In today’s IT security infrastructure, there are usually two separate security monitoring systems: one for the mainframes, one for the open system. These two groups are essentially performing the same function—which is to monitor security and prevent cyber threats from taking place—and they generally don’t communicate as often as they should. Event management encompasses the entire enterprise, so this lack of communication creates a divide between two systems that, in actuality, aren’t so separate.
Although the open system administrators and mainframe administrators reside in two different arenas and typically operate independently of one another, the organization’s entire security plan is usually determined by open system needs—without any involvement from those on the mainframe side. To address the issues faced by the open systems, organizations have typically implemented a SIEM (Security Information Event Management) tool to monitor security activities on the open system side.
Monitoring Mainframe and Open Technology All in One Place
In IT organizations today, the mainframe and distributed systems are operating more closely. We use distributed systems as front ends or gateways to applications that run on mainframes. Because they are becoming more tightly coupled, we need to identify certain events, patterns or trends that occur on the distributed side with events that occur on the mainframe side.
If we don’t have that integration or cross platform correlation, events can occur on the open side or mainframe side independently, and it is incredibly challenging to tie these events together and thus recognize a problem. By itself, an event may appear to be completely harmless. But when you tie these events together across the platform, it becomes easier to flag a common or correlating issue so that the appropriate staff can look into it.
Mainframe applications are accessed through the Internet, the Intranet, and through TCP/IP protocols. The ability to correlate events across the platforms adds significant value for security. It doesn’t make much sense to have the mainframe side managed separately from the open side because both sides manage information and share the same challenges.
Bringing the two sides of IT together can create more organizational efficiency and improved security; it allows operators to see the types of events that occur, correlate them, and take the appropriate action.
By leveraging both systems on the same SIEM platform, you are able to use technology you have already invested in, and trim down the number of processes and the resources needed to facilitate security via these two separately managed monitoring activities.
On this common SIEM platform, you can bring events from the mainframe and the open system all into one place, using one tool, where the same group can monitor all types of events. Using your current SIEM platform to monitor both the open system and mainframe promises more return on investment for your platform, and an overall better distribution and use of resources.
- More Return on Investment – You get more value from the monitoring platform that you are currently using to monitor both your mainframe and open system. This creates an increase in value because the system can encompass both all in one place.
- Better Use of Resources – Whereas in your current system you need enough personnel to monitor two branches of your IT infrastructure, you will shift to only needing staff to only monitor one branch. The staff that was formerly relegated to juggling multiple different duties like running reports, real-time monitoring tasks, and completing daily job responsibilities, can shift their focus to the security tasks necessary to move your business forward.
InfoSec has created a solution for bridging the gap between open system security monitoring and mainframe security monitoring—the Mainframe Event Acquisition System™ (MEAS™). MEAS™ integrates with all of the commercially available log management and SIEM technologies. MEAS™ helps to bring these two sides of IT together by providing visibility into the mainframe platform, using the same dashboard or portal for events that occur across the enterprise.
MEAS™ can identify open system events, and correlate them to those that occur on the mainframe. By bringing the two sides of the organization together and managing them as one independently, you would then have the ability to correlate the events between the mainframe and the distributed sides—saving time, money, and resources that could be better applied elsewhere.