Whether IBM DB2, Linux on IBM Z Systems, or any of the supported databases, zSecure Alert identifies and secures operating systems by combining a threat knowledge base from your active configuration parameters. By comparing real-time activity with recent access patterns, zSecure Alert can uncover and report multiple types of attacks and configuration threats, including improper or privileged logons and failed logon attempts, changes that violate security policy, the addition or removal of system authority, suspicious activity on the UNIX subsystem, sensitive data resource information associated with data access and privileged user/group activity, even a lost zSecure Server connection.
Using CARLa Auditing and Reporting Language (CARLa) you can customize the alert reports for email, cell phone and pager delivery, as well as to your central security or network management console. You could even use zSecure Audit to demonstrate compliance with your industry’s security regulations. zSecure Alert also provides guidance on countermeasures to take when a threat is detected. It enables you to predefine and customize a countermeasure using IBM zSecure Admin, such as instantly revoking a user or shutting down an application when a certain security event occurs.
Predefined alerts enable you to quickly detect inappropriate actions or user behavior to provide you more efficient incident response.
Unlike other products that detect threats from system management facility information, IBM zSecure Alert can detect malicious activity ― even when not recorded in the event log.
Automated real-time compliance monitoring on the mainframe helps reduce your cost and exposure associated with failed audits or compliance.
The ability to quickly diagnose and respond to exposures through closed-loop monitoring, intervention, and remediation enables you to intercept problems before they can damage your business.
- Sensitive data monitoring and threat detection
- Broad range of monitoring capabilities
- Guidance on countermeasures
- Malicious activity detection
- Fast, flexible alerts to information security threats
- Modernize with IBM Cloud Pak for Security (Unified Console)
zSecure™ Alert resides on the mainframe, monitoring IBM® z/OS®, IBM Resource Access Control Facility (RACF®), IBM DB2®, CA, ACF2, IBM Customer Information Control System (CICS®), IBM Information Management System (IMS™), IBM Communications Server, IBM Tivoli® Workload Scheduler, IBM Health Checker, Linux on IBM z Systems™ and UNIX subsystems. Combining a threat knowledge base with parameters from your active configuration, zSecure Alert identifies resources needing protection.
Unlike other products that only detect breaches from system management facility information, zSecure Alert can also detect malicious activity ― even if it is not recorded in the event logs. Comparing real-time activity with recent access patterns, zSecure Alert discovers additional threats.
zSecure Alert helps you detect multiple types of attacks and configuration threats, including improper or privileged logons and failed logon attempts, changes that violate security policy, the addition or removal of system authority, suspicious activity on the UNIX subsystem, sensitive data resource information associated with data access and privileged user/group activity or zSecure Server connection lost.
Helping you provide more efficient incident response to prevent costly damage, zSecure Alert notifies you of changes, improper access events and security vulnerabilities. It produces alerts with CARLa Auditing and Reporting Language and can be customized for email, cell phone and pager delivery, as well as to your central security or network management console. It monitors critical system settings and sends alerts if changes are detected, and can also demonstrate compliance with regulations.
zSecure Alert provides guidance on countermeasures to take when a threat is detected. It enables you to predefine and customize a countermeasure using zSecure Admin, such as instantly revoking a user or shutting down an application when a certain security event occurs. You can send Write to Operator messages to trigger automated operations or issue RACF commands autonomously. These countermeasures enable administrators to quickly diagnose and respond to failures or exposures.
V2.2.1 allows storage above the 2 GB boundary ("the bar") to enable processing of more data. Note that the ability to use more virtual memory can have implications for paging and real storage needs. This also frees up storage below the bar for other programs. With models z196 or higher, 64-bit addressing is activated automatically, though reverting back to 31-bit addressing is optional. You can select the program to run on the second panel of menu option SE.0 (SETUP RUN).