When we start talking about security, there are different aspects: We could keep the discussion at the academic level, explaining what an SQL injection is, learning what a watering hole is, discussing the most critical malware of the year and debating whether the mainframe is the strongest secure system currently available. On the Internet, we can find a lot of literature on this subject.
Another approach could be to discuss security tools and products.
We would begin the discussion about security with knowledge — knowledge on possible threats and understanding the real risks. Investments are driven by real risks and therefore enterprises very much focus on this. The problem is that a lot of information is coming in, often from untrusted sources. In order to be effective, the information should arrive in a timely manner.
Finding the Best Security Products
The IBM answer to the need for knowledge is X-Force. X-Force is a team of researchers focused on understanding cybercrime and providing continuous information for products. In fact, it even delivers a report on cybercrime every quarter. But it is not just a matter of reports.
IBM has also launched X-Force Exchange. There are two main features: a portal where users can run queries and receive information on specific threats and IP reputation, and an API interface. The platform is open, accessible and social. That is the best answer against cybercrime.
But IBM is more than just X-Force: We have end-to-end solutions to protect all the configuration items necessary to provide services, from mainframe to endpoint. This includes identity and access management, fraud protection, static and dynamic application analysis, data protection and data masking and endpoint protection, all integrated in the security intelligence platform.
Talking about end-to-end security includes all possible platforms, and with each we need to talk about security and manage it in the best way.
One of the best platforms is the mainframe security system, which is currently the most secure in the market and uses an easy approach. However, this is not the only option.
Beyond Threat Intelligence
Risk management and vulnerability management are always strong characteristics of mainframe platforms, obtained by a successful marriage between hardware and software. A strong push is given by IBM zSecure, born from the acquisition of the Dutch company Consul, which allowed mainframe administrators and users to work with security objects in an easier way and allowed people with no security skills to deal with issues.
So let’s talk about security information and event management (SIEM) and log management needs in mainframe solutions as seen from a security point of view. In the past, log management was very strong in the mainframe, but its scope was not to analyze and detect attacks due to the very strong and solid security infrastructure.
Log management’s scope was mainly to allow system programmers to find errors and solve them. In the past 10 years, many customers, especially in the public sector, experienced attacks inside the mainframe thanks to malicious insiders. These insider threats could be, for example, changing the value of a given cash amount, viewing colleagues’ salaries or accessing sensitive information for fraudulent purposes. Due to this, log management from a security perspective went from “nice to have” to “mandatory.”
These recent changes encouraged IBM to extend SIEM capabilities for log management to mainframe solutions, increasing capabilities to capture security events. A very tight integration has been built between all security tools, allowing for event exchange and easier log management analysis.