Security Information & Event Management Blog | SIEM

CorreLog Blog: Takeaways from SHARE Atlanta and Fuel for the CorreLog Product Roadmap

Posted by Tony Perri on Aug 31, 2016 10:00:00 AM

Another SHARE conference has come and gone, and we have much to report on where mainframe security is headed. Each year, SHARE demonstrates that the mainframe is not only here to stay, it’s regaining its reputation as the king of big data in an IT landscape of massive complexity and high data risk.

Shane Snow, founder of Contently and journalist for Wired and Fast Company, kicked off the week at SHARE Atlanta with a timely keynote speech addressing the power of stories to magnify brand success. We’ve witnessed what a breach can do to the brand reputations of global retailers and insurance giants. And in addition to the data loss and penalties, a few c-level executives have lost their jobs. As high-profile breaches continue to make headlines with costly consequences, data security continues to the top of the priority list.

Traffic on the SHARE expo floor provided evidence for this increasing focus on data security. We noted more security vendors than any previous year, and spoke with a steady stream of concerned mainframe professionals seeking more information about security, especially for IBM® DB2®. These interactions were encouraging: As mainframe security experts, we understand that most of the world’s sensitive banking, government, and manufacturing systems data resides on z/OS. This is the data cyber criminals (and nations’ state attackers) want, and aside from current conventional wisdom in our industry, your mainframe is targeted by hackers on a regular basis.

At SHARE Atlanta, we were proud to address mainframe security and compliance in more detail by hosting two educational breakout sessions this year. Charles Mills, CorreLog Director of Advanced Projects, delivered a session titled “A Holistic Approach to Mainframe and Enterprise Security” to explain out how z/OS users can achieve real-time visibility for a complete, cross-platform enterprise network security strategy. Mills was also pleased to co-present an informative session with CorreLog’s partner Vanguard, titled “What is PCI DSS and how does it affect me with PCI DSS 3.2 being moved up?” to inform attendees on how to ensure mainframe compliance with PCI DSS and prepare for audits. For more resources on mainframe security and compliance, visit CorreLog here and Vanguard here.

After these sessions, we saw spikes in booth traffic and were excited to present live demonstrations of our mainframe security products SIEM Agent for z/OS and the latest release of dbDefenderTM DAM Agent for DB2 for Database Activity Monitoring. These solutions allow users to view RACF, ACF2, Top Secret, and DB2 events in real-time, alongside security events from distributed network assets in an enterprise SIEM (Security Information & Event Management) system. Click here for more information on CorreLog mainframe security products.

CorreLog z/OS File Integrity Monitoring Whitepaper download


The feedback from speaking with SHARE Atlanta attendees and our fellow exhibitors was very encouraging; mainframe security is slowly becoming an IT infrastructure priority. The communications gap caused by decades of operating in “two worlds of IT” (mainframe versus WIN/UNIX) is finally starting to close. We will continue to preach that closing this gap and creating a universal data stream of mainframe event messages and WIN/UNIX logs into single enterprise SIEM systems, and doing this all in real time, is the best way to reduce data risk.

It was just a few years ago when we’d ask attendees in our speaking sessions at SHARE “raise your hand if you know what a SIEM is?” Back then, in a room of 50 people only 2 or 3 would raise their hands. This SHARE we saw more hands raised than ever. But knowing what SIEM is does not reduce data risk, and even having good SIEM solutions and practices will not reduce risk if your mainframe event data is not included in your SIEM in real time. Minimizing data loss means immediate action following a breach. If your SIEM system is receiving mainframe event data in nightly reports or even in as little as after 15 minutes of processing (say an appliance for mainframe event data conversion to distributed Syslog format for SIEM), you’ve lost the battle. Fighting cyber-crime is only as effective as the real-time actionable intelligence displayed and alerted on in your SIEM system.

We enjoyed the opportunity to speak with many of our customers in person this year at SHARE Atlanta. Conferences like SHARE help us assimilate evolving mainframe technologies and customer feedback into our mainframe security solutions roadmap. We will continue to stay out in the market where customers, prospects, and changing technologies come together to form the best mainframe security solutions.


Topics: Log Management, enterprise SIEM system, z/OS security, mainframe security

Subscribe via Email

Connect with CorreLog