminals.
  • Cognitive analytics using IBM QRadar Advisor with Watson augment a security analyst’s ability to identify and understand sophisticated threats by tapping into unstructured data (like blogs, websites and research papers) and correlating that information with local security offenses.

These capabilities bring mainframe security out of isolation and into the enterprise-wide security operations center with greater automation, sophisticated in-depth analytics and real-time responses.   It’s time to introduce your mainframe operations center to state-of-the-art real-time cognitive security capabilities.  Time is of the essence in security threat detection.

To learn more about real time mainframe analytics read: Outthink threats with analytics and security intelligence for IBM z Systems.

Add Comment
No Comments

Leave a Reply

Your email address will not be published.Required fields are marked *

More Security Stories

Why use IBM DevOps tools to deploy applications to the mainframe?

One of the areas in software delivery that drives the most value for your dollar is automating release deployments.  This is especially true in mainframe environments, where lengthy homegrown processes for checking in and deploying code have been used for years in order to safeguard business-critical applications. Why would you seek out IBM for software […]

Continue reading

Accelerate business insights on IBM Z

Competitive advantage today is based on immediate insight, trusted relationships and the ability to move with speed to engage with clients across multiple channels. To meet these goals, IBM recently introduced the IBM® z14™, the next generation of the world’s most powerful transaction system. It is capable of running more than 12 billion encrypted transactions […]

Continue reading

Traveling an efficient DevOps path with fewer detours

I’ve been flying a lot to Raleigh lately. Although I am waiting for the day when I can get a direct flight, at least I can book a flight that is an end-to-end trip on the same plane. Staying on the same plane is better for my sanity, and I am fairly certain that my […]

Continue reading