Medical Mutual of Ohio has been successfully using Splunk Enterprise® to monitor unauthorized access on their distributed systems. Splunk Enterprise enables a consolidated enterprise-wide view of machine data collected across the business, which makes it possible to correlate events that might not raise suspicion when each is seen by itself but could be indicative of a threat when seen together.
To take full advantage of the Splunk platform’s correlation capabilities, Medical Mutual wanted to make mainframe security data available in real time to the Splunk Enterprise platform to help protect customer information stored in DB2 from unauthorized access.
In order to achieve this goal, they deployed Syncsort’s Ironstream® software. Now, Medical Mutual is able to see previously hard-to-access mainframe data alongside other security information it was already analyzing in Splunk Enterprise.
“Medical Mutual of Ohio has been using Splunk Enterprise to monitor unauthorized access on distributed systems,” said Craig Fox, Security Specialist at Medical Mutual of Ohio. “Now by adding mainframe data provided by Ironstream into Splunk Enterprise, we finally have a real-time, 360-degree view that enables us to correlate all of our security data from across the enterprise and gain visibility into user-authentication data and access attempts tracked on the mainframe.”
Fox says that his organization was impressed with the Splunk platform’s ability to handle massive amounts of data from different formats and indexes and to decipher and correlate security events through analytics. He also is impressed with how Ironstream can stream mainframe security data for even greater insights. “Our mainframe team is also satisfied with Ironstream’s low overhead, which keeps mainframe processing costs low.”
Syncsort issued a press release with more details on the Medical Mutual Use Case. They also recently issued a press release on new capabilities in Ironstream that provide new ways to push additional mainframe data sources to Splunk solutions for more comprehensive application analysis.
Syncsort’s roadmap for Ironstream includes a consistent delivery of enhancements to handle emerging use cases like Ironstream does for Medical Mutual today. We want to make the right data from evolving data sources readily available in real-time to Splunk Enterprise for valuable business insights. This is consistent with Syncsort’s Big Iron to Big Data strategy — bridging the Big Iron to Big Data gap by creating a fast, simple and innovative data pipeline to deliver diverse enterprise data, including mainframe and other legacy operational data to next-gen analytical platforms such like Splunk.
Syncsort allows organizations to use its free Starter Edition for moving z/OS Syslog data into Splunk Enterprise. Unlike a typical technology trial, Syncsort allows organizations to use the Starter Edition to move the data without a time limit and run the applications in production at no charge.