Finding the Threat in a Mountain of Security Data

Bob Fake, CEO, InfoSec

Most CIOs are confident that all their mainframe event data is being properly collected. If there is a specific event they need to locate for security or compliance purposes, they can run a report on it. But for the most part the data is logged and then left alone.

The problem with this approach is that no one is proactively managing that data so they can catch a potential threat as it’s happening. If there is a data breach and a valuable resource is taken, IT professionals don’t know about it until after the fact. By then it’s too late to do more than damage control.

It’s like the difference between having a live security guard standing watch over the palace jewels and an unmanned security camera logging 24-7 footage of those same jewels. In both cases the jewels are being monitored, but if no one is watching the camera’s footage in real time, who is going to spot a theft as it’s happening?

It used to be that a solution for integrating the mainframe into a larger and more comprehensive logging and management strategy like Security Information and Event Management (SIEM) for open systems did not exist. Now middleware, or MI software, easily connects your mainframe to your SIEM platform for real-time data collection and visibility.

Millions of Mainframe Events Get Logged Every Day

Let’s say you’re a company operating five mainframes. Each of these mainframes has five copies of the operating system and they’re each logging a million events a day. That’s 25 million events that are being recorded in a log file every day. Chances are no one is looking at that data. It’s lying dormant because no one is leveraging the potentially risk- reducing information that those logs contain.

Instead of letting your mainframe event data languish, it’s wiser to put it on a platform that would let you apply intelligence to it. With up-to-the-minute visibility into mainframe events as they happen, you can immediately alert others if you see suspicious activity the moment it occurs. That static data collection comes alive and can be acted upon now rather than tracked down later.

Linking the Power of SIEM to Your Mainframe Data Collection

Companies like InfoSec have created a means for connecting your mainframe data collection to your SIEM platform for open operating systems. Using MI software, companies can bridge the gap between their open systems and their mainframe.

The best MI software accomplishes two things: it works in real-time, and it easily integrates with all commercially available SIEMs on the market today.

The tools are now available to use your mainframe data collection for more than just generating reports. By making the invisible visible, you can stop data breaches in their tracks, and protect valuable data before it’s compromised. Because when it comes to security, nothing beats being there.

Leave a Reply