Security Information & Event Management Blog | SIEM

Guest blog post, z/OS security, from Barry Schrager Part 3 of 7: Where's the data?

Posted by Barry Schrager on Jul 15, 2015 3:00:00 PM

Mainframe Security: Part 3 - Where is all your sensitive data?

bigstock-Expressive-businessman-shruggi-47454826One vulnerability I see a lot are copies of sensitive data outside of the production environment. This sensitive data, if disclosed, can harm the organization just as much as the production versions. Examples are Social Security Numbers, medical diagnosis or treatments, credit information, and, of course, credit card numbers which should never be stored unencrypted in the first place. One example that comes to mind is an insurance company discovering a series of database query results, stored under an individual user’s high-level index that correlated medical treatments with diagnosis, but also contained the patient’s identification. When investigated, it turns out that the employee was asked by an executive to do this analysis, but, never bothered checking with the security people on where and how to temporarily store this information and never cleaned it up afterwards.

Read More

Topics: insider threat, compliance standards, collect log data, Log Management, enterprise SIEM system

DAM that HACK! 7 ways your z/OS DB2 can alert you to cyber threat

Posted by Tony Perri on Mar 18, 2013 12:45:00 PM

Database Activity Monitoring (DAM) is defined by Gartner as “… tools that can be used to support the ability to identify and report on fraudulent, illegal or other undesirable behavior, with minimal impact on user operations and productivity(1)…” If you know what to look for in z/OS DB2 audit trails, you have an excellent window into your mainframe database security health.

Read More

Topics: compliance standards, automated threat detection; event log management;, collect log data, PCI DSS compliance, Log Management

Mainframe SIEM Log Management in a Distributed IT Security World

Posted by Tony Perri on Aug 9, 2012 2:31:00 PM

Seems like every day we see news headlines about yet another cyber-breach. Government agencies, local municipalities, online gaming and social platforms, financial institutions, even high-school records have been exposed in recent attacks. Scour the web and you will be hard-pressed to find the percentage of breaches occurring on mainframe versus distributed. The data just doesn’t seem to be there. Mainframe gurus will say that it is rare for a mainframe to be compromised, but the reality is that the data to confirm or dismiss this is just too hard to come by. Unless you are an insider and know the details of the breach, all we know publicly is that there was a breach, the number of records compromised and maybe the dollars affected.

Read More

Topics: automated threat detection, collect log data, Log Management, enterprise SIEM system

5 Threats to Virtual Infrastructure Security and 6 Log Management Tips to Improve it

Posted by Tony Perri on Feb 2, 2012 5:29:00 PM

Virtualization is one of those computer terms that is often overused and misunderstood. Wikipedia defines it as “the creation of a virtual (rather than actual) version of something, such as an operating system or computer.” In IT, you could be managing network virtualization, storage virtualization, desktop virtualization, operating system level virtualization, full virtualization, and a host of others. All of these have their own particular nuances. With this in mind, our blog today will focus on securing the virtualization of your datacenter and desktop environments.

Read More

Topics: compliance standards, collect log data, PCI DSS compliance

Utilizing Self-aware, Neural Network Technology for Threat Detection

Posted by Tony Perri on Dec 19, 2011 3:00:00 PM

The key to enabling actionable intelligence in your SIEM strategy is to have recurrent neural network capability to help manage events. Take this example for instance: If I react to an event, is that reaction sufficient? If the same event occurs again, I can react in the same way I did the first time. Is that enough?

Read More

Topics: insider threat, automated threat detection, collect log data, Log Management

Rounding out your SIEM Strategy with SNMP

Posted by Tony Perri on Dec 12, 2011 11:09:00 AM

MIB and SNMP traps have traditionally been used to track system health, performance and availability, but these network management tools are now finding their way into Information Security applications. Some security software vendors are now using a combination of SNMP and syslog data to identify potential security threats, linking their event management capability to take corrective action to isolate the security threats.

Read More

Topics: collect log data, end-user performance and availability, managing corporate IT security and compliance

6 Log Management Questions to Ask this Holiday Shopping Season

Posted by Tony Perri on Oct 5, 2011 10:17:00 PM

Recently, one of our customers reported that they are running upwards of 200 million messages per day through the CorreLog Enterprise Server – and this is just from the IBM z/OS mainframe!  The closer we get to December 25, the more that number will balloon upwards.  Collecting all of this data is certainly a necessity for compliance standards, forensic analysis and managing end-user performance and availability.  But how can they possible make sense of all the data filing through every minute? 

Read More

Topics: compliance standards, automated threat detection, collect log data, PCI DSS compliance, Log Management, security threat, enterprise SIEM system, end-user performance and availability, managing corporate IT security and compliance, indexing and storing data

Subscribe via Email

Connect with CorreLog