Security Information & Event Management Blog | SIEM

InfoSec Firsts:  CorreLog and XBridge Combine to Unveil the Industry's First Data Loss Prevention (DLP) and Real-Time SIEM for z/OS at SHARE San Antonio

Posted by Tony Perri on Mar 2, 2016 12:02:09 PM

Information and innovation are the most valuable commodities SHARE_FullLogo_RGB-1.jpgin our increasingly digital world. Thanks to the IT revolution, we now enjoy virtually instant categorization and access to key enterprise data assets. The downside? Many organizations have consolidated their most sensitive Intellectual Property (IP) and consumer identity data in one very predictable spot – mainframes. There can be no doubt where internal and nation-state cyber-thieves have focused their attention.

The innovative technology that brought us here is the same technology canvasing the dynamic world of IT with the burden of too much complexity. IT security visibility is blinded and lethargic from the mutually repellant worlds of distributed and mainframe networks. And because we've naturally assumed our mainframes are secure, we've taken for granted how their purpose and relevance has changed over time.

Read More

Topics: compliance standards, automated threat detection, PCI DSS compliance, Log Management, enterprise SIEM system, z/OS security, mainframe security

Mainframe Myth-Busting: File Integrity Monitoring is only for Windows/UNIX security systems.

Posted by Tony Perri on Feb 8, 2016 2:00:00 PM

That’s the thing about myths: they’re only partly true.

Yes, File Integrity Monitoring (FIM) has been part of the distributed computing landscape for a few years now. And yes, real-time enterprise security monitoring is harder to accomplish in a mainframe environment. But as attacks become more sophisticated, FIM needs to be a key component of the entire network, including your mainframe.

There’s a well-known software vendor that has an antivirus “sandbox” that is used to explode viruses in much like a police bomb squad would do with a suspicious package at a crime scene.

Read More

Topics: network security, PCI DSS compliance, Log Management, managing corporate IT security and compliance, z/OS security, mainframe security

PCI DSS Myth-Busting: When PCI DSS references File Integrity Monitoring, they are just talking about Windows/UNIX.

Posted by Tony Perri on Oct 14, 2015 2:00:00 PM


Not so fast…what about MFIM.

File Integrity Monitoring (FIM) has been part of the distributed landscape for years, generally as a component of an enterprise anti-malware strategy. But as attacks become more sophisticated and nearly undetectable, FIM needs to be a key component across the entire network, mainframe included.

Read More

Topics: network security, PCI DSS compliance, Log Management, z/OS security, mainframe security

Don’t expect to move your cyber-security gauge towards 'safe' until..

Posted by Charles Mills on Apr 1, 2014 1:00:00 PM

Your network is vulnerable because your log management practice fails to include real-time mainframe data.

The InfoSec World show is upon us. For those of you unfamiliar with InfoSec World, it is an educational conference organized by the MIS Training Institute, an international organization that specializes in audit and information security training. According to their website, www.misti.com, they have trained more than 200,000 IT professionals over the course of its existence.

Read More

Topics: PCI DSS compliance, Log Management, security threat, enterprise SIEM system

DAM that HACK! 7 ways your z/OS DB2 can alert you to cyber threat

Posted by Tony Perri on Mar 18, 2013 12:45:00 PM

Database Activity Monitoring (DAM) is defined by Gartner as “… tools that can be used to support the ability to identify and report on fraudulent, illegal or other undesirable behavior, with minimal impact on user operations and productivity(1)…” If you know what to look for in z/OS DB2 audit trails, you have an excellent window into your mainframe database security health.

Read More

Topics: compliance standards, automated threat detection; event log management;, collect log data, PCI DSS compliance, Log Management

Log Management Language Barrier Pt. 3: Where to Find Mainframe Events

Posted by Charles Mills on Jun 22, 2012 3:32:00 PM

Over the last few weeks I have written that mainframe people and enterprise security people use “Syslog” to mean two different things and that z/OS SYSLOG is not a good source for the kinds of security incident and event data that enterprise security people need. So when a large retailer came to us and wanted their mainframe security events forwarded to a Managed Security Service Provider (MSSP) for PCI DSS compliance, where did we go for that mainframe security event data? What data is in a mainframe that is a good source of security events?

Read More

Topics: insider threat, automated threat detection, PCI DSS compliance, Log Management

Log Management Language Barrier Pt. 2, Just what is Mainframe SYSLOG?

Posted by Charles Mills on May 29, 2012 4:00:00 PM

Two weeks ago, I wrote that one obstacle to getting your Mainframe to “speak” to your security information and event management (SIEM) console was that mainframe people and enterprise security people speak a different language. They both use the same word, “Syslog,” to mean two different things. SIEM people of course use the word Syslog – as they write it – to mean the RFC 3164 Syslog messages that are at the heart of SIEM processing. Mainframe people use the word SYSLOG – as they usually write it – to refer to a voluminous stream of messages, which for the most part, have little to do with enterprise IT security, log management or network availability. Why?

Read More

Topics: PCI DSS compliance, Log Management, enterprise SIEM system

Log Management Language Barrier: Is it Syslog or SYSLOG?

Posted by Charles Mills on May 10, 2012 9:30:00 AM

Does your mainframe speak Syslog or SYSLOG?

Does your mainframe speak SIEM (security information and event management)? Do your mainframe people speak SIEM? If you are typical, your mainframe is where about 70% of your enterprise data is stored. If you are performing mission-critical processing on your mainframe – and why else would you have one? – then it is critically important that your mainframe can “speak” to your SIEM tool, and can tell the SIEM system when the mainframe detects a potential intrusion or “hack.” But how can your mainframe speak SIEM when your mainframe people don’t even speak the same language as your SIEM people?

Read More

Topics: automated threat detection, PCI DSS compliance, Log Management

FIM for Service Reliability, Security, Compliance and... Gamers!

Posted by Tony Perri on Apr 30, 2012 11:35:00 AM

No, I'm not a gamer but...

I did read an article (Sony confirms external attack brough down PlayStation Network - Dean Takahashi, April 22, 2012) on GAMESBEAT this morning that talks about the recent crash of the Sony PlayStation Network. In the article Sony points the finger at Anonymous and Anonymous denies it was to blame, even going so far as to label the media giant "incompetent."

Read More

Topics: compliance standards, automated threat detection, PCI DSS compliance, Log Management, security threat

Log Management Lesson: Confessions of a Security Systems Admin

Posted by Tony Perri on Feb 29, 2012 3:30:00 PM

“We thought we could handle all of the user’s problems without analyzing every single log message. Now I'm a news headline!”

Read More

Topics: automated threat detection, network security, PCI DSS compliance, Log Management

Subscribe via Email

Connect with CorreLog