Get real-time automated security analytics on your mainframe

28 June, 2017
Anne Lescher

Time is of the essence

Our security operations centers are inundated with records that might include information relevant to potential security breaches. The amount of data to be analyzed is overwhelming.  We must defend against malware, ransomware, privileged user abuse, hackers and other threats: often zero-day vulnerabilities which can be exploited immediately and run undetected for months.  To combat these threats, we need automated real-time analytics to sort out potential threats from the background noise of harmless activities and to react as quickly as possible to keep our enterprises safe.  Time is of the essence when you are defending your enterprise.

This is easier said than done, especially on mainframes, which host mission-critical applications and much of the world’s critical production information.  Mainframes generate massive collections of security activity records that must be analyzed and prioritized as quickly as possible.  Analysis takes place natively on the z/OS platform and collectively within the entire enterprise, using a security information and event management (SIEM) tool to determine potential large-scale patterns. Enterprise-scale security analytics are now required to effectively monitor and defend against these “needle in a haystack”-type threats.

Automated real-time analytics are no longer a luxury. They are a necessity.  On the mainframe platform, you should analyze, prioritize and remediate threats using a product such as IBM Security zSecure Audit, and create real-time alerts with IBM Security zSecure Alert.

In addition, you should use zSecure Audit (or IBM Security zSecure Adapters for QRadar SIEM) to collect, enrich and share (in real time), local mainframe security event information with enterprise-wide SIEM IBM QRadar to correlate local events with large-scale patterns of abuse and threats.  Extended QRadar capabilities that can also greatly enrich mainframe security intelligence include:

  • Vulnerability threat assessment with IBM QRadar Vulnerability Manager. It can discover security vulnerabilities, add context and support the prioritization of remediation and mitigation activities.
  • Diving deeper into security event tracking with IBM QRadar Incident Forensics. It allows you to retrace the actions of a potential attacker and can quickly and easily conduct a forensic investigation.
  • Detection of insider threats by analyzing typical user behavior to detect anomalies such as weakened access, location changes and more. IBM QRadar User Behavior Analytics (UBA) can analyze the usage patterns of insiders to determine if their credentials or systems have been compromised by cyber criminals.
  • Cognitive analytics using IBM QRadar Advisor with Watson augment a security analyst’s ability to identify and understand sophisticated threats by tapping into unstructured data (like blogs, websites and research papers) and correlating that information with local security offenses.

These capabilities bring mainframe security out of isolation and into the enterprise-wide security operations center with greater automation, sophisticated in-depth analytics and real-time responses.   It’s time to introduce your mainframe operations center to state-of-the-art real-time cognitive security capabilities.  Time is of the essence in security threat detection.

To learn more about real time mainframe analytics read: Outthink threats with analytics and security intelligence for IBM z Systems.

The post Get real-time automated security analytics on your mainframe appeared first on IBM Systems Blog: In the Making.