zSecure™ Alert resides on the mainframe, monitoring IBM® z/OS®, IBM Resource Access Control Facility (RACF®), IBM DB2®, CA, ACF2, IBM Customer Information Control System (CICS®), IBM Information Management System (IMS™), IBM Communications Server, IBM Tivoli® Workload Scheduler, IBM Health Checker, Linux on IBM z Systems™ and UNIX subsystems. Combining a threat knowledge base with parameters from your active configuration, zSecure Alert identifies resources needing protection.
Unlike other products that only detect breaches from system management facility information, zSecure Alert can also detect malicious activity ― even if it is not recorded in the event logs. Comparing real-time activity with recent access patterns, zSecure Alert discovers additional threats.
Broad range of monitoring capabilities
zSecure Alert helps you detect multiple types of attacks and configuration threats, including improper or privileged logons and failed logon attempts, changes that violate security policy, the addition or removal of system authority, suspicious activity on the UNIX subsystem, sensitive data resource information associated with data access and privileged user/group activity or zSecure Server connection lost.
Fast, flexible alerts
Helping you provide more efficient incident response to prevent costly damage, zSecure Alert notifies you of changes, improper access events and security vulnerabilities. It produces alerts with CARLa Auditing and Reporting Language and can be customized for email, cell phone and pager delivery, as well as to your central security or network management console. It monitors critical system settings and sends alerts if changes are detected, and can also demonstrate compliance with regulations.
Guidance on countermeasures
zSecure Alert provides guidance on countermeasures to take when a threat is detected. It enables you to predefine and customize a countermeasure using zSecure Admin, such as instantly revoking a user or shutting down an application when a certain security event occurs. You can send Write to Operator messages to trigger automated operations or issue RACF commands autonomously. These countermeasures enable administrators to quickly diagnose and respond to failures or exposures.
Scalability for big data systems
V2.2.1 allows storage above the 2 GB boundary ("the bar") to enable processing of more data. Note that the ability to use more virtual memory can have implications for paging and real storage needs. This also frees up storage below the bar for other programs. With models z196 or higher, 64-bit addressing is activated automatically, though reverting back to 31-bit addressing is optional. You can select the program to run on the second panel of menu option SE.0 (SETUP RUN).