Every time a news story breaks on a big security breach, there is panic. It becomes a “fire drill” for the IT security department to confirm that its systems are secure; corporate auditors rush in to confirm that systems are secure and compliant; and industry regulators analyze recent breaches to ensure that existing standards and regulations are still sufficient.
IT staff must be prepared to deal quickly and efficiently with the complexities of:
- Constantly evolving, sophisticated threats;
- An abundance of security audit data to analyze;
- Changing industry compliance regulations and standards;
- Cloud, mobile, big data and social media environments.
So what can your security department do to minimize the complexity and trauma of auditing and compliance? Here are six suggestions to sustain compliance and remain vigilant against threats.
1. Enforce Security Standards and Best Practices
Most standards are based on commonsense security practices: least possible privilege, separation of duties, privileged user monitoring, data encryption and protection and audit log records to cover everything of significance. The hard part is enforcing these policies and making sure that they can’t be circumvented.
2. Perform “Health Checks” Often
Check that safe defaults, security settings and configurations have not been changed; perform “health checks” on a periodic basis; and make sure to audit changes to critical settings so that they generate real-time alerts.
3. Maximize Your System Security
Maintain current product releases and fixes so known vulnerabilities can’t be exploited. You want to run your mission-critical product workloads on the most secure systems, such as System z.
4. Monitor and Collect the Necessary Security Audit Information
Use standard audit record formatting and log management tools for optimal analysis and integrated security reporting. Create real-time alerts if auditing is turned off. Protect the audit information from modification or deletion; these logs are instrumental to security forensics.
5. Automate the Analysis of Audit Information for Threat Detection and Compliance Reporting
With so much information being collected, virtually real-time, proactive and automated analysis can provide early detection of potential threats. It helps to prioritize the potential severity and identify the critical situations, which allows you to optimize your security intelligence.
6. Utilize Customizable, Flexible Compliance Reporting Tools
The right compliance reporting tools can reduce the complexity of manually creating audit reports while allowing customization and large-scale integration across applications and systems. Real-time dashboard reporting can start with enterprise views and drill down to specifics.
While we may never be able to prevent security attacks and avoid compliance audits, we can simplify the massive collection, analysis and reporting of security information. In today’s complex environments, with as much as 80 percent of mission-critical applications and production data residing on mainframes, comprehensive security intelligence can help you efficiently monitor and defend your enterprise.
Read the White Paper: Safeguard enterprise compliance and remain vigilant against threats
Mainframe Security Marketing Manager, IBM Security
Anne Lescher is a Senior Marketing Manager currently championing mainframe security. Anne's involvement with mainframe security started with Resource Access ...