Security Information & Event Management Blog | SIEM

Guest blog post, z/OS security, from Barry Schrager Part 2 of 7: User Authentication

Posted by Barry Schrager on Jun 30, 2015 12:10:00 PM

Mainframe Security Part 2: User Authentication

How can a system accurately determine whether access to data should be allowed when it is not certain who the user is? We have seen this in the NSA - Edward Snowden case – he borrowed other administrators’ User IDs and passwords in order to gain access to data that he was not authorized for. Also, people working together sometimes share this information for convenience. But, what does that do for security and accountability? It destroys it. This is a critical situation for any user with access to some segment of an organization’s sensitive data, which is almost everyone these days.

I raised the idea of two-factor identification in my 1974 papers, but the world was different then. 

Read More

Topics: insider threat, automated threat detection; event log management;, Log Management, enterprise SIEM system, indexing and storing data

DAM that HACK! 7 ways your z/OS DB2 can alert you to cyber threat

Posted by Tony Perri on Mar 18, 2013 12:45:00 PM

Database Activity Monitoring (DAM) is defined by Gartner as “… tools that can be used to support the ability to identify and report on fraudulent, illegal or other undesirable behavior, with minimal impact on user operations and productivity(1)…” If you know what to look for in z/OS DB2 audit trails, you have an excellent window into your mainframe database security health.

Read More

Topics: compliance standards, automated threat detection; event log management;, collect log data, PCI DSS compliance, Log Management

Event Data vs. Syslog Data: 4 points of distinction for the CISO

Posted by Tony Perri on Jan 17, 2013 9:00:00 AM

It should come as no surprise that security information and event management, or SIEM, has been fueled by industry standards groups and government agencies. Leading the charge to how data and security policies are drawn up are organizations with acronym-laden names like PCI SSC, FISMA, FERC, NERC, SOX, HIPAA and many others. The Payment Card Industry Security Standards Council, issuers of the PCI data security standard (PCI DSS), was founded by payment card giants MasterCard, American Express, Discover and several others. In 2006 they issued requirements and offered certifications for merchants, vendors and security consulting companies with the intent to “mitigate data breaches and prevent payment cardholder data fraud.”

Read More

Topics: compliance standards, automated threat detection; event log management;, Log Management

The Crux of Cybercrime Event Logging... from a car alarm???

Posted by Tony Perri on Mar 23, 2012 11:00:00 AM

Five things you should be thinking about before someone tries to “break in” to your IT systems

It was 3:49 a.m. last Thursday. Car alarm was going nuts and my dog was wildly barking out on the lanai right next to my bedroom window. Just waking from a real deep sleep, I was unsure if it was my car or a neighbor’s then the familiar sound of my 2001 Ford Ranger horn had me up and out the door with dog leading the way as fast as my arthritic bones would let me.

Read More

Topics: network security, automated threat detection; event log management;

Subscribe via Email

Connect with CorreLog