Security Information & Event Management Blog | SIEM

Tony Perri

Recent Posts

CorreLog Blog: Takeaways from SHARE Atlanta and Fuel for the CorreLog Product Roadmap

Posted by Tony Perri on Aug 31, 2016 10:00:00 AM

Another SHARE conference has come and gone, and we have much to report on where mainframe security is headed. Each year, SHARE demonstrates that the mainframe is not only here to stay, it’s regaining its reputation as the king of big data in an IT landscape of massive complexity and high data risk.

Read More

Topics: Log Management, enterprise SIEM system, z/OS security, mainframe security

InfoSec Firsts:  CorreLog and XBridge Combine to Unveil the Industry's First Data Loss Prevention (DLP) and Real-Time SIEM for z/OS at SHARE San Antonio

Posted by Tony Perri on Mar 2, 2016 12:02:09 PM

Information and innovation are the most valuable commodities SHARE_FullLogo_RGB-1.jpgin our increasingly digital world. Thanks to the IT revolution, we now enjoy virtually instant categorization and access to key enterprise data assets. The downside? Many organizations have consolidated their most sensitive Intellectual Property (IP) and consumer identity data in one very predictable spot – mainframes. There can be no doubt where internal and nation-state cyber-thieves have focused their attention.

The innovative technology that brought us here is the same technology canvasing the dynamic world of IT with the burden of too much complexity. IT security visibility is blinded and lethargic from the mutually repellant worlds of distributed and mainframe networks. And because we've naturally assumed our mainframes are secure, we've taken for granted how their purpose and relevance has changed over time.

Read More

Topics: compliance standards, automated threat detection, PCI DSS compliance, Log Management, enterprise SIEM system, z/OS security, mainframe security

Mainframe Myth-Busting: File Integrity Monitoring is only for Windows/UNIX security systems.

Posted by Tony Perri on Feb 8, 2016 2:00:00 PM

That’s the thing about myths: they’re only partly true.

Yes, File Integrity Monitoring (FIM) has been part of the distributed computing landscape for a few years now. And yes, real-time enterprise security monitoring is harder to accomplish in a mainframe environment. But as attacks become more sophisticated, FIM needs to be a key component of the entire network, including your mainframe.

There’s a well-known software vendor that has an antivirus “sandbox” that is used to explode viruses in much like a police bomb squad would do with a suspicious package at a crime scene.

Read More

Topics: network security, PCI DSS compliance, Log Management, managing corporate IT security and compliance, z/OS security, mainframe security

PCI DSS Myth-Busting: When PCI DSS references File Integrity Monitoring, they are just talking about Windows/UNIX.

Posted by Tony Perri on Oct 14, 2015 2:00:00 PM


Not so fast…what about MFIM.

File Integrity Monitoring (FIM) has been part of the distributed landscape for years, generally as a component of an enterprise anti-malware strategy. But as attacks become more sophisticated and nearly undetectable, FIM needs to be a key component across the entire network, mainframe included.

Read More

Topics: network security, PCI DSS compliance, Log Management, z/OS security, mainframe security

8 PCI DSS Guidelines for Better Mainframe Compliance

Posted by Tony Perri on Nov 18, 2014 2:10:00 PM


What to do when your mainframe catches a virus

8 Guidelines for monitoring mainframe security controls per PCI DSS Requirements

Now that we have your attention, allow us to expound on the thought. This is a somewhat valid question if you are in banking/finance, retail, healthcare, government or other environment that processes credit cards on a massive scale and requires the computing horsepower of a mainframe.

Why? Because these industries all have to adhere to the malware/anti-virus clause from the Payment Card Industry Data Security Standard (PCI DSS). At a high level, the PCI DSS provides a baseline of requirements for these industries to adhere to for the protection of cardholder data. Even if they have just one credit card transaction over the course of a fiscal year, PCI DSS applies and the penalties are significant. From the PCI Security Standards Council website FAQ page:

Read More

DAM that HACK! 7 ways your z/OS DB2 can alert you to cyber threat

Posted by Tony Perri on Mar 18, 2013 12:45:00 PM

Database Activity Monitoring (DAM) is defined by Gartner as “… tools that can be used to support the ability to identify and report on fraudulent, illegal or other undesirable behavior, with minimal impact on user operations and productivity(1)…” If you know what to look for in z/OS DB2 audit trails, you have an excellent window into your mainframe database security health.

Read More

Topics: compliance standards, automated threat detection; event log management;, collect log data, PCI DSS compliance, Log Management

Event Data vs. Syslog Data: 4 points of distinction for the CISO

Posted by Tony Perri on Jan 17, 2013 9:00:00 AM

It should come as no surprise that security information and event management, or SIEM, has been fueled by industry standards groups and government agencies. Leading the charge to how data and security policies are drawn up are organizations with acronym-laden names like PCI SSC, FISMA, FERC, NERC, SOX, HIPAA and many others. The Payment Card Industry Security Standards Council, issuers of the PCI data security standard (PCI DSS), was founded by payment card giants MasterCard, American Express, Discover and several others. In 2006 they issued requirements and offered certifications for merchants, vendors and security consulting companies with the intent to “mitigate data breaches and prevent payment cardholder data fraud.”

Read More

Topics: compliance standards, automated threat detection; event log management;, Log Management

10 Step FIM Approach for Reliability, Data Security and Compliance

Posted by Tony Perri on Sep 26, 2012 2:14:00 PM

One area that you shouldn’t overlook that can derail your ability to hit IT service level agreements (SLAs) is file integrity monitoring (FIM). Your inability to uphold file integrity compromises your ability to deliver critical applications/services and also puts your organization’s security and compliance at risk. Why is FIM so important to SLAs and compliance?
  • FIM ensures file compliance by scanning files in configuration-specified directories and then checks for unauthorized changes.
  • FIM creates a baseline file configuration to be compared to any future configuration state. If there are any deviations from the baseline, an alert of potential threat can be issued.
  • Good FIM practice allows for archiving to compliance standards - PCI DSS, FISMA, SOX, HIPAA, NERC, GLBA, etc... - in the event you need the data for forensics.
Read More

Topics: insider threat, compliance standards, automated threat detection, Log Management, enterprise SIEM system

Mainframe SIEM Log Management in a Distributed IT Security World

Posted by Tony Perri on Aug 9, 2012 2:31:00 PM

Seems like every day we see news headlines about yet another cyber-breach. Government agencies, local municipalities, online gaming and social platforms, financial institutions, even high-school records have been exposed in recent attacks. Scour the web and you will be hard-pressed to find the percentage of breaches occurring on mainframe versus distributed. The data just doesn’t seem to be there. Mainframe gurus will say that it is rare for a mainframe to be compromised, but the reality is that the data to confirm or dismiss this is just too hard to come by. Unless you are an insider and know the details of the breach, all we know publicly is that there was a breach, the number of records compromised and maybe the dollars affected.

Read More

Topics: automated threat detection, collect log data, Log Management, enterprise SIEM system

FIM for Service Reliability, Security, Compliance and... Gamers!

Posted by Tony Perri on Apr 30, 2012 11:35:00 AM

No, I'm not a gamer but...

I did read an article (Sony confirms external attack brough down PlayStation Network - Dean Takahashi, April 22, 2012) on GAMESBEAT this morning that talks about the recent crash of the Sony PlayStation Network. In the article Sony points the finger at Anonymous and Anonymous denies it was to blame, even going so far as to label the media giant "incompetent."

Read More

Topics: compliance standards, automated threat detection, PCI DSS compliance, Log Management, security threat

Subscribe via Email

Connect with CorreLog