SlideShare a Scribd company logo

Enterprise Security in Mainframe-Connected Environments

Precisely, profile picture
Precisely

The document discusses enterprise security in mainframe-connected environments, focusing on the use of security information and event management (SIEM) for real-time analysis and vulnerability management. It highlights challenges related to log analysis on mainframes, including complex data structures and the need for timely information extraction. Ironstream® is presented as a solution that normalizes mainframe data for effective use in analytics, offering visibility into IT operations, security threats, and compliance needs.

Technology
1 of 14
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Enterprise Security in Mainframe- Connected Environments Rich Fronheiser
Housekeeping Webcast Audio • Today’s webcast audio is streamed through your computer speakers. • If you need technical assistance with the web interface or audio, please reach out to us using the chat window. Questions Welcome • Submit your questions at any time during the presentation using the chat window. • We will follow up after the session. Recording and slides • This webcast is being recorded. You will receive an email following the webcast with a link to download both the recording and the slides.
• Security Information and Event Management • Real-time analysis of security alerts • Vulnerability management • Policy compliance • External threat data What is SIEM?
Log Analysis What is a Log? • Logs are emitted by network devices, operating systems, applications and all manner of intelligent or programmable device. • A stream of messages in time- sequence often comprise a log. • Logs may be directed to files and stored on disk, or directed as a network stream to a log collector. Organizations analyze these logs to proactively and reactively mitigate different risks. Typical reasons to perform log analysis are: • Performance and capacity issues • Compliance with security policies • Compliance with audit or regulation • System Troubleshooting
Mainframe Challenges • Mainframe a key component of key IT services • Huge amount of operations data stored in logs on mainframes • No visibility, except by expert mainframe teams • Incomplete picture for security teams
Big Iron to Big Data Analytics Challenges So many data sources Mainframe: Systems Management Facility (SMF), Syslog, Log4j web and application logs, RMF, RACF, USS files and standard datasets IBM i: QAUD Journal, QHIST, Message Queues, Operational Logs Format of data Mainframe: • Complex data structures (SMF) with headers, product sections, data sections, variable length and self- describing • EBCDIC not recognized outside of the mainframe world • Binary flags and fields IBM i: • Complex data structures with unique journal entry types, headers, product sections, data sections, variable length and self-describing • IBM i journals in DB2 • Collection Services • IBM i information needs to be converted to workable formats such as Syslog, CEF, JSON, etc. Volume of data Millions of records generated daily Difficulty to get the information in a timely manner • Not real-time, typically have to wait overnight for an offload • Typical daily FTP upload/downloads can’t get granular
• High performance, low-cost, platform for collecting critical system information in real-time • Normalization of the z/OS and data so it can be used off platform analytics engines • Full analytics, visualization, and customization with no limitations on what can be viewed • Ability to easily combine information from different data sources and systems • Address the SME challenge: use by network managers, security analysts, application analysts, enterprise architects without requiring mainframe access or expertise What does Ironstream® provide?
Ironstream® Architectural Overview Assembler COBOL C, REXX ! IRONSTREAM DATA FORWARDER TCP/IP Ironstream Desktop DCE IDT Data Collection Extension SYSOUT Live/Stored SPOOL Data Db2 USS Alerts Networks Components ForwarderAPI Application Data SYSLOG SYSLOGGD SMF RMF File Load Log4j
Use Cases - Problems Ironstream® solves IT Operations Analytics/ITOA • Bigger picture of what's happening in the environment • Make better decisions to take control of the IT infrastructure • Problem Detection & Isolation • Ensure SLAs Met Security and Compliance/SIEM • Detect and prevent security threats • Ensure compliance • Ensure audits pass
• Data from multiple sources • TSO logon tracking – SMF Type 30 • TSO account activity (create, update, delete, lockout) – SMF Type 80 • Port scans, DoS attacks, malformed data packets – TRMD and SyslogD • FTP authentications and file analysis (file create, access, update, delete) – SMF Type 119 Records and IP traffic analysis information • Network events – Ironstream® Network Monitoring Component Mainframe Security – Data Challenges
• Total visibility into: • Authentication and access failures • Creation or deletion of users • Changes to user security information, passwords, and access rights • All log-in activity • Excessive data tramsmissions • Unusual movement of data • Intrusion detection Ironstream® maps the data to the Splunk ES Common Information Model (CIM), enabling splunk ES to provide a true enterprise-wide view of security activity, threats, and intrusions. It’s a comprehensive view of their security environment from a single pane of glass! Ironstream® and Splunk® Enterprise Security provide…
SIEM: z/OS Security
SIEM: Splunk® Enterprise Security
Enterprise Security in Mainframe-Connected Environments

