SlideShare a Scribd company logo

Get Mainframe Visibility to Enhance SIEM Efforts in Splunk

Precisely
Precisely

The keys to effective security information and event management (SIEM) for IT environments include early detection, rapid response, and collaboration between all the platforms in your IT infrastructure. Yet many organizations struggle to effectively integrate their mainframe security needs with the rest of their IT environments. With Syncsort Ironstream®, Splunk users can easily monitor and effectively resolve security issues on the mainframe by opening real-time operational data in Splunk Enterprise Security. We’ll take you through common security and compliance challenges organizations face and how Ironstream® can work with Splunk to eliminate those security blind spots. View this webinar on-demand for a discussion about common security and compliance challenges organizations face and how Syncsort Ironstream® can work with Splunk to eliminate those security blind spots. Key topics include: • Proactive reporting to identify and solve problems before they happen • Providing appropriate visibility to ensure management support • Best practices for report types and presentation style

Technology
1 of 32
Download to read offline
Get Mainframe Visibility to Enhance SIEM Efforts in Splunk Bill Hammond, Product Marketing Sid Isted, Product Management 1
• Why is Mainframe Security Data Important? • What are Customers Are Looking For? • Introduction to Ironstream • Visualizing & Reporting Security Data in Splunk • Customer Stories Agenda 2
Traditional mainframes continue to adapt and deliver increasing value with each new technology wave 91%of executives predict long-term viability of the mainframe as the platform continues evolving to meet digital business demands 80%Up to 80% of the world’s enterprise data and transactions reside on or pass through IBM z Systems 3 BMC 12th Annual Mainframe Research Results – Nov. 2017 Syncsort 2018 State of Resilience: The New IT Landscape for Executives: Threats, Opportunities and Best Practices.” Jan. 2018 that’s 2,500,000,000 -- business transactions per mainframe per day 2000+ organizations overall 2.5 B
Big Iron to Big Data Analytics Challenges So many data sources Mainframe: Systems Management Facility (SMF), Syslog, Log4j web and application logs, RMF, RACF, USS files and standard datasets Format of data Mainframe: • Complex data structures (SMF) with headers, product sections, data sections, variable length and self- describing • EBCDIC not recognized outside of the mainframe world • Binary flags and fieldsVolume of data Millions of log records generated daily • 9.7TB Average Daily Mainframe Log Data Difficulty to get the information in a timely manner • Not real-time, typically have to wait overnight for an offload • Typical daily FTP upload/downloads can’t get granular 4
Security and Compliance Focus • Detect and prevent security threats • Privileged activity • Ensure compliance • Ensure audits pass • Enterprise Security (Splunk ES) 5
• Incorrect definition of User IDs: weak passwords, default passwords with no expiration, incorrect or too high of a security privilege for user • Weak access controls and security administration for critical databases, datasets, files, and resources • Network intrusion including unwanted port scans, Denial of Service (DoS) attacks, network flood attacks, malformed network packets, and other intrusions • Data vulnerability exposures including incorrect/invalid data, including viruses, coming into the IBM system or secure data leaving the system • Privileged and non-privileged users neglecting basic security precautions mandated by the organization • Aggregating data from multiple sources in a way that helps drive faster, better decisions Top Security Challenges 6
What is SIEM? • Real-time analysis of security alerts generated by applications and network hardware • Holistic, unified view into infrastructure, workflow, policy compliance and log management • Monitor and manage user and service privileges as well as external threat data Security Information and Event Management
Customer Needs 8
Db2 9 Firewall Load Balancers, Web Servers MiddlewareUsers Supporting Servers Mainframe Example Multi-Tiered System – e.g. Online Banking
• High performance, low-cost, platform for collecting critical system information in real-time from the mainframe • Normalization of the z/OS data so it can be used off platform analytics engines • Full analytics, visualization, and customization with no limitations on what can be viewed • Ability to easily combine information from different data sources and systems • Address the SME challenge: use by network managers, security analysts, application analysts, enterprise architects without requiring mainframe access or expertise What Customers are Looking For... 10
Detect Data Movements • Inbound/Outbound FTP Dataset access operations • Determine potential security threats based on unauthorized access attempts • Ensure only authorized users are accessing critical datasets Privileged/non-privileged User Activity Monitoring • Unusual behavior pattern – off hours connections • High number of invalid logon attempts Attack Detection • Intrusion, Scans, Floods Authentication Anomalies • Entered the building at 08:30 but logged on from another country at 09:00 Network Traffic Analysis • High data volumes from a device/server What Can Mainframe Data Tell You? 11
Introduction to Ironstream 12
13 Ironstream® Architectural Considerations Online Services Web Services Servers Security GPS Location Storage Desktops Networks Packaged Applications Custom Apps Messaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters Smartphones and Devices RFID Call Detail Records On- Premises Private Cloud Public Cloud Ultra Light Weight • Minimal CPU impact even for billions of SMF records Non-intrusive • Collect data from critical system • Zero impact to throughput Fast • Collect data in real-time Secure and Reliable • Error recovery • Data loss prevention • Security • Load balancingIBM z Mainframe IBM i System Ironstream
Ironstream® for z/OS (Mainframe) 14 Assembler COBOL C, REXX ! IRONSTREAM DATA FORWARDER TCP/IP Ironstream Desktop DCE IDT Data Collection Extension SYSOUT Live/Stored SPOOL Data Db2 USS Alerts Networks Components ForwarderAPI Application Data SYSLOG SYSLOGD SMF RMF File Load Log4j Real-time Collection IMS Z/OS
• Real-time Visibility into Mainframe Security Event Data: • Authentication and access failures • Creation or deletion of users • Changes to user security information, passwords, and access rights • Log-in activity • Excessive data transmissions • Unusual movement of data • Intrusion detection, Denial of Service 15 Ironstream® provides…
16 Ironstream & Splunk for Security and Compliance (SIEM) Easier to identify unauthorized mainframe access or other security risks and ability to meet increasing compliance requirements Challenges Addressed • Tracking security related issues including password changes, login success and failures, account lock outs, dataset access, FTP activity • Identify changes in access patterns to detect potential security threats • Move from post event forensics to real-time monitoring of the security environment • Fulfillment of mandatory security and compliance audits to meet corporate and regulatory requirements • Eliminate manual reporting along with the delay required to get the information, by accessing it in real-time
