When we start talking about security, there are different aspects: We could keep the discussion at the academic level, explaining what an SQL injection is, learning what a watering hole is, discussing the most critical malware of the year and debating whether the mainframe is the strongest secure system currently available. On the Internet, we can find a lot of literature on this subject.

Another approach could be to discuss security tools and products.

We would begin the discussion about security with knowledge — knowledge on possible threats and understanding the real risks. Investments are driven by real risks and therefore enterprises very much focus on this. The problem is that a lot of information is coming in, often from untrusted sources. In order to be effective, the information should arrive in a timely manner.

Finding the Best Security Products

The IBM answer to the need for knowledge is X-Force. X-Force is a team of researchers focused on understanding cybercrime and providing continuous information for products. In fact, it even delivers a report on cybercrime every quarter. But it is not just a matter of reports.

IBM has also launched X-Force Exchange. There are two main features: a portal where users can run queries and receive information on specific threats and IP reputation, and an API interface. The platform is open, accessible and social. That is the best answer against cybercrime.

But IBM is more than just X-Force: We have end-to-end solutions to protect all the configuration items necessary to provide services, from mainframe to endpoint. This includes identity and access management, fraud protection, static and dynamic application analysis, data protection and data masking and endpoint protection, all integrated in the security intelligence platform.

Talking about end-to-end security includes all possible platforms, and with each we need to talk about security and manage it in the best way.

One of the best platforms is the mainframe security system, which is currently the most secure in the market and uses an easy approach. However, this is not the only option.

Beyond Threat Intelligence

Risk management and vulnerability management are always strong characteristics of mainframe platforms, obtained by a successful marriage between hardware and software. A strong push is given by IBM zSecure, born from the acquisition of the Dutch company Consul, which allowed mainframe administrators and users to work with security objects in an easier way and allowed people with no security skills to deal with issues.

So let’s talk about security information and event management (SIEM) and log management needs in mainframe solutions as seen from a security point of view. In the past, log management was very strong in the mainframe, but its scope was not to analyze and detect attacks due to the very strong and solid security infrastructure.

Log management’s scope was mainly to allow system programmers to find errors and solve them. In the past 10 years, many customers, especially in the public sector, experienced attacks inside the mainframe thanks to malicious insiders. These insider threats could be, for example, changing the value of a given cash amount, viewing colleagues’ salaries or accessing sensitive information for fraudulent purposes. Due to this, log management from a security perspective went from “nice to have” to “mandatory.”

These recent changes encouraged IBM to extend SIEM capabilities for log management to mainframe solutions, increasing capabilities to capture security events. A very tight integration has been built between all security tools, allowing for event exchange and easier log management analysis.

Read the white paper: Safeguard Enterprise Compliance and Remain Vigilant Against Threats

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today