Townsend Security Data Privacy Blog

IBM System z Mainframe and Audit Logging

Posted by Patrick Townsend on Mar 1, 2016 9:11:00 AM

Because Townsend Security provides encryption for IBM System z Mainframes we often get asked about system logging for that platform. Our Alliance LogAgent solution provides system log collection for the IBM i (AS/400, iSeries) platform, so this is a natural question from Mainframe customers.

IBM z/os MainframeWe don’t have a solution for IBM Mainframe customers, but I am happy to report that our partner CorreLog does! IBM System z Mainframe users can deploy the CorreLog solution and get the same types of security event collection and SIEM integration that we provide in Alliance LogAgent. The two products are not exactly the same in terms of features, but CorreLog will give you the security event collection and SIEM integration that you need.

Like the IBM i platform the IBM Mainframe contains a lot of sources for security event information and the data must be transformed into a usable format and transmitted to a SIEM. This is a daunting task for even an experienced Mainframe developer, so this is a perfect area for a third party product. CorreLog has just the right solution to make this happen.

IBM has been enhancing the System z Mainframe to bring it into the modern Internet-connected world. This means you have more security attack points on this venerable platform, and need to deploy modern security tools to protect it. Active monitoring of security audit logs by a SIEM solution is a must-have for Mainframe shops and CorreLog has a great solution.

Infosef Myths Debunked CorreLog provides their own SIEM solution, but they also integrate with a wide variety of other SIEM vendor solution. You can deploy CorreLog to send security events to IBM Security QRadar, LogRhythm, HP ArcSight, Dell SecureWorks, RSA Envision, and many other SIEM solutions! This also means that you are not locked into any one SIEM vendor and can easily migrate to a new solution if or when you want to.

Another big bonus of the CorreLog solutions is support for File Integrity Monitoring, or FIM. FIM is an integral part of many compliance regulations such as PCI Data Security Solutions, and with CorreLog you can address that need along with the rest of you security monitoring needs. Many IBM Mainframe applications use DB2 files to store configuration information, so the FIM module really helps meet the compliance requirements.

You can get more information about CorreLog here.

Patrick

Topics: IBM z, Mainframe, logging