Visualizing & Reporting Security Data in Splunk 17
Ironstream z/OS Security Specific Data Collection Intrusion Detection (port scans, floods/DoS attacks, malformed data packets) • z/OS Traffic Regulation Management Daemon (TRMD) + SYSLOGD + Base network management component TSO logon tracking • SMF30 TSO account activity (create, update, delete, lockout) • SMF80 FTP authentications • SYSLOGD + Base network management component FTP change analysis (file create, read, update, delete) • SMF119 IP traffic analysis • SMF119 Network + user-defined Events (pre-defined + user-defined) • Base network management component 18
Syncsort z/OS Security Dashboard Job Initiations TSO Account Activity TSO Lockouts FTP Session Activity FTP Transfer Activity 19
Syncsort z/OS Security Dashboard TCP/IP Network Traffic Intrusion Detection showing Port Scans and Denial of Service Attacks 20
Ironstream Splunk Integrations Integrates with Splunk Enterprise Security (SIEM) • Splunk Enterprise Security is a premium app that provides an enterprise-wide view of security across all platforms Integrates with Splunk IT Service Intelligence (ITOA) • Splunk IT Service Intelligence (ITSI) is a premium app that delivers unique “service-centric” view of critical internal and customer-facing business services Ironstream Data Model for Mainframe • The Syncsort Ironstream Data Model for Mainframe provides a structured and logical view of mainframe log data elements in Splunk for faster searching, analysis and Splunk development
Ironstream z/OS Security & Splunk Enterprise Security All collected data sources can also be mapped to Splunk CIM for Enterprise Security and automatically exposed in ES dashboards along with security information from other platforms • This requires the Ironstream for Splunk Enterprise Security to be installed • This provides an enterprise-wide, integrated view of security across all platforms via ES dashboards provided by Splunk 22
Syncsort Confidential and Proprietary - do not copy or distribute Sample: Splunk Enterprise Security™ Security Posture Dashboard Now shows z/OS® intrusions and anomalies along with events from other platforms 23
Customer Stories 24
Federal law-enforcement agency The combination of Splunk and Ironstream® delivered the ability to obtain full visibility— in real time—into the most sensitive authentication procedures and data across its IT environment, ultimately enabling it to fulfill its audit obligations with ease. O B J E C T I V E • Ability to respond to ever-changing reporting requests from its auditors in order to prove compliance with information-security requirements. • Visibility into history as well as the current status of enterprise security information C H A L L E N G E • While they were using Splunk Enterprise, they were missing critical mainframe data • Mainframe logs had sensitive authentication information on password changes, log-in successes and failures and locked accounts S O L U T I O N • Syncsort Ironstream was chosen to provide access to necessary log data • Data is forwarded automatically and in real-time B E N E F I T • The customer for the first time now has full visibility into the most sensitive authentication procedures and data • Ironstream and Splunk combine to give them the ability to respond to reporting and compliance needs 25
U.S.-based Loan Service Provider Ironstream provided access to previously inaccessible data to help support one of their most critical monitoring efforts “If you’re asking us what the easier solution is to install and configure, it’s Ironstream” O B J E C T I V E • To monitor mainframe IT operations to track health of service delivery for Loan Service Providers • Capture mainframe business data in support of system and application monitoring in Splunk C H A L L E N G E • Required several data feeds including SMF, SYSLOG and SYSOUT for batch job monitoring • Filtering the log data to selected jobs • Required the ability to load business data from sequential files S O L U T I O N • Syncsort Ironstream was chosen over IBM CDP, particularly over its ease of installation and configuration • Now able to forward the required log data and filter it to specific messages and jobs B E N E F I T • Able to monitor Loan Service IT Operations via Splunk • Partnered with Winward for Splunk development who were familiar with Syncsort Ironstream 26
Ironstream Security and Compliance Benefits • Quickly detect fraudulent activity enabling faster remediation • Successfully comply with regulatory requirements and address security auditing and control policies • Integrate IBM system security events into the analytics Spunk’s SIEM solution for centralized analysis • Monitor and detect incorrect security definitions, weak access controls, as well as valid and invalid access to critical resources and data • Monitor data vulnerability issues including the movement of data onto and off IBM systems • Monitor, detect, and prevent network intrusions 27
Why Ironstream Less Complexity Collect mainframe and IBM i data; correlate with data from other platforms; no legacy system expertise required Clearer Security Information Identify unauthorized mainframe and IBM i server access, other security risks; prepares and visualizes key data for compliance audits Healthier IT Operations Real-time alerts identify problems in all key environments View latency, transactions per second, exceptions, etc. Effective Problem-Resolution Management Real-time views to identify real or potential failures earlier; view related 'surrounding' information to support triage repair or prevention Higher Operational Efficiency Enhanced event correlation across systems; Staff resolves problems faster; “do more with less” Eliminate Your Mainframe “Blind-Spots” Splunk/Elastic + Ironstream = Your 360ᵒ Enterprise View
Q & A 29
30
• Data from multiple sources • TSO logon tracking – SMF Type 30 • TSO account activity (create, update, delete, lockout) – SMF Type 80 • Port scans, DoS attacks, malformed data packets – TRMD and SyslogD • FTP authentications and file analysis (file create, access, update, delete) – SMF Type 119 Records and IP traffic analysis information • Network events – Ironstream® Network Monitoring Component Mainframe Security – Data Challenges
32 Gartner Magic Quadrant for SIEM • During the past year, demand for SIEM technology has remained strong. The SIEM market grew from $1.999 billion in 2016 to $2.180 billion in 2017 • Threat management is the primary driver, and general monitoring & compliance remains secondary • The SIEM market continues to be dominated by relatively few large vendors. Splunk, Micro Focus (including the ArcSight and Sentinel SIEMs) IBM, LogRhythm and McAfee command a significant share of market revenue.

