Get real-time automated security analytics on your mainframe

Share this post:

Time is of the essence

Our security operations centers are inundated with records that might include information relevant to potential security breaches. The amount of data to be analyzed is overwhelming.  We must defend against malware, ransomware, privileged user abuse, hackers and other threats: often zero-day vulnerabilities which can be exploited immediately and run undetected for months.  To combat these threats, we need automated real-time analytics to sort out potential threats from the background noise of harmless activities and to react as quickly as possible to keep our enterprises safe.  Time is of the essence when you are defending your enterprise.

This is easier said than done, especially on mainframes, which host mission-critical applications and much of the world’s critical production information.  Mainframes generate massive collections of security activity records that must be analyzed and prioritized as quickly as possible.  Analysis takes place natively on the z/OS platform and collectively within the entire enterprise, using a security information and event management (SIEM) tool to determine potential large-scale patterns. Enterprise-scale security analytics are now required to effectively monitor and defend against these “needle in a haystack”-type threats.

Automated real-time analytics are no longer a luxury. They are a necessity.  On the mainframe platform, you should analyze, prioritize and remediate threats using a product such as IBM Security zSecure Audit, and create real-time alerts with IBM Security zSecure Alert.

In addition, you should use zSecure Audit (or IBM Security zSecure Adapters for QRadar SIEM) to collect, enrich and share (in real time), local mainframe security event information with enterprise-wide SIEM IBM QRadar to correlate local events with large-scale patterns of abuse and threats.  Extended QRadar capabilities that can also greatly enrich mainframe security intelligence include:

  • Vulnerability threat assessment with IBM QRadar Vulnerability Manager. It can discover security vulnerabilities, add context and support the prioritization of remediation and mitigation activities.
  • Diving deeper into security event tracking with IBM QRadar Incident Forensics. It allows you to retrace the actions of a potential attacker and can quickly and easily conduct a forensic investigation.
  • Detection of insider threats by analyzing typical user behavior to detect anomalies such as weakened access, location changes and more. IBM QRadar User Behavior Analytics (UBA) can analyze the usage patterns of insiders to determine if their credentials or systems have been compromised by cyber criminals.
  • Cognitive analytics using IBM QRadar Advisor with Watson augment a security analyst’s ability to identify and understand sophisticated threats by tapping into unstructured data (like blogs, websites and research papers) and correlating that information with local security offenses.

These capabilities bring mainframe security out of isolation and into the enterprise-wide security operations center with greater automation, sophisticated in-depth analytics and real-time responses.   It’s time to introduce your mainframe operations center to state-of-the-art real-time cognitive security capabilities.  Time is of the essence in security threat detection.

To learn more about real time mainframe analytics read: Outthink threats with analytics and security intelligence for IBM z Systems.

IBM Senior Marketing Manager, IBM z Systems

More Mainframes stories

Storage data migration 101: Online versus offline migration

Storage data migration involves transferring data between storage subsystems or server systems, and it’s a common project for organizations across various industries. There can be several reasons to do a storage data migration: Doing a storage hardware refresh Resolving storage performance or capacity issues Moving to storage subsystems with new features Relocating your data center […]

Continue reading

Three ways to thrive in the digital age [New Solitaire report]

The pace of business has rapidly accelerated in recent years. Your enterprise must constantly innovate products and services while keeping costs down and data secure. Solitaire Interglobal Limited (SIL), a research firm with over 40 years of experience, has tapped its vast market database to analyze how IT infrastructure can help organizations meet these challenges. […]

Continue reading

Open source project Zowe: Fast, simple, familiar z/OS development

The IT landscape is evolving at a fast pace. Organizations continue to digitally transform to better serve the demands of their customers and differentiate themselves from their competitors. Many of these businesses have a mainframe as an essential asset at the heart of their digital transformation, and to drive the business. IBM Z mainframe strengths […]

Continue reading