More Related Content

PPTX
Essential Layers of IBM i Security: File and Field Security
Precisely
 
PDF
Security 101: Controlling Access to IBM i Systems and Data
Precisely
 
PPTX
Essential Layers of IBM i Security: System-Access Security
Precisely
 
PDF
Security 101: Controlling Access to IBM i Systems and Data
Precisely
 
PDF
Get Mainframe Visibility to Enhance SIEM Efforts in Splunk
Precisely
 
PDF
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
BeyondTrust
 
PPT
Managing Clients' Mission Critical Applications
webhostingguy
 
PDF
CNIT 123: Ch 9: Embedded Operating Systems: The Hidden Threat
Sam Bowne
 
Essential Layers of IBM i Security: File and Field Security
Precisely
 
Security 101: Controlling Access to IBM i Systems and Data
Precisely
 
Essential Layers of IBM i Security: System-Access Security
Precisely
 
Security 101: Controlling Access to IBM i Systems and Data
Precisely
 
Get Mainframe Visibility to Enhance SIEM Efforts in Splunk
Precisely
 
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
BeyondTrust
 
Managing Clients' Mission Critical Applications
webhostingguy
 
CNIT 123: Ch 9: Embedded Operating Systems: The Hidden Threat
Sam Bowne
 

What's hot (20)

PDF
CNIT 123: Ch 13: Network Protection Systems
Sam Bowne
 
PPTX
Operations Security
Mauro Alberto
 
PPT
Security Framework for the IPv6 Era
Shinsuke SUZUKI
 
PPTX
Honeywell Cybersecurity
kphodel
 
PDF
Resume | Vijay Navgire
Vijay Νavgire
 
PDF
Ch 9: Embedded Operating Systems: The Hidden Threat
Sam Bowne
 
PPTX
Nick Lancaster
Nick J Lancaster
 
PDF
CNIT 123: 8: Desktop and Server OS Vulnerabilites
Sam Bowne
 
PPTX
Is Department Roles
erickaselina
 
PDF
SCC (Security Control Center)
Junyoung Jung
 
PPTX
Exfiltration slides-v1-release
Eric Koeppen
 
PPTX
Network Field Day 11 - Skyport Systems Presentation
Douglas Gourlay
 
PDF
Ch 8: Desktop and Server OS Vulnerabilites
Sam Bowne
 
PPTX
fire walls
iqra_ilyas
 
PDF
CNIT 123: Ch 7: Programming for Security Professionals
Sam Bowne
 
PPTX
10 Quick Cybersecurity Wins for Small Business
SYMBIONT, INC.
 
PPTX
Section c group2_firewall_ final
pg13tarun_g
 
PPTX
Cybersecurity: More than A DoD Issue
Robert E Jones
 
PPT
Networking
Salman Memon
 
PPTX
Firewall
Tapan Khilar
 
CNIT 123: Ch 13: Network Protection Systems
Sam Bowne
 
Operations Security
Mauro Alberto
 
Security Framework for the IPv6 Era
Shinsuke SUZUKI
 
Honeywell Cybersecurity
kphodel
 
Resume | Vijay Navgire
Vijay Νavgire
 
Ch 9: Embedded Operating Systems: The Hidden Threat
Sam Bowne
 
Nick Lancaster
Nick J Lancaster
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
Sam Bowne
 