Recommended

Essential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field SecurityEssential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field SecurityPrecisely
 
IBM i Security SIEM Integration
IBM i Security SIEM IntegrationIBM i Security SIEM Integration
IBM i Security SIEM IntegrationPrecisely
 
Essential Layers of IBM i Security: Security Monitoring and Auditing
Essential Layers of IBM i Security: Security Monitoring and AuditingEssential Layers of IBM i Security: Security Monitoring and Auditing
Essential Layers of IBM i Security: Security Monitoring and AuditingPrecisely
 
Government Agencies Using Splunk: Is Your Critical Data Missing?
Government Agencies Using Splunk: Is Your Critical Data Missing?Government Agencies Using Splunk: Is Your Critical Data Missing?
Government Agencies Using Splunk: Is Your Critical Data Missing?Precisely
 
PCI Compliance White Paper
PCI Compliance White PaperPCI Compliance White Paper
PCI Compliance White PaperRaz-Lee Security
 
Compliance technical controls and you rva sec 2019
Compliance technical controls and you rva sec 2019Compliance technical controls and you rva sec 2019
Compliance technical controls and you rva sec 2019Derek Banks
 
From the Splunk Front Lines: Unlocking Insights from IBM i Data
From the Splunk Front Lines: Unlocking Insights from IBM i DataFrom the Splunk Front Lines: Unlocking Insights from IBM i Data
From the Splunk Front Lines: Unlocking Insights from IBM i DataPrecisely
 
Data center and industrial IT infrastructure monitoring practices
Data center and industrial IT infrastructure monitoring practicesData center and industrial IT infrastructure monitoring practices
Data center and industrial IT infrastructure monitoring practicesTibbo
 

Recommended

Essential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field SecurityEssential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field SecurityPrecisely
 
IBM i Security SIEM Integration
IBM i Security SIEM IntegrationIBM i Security SIEM Integration
IBM i Security SIEM IntegrationPrecisely
 
Essential Layers of IBM i Security: Security Monitoring and Auditing
Essential Layers of IBM i Security: Security Monitoring and AuditingEssential Layers of IBM i Security: Security Monitoring and Auditing
Essential Layers of IBM i Security: Security Monitoring and AuditingPrecisely
 
Government Agencies Using Splunk: Is Your Critical Data Missing?
Government Agencies Using Splunk: Is Your Critical Data Missing?Government Agencies Using Splunk: Is Your Critical Data Missing?
Government Agencies Using Splunk: Is Your Critical Data Missing?Precisely
 
PCI Compliance White Paper
PCI Compliance White PaperPCI Compliance White Paper
PCI Compliance White PaperRaz-Lee Security
 
Compliance technical controls and you rva sec 2019
Compliance technical controls and you rva sec 2019Compliance technical controls and you rva sec 2019
Compliance technical controls and you rva sec 2019Derek Banks
 
From the Splunk Front Lines: Unlocking Insights from IBM i Data
From the Splunk Front Lines: Unlocking Insights from IBM i DataFrom the Splunk Front Lines: Unlocking Insights from IBM i Data
From the Splunk Front Lines: Unlocking Insights from IBM i DataPrecisely
 
Data center and industrial IT infrastructure monitoring practices
Data center and industrial IT infrastructure monitoring practicesData center and industrial IT infrastructure monitoring practices
Data center and industrial IT infrastructure monitoring practicesTibbo
 
Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityPrecisely
 
Security 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and DataSecurity 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and DataPrecisely
 
Splunk for ibtrm
Splunk for ibtrmSplunk for ibtrm
Splunk for ibtrmGreg Hanchin
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataPrecisely
 
Internet of Things Anatomy
Internet of Things AnatomyInternet of Things Anatomy
Internet of Things AnatomyTibbo
 
Security 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and DataSecurity 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and DataPrecisely
 
