IBM Security zSecure today
JeroenTiggelman 27000186A5 Visits (3611)
Here is a quick introduction to IBM Security zSecure.
In a word
The IBM Security zSecure suite helps secure your mainframe. It provides cost-effective security administration, improves service by detecting threats, and reduces risk with automated audit and compliance reporting. Most of the product offerings run on z/OS; zSecure Manager for RACF z/VM is an offering for the z/VM operating system. For administrators who are less mainframe minded zSecure Visual provides a Microsoft Windows front-end. For more details about the individual products, look here: IBM
zSecure's CARLa Auditing and Reporting Language (CARLa)
The CARLa Auditing and Reporting Language (CARLa) is the common query language employed by zSecure Admin, zSecure Audit, zSecure Manager for RACF z/VM, zSecure Alert, and zSecure Adapters for QRadar SIEM, which all share the CARLA engine. (So does zSecure Visual, but as an end user you do not usually make direct use of the script language when using that product.)
CARLa allows for easy customization of reports. When using e.g. zSecure Admin, an easy way to develop new reports from samples is to run a standard report from the User Interface and then go to the RESULTS panel and look at the query that just executed and modify it to suit your needs. There is also an extensive set of sample CARLa in the SCKRCARL library provided with the product. zSecure Alert allows easy cloning of out-of-the-box alerts and modification of alert conditions and the alert content as delivered as e-mail, text message, WTO, SNMP trap, or UNIX syslog receiver message, as you prefer. Self-study materials on CARLa are available on the zSecure wiki. The zSecure forum on developerWorks has been the primary place to publically discuss things zSecure for many of years.
zSecure and Security Information and Event Management
zSecure understands many System Management Facilities (SMF) record types, including some written by IBM's Resource Access Control Facility (RACF), z/OS Communications Server (i.e. TCP/IP), CA's ACF2 and Top Secret, CICS, DB2, IBM Security Key Lifecycle Manager, and IBM Tivoli Omegamon. The complete list is quite long. Nowadays security events are often collected in a Security Information and Event Management (SIEM) offering, such as IBM Security QRadar SIEM or HP ArcSight. The CARLa language can be used to easily send security events from SMF enriched with security database and environmental information to such a product. IBM Security zSecure Audit and IBM
IBM Security zSecure Alert can forward real-time alerts to many different products through the syslog receiver, SNMP, and WTO protocols, both to automate intrusion response and to consolidate compliance information. A pluggable component "IBM zSecure Alert DSM" has been provided for QRadar SIEM since December 2012. Sample files to consolidate the alerts into either Tivoli Enterprise Console or Tivoli NetView are provided in the zSecure Knowledge Center.
Note: This article is kept current as the intended starting point for the latest announcements. Latest edit: October 8, 2015.