Is Department Roles
erickaselina
 
SCC (Security Control Center)
Junyoung Jung
 
Exfiltration slides-v1-release
Eric Koeppen
 
Network Field Day 11 - Skyport Systems Presentation
Douglas Gourlay
 
Ch 8: Desktop and Server OS Vulnerabilites
Sam Bowne
 
fire walls
iqra_ilyas
 
CNIT 123: Ch 7: Programming for Security Professionals
Sam Bowne
 
10 Quick Cybersecurity Wins for Small Business
SYMBIONT, INC.
 
Section c group2_firewall_ final
pg13tarun_g
 
Cybersecurity: More than A DoD Issue
Robert E Jones
 
Networking
Salman Memon
 
Firewall
Tapan Khilar
 
Ad

Similar to Enterprise Security in Mainframe-Connected Environments (20)

PDF
360-Degree View of IT Infrastructure with IT Operations Analytics
Precisely
 
PDF
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
Precisely
 
PDF
Government Agencies Using Splunk: Is Your Critical Data Missing?
Precisely
 
PPTX
Don't Leave Your Traditional IBM Systems Out of Your IT Operations Efforts
Precisely
 
PPTX
Bringing Mainframe Security Information Into Your Splunk Security Operations ...
Precisely
 
PPTX
Utilizing Mainframe Machine Data in Security Operations
Precisely
 
PDF
Big Data Analytics for Real-time Operational Intelligence with Your z/OS Data
Precisely
 
PDF
Wc4
Said Wali
 
PPTX
Downtime is Not an Option: Integrating IBM Z into ServiceNow and Splunk
Precisely
 
PDF
Old Dogs, New Tricks: Big Data from and for Mainframe IT
Precisely
 
PPTX
IBM i Security SIEM Integration
Precisely
 
PDF
Threat intelligence solution
ARUN REDDY M
 
PDF
From the Splunk Front Lines: Unlocking Insights from IBM i Data
Precisely
 
PDF
What’s New in Syncsort Ironstream 2.1
Precisely
 
PPTX
Why Integrating IBM Z into ServiceNow and Splunk Is So Important
Precisely
 
PDF
Big security for big data
Giuliano Tavaroli
 
PPTX
SplunkLive! - Splunk for Security
Splunk
 
PDF
Better IT Operations and Security through Enhanced z/OS Analytics: New Featur...
Precisely
 
PPTX
Splunk for Security Breakout Session
Splunk
 
PDF
How to Get IBM i Security and Operational Insights with Splunk
Precisely
 
360-Degree View of IT Infrastructure with IT Operations Analytics
Precisely
 
Ironstream for IBM i - Enabling Splunk Insight into Key Security and Operatio...
Precisely
 
Government Agencies Using Splunk: Is Your Critical Data Missing?
Precisely
 
Don't Leave Your Traditional IBM Systems Out of Your IT Operations Efforts
Precisely
 
Bringing Mainframe Security Information Into Your Splunk Security Operations ...
Precisely
 
Utilizing Mainframe Machine Data in Security Operations
Precisely
 
Big Data Analytics for Real-time Operational Intelligence with Your z/OS Data
Precisely
 
Wc4
Said Wali
 
Downtime is Not an Option: Integrating IBM Z into ServiceNow and Splunk
Precisely
 
Old Dogs, New Tricks: Big Data from and for Mainframe IT
Precisely
 
IBM i Security SIEM Integration
Precisely
 
Threat intelligence solution
ARUN REDDY M
 
From the Splunk Front Lines: Unlocking Insights from IBM i Data
Precisely
 
What’s New in Syncsort Ironstream 2.1
Precisely
 
Why Integrating IBM Z into ServiceNow and Splunk Is So Important
Precisely
 
Big security for big data
Giuliano Tavaroli
 
SplunkLive! - Splunk for Security
Splunk
 
Better IT Operations and Security through Enhanced z/OS Analytics: New Featur...
Precisely
 
Splunk for Security Breakout Session
Splunk
 
How to Get IBM i Security and Operational Insights with Splunk
Precisely
 
Ad

More from Precisely (20)