Wc4
Wc4Wc4
Wc4Said Wali
 
RPASS - Ricoh Proactive ServiceS for Remote Monitoring & Backup
RPASS - Ricoh Proactive ServiceS for Remote Monitoring & Backup RPASS - Ricoh Proactive ServiceS for Remote Monitoring & Backup
RPASS - Ricoh Proactive ServiceS for Remote Monitoring & Backup Ricoh India Limited
 
Advanced Data Center Security
Advanced Data Center SecurityAdvanced Data Center Security
Advanced Data Center Securitymanoharparakh
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)Sam Bowne
 
Open platform communications (opc) server from tibbo technology
Open platform communications (opc) server from tibbo technologyOpen platform communications (opc) server from tibbo technology
Open platform communications (opc) server from tibbo technologyTibbo
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)Sam Bowne
 
Chapter 1 Law & Ethics
Chapter 1 Law & EthicsChapter 1 Law & Ethics
Chapter 1 Law & EthicsKarthikeyan Dhayalan
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityPrecisely
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
Log maintenance network securiy
Log maintenance network securiyLog maintenance network securiy
Log maintenance network securiyMohsin Ali
 
Securing Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-MotionSecuring Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-MotionPrecisely
 
Online BS in Construction Management and Critical Infrastructure at capitol tech
Online BS in Construction Management and Critical Infrastructure at capitol techOnline BS in Construction Management and Critical Infrastructure at capitol tech
Online BS in Construction Management and Critical Infrastructure at capitol techBradford Sims
 
Brm insight data_sheet
Brm insight data_sheetBrm insight data_sheet
Brm insight data_sheetTridens
 
Enterprise Security in Mainframe-Connected Environments
Enterprise Security in Mainframe-Connected EnvironmentsEnterprise Security in Mainframe-Connected Environments
Enterprise Security in Mainframe-Connected EnvironmentsPrecisely
 
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...Precisely
 

More Related Content

What's hot

Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityPrecisely
 
Security 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and DataSecurity 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and DataPrecisely
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataPrecisely
 
Internet of Things Anatomy
Internet of Things AnatomyInternet of Things Anatomy
Internet of Things AnatomyTibbo
 
Security 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and DataSecurity 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and DataPrecisely
 
RPASS - Ricoh Proactive ServiceS for Remote Monitoring & Backup
RPASS - Ricoh Proactive ServiceS for Remote Monitoring & Backup RPASS - Ricoh Proactive ServiceS for Remote Monitoring & Backup
RPASS - Ricoh Proactive ServiceS for Remote Monitoring & Backup Ricoh India Limited
 
Advanced Data Center Security
Advanced Data Center SecurityAdvanced Data Center Security
Advanced Data Center Securitymanoharparakh
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)Sam Bowne
 
Open platform communications (opc) server from tibbo technology
Open platform communications (opc) server from tibbo technologyOpen platform communications (opc) server from tibbo technology
Open platform communications (opc) server from tibbo technologyTibbo
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)Sam Bowne
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityPrecisely
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
Log maintenance network securiy
Log maintenance network securiyLog maintenance network securiy
Log maintenance network securiyMohsin Ali
 
Securing Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-MotionSecuring Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-MotionPrecisely
 
Online BS in Construction Management and Critical Infrastructure at capitol tech
Online BS in Construction Management and Critical Infrastructure at capitol techOnline BS in Construction Management and Critical Infrastructure at capitol tech
Online BS in Construction Management and Critical Infrastructure at capitol techBradford Sims
 
Brm insight data_sheet
Brm insight data_sheetBrm insight data_sheet
Brm insight data_sheetTridens
 

What's hot (20)

Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and Security
 
Security 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and DataSecurity 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and Data
 
Splunk for ibtrm
Splunk for ibtrmSplunk for ibtrm
Splunk for ibtrm
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i Data
 
Internet of Things Anatomy
Internet of Things AnatomyInternet of Things Anatomy
Internet of Things Anatomy
 
Security 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and DataSecurity 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and Data
 
Wc4
Wc4Wc4
Wc4
 
RPASS - Ricoh Proactive ServiceS for Remote Monitoring & Backup
RPASS - Ricoh Proactive ServiceS for Remote Monitoring & Backup RPASS - Ricoh Proactive ServiceS for Remote Monitoring & Backup
RPASS - Ricoh Proactive ServiceS for Remote Monitoring & Backup
 
Advanced Data Center Security
Advanced Data Center SecurityAdvanced Data Center Security
Advanced Data Center Security
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)
 
Open platform communications (opc) server from tibbo technology
Open platform communications (opc) server from tibbo technologyOpen platform communications (opc) server from tibbo technology
Open platform communications (opc) server from tibbo technology
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)
 
Chapter 1 Law & Ethics
Chapter 1 Law & EthicsChapter 1 Law & Ethics
Chapter 1 Law & Ethics
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
 
The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and Security
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
Log maintenance network securiy
Log maintenance network securiyLog maintenance network securiy
Log maintenance network securiy
 
Securing Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-MotionSecuring Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-Motion
 
Online BS in Construction Management and Critical Infrastructure at capitol tech
Online BS in Construction Management and Critical Infrastructure at capitol techOnline BS in Construction Management and Critical Infrastructure at capitol tech
Online BS in Construction Management and Critical Infrastructure at capitol tech
 
Brm insight data_sheet
Brm insight data_sheetBrm insight data_sheet
Brm insight data_sheet
 

