How Companies Benefit from New Integration for Improved Mainframe Security Analytics
When asked to rank the top corporate objectives to improve over the next 12 months, respondents to the “State of the Mainframe Survey” from Syncsort indicated meeting security and compliance requirements was primary, outranking other high-focus areas such as meeting SLAs and reducing CPU usage and related costs.
This aligns with other reputable studies published in the last year that indicate security breaches are becoming more prevalent, including research from McAfee Labs that found a 67-percent increase in security breaches at organizations in 2016. The Syncsort survey also agrees with Cisco’s 2016 Annual Security Report that indicates insider breaches are on organizations’ radars as a significant threat, as 47 percent of respondents indicated.
The rise of insider threats is spurring companies to more closely monitor their users, not for lack of trust but for the sake of preventing unauthorized use of critical applications where corporate and, even worse, customer IP could be put at risk accidentally or deliberately.
These threats should be especially concerning for companies that rely heavily on mainframe-based business-critical applications and data.
It’s true the mainframe has an incredibly high security rating, including the industry’s highest certified level of isolation for a commercial system, Evaluation Assurance Level (EAL5+), according to industry analyst Alan Radding in a recent Syncsort blog post.
Despite this, when it comes to mainframe security, most enterprises still rely on disparate mainframe logs and SMF data from security products such as RACF®, CA ACF2TM and CA Top Secret® to piece together user behavior.
These solutions fail to provide enough accurate information around how users access critical applications and data, generating false positives that can lead analysts astray from understanding user data to improve mainframe security analytics.
New Integration Improves Mainframe Security Analytics
With the growing need to meet higher security and compliance measures, and—as 60 percent of respondents indicated in Syncsort’s survey—the trend of companies moving data off the mainframe for analysis, the new integration between Compuware’s mainframe cybersecurity and compliance solution, Application Audit, and Syncsort’s Big Iron to Big Data powerhouse Ironstream®, is timely to say the least.
The integration delivers machine data to Splunk® Enterprise Security (ES) for Security Information and Event Management (SIEM), making it easy for an organization to detect threats against critical mainframe data, correlate them with related information and events and satisfy compliance requirements.
“By integrating Application Audit with Ironstream, the partnership between Compuware and Syncsort enables customers to gain deeper insight into user activities, thus helping them strengthen security of their most critical applications and data while also gaining the benefit of intuitive behavioral analytics,” said John Crossno, Product Manager for Application Audit.
The new integration also shows synergy between Compuware tools and Syncsort Ironstream is intensifying. A previous integration between Compuware’s mainframe application failure resolution and fault management solution, Abend-AID, and Ironstream enables IT to more quickly discover and act on correlations between application faults and broader conditions in the mainframe environment.
Together with the new integration between Application Audit and Ironstream, organizations can begin improving multiple aspects of mainframe security and operations.
To learn more about the integrations between Application Audit and Ironstream and Abend-AID and Ironstream, visit our Syncsort partner page.