Posts Tagged ‘CA-Top Secret’

Compuware-Syncsort-Splunk to Boost Mainframe Security

April 6, 2017

The mainframe has proven to be remarkably secure over the years, racking up the highest security certifications available. But there is still room for improvement. Earlier this week Compuware announced Application Audit, a software tool that aims to transform mainframe cybersecurity and compliance through real-time capture of user behavior.

Capturing user behavior, especially in real-time, is seemingly impossible if you have to rely on the data your collect from the various logs and SMF data.  Compuware’s solution, Application Audit, in conjunction with Syncsort and Splunk, fully captures and analyzes start-to-finish mainframe application user behavior.

As Compuware explains: Most enterprises still rely on disparate logs and SMF data from security products such as RACF, CA-ACF2 and CA-Top Secret to piece together user behavior.  This is too slow if you want to capture bad behavior while it’s going on. Some organization try to apply analytics to these logs but that also is too slow. By the time you have collected enough logs to deduce who did what and when the damage may have been done.  Throw in the escalating demands of cross-platform enterprise cybersecurity and increasingly burdensome global compliance mandates you haven’t a chance without an automated tool optimized for this.

Fortunately, the mainframe provides rich and comprehensive session data you can run through and analyze with Application Audit and in conjunction with the organization’s security information and event management (SIEM) systems to more quickly and effectively see what really is happening. Specifically, it can:

  • Detect, investigate, and respond to inappropriate behavior by internal users with access
  • Detect, investigate, and respond to hacked or illegally accessed user accounts
  • Support criminal/legal investigations with complete and credible forensics
  • Fulfill compliance mandates regarding protection of sensitive data

IBM, by the way, is not ignoring the advantages of analytics for z security.  Back in February you read about IBM bringing its cognitive system to the z on DancingDinosaur.  IBM continues to flog cognitive on z for real-time analytics and security; promising to enable faster customer insights, business insights, and systems insights with decisions based on real-time analysis of both current and historical data delivered on an analytics platform designed for availability, optimized for flexibility, and engineered with the highest levels of security. Check out IBM’s full cognitive for z pitch.

The data Compuware and Syncsort collect with Application Audit is particularly valuable for maintaining control of privileged mainframe user accounts. Both private- and public-sector organizations are increasingly concerned about insider threats to both mainframe and non-mainframe systems. Privileged user accounts can be misused by their rightful owners, motivated by everything from financial gain to personal grievances, as well as by malicious outsiders who have illegally acquired the credentials for those accounts. You can imagine what havoc they could wreak.

In addition, with Application Audit Compuware is orchestrating a number of players to deliver the full security picture. Specifically, through collaboration with CorreLog, Syncsort and Splunk, Compuware is enabling enterprise customers to integrate Application Audit’s mainframe intelligence with popular SIEM solutions such as Splunk, IBM QRadar, and HPE Security ArcSight ESM. Additionally, Application Audit provides an out-of-the-box Splunk-based dashboard that delivers value from the start. As Compuware explains, these integrations are particularly useful for discovering and addressing security issues associated with today’s increasingly common composite applications, which have components running on both mainframe and non-mainframe platforms. SIEM integration also ensures that security, compliance and other risk management staff can easily access mainframe-related data in the same manner as they access data from other platforms.

“Effective IT management requires effective monitoring of what is happening for security, cost reduction, capacity planning, service level agreements, compliance, and other purposes,” noted Stu Henderson, Founder and President of the Henderson Group in the Compuware announcement. “This is a major need in an environment where security, technology, budget, and regulatory pressures continue to escalate.”

DancingDinosaur is Alan Radding, a veteran information technology analyst, writer, and ghost-writer. Please follow DancingDinosaur on Twitter, @mainframeblog. See more of his IT writing at technologywriter.com and here.

 

 

The Mainframe at the Heart of the Security Storm

December 18, 2014

A survey of Chief Information Security Officers (CISOs) released by IBM in early December found more than 80% of security leaders believe the challenge posed by external threats is on the rise, while 60% also agree their organizations are outgunned in the cyber war. Even mainframe shops—the zEC12 has received the highest security rating, EAL 5+ —should not get complacent. There are a lot of bad guys gunning for the data center. Just ask Sony.

 ciso study ibm 2014

At least top management is putting resources into security. Three quarters of the CISO respondents expect their security budgets to increase dramatically over the next 3-5 years. IBM is jumping in with a security paper geared specifically for mainframe shops titled Security Intelligence for Mainframe Environments.

So what are the threats keeping CISOs awake at night?  Based on the study sophisticated external threats were identified by 40% of security leaders as their top concerns. Expect the extra budget to be thrown at these threats, which will require the most organizational effort over the next three to five years, as much as regulations, new technologies, and internal threats combined, according to the IBM analysts.

Although a majority of the CISOs surveyed appear confident their mature, traditional technologies that focus on network intrusion prevention, advanced malware detection, and network vulnerability scanning will fend off outside threats, nearly half reported that deploying new security technology is the top focus area for their organization. Their top worries: data leakage, cloud security, and mobile/device security.

Some other interesting findings from the survey:

  • While concern over cloud security remains strong, still close to 90% of respondents have adopted cloud or are currently planning cloud initiatives. Of this group, most expect their cloud security budget to increase dramatically over the next three to five years.
  • Over 70% of security leaders said real-time security intelligence is increasingly important to their organization. Yet about half found areas such as data classification and discovery and security intelligence analytics have relatively low maturity and require improvement or transformation.
  • Not surprisingly, despite the growing mobile workforce, only 45% believe they have an effective mobile device management approach. According to the study, mobile and device security ranked at the bottom of the maturity list.

Although your data center provides a tempting target to attackers, it also can protect you with an effective counter-punch. That counter-punch is delivered through increasingly powerful and fast analytics, especially real-time analytics. The objective is to identify attacks as they are underway. Otherwise, you are left scrambling to close the proverbial barn door after the horses (data) have left.

This will entail systems that identify who did what and when, recognizing what’s normal behavior versus abnormal, and obtaining visibility into subtle connections between millions of data points. This requires a great deal of contextual data and the analytical means to make sense of it. And here is where you come in: your team needs to integrate mainframe data with distributed events to gain insights that apply to the entire enterprise.

In fact, IBM identifies a series of issues that put the mainframe squarely at the heart of the challenge and the solution:

  • Complexity: The mainframe is an integral component of multiple, often large and complex business services, making it difficult to identify and analyze threats.
  • Visibility: Mainframe processes, procedures and reports are often siloed, impeding cross-enterprise information sharing to combat threats. (But silos also help protect mainframe data—be selective in breaking down the silos.)
  • Compliance: Verification of compliance is frequently a manual task—with problem alerts all too often received only after a problem has occurred.
  • Cost: Mainframe management requires highly skilled administrators, who often are costly and in short supply.

You already have many of the solutions IBM recommends, like RACF, CA-Top Secret, and CA-ACF2. The mainframe security paper cited above covers the rest. Given what happened to Sony, it’s worth reading the paper closely.

Best wishes for the holidays. DancingDinosaur is Alan Radding. You can follow DancingDinosaur on Twitter, @mainframeblog. Check out more of my IT writing and analysis at Technologywriter.com and here.


%d bloggers like this: