Security Information & Event Management Blog | SIEM

InfoSec Firsts:  CorreLog and XBridge Combine to Unveil the Industry's First Data Loss Prevention (DLP) and Real-Time SIEM for z/OS at SHARE San Antonio

Posted by Tony Perri on Mar 2, 2016 12:02:09 PM

Information and innovation are the most valuable commodities SHARE_FullLogo_RGB-1.jpgin our increasingly digital world. Thanks to the IT revolution, we now enjoy virtually instant categorization and access to key enterprise data assets. The downside? Many organizations have consolidated their most sensitive Intellectual Property (IP) and consumer identity data in one very predictable spot – mainframes. There can be no doubt where internal and nation-state cyber-thieves have focused their attention.

The innovative technology that brought us here is the same technology canvasing the dynamic world of IT with the burden of too much complexity. IT security visibility is blinded and lethargic from the mutually repellant worlds of distributed and mainframe networks. And because we've naturally assumed our mainframes are secure, we've taken for granted how their purpose and relevance has changed over time.

Read More

Topics: compliance standards, automated threat detection, PCI DSS compliance, Log Management, enterprise SIEM system, z/OS security, mainframe security

10 Step FIM Approach for Reliability, Data Security and Compliance

Posted by Tony Perri on Sep 26, 2012 2:14:00 PM

One area that you shouldn’t overlook that can derail your ability to hit IT service level agreements (SLAs) is file integrity monitoring (FIM). Your inability to uphold file integrity compromises your ability to deliver critical applications/services and also puts your organization’s security and compliance at risk. Why is FIM so important to SLAs and compliance?
  • FIM ensures file compliance by scanning files in configuration-specified directories and then checks for unauthorized changes.
  • FIM creates a baseline file configuration to be compared to any future configuration state. If there are any deviations from the baseline, an alert of potential threat can be issued.
  • Good FIM practice allows for archiving to compliance standards - PCI DSS, FISMA, SOX, HIPAA, NERC, GLBA, etc... - in the event you need the data for forensics.
Read More

Topics: insider threat, compliance standards, automated threat detection, Log Management, enterprise SIEM system

Mainframe SIEM Log Management in a Distributed IT Security World

Posted by Tony Perri on Aug 9, 2012 2:31:00 PM

Seems like every day we see news headlines about yet another cyber-breach. Government agencies, local municipalities, online gaming and social platforms, financial institutions, even high-school records have been exposed in recent attacks. Scour the web and you will be hard-pressed to find the percentage of breaches occurring on mainframe versus distributed. The data just doesn’t seem to be there. Mainframe gurus will say that it is rare for a mainframe to be compromised, but the reality is that the data to confirm or dismiss this is just too hard to come by. Unless you are an insider and know the details of the breach, all we know publicly is that there was a breach, the number of records compromised and maybe the dollars affected.

Read More

Topics: automated threat detection, collect log data, Log Management, enterprise SIEM system

Log Management Language Barrier Pt. 3: Where to Find Mainframe Events

Posted by Charles Mills on Jun 22, 2012 3:32:00 PM

Over the last few weeks I have written that mainframe people and enterprise security people use “Syslog” to mean two different things and that z/OS SYSLOG is not a good source for the kinds of security incident and event data that enterprise security people need. So when a large retailer came to us and wanted their mainframe security events forwarded to a Managed Security Service Provider (MSSP) for PCI DSS compliance, where did we go for that mainframe security event data? What data is in a mainframe that is a good source of security events?

Read More

Topics: insider threat, automated threat detection, PCI DSS compliance, Log Management

Log Management Language Barrier: Is it Syslog or SYSLOG?

Posted by Charles Mills on May 10, 2012 9:30:00 AM

Does your mainframe speak Syslog or SYSLOG?

Does your mainframe speak SIEM (security information and event management)? Do your mainframe people speak SIEM? If you are typical, your mainframe is where about 70% of your enterprise data is stored. If you are performing mission-critical processing on your mainframe – and why else would you have one? – then it is critically important that your mainframe can “speak” to your SIEM tool, and can tell the SIEM system when the mainframe detects a potential intrusion or “hack.” But how can your mainframe speak SIEM when your mainframe people don’t even speak the same language as your SIEM people?

Read More

Topics: automated threat detection, PCI DSS compliance, Log Management

FIM for Service Reliability, Security, Compliance and... Gamers!

Posted by Tony Perri on Apr 30, 2012 11:35:00 AM

No, I'm not a gamer but...

I did read an article (Sony confirms external attack brough down PlayStation Network - Dean Takahashi, April 22, 2012) on GAMESBEAT this morning that talks about the recent crash of the Sony PlayStation Network. In the article Sony points the finger at Anonymous and Anonymous denies it was to blame, even going so far as to label the media giant "incompetent."

Read More

Topics: compliance standards, automated threat detection, PCI DSS compliance, Log Management, security threat

Log Management Lesson: Confessions of a Security Systems Admin

Posted by Tony Perri on Feb 29, 2012 3:30:00 PM

“We thought we could handle all of the user’s problems without analyzing every single log message. Now I'm a news headline!”

Read More

Topics: automated threat detection, network security, PCI DSS compliance, Log Management

Locking Down your Files Systems? – 10 File Integrity Rules to Live By

Posted by Tony Perri on Jan 13, 2012 11:48:00 AM

We hear every day of different viruses and attacks almost as if they were coming off an assembly line. They come in all shapes, sizes and forms, and they are becoming more sophisticated and harder to detect. The source of the attacks often comes EXTERNALLY but vulnerability can also be exposed from INTERNAL activities, for instance a disgruntled employee or stolen passwords.

Read More

Topics: insider threat, compliance standards, automated threat detection

Utilizing Self-aware, Neural Network Technology for Threat Detection

Posted by Tony Perri on Dec 19, 2011 3:00:00 PM

The key to enabling actionable intelligence in your SIEM strategy is to have recurrent neural network capability to help manage events. Take this example for instance: If I react to an event, is that reaction sufficient? If the same event occurs again, I can react in the same way I did the first time. Is that enough?

Read More

Topics: insider threat, automated threat detection, collect log data, Log Management

10 Guidelines to Ensure a 2011 Happy PCI DSS Holiday Season

Posted by Jeff Davison on Nov 1, 2011 5:10:00 PM

With "Black Friday" fast approaching, I wanted to provide some guidelines for upholding the Payment Card Industry Data Security Standard (PCI DSS). The standard, managed by the PCI Security Standards Council, was founded by credit card giants American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc. The standard represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information, and with more and more consumers purchasing online this holiday season, PCI DSS is clearly on the minds of IT security managers across the globe.

Read More

Topics: automated threat detection, PCI DSS compliance, managing corporate IT security and compliance

Subscribe via Email

Connect with CorreLog