Similar to Get Mainframe Visibility to Enhance SIEM Efforts in Splunk

Enterprise Security in Mainframe-Connected Environments
Enterprise Security in Mainframe-Connected EnvironmentsEnterprise Security in Mainframe-Connected Environments
Enterprise Security in Mainframe-Connected EnvironmentsPrecisely
 
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...Precisely
 
360-Degree View of IT Infrastructure with IT Operations Analytics
360-Degree View of IT Infrastructure with IT Operations Analytics360-Degree View of IT Infrastructure with IT Operations Analytics
360-Degree View of IT Infrastructure with IT Operations AnalyticsPrecisely
 
Downtime is Not an Option: Integrating IBM Z into ServiceNow and Splunk
Downtime is Not an Option: Integrating IBM Z into ServiceNow and SplunkDowntime is Not an Option: Integrating IBM Z into ServiceNow and Splunk
Downtime is Not an Option: Integrating IBM Z into ServiceNow and SplunkPrecisely
 
Big Data Analytics for Real-time Operational Intelligence with Your z/OS Data
Big Data Analytics for Real-time Operational Intelligence with Your z/OS DataBig Data Analytics for Real-time Operational Intelligence with Your z/OS Data
Big Data Analytics for Real-time Operational Intelligence with Your z/OS DataPrecisely
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostPrecisely
 
Bringing Mainframe Security Information Into Your Splunk Security Operations ...
Bringing Mainframe Security Information Into Your Splunk Security Operations ...Bringing Mainframe Security Information Into Your Splunk Security Operations ...
Bringing Mainframe Security Information Into Your Splunk Security Operations ...Precisely
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkPrecisely
 
Don't Leave Your Traditional IBM Systems Out of Your IT Operations Efforts
Don't Leave Your Traditional IBM Systems Out of Your IT Operations EffortsDon't Leave Your Traditional IBM Systems Out of Your IT Operations Efforts
Don't Leave Your Traditional IBM Systems Out of Your IT Operations EffortsPrecisely
 
Intellinx.z watch
Intellinx.z watchIntellinx.z watch
Intellinx.z watchJim Porell
 
Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Zoho Corporation
 
Making Legacy IBM Systems Visible in ServiceNow
Making Legacy IBM Systems Visible in ServiceNowMaking Legacy IBM Systems Visible in ServiceNow
Making Legacy IBM Systems Visible in ServiceNowPrecisely
 
Government Webinar: Low-Cost Log, Network Configuration, and IT Monitoring So...
Government Webinar: Low-Cost Log, Network Configuration, and IT Monitoring So...Government Webinar: Low-Cost Log, Network Configuration, and IT Monitoring So...
Government Webinar: Low-Cost Log, Network Configuration, and IT Monitoring So...SolarWinds
 
Motadata brochure
Motadata brochureMotadata brochure
Motadata brochureRajDodiya4
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0Rasmi Swain
 
Internet of Things = More Big Data: How Will Cloud Computing Evolve?
Internet of Things = More Big Data: How Will Cloud Computing Evolve?Internet of Things = More Big Data: How Will Cloud Computing Evolve?
Internet of Things = More Big Data: How Will Cloud Computing Evolve?Codero
 
Splunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire DataSplunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire DataSplunk
 
Utilizing Mainframe Machine Data in Security Operations
Utilizing Mainframe Machine Data in Security OperationsUtilizing Mainframe Machine Data in Security Operations
Utilizing Mainframe Machine Data in Security OperationsPrecisely
 
Syslog for SIEM using iSecurity
Syslog for SIEM using iSecurity Syslog for SIEM using iSecurity
Syslog for SIEM using iSecurity Raz-Lee Security
 

Similar to Get Mainframe Visibility to Enhance SIEM Efforts in Splunk (20)

Enterprise Security in Mainframe-Connected Environments
Enterprise Security in Mainframe-Connected EnvironmentsEnterprise Security in Mainframe-Connected Environments
Enterprise Security in Mainframe-Connected Environments
 
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
 
360-Degree View of IT Infrastructure with IT Operations Analytics
360-Degree View of IT Infrastructure with IT Operations Analytics360-Degree View of IT Infrastructure with IT Operations Analytics
360-Degree View of IT Infrastructure with IT Operations Analytics
 
Downtime is Not an Option: Integrating IBM Z into ServiceNow and Splunk
Downtime is Not an Option: Integrating IBM Z into ServiceNow and SplunkDowntime is Not an Option: Integrating IBM Z into ServiceNow and Splunk
Downtime is Not an Option: Integrating IBM Z into ServiceNow and Splunk
 
Big Data Analytics for Real-time Operational Intelligence with Your z/OS Data
Big Data Analytics for Real-time Operational Intelligence with Your z/OS DataBig Data Analytics for Real-time Operational Intelligence with Your z/OS Data
Big Data Analytics for Real-time Operational Intelligence with Your z/OS Data
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter Most
 
Bringing Mainframe Security Information Into Your Splunk Security Operations ...
Bringing Mainframe Security Information Into Your Splunk Security Operations ...Bringing Mainframe Security Information Into Your Splunk Security Operations ...
Bringing Mainframe Security Information Into Your Splunk Security Operations ...
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
 
