The IBM Security zSecure team published a service stream enhancement (SSE) providing this Access Monitor data feed on March 30, 2017.
The IBM Operations Analytics for z Systems team published Insight Pack 3 providing the capability to interpret the data feed on March 29, 2017.
Technical details can be found in this blog entry by Jeroen Tiggelman on the Service Management Connect - System z blog.
This is a good time to remind everyone that the early bird rate for Insight 2014 is coming up soon! You have to register by September 19th to get the early bird discount rate.
You can see some of the key note speakers and their session topics on the keynote page. There will be a key note session on "Security Intelligence: Finding and Stopping Attackers with Big Data Analytics" by CTO and IBM Fellow Sandy Bird. From the keynote description:
"Attackers are using increasingly sophisticated methods to access your most sensitive data, and at the same time cloud, mobile and other innovations expand the perimeter you need to protect. This keynote discusses how to build a more secure enterprise with real-time analytics and behavior-based activity monitoring.
Advanced Security Intelligence tools store, correlate and analyze millions of events and flows daily to identify critical incidents your security team needs to investigate. The volume, variety and velocity involved clearly defines Security as a “Big Data challenge.”
Learn how advanced predictive analytics and incident forensics help defend against advanced attacks and respond to and remediate incidents quickly and effectively."
There will also be several Security Fast Track Sessions you many be interested in as a security professional:
This is going to be good conference for anyone interested in the intersection of big data, analytics, and SIEM. So mark your calendars and register today.
At the recent Smarter Analytics Live 2013 forum in Melbourne, IBM senior consultant for enterprise content management solutions Adrian Barfield noted that fraud investigators often spend only 20 percent of their time actually doing the analysis work to uncover data wrong-doing. A full 80 percent of the effort goes toward figuring out what information to use and how to use it since today's data stream includes a diversity of information sources and types. Barfield says this has the effect of flipping the conventional model of security information processing upside-down -- you create the context for your investigation by sifting through large volumes of information.
Barfield cautions that "things are becoming more and more complicated" because analyzing structured data is a different task from analyzing unstructured data. Also, you often need to make a correlation between the two types of data: For example, reconciling structured activity logs with less structured help-desk logs or security incident reports. Security officers need a way to quickly identify patterns and build and deploy new security models.
One such tool to help organize this new security paradigm is the open source Apache UIMA project; Unstructured Information Management applications are software systems that analyze large volumes of unstructured information in order to discover knowledge that is relevant to the user. IBM developed UIMA to help make its Watson artificial intelligence platform a reality.
Another IBM tool that helps determine what data is relevant for a fraud investigation is the Intelligent Investigation Manager, a bundle of techniques that optimizes fraud investigation and analysis by dynamically coordinating and reporting on cases and analyzing and visualizing fraud within structured and unstructured data across silos. The component that bridges the gap between structured and unstructured data is Content Analytics with Enterprise Search:
Senior Product Manager for the IBM Enterprise Content Management Solutions Jeffrey Douglas explains more about Intelligent Investigation Manager components in this video interview. 10:44