Utilizing Mainframe Machine Data in Security Operations
Download as PPTX, PDF0 likes30 views
The document presents an overview of Ironstream, a solution for utilizing mainframe machine data in security operations. It highlights challenges with traditional modernization, the impact of data silos, and the importance of a comprehensive observability solution in modern IT environments. The growing SIEM market and its significance in threat detection and compliance are also emphasized.
Utilizing Mainframe Machine Data in Security Operations
- 1. Ironstream® The Full Stack Utilizing Mainframe Machine Data in Security Operations Ian Hartley | Senior Director, Product Management Andrew Farley | Solutions Engineer
- 2. Housekeeping Webinar Audio • Today’s webcast audio is streamed through your computer speakers • If you need technical assistance with the web interface or audio, please reach out to us using the Q&A box Questions Welcome • Submit your questions at any time during the presentation using the Q&A box. If we don't get to your question, we will follow-up via email Recording and slides • This webinar is being recorded. You will receive an email following the webinar with a link to the recording and slides 2
- 3. Themes • Challenges around traditional modernization approaches • Impact to business • Need for a comprehensive Observability solution • Demo of Ironstream for Security Monitoring 3
- 4. Landscape of Digital Modernization is complex 4
- 5. Mainframes host the most critical applications 71% Fortune 500 $2.9 Billion Mainframe market by 2025 $2.5 Billion Transactions / day / per MF Top World Banks 92 of World’s Top Insurers 10 of Top 25 US Retailers 23 5
- 6. Leading IT operations platforms lack native mainframe integration Distributed and Cloud environments Mainframe Systems Online services Storage Online Shopping Cart Servers Desktops Web clickstreams Security Networks Telecoms Call detail records GPS location Messaging Databases RFID Web services Packaged applications APP Custom apps Energy meters Smartphones and devices On- premises Private cloud Public cloud IBM Z Platform 6
- 7. Impact of data silos on IT teams No single view of IT infrastructure Delayed SIEM response Operational inefficiency Trouble maintaining compliance Lack of IT resilience Increased downtime 7
- 9. What is SIEM? • Real-time analysis of security alerts generated by applications and network hardware • Holistic, unified view into infrastructure, workflow, policy compliance and log management • Monitor and manage user and service privileges as well as external threat data Log Collection Log Analysis Event Correlation Log Forensics IT Compliance Application Log Monitoring Object Access Auditing Real-Time Alerting User Activity Monitoring Dashboards Reporting File Integrity Monitoring System/Device Log Monitoring Log Retention SIEM Security Information and Event Management 9
- 10. The SIEM market is growing $3.41 billion in 2020 to $4.10 billion in 2021 20% growth rate after 3.9% decline Maturing at a rapid pace but still competitive 10 Source: https://www.gartner.com/reviews/market/security-information-event-management
- 11. And security use cases are expanding 11 Threat detection Response Exposure Management Compliance Source: https://www.gartner.com/reviews/market/security-information-event-management
- 13. Splunk Enterprise Security ACF2 items 13
- 14. Delivered to Splunk Visibility into usage, trends, projections Improve security posture Identify issues & anomalies faster Greater IT resilience 14
- 15. Demo
- 16. Questions?
Editor's Notes
- #6: Mainframes are still the backbone for the biggest organizations in the world 71% of the fortune 500 rely on the mainframe for their mission critical transactional systems and they are present in every vertical from FinServ to Insurance to Retail. When talking to these organizations, it’s not unusual to hear that up to 80% of their corporate data originates on the mainframe and that business is growing. The mainframe market is expected to grow to $2.9 billion by 2025.
- #8: Talk Track: And data silos can be a big deal. Organizations can feel the impact of these data silos in several different ways. The overall problem is the lack on a true 360-enterprise view of the IT infrastructure. There is no way for IT teams to see all of the aspects of their environment and how they interact with each other, which snowballs into several other problems that can affect the time, money, and reputation of the team if something goes wrong. The health and status of these legacy systems is unknown, so if an incident occurs that involves the mainframe or IBM i it can takes teams a long time to determine that. They may even need to get an IBM systems SME or consultant involved. Requiring this extra involvement from a 3rd party is a challenge in itself due to the fact that expertise around these systems is rapidly shrinking. Even after the experts get involved, teams still need to figure out what is wrong. This results in long MTTIs (mean time to identification) and long MTTRs (mean time to resolution). These are often a metric of success for IT ops teams, so if they are very high upper levels of management may need to get involved and the team could lose support from these executives. All of these factors culminate in a mismanagement of resources. There is so much time spent trying to understand what is happening with the mainframe and IBM i that it takes away from teams actual day jobs. Not to mention all of the extra money being spent on an IBM systems SME. PURPOSE: The negative consequences of disconnection.
- #10: Patrick SIEM technology aggregates and provides real-time analysis of security alerts using event data produced by security devices, network infrastructure components, systems, and applications. A primary function of SIEM is to analyze security event data in real-time for internal and external threat detection to prevent potential hacks and data loss. This typically includes user behavior analytics (UBA) – understanding user behavior and how it might impact security. SIEM technologies also collect, store, analyze and report on data needed for regulatory compliance to ensure that audit requirements are met as dictated.
- #12: Threat detection: Real-time analytics Batch analytics Data science algorithms User- and entity-based analytics Response: SOAR Incident management Collaboration Exposure management: Asset details (criticality, grouping, location, patch status, etc.) User details (criticality, peer grouping, business unit, role, incident history, etc.) Configuration posture (cloud asset configuration, GPO settings, etc.) Poly-cloud visibility and unified exposure understanding Threat detection framework alignment Compliance: Reporting Continuous monitoring requirements Audits Security system of record
- #13: There are also integrations with some Splunk Premium products…namely… IT Service Intelligence for monitoring key performance indicators and health of business services And Enterprise security integration for out of the box security surveillance
- #14: There are also integrations with some Splunk Premium products…namely… IT Service Intelligence for monitoring key performance indicators and health of business services And Enterprise security integration for out of the box security surveillance
- #15: IT operations and security use cases can all be played across these tools and platforms. Even combinations of these many different use cases. From simple visibility…to operational insights…finding issues and resolving them quickly before your customers are aware…to improving your security, compliance and audit posture. These are all possible…at your own pace…and in-line with your common or even unique requirements.