Don't Leave Your Traditional IBM Systems Out of Your IT Operations Efforts
Don't Leave Your Traditional IBM Systems Out of Your IT Operations EffortsDon't Leave Your Traditional IBM Systems Out of Your IT Operations Efforts
Don't Leave Your Traditional IBM Systems Out of Your IT Operations Efforts
 
Intellinx.z watch
Intellinx.z watchIntellinx.z watch
Intellinx.z watch
 
Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​
 
Making Legacy IBM Systems Visible in ServiceNow
Making Legacy IBM Systems Visible in ServiceNowMaking Legacy IBM Systems Visible in ServiceNow
Making Legacy IBM Systems Visible in ServiceNow
 
Government Webinar: Low-Cost Log, Network Configuration, and IT Monitoring So...
Government Webinar: Low-Cost Log, Network Configuration, and IT Monitoring So...Government Webinar: Low-Cost Log, Network Configuration, and IT Monitoring So...
Government Webinar: Low-Cost Log, Network Configuration, and IT Monitoring So...
 
Motadata brochure
Motadata brochureMotadata brochure
Motadata brochure
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0
 
Internet of Things = More Big Data: How Will Cloud Computing Evolve?
Internet of Things = More Big Data: How Will Cloud Computing Evolve?Internet of Things = More Big Data: How Will Cloud Computing Evolve?
Internet of Things = More Big Data: How Will Cloud Computing Evolve?
 
Splunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire DataSplunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire Data
 
Utilizing Mainframe Machine Data in Security Operations
Utilizing Mainframe Machine Data in Security OperationsUtilizing Mainframe Machine Data in Security Operations
Utilizing Mainframe Machine Data in Security Operations
 
Syslog for SIEM using iSecurity
Syslog for SIEM using iSecurity Syslog for SIEM using iSecurity
Syslog for SIEM using iSecurity
 

More from Precisely

Zukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter MassendatenZukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter MassendatenPrecisely
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Crucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdfCrucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdfPrecisely
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10Precisely
 
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...Precisely
 
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...Precisely
 
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3fTestjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3fPrecisely
 
Data Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity TrendsData Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity TrendsPrecisely
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Optimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAPOptimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAPPrecisely
 
SAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige InvestitionenSAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige InvestitionenPrecisely
 
Automatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIsAutomatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIsPrecisely
 
Moving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and PreciselyMoving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and PreciselyPrecisely
 
Effective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowEffective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowPrecisely
 
Automate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center ExcellenceAutomate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center ExcellencePrecisely
 
5 Keys to Improved IT Operation Management
5 Keys to Improved IT Operation Management5 Keys to Improved IT Operation Management
5 Keys to Improved IT Operation ManagementPrecisely
 
Unlock Efficiency With Your Address Data Today For a Smarter Tomorrow
Unlock Efficiency With Your Address Data Today For a Smarter TomorrowUnlock Efficiency With Your Address Data Today For a Smarter Tomorrow
Unlock Efficiency With Your Address Data Today For a Smarter TomorrowPrecisely
 
Navigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar DeckNavigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar DeckPrecisely
 
Mainframe Sort Operations: Gaining the Insights You Need for Peak Performance
Mainframe Sort Operations: Gaining the Insights You Need for Peak PerformanceMainframe Sort Operations: Gaining the Insights You Need for Peak Performance
Mainframe Sort Operations: Gaining the Insights You Need for Peak PerformancePrecisely
 

More from Precisely (20)

Zukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter MassendatenZukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter Massendaten
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Crucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdfCrucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdf
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10
 
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
 
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
 
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3fTestjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
 
Data Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity TrendsData Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity Trends
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Optimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAPOptimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAP
 
SAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige InvestitionenSAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
 
Automatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIsAutomatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIs
 
Moving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and PreciselyMoving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and Precisely
 
Effective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowEffective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to Know
 
Automate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center ExcellenceAutomate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center Excellence
 
5 Keys to Improved IT Operation Management
5 Keys to Improved IT Operation Management5 Keys to Improved IT Operation Management
5 Keys to Improved IT Operation Management
 
Unlock Efficiency With Your Address Data Today For a Smarter Tomorrow
Unlock Efficiency With Your Address Data Today For a Smarter TomorrowUnlock Efficiency With Your Address Data Today For a Smarter Tomorrow
Unlock Efficiency With Your Address Data Today For a Smarter Tomorrow
 
Navigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar DeckNavigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar Deck
 
Mainframe Sort Operations: Gaining the Insights You Need for Peak Performance
Mainframe Sort Operations: Gaining the Insights You Need for Peak PerformanceMainframe Sort Operations: Gaining the Insights You Need for Peak Performance
Mainframe Sort Operations: Gaining the Insights You Need for Peak Performance
 

Recently uploaded

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Recently uploaded (20)

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Get Mainframe Visibility to Enhance SIEM Efforts in Splunk

