Event Log Monitoring Blog

Does your mainframe speak Syslog or SYSLOG?

Does your mainframe speak SIEM (security information and event management)? Do your mainframe people speak SIEM? If you are typical, your mainframe is where about 70% of your enterprise data is stored. If you are performing mission-critical processing on your mainframe – and why else would you have one? – then it is critically important that your mainframe can “speak” to your SIEM tool, and can tell the SIEM system when the mainframe detects a potential intrusion or “hack.” But how can your mainframe speak SIEM when your mainframe people don’t even speak the same language as your SIEM people?

No, I'm not a gamer but...

I did read an article (Sony confirms external attack brough down PlayStation Network - Dean Takahashi, April 22, 2012) on GAMESBEAT this morning that talks about the recent crash of the Sony PlayStation Network. In the article Sony points the finger at Anonymous and Anonymous denies it was to blame, even going so far as to label the media giant "incompetent."

Five things you should be thinking about before someone tries to “break in” to your IT systems

It was 3:49 a.m. last Thursday. Car alarm was going nuts and my dog was wildly barking out on the lanai right next to my bedroom window. Just waking from a real deep sleep, I was unsure if it was my car or a neighbor’s then the familiar sound of my 2001 Ford Ranger horn had me up and out the door with dog leading the way as fast as my arthritic bones would let me.

“We thought we could handle all of the user’s problems without analyzing every single log message. Now I'm a news headline!”

“What in the world just happened? Last week all was good. My job was going great, I never thought I’d be sitting here worrying whether or not I’d get fired for making headlines, but here it is staring right through me from my monitor – my company just acknowledged a massive security breach.

Virtualization is one of those computer terms that is often overused and misunderstood. Wikipedia defines it as “the creation of a virtual (rather than actual) version of something, such as an operating system or computer.” In IT, you could be managing network virtualization, storage virtualization, desktop virtualization, operating system level virtualization, full virtualization, and a host of others. All of these have their own particular nuances. With this in mind, our blog today will focus on securing the virtualization of your datacenter and desktop environments.

We hear every day of different viruses and attacks almost as if they were coming off an assembly line. They come in all shapes, sizes and forms, and they are becoming more sophisticated and harder to detect. The source of the attacks often comes EXTERNALLY but vulnerability can also be exposed from INTERNAL activities, for instance a disgruntled employee or stolen passwords.

The key to enabling actionable intelligence in your SIEM strategy is to have recurrent neural network capability to help manage events. Take this example for instance: If I react to an event, is that reaction sufficient? If the same event occurs again, I can react in the same way I did the first time. Is that enough?

MIB and SNMP traps have traditionally been used to track system health, performance and availability, but these network management tools are now finding their way into Information Security applications. Some security software vendors are now using a combination of SNMP and syslog data to identify potential security threats, linking their event management capability to take corrective action to isolate the security threats.

With "Black Friday" fast approaching, I wanted to provide some guidelines for upholding the Payment Card Industry Data Security Standard (PCI DSS). The standard, managed by the PCI Security Standards Council, was founded by credit card giants American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc. The standard represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information, and with more and more consumers purchasing online this holiday season, PCI DSS is clearly on the minds of IT security managers across the globe.

Recently, one of our customers reported that they are running upwards of 200 million messages per day through the CorreLog Enterprise Server – and this is just from the IBM z/OS mainframe!  The closer we get to December 25, the more that number will balloon upwards.  Collecting all of this data is certainly a necessity for compliance standards, forensic analysis and managing end-user performance and availability.  But how can they possible make sense of all the data filing through every minute?