This post is an update of an article that originally appeared on the Dancing Dinosaur.
The mainframe has proven to be remarkably secure, racking up the highest security certifications available. Today, it comes, according to IBM, with the industry’s highest certified level of isolation for a commercial system: Evaluation Assurance Level certification or EAL5+. Security like this is necessary anywhere multiple parties want to access and share important information.
Mainframe security is top-of-mind for companies today.
But that is not sufficient by itself. Compuware, in conjunction with Syncsort and Splunk, recently announced Application Audit, a software tool that aims to transform mainframe cybersecurity and compliance through real-time capture and analysis of user behavior. Syncsort followed-up with an announcement this week that details the importance of the Ironstream Integration with Application Audit in improving an organizations’ ability to detect threats against mainframe data, correlate them with related information and satisfy compliance requirements.
As I reported previously, capturing user behavior, especially in real-time, is seemingly impossible if you rely only on data you collect from the various logs and SMF data. Compuware’s Application Audit not only captures but analyzes mainframe application user behavior.
As Compuware explains: Most enterprises still rely on disparate logs and SMF data from security products such as RACF, CA-ACF2 and CA-Top Secret to piece together user behavior. Unfortunately, this is too slow if you want to capture bad behavior while it’s happening. Some organizations try to apply analytics to these logs but that also is slow. By the time you have collected enough logs to deduce who did what and when, the damage has been done and the bad guys are gone. Throw in the escalating demands of cross-platform enterprise cybersecurity and increasingly burdensome global compliance mandates and you haven’t a chance without an automated tool optimized for this.
The mainframe, Compuware continues, fortunately, provides rich and comprehensive session data you can run through and analyze with Application Audit, and in conjunction with your organization’s security information and event management (SIEM) system, you can see more quickly and effectively what really is happening. Specifically, it can: detect, investigate, and respond to inappropriate user behavior.
IBM, as I wrote previously, is not ignoring the advantages of analytics for z Systems security. IBM continues to flog its cognitive system on z for real-time analytics and security, promising to enable faster customer, business, and systems insights with decisions based on real-time analysis of both current and historical data. The z, thus, amounts to an analytics platform designed for availability, optimized for flexibility, and engineered with the highest levels of security.
Intelligent systems are improving mainframe security.
The data Compuware and Syncsort collect with Application Audit is particularly valuable for maintaining control of privileged mainframe user accounts. Privileged user accounts are susceptible to misuse by owners motivated by everything from financial gain to personal grievances, as well as by outsiders who have illegally acquired valid credentials. You can imagine what havoc that could wreak.
Through Application Audit, Compuware orchestrates a number of players to deliver the full security picture, specifically through collaboration with CorreLog, Syncsort, Splunk, and others. Compuware explains that Application Audit’s Splunk-based dashboard enables you to discover and address security fraud associated with today’s increasingly common composite applications, which have components running on both mainframe and distributed platforms.
Mainframe security is poised for a large leap forward as organizations begin to effectively leverage the recent gains in artificial intelligence (AI), cognitive computing, machine learning, deep learning, and a host of related technologies. These leverage the growing speed and power of computers to mimic human thinking fast and accurately enough to be effective.