  • 1. Get Mainframe Visibility to Enhance SIEM Efforts in Splunk Bill Hammond, Product Marketing Sid Isted, Product Management 1
  • 2. • Why is Mainframe Security Data Important? • What are Customers Are Looking For? • Introduction to Ironstream • Visualizing & Reporting Security Data in Splunk • Customer Stories Agenda 2
  • 3. Traditional mainframes continue to adapt and deliver increasing value with each new technology wave 91%of executives predict long-term viability of the mainframe as the platform continues evolving to meet digital business demands 80%Up to 80% of the world’s enterprise data and transactions reside on or pass through IBM z Systems 3 BMC 12th Annual Mainframe Research Results – Nov. 2017 Syncsort 2018 State of Resilience: The New IT Landscape for Executives: Threats, Opportunities and Best Practices.” Jan. 2018 that’s 2,500,000,000 -- business transactions per mainframe per day 2000+ organizations overall 2.5 B
  • 4. Big Iron to Big Data Analytics Challenges So many data sources Mainframe: Systems Management Facility (SMF), Syslog, Log4j web and application logs, RMF, RACF, USS files and standard datasets Format of data Mainframe: • Complex data structures (SMF) with headers, product sections, data sections, variable length and self- describing • EBCDIC not recognized outside of the mainframe world • Binary flags and fieldsVolume of data Millions of log records generated daily • 9.7TB Average Daily Mainframe Log Data Difficulty to get the information in a timely manner • Not real-time, typically have to wait overnight for an offload • Typical daily FTP upload/downloads can’t get granular 4
  • 5. Security and Compliance Focus • Detect and prevent security threats • Privileged activity • Ensure compliance • Ensure audits pass • Enterprise Security (Splunk ES) 5
  • 6. • Incorrect definition of User IDs: weak passwords, default passwords with no expiration, incorrect or too high of a security privilege for user • Weak access controls and security administration for critical databases, datasets, files, and resources • Network intrusion including unwanted port scans, Denial of Service (DoS) attacks, network flood attacks, malformed network packets, and other intrusions • Data vulnerability exposures including incorrect/invalid data, including viruses, coming into the IBM system or secure data leaving the system • Privileged and non-privileged users neglecting basic security precautions mandated by the organization • Aggregating data from multiple sources in a way that helps drive faster, better decisions Top Security Challenges 6
  • 7. What is SIEM? • Real-time analysis of security alerts generated by applications and network hardware • Holistic, unified view into infrastructure, workflow, policy compliance and log management • Monitor and manage user and service privileges as well as external threat data Security Information and Event Management
  • 10. • High performance, low-cost, platform for collecting critical system information in real-time from the mainframe • Normalization of the z/OS data so it can be used off platform analytics engines • Full analytics, visualization, and customization with no limitations on what can be viewed • Ability to easily combine information from different data sources and systems • Address the SME challenge: use by network managers, security analysts, application analysts, enterprise architects without requiring mainframe access or expertise What Customers are Looking For... 10
  • 11. Detect Data Movements • Inbound/Outbound FTP Dataset access operations • Determine potential security threats based on unauthorized access attempts • Ensure only authorized users are accessing critical datasets Privileged/non-privileged User Activity Monitoring • Unusual behavior pattern – off hours connections • High number of invalid logon attempts Attack Detection • Intrusion, Scans, Floods Authentication Anomalies • Entered the building at 08:30 but logged on from another country at 09:00 Network Traffic Analysis • High data volumes from a device/server What Can Mainframe Data Tell You? 11
  • 13. 13 Ironstream® Architectural Considerations Online Services Web Services Servers Security GPS Location Storage Desktops Networks Packaged Applications Custom Apps Messaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters Smartphones and Devices RFID Call Detail Records On- Premises Private Cloud Public Cloud Ultra Light Weight • Minimal CPU impact even for billions of SMF records Non-intrusive • Collect data from critical system • Zero impact to throughput Fast • Collect data in real-time Secure and Reliable • Error recovery • Data loss prevention • Security • Load balancingIBM z Mainframe IBM i System Ironstream
  • 14. Ironstream® for z/OS (Mainframe) 14 Assembler COBOL C, REXX ! IRONSTREAM DATA FORWARDER TCP/IP Ironstream Desktop DCE IDT Data Collection Extension SYSOUT Live/Stored SPOOL Data Db2 USS Alerts Networks Components ForwarderAPI Application Data SYSLOG SYSLOGD SMF RMF File Load Log4j Real-time Collection IMS Z/OS
  • 15. • Real-time Visibility into Mainframe Security Event Data: • Authentication and access failures • Creation or deletion of users • Changes to user security information, passwords, and access rights • Log-in activity • Excessive data transmissions • Unusual movement of data • Intrusion detection, Denial of Service 15 Ironstream® provides…
  • 16. 16 Ironstream & Splunk for Security and Compliance (SIEM) Easier to identify unauthorized mainframe access or other security risks and ability to meet increasing compliance requirements Challenges Addressed • Tracking security related issues including password changes, login success and failures, account lock outs, dataset access, FTP activity • Identify changes in access patterns to detect potential security threats • Move from post event forensics to real-time monitoring of the security environment • Fulfillment of mandatory security and compliance audits to meet corporate and regulatory requirements • Eliminate manual reporting along with the delay required to get the information, by accessing it in real-time
  • 18. Ironstream z/OS Security Specific Data Collection Intrusion Detection (port scans, floods/DoS attacks, malformed data packets) • z/OS Traffic Regulation Management Daemon (TRMD) + SYSLOGD + Base network management component TSO logon tracking • SMF30 TSO account activity (create, update, delete, lockout) • SMF80 FTP authentications • SYSLOGD + Base network management component FTP change analysis (file create, read, update, delete) • SMF119 IP traffic analysis • SMF119 Network + user-defined Events (pre-defined + user-defined) • Base network management component 18