PDF
The Future of Automation: AI, APIs, and Cloud Modernization.pdf
Precisely
 
PDF
Unlock new opportunities with location data.pdf
Precisely
 
PDF
Reimagining Insurance: Connected Data for Confident Decisions.pdf
Precisely
 
PDF
Introducing Syncsort™ Storage Management.pdf
Precisely
 
PDF
Enable Enterprise-Ready Security on IBM i Systems.pdf
Precisely
 
PDF
A Day in the Life of Location Data - Turning Where into How.pdf
Precisely
 
PDF
Get More from Fiori Automation - What’s New, What Works, and What’s Next.pdf
Precisely
 
PDF
Solving the CIO’s Dilemma: Speed, Scale, and Smarter SAP Modernization.pdf
Precisely
 
PDF
Solving the Data Disconnect: Why Success Hinges on Pre-Linked Data.pdf
Precisely
 
PDF
Cooking Up Clean Addresses - 3 Ways to Whip Messy Data into Shape.pdf
Precisely
 
PDF
Building Confidence in AI & Analytics with High-Integrity Location Data.pdf
Precisely
 
PDF
SAP Modernization Strategies for a Successful S/4HANA Journey.pdf
Precisely
 
PDF
Precisely Demo Showcase: Powering ServiceNow Discovery with Precisely Ironstr...
Precisely
 
PDF
The 2025 Guide on What's Next for Automation.pdf
Precisely
 
PDF
Outdated Tech, Invisible Expenses – How Data Silos Undermine Operational Effi...
Precisely
 
PDF
Modernización de SAP: Maximizando el Valor de su Migración a SAP S/4HANA.pdf
Precisely
 
PDF
Outdated Tech, Invisible Expenses – The Hidden Cost of Disconnected Data Syst...
Precisely
 
PDF
Migration vers SAP S/4HANA: Un levier stratégique pour votre transformation d...
Precisely
 
PDF
Outdated Tech, Invisible Expenses: The Hidden Cost of Poor Data Integration o...
Precisely
 
PDF
The Changing Compliance Landscape in 2025.pdf
Precisely
 
The Future of Automation: AI, APIs, and Cloud Modernization.pdf
Precisely
 
Unlock new opportunities with location data.pdf
Precisely
 
Reimagining Insurance: Connected Data for Confident Decisions.pdf
Precisely
 
Introducing Syncsort™ Storage Management.pdf
Precisely
 
Enable Enterprise-Ready Security on IBM i Systems.pdf
Precisely
 
A Day in the Life of Location Data - Turning Where into How.pdf
Precisely
 
Get More from Fiori Automation - What’s New, What Works, and What’s Next.pdf
Precisely
 
Solving the CIO’s Dilemma: Speed, Scale, and Smarter SAP Modernization.pdf
Precisely
 
Solving the Data Disconnect: Why Success Hinges on Pre-Linked Data.pdf
Precisely
 
Cooking Up Clean Addresses - 3 Ways to Whip Messy Data into Shape.pdf
Precisely
 
Building Confidence in AI & Analytics with High-Integrity Location Data.pdf
Precisely
 
SAP Modernization Strategies for a Successful S/4HANA Journey.pdf
Precisely
 
Precisely Demo Showcase: Powering ServiceNow Discovery with Precisely Ironstr...
Precisely
 
The 2025 Guide on What's Next for Automation.pdf
Precisely
 
Outdated Tech, Invisible Expenses – How Data Silos Undermine Operational Effi...
Precisely
 
Modernización de SAP: Maximizando el Valor de su Migración a SAP S/4HANA.pdf
Precisely
 
Outdated Tech, Invisible Expenses – The Hidden Cost of Disconnected Data Syst...
Precisely
 
Migration vers SAP S/4HANA: Un levier stratégique pour votre transformation d...
Precisely
 
Outdated Tech, Invisible Expenses: The Hidden Cost of Poor Data Integration o...
Precisely
 
The Changing Compliance Landscape in 2025.pdf
Precisely
 

Recently uploaded (20)

PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Cloud computing and distributed systems.
kkkkkhan
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
KodekX | Application Modernization Development
KodekX
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 

