Bob Fake, CEO, InfoSec
Real-time event monitoring is crucial to staying on top of what’s happening in your IT infrastructure. To that end, most organizations have Security Information Event Management (SIEM) platforms in place. SIEM captures the millions of events that are being logged daily from PCs, routers, switches, hubs, firewalls
and other network infrastructure components. This 24/7 visibility into your open systems is essential cybersecurity in action. But it’s also an incomplete plan.
What’s Missing From This Picture?
When you install a home security system, you typically don’t ask the security specialist to secure only the front door. Instead, you have sensors or cameras installed on all the doors where an intruder could potentially gain entry.
When your SIEM platform does not include the mainframe, it’s like leaving a side or back door unmonitored. Maybe you think it’s only worth your time to watch the front door. Likewise, many IT professionals believe that the biggest threat to their data security lies in their open systems. While this may be true, it doesn’t mean there isn’t a threat to their mainframe data as well.
Although data on the mainframe may be harder to access, an increasing number of external data breaches have occurred on the mainframe. IBM acknowledges this trend in their Redbooks Solution Guide to mainframe security:
The complexity of ways in which various organizations use System z over many years, means that there are now fewer people with the knowledge and skills to even attempt breaking into a mainframe system. However, as criminal organizations realize the benefits of gaining access to mainframe data, the efforts to achieve this increase.¹
Another issue is the number of internal data breaches that occur involving mainframes. Some reports put the number of internal breaches as high as 80%.
Ultimately any mission-critical information stored on your mainframe—employee files, payroll master files, customer records, bank account information, etc.—would be tempting to any data thief, whether internal or external.
Rather than having a diminished role in our modern lives, mainframes are working harder than ever. Not only do they back up millions of daily transactions at some of our biggest institutions, mainframes also support cloud computing and are the backend to a myriad of mobile apps. With the mainframe taking such a central role in so many areas of your IT infrastructure, it makes sense that you include your Big Iron in your overall security strategy.
“Right Out of the Box” Integration of the Mainframe
If you’re a CIO or CEO, or you’re an IT professional trying to make the business case to senior management for a more comprehensive SIEM strategy, it’s important to know that you can quickly and easily integrate the mainframe. The solution is MEAS™, the Mainframe Event Acquisition System™ from InfoSec.
MEAS collects, stores, reports on and analyzes mainframe data in real time through seamless integration with SIEM platforms. Adding MEAS to your environment offers several benefits:
- You gain 24/7 visibility into all of the events across your IT infrastructure, including both your mainframe and open systems.
- All of your event logs are consolidated into one platform, which allows you to quickly apply intelligence to otherwise diffuse and complex data.
- Rather than having several reference points, your team monitors one source of MEAS makes it easier for your team to work together to identify and resolve any suspicious activity.
Make Sure You Have an Airtight Security Strategy
Leaving your mainframe out of your overall security strategy just doesn’t make sense anymore—not when so much data is left vulnerable, and mainframe integration is easier and more affordable than ever with MEAS. You don’t secure half your house, so why secure half your systems? In the end it just doesn’t compute.