  • 19. Syncsort z/OS Security Dashboard Job Initiations TSO Account Activity TSO Lockouts FTP Session Activity FTP Transfer Activity 19
  • 20. Syncsort z/OS Security Dashboard TCP/IP Network Traffic Intrusion Detection showing Port Scans and Denial of Service Attacks 20
  • 21. Ironstream Splunk Integrations Integrates with Splunk Enterprise Security (SIEM) • Splunk Enterprise Security is a premium app that provides an enterprise-wide view of security across all platforms Integrates with Splunk IT Service Intelligence (ITOA) • Splunk IT Service Intelligence (ITSI) is a premium app that delivers unique “service-centric” view of critical internal and customer-facing business services Ironstream Data Model for Mainframe • The Syncsort Ironstream Data Model for Mainframe provides a structured and logical view of mainframe log data elements in Splunk for faster searching, analysis and Splunk development
  • 22. Ironstream z/OS Security & Splunk Enterprise Security All collected data sources can also be mapped to Splunk CIM for Enterprise Security and automatically exposed in ES dashboards along with security information from other platforms • This requires the Ironstream for Splunk Enterprise Security to be installed • This provides an enterprise-wide, integrated view of security across all platforms via ES dashboards provided by Splunk 22
  • 23. Syncsort Confidential and Proprietary - do not copy or distribute Sample: Splunk Enterprise Security™ Security Posture Dashboard Now shows z/OS® intrusions and anomalies along with events from other platforms 23
  • 25. Federal law-enforcement agency The combination of Splunk and Ironstream® delivered the ability to obtain full visibility— in real time—into the most sensitive authentication procedures and data across its IT environment, ultimately enabling it to fulfill its audit obligations with ease. O B J E C T I V E • Ability to respond to ever-changing reporting requests from its auditors in order to prove compliance with information-security requirements. • Visibility into history as well as the current status of enterprise security information C H A L L E N G E • While they were using Splunk Enterprise, they were missing critical mainframe data • Mainframe logs had sensitive authentication information on password changes, log-in successes and failures and locked accounts S O L U T I O N • Syncsort Ironstream was chosen to provide access to necessary log data • Data is forwarded automatically and in real-time B E N E F I T • The customer for the first time now has full visibility into the most sensitive authentication procedures and data • Ironstream and Splunk combine to give them the ability to respond to reporting and compliance needs 25
  • 26. U.S.-based Loan Service Provider Ironstream provided access to previously inaccessible data to help support one of their most critical monitoring efforts “If you’re asking us what the easier solution is to install and configure, it’s Ironstream” O B J E C T I V E • To monitor mainframe IT operations to track health of service delivery for Loan Service Providers • Capture mainframe business data in support of system and application monitoring in Splunk C H A L L E N G E • Required several data feeds including SMF, SYSLOG and SYSOUT for batch job monitoring • Filtering the log data to selected jobs • Required the ability to load business data from sequential files S O L U T I O N • Syncsort Ironstream was chosen over IBM CDP, particularly over its ease of installation and configuration • Now able to forward the required log data and filter it to specific messages and jobs B E N E F I T • Able to monitor Loan Service IT Operations via Splunk • Partnered with Winward for Splunk development who were familiar with Syncsort Ironstream 26
  • 27. Ironstream Security and Compliance Benefits • Quickly detect fraudulent activity enabling faster remediation • Successfully comply with regulatory requirements and address security auditing and control policies • Integrate IBM system security events into the analytics Spunk’s SIEM solution for centralized analysis • Monitor and detect incorrect security definitions, weak access controls, as well as valid and invalid access to critical resources and data • Monitor data vulnerability issues including the movement of data onto and off IBM systems • Monitor, detect, and prevent network intrusions 27
  • 28. Why Ironstream Less Complexity Collect mainframe and IBM i data; correlate with data from other platforms; no legacy system expertise required Clearer Security Information Identify unauthorized mainframe and IBM i server access, other security risks; prepares and visualizes key data for compliance audits Healthier IT Operations Real-time alerts identify problems in all key environments View latency, transactions per second, exceptions, etc. Effective Problem-Resolution Management Real-time views to identify real or potential failures earlier; view related 'surrounding' information to support triage repair or prevention Higher Operational Efficiency Enhanced event correlation across systems; Staff resolves problems faster; “do more with less” Eliminate Your Mainframe “Blind-Spots” Splunk/Elastic + Ironstream = Your 360ᵒ Enterprise View
  • 30. 30
  • 31. • Data from multiple sources • TSO logon tracking – SMF Type 30 • TSO account activity (create, update, delete, lockout) – SMF Type 80 • Port scans, DoS attacks, malformed data packets – TRMD and SyslogD • FTP authentications and file analysis (file create, access, update, delete) – SMF Type 119 Records and IP traffic analysis information • Network events – Ironstream® Network Monitoring Component Mainframe Security – Data Challenges
  • 32. 32 Gartner Magic Quadrant for SIEM • During the past year, demand for SIEM technology has remained strong. The SIEM market grew from $1.999 billion in 2016 to $2.180 billion in 2017 • Threat management is the primary driver, and general monitoring & compliance remains secondary • The SIEM market continues to be dominated by relatively few large vendors. Splunk, Micro Focus (including the ArcSight and Sentinel SIEMs) IBM, LogRhythm and McAfee command a significant share of market revenue.