Enterprise Security in Mainframe-Connected Environments

  • 1. Enterprise Security in Mainframe- Connected Environments Rich Fronheiser
  • 2. Housekeeping Webcast Audio • Today’s webcast audio is streamed through your computer speakers. • If you need technical assistance with the web interface or audio, please reach out to us using the chat window. Questions Welcome • Submit your questions at any time during the presentation using the chat window. • We will follow up after the session. Recording and slides • This webcast is being recorded. You will receive an email following the webcast with a link to download both the recording and the slides.
  • 3. • Security Information and Event Management • Real-time analysis of security alerts • Vulnerability management • Policy compliance • External threat data What is SIEM?
  • 4. Log Analysis What is a Log? • Logs are emitted by network devices, operating systems, applications and all manner of intelligent or programmable device. • A stream of messages in time- sequence often comprise a log. • Logs may be directed to files and stored on disk, or directed as a network stream to a log collector. Organizations analyze these logs to proactively and reactively mitigate different risks. Typical reasons to perform log analysis are: • Performance and capacity issues • Compliance with security policies • Compliance with audit or regulation • System Troubleshooting
  • 5. Mainframe Challenges • Mainframe a key component of key IT services • Huge amount of operations data stored in logs on mainframes • No visibility, except by expert mainframe teams • Incomplete picture for security teams
  • 6. Big Iron to Big Data Analytics Challenges So many data sources Mainframe: Systems Management Facility (SMF), Syslog, Log4j web and application logs, RMF, RACF, USS files and standard datasets IBM i: QAUD Journal, QHIST, Message Queues, Operational Logs Format of data Mainframe: • Complex data structures (SMF) with headers, product sections, data sections, variable length and self- describing • EBCDIC not recognized outside of the mainframe world • Binary flags and fields IBM i: • Complex data structures with unique journal entry types, headers, product sections, data sections, variable length and self-describing • IBM i journals in DB2 • Collection Services • IBM i information needs to be converted to workable formats such as Syslog, CEF, JSON, etc. Volume of data Millions of records generated daily Difficulty to get the information in a timely manner • Not real-time, typically have to wait overnight for an offload • Typical daily FTP upload/downloads can’t get granular
  • 7. • High performance, low-cost, platform for collecting critical system information in real-time • Normalization of the z/OS and data so it can be used off platform analytics engines • Full analytics, visualization, and customization with no limitations on what can be viewed • Ability to easily combine information from different data sources and systems • Address the SME challenge: use by network managers, security analysts, application analysts, enterprise architects without requiring mainframe access or expertise What does Ironstream® provide?
  • 8. Ironstream® Architectural Overview Assembler COBOL C, REXX ! IRONSTREAM DATA FORWARDER TCP/IP Ironstream Desktop DCE IDT Data Collection Extension SYSOUT Live/Stored SPOOL Data Db2 USS Alerts Networks Components ForwarderAPI Application Data SYSLOG SYSLOGGD SMF RMF File Load Log4j
  • 9. Use Cases - Problems Ironstream® solves IT Operations Analytics/ITOA • Bigger picture of what's happening in the environment • Make better decisions to take control of the IT infrastructure • Problem Detection & Isolation • Ensure SLAs Met Security and Compliance/SIEM • Detect and prevent security threats • Ensure compliance • Ensure audits pass
  • 10. • Data from multiple sources • TSO logon tracking – SMF Type 30 • TSO account activity (create, update, delete, lockout) – SMF Type 80 • Port scans, DoS attacks, malformed data packets – TRMD and SyslogD • FTP authentications and file analysis (file create, access, update, delete) – SMF Type 119 Records and IP traffic analysis information • Network events – Ironstream® Network Monitoring Component Mainframe Security – Data Challenges
  • 11. • Total visibility into: • Authentication and access failures • Creation or deletion of users • Changes to user security information, passwords, and access rights • All log-in activity • Excessive data tramsmissions • Unusual movement of data • Intrusion detection Ironstream® maps the data to the Splunk ES Common Information Model (CIM), enabling splunk ES to provide a true enterprise-wide view of security activity, threats, and intrusions. It’s a comprehensive view of their security environment from a single pane of glass! Ironstream® and Splunk® Enterprise Security provide…