Compuware’s integration with CorreLog offers large enterprises a highly effective means of capturing deep application-level mainframe insight and incorporating that insight into broader, cross-platform Security Information and Event Management (SIEM).
Large enterprises have historically lacked deep mainframe application insight and/or have had that insight trapped in siloed monitoring applications that are not integrated into their broader SIEM implementations. This gap limited the ability of security, compliance, risk, and governance teams to see—unhindered—across platforms, programing languages and database architectures.
By taking advantage of the integration with CorreLog, organizations can capture critical data about which users are accessing specific applications and data, when the access occurred, how often access occurs and how that access diverges from other similar users. This data can then be incorporated into enterprise SIEM solutions in order to provide cyber-security teams with a single window into all relevant user activity data and alerts across all platforms.
How the Integration Works
Compuware Hiperstation’s application auditing capability captures all mainframe VTAM activity by user ID and IP address. It maintains a record of specified application interactions and sensitive data accessed during every monitored session. Hiperstation passes this insight to CorreLog SIEM Agent for z/OS in the form of SMF records, which CorreLog can then use in its own alerting and dashboard applications—or, in real time, pass along to leading SIEM solutions such as HP ArcSight, IBM QRadar, Splunk, and Dell SecureWorks.
The Hiperstation/CorreLog integration also allows InfoSec and compliance staff to actually replay any user application sessions that they believe require further investigation.