The largest organizations in the world use mainframes as the backbone of their business applications. However, they are not built to integrate with modern security platforms, leaving significant data silos.
Watch this on-demand webinar to learn how security teams can achieve wider visibility across the technology landscape by easily integrating mainframe machine data in their security operations.
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Utilizing Mainframe Machine Data in Security Operations
1. Ironstream®
The Full Stack
Utilizing Mainframe Machine Data in
Security Operations
Ian Hartley | Senior Director, Product Management
Andrew Farley | Solutions Engineer
2. Housekeeping
Webinar Audio
• Today’s webcast audio is streamed through your
computer speakers
• If you need technical assistance with the web interface
or audio, please reach out to us using the Q&A box
Questions Welcome
• Submit your questions at any time during the
presentation using the Q&A box. If we don't get to your
question, we will follow-up via email
Recording and slides
• This webinar is being recorded. You will receive an email
following the webinar with a link to the recording and
slides
2
3. Themes
• Challenges around traditional
modernization approaches
• Impact to business
• Need for a comprehensive
Observability solution
• Demo of Ironstream for Security
Monitoring
3
5. Mainframes host the most critical applications
71%
Fortune 500
$2.9 Billion
Mainframe market by 2025
$2.5 Billion
Transactions / day / per MF
Top World
Banks
92 of World’s
Top Insurers
10 of Top 25
US Retailers
23
5
6. Leading IT operations platforms lack native
mainframe integration
Distributed and
Cloud environments
Mainframe Systems
Online
services
Storage
Online
Shopping
Cart
Servers
Desktops
Web
clickstreams
Security
Networks
Telecoms
Call detail
records
GPS
location
Messaging
Databases
RFID
Web
services
Packaged
applications
APP
Custom
apps
Energy
meters
Smartphones
and devices
On-
premises
Private
cloud
Public
cloud
IBM Z
Platform
6
7. Impact of data silos on IT teams
No single view of
IT infrastructure
Delayed SIEM
response
Operational
inefficiency
Trouble
maintaining
compliance
Lack of IT
resilience
Increased
downtime
7
9. What is SIEM?
• Real-time analysis of security
alerts generated by applications
and network hardware
• Holistic, unified view into
infrastructure, workflow, policy
compliance and log management
• Monitor and manage user and
service privileges as well as
external threat data
Log Collection
Log Analysis
Event Correlation
Log Forensics
IT Compliance
Application Log Monitoring
Object Access Auditing
Real-Time Alerting
User Activity Monitoring
Dashboards
Reporting
File Integrity Monitoring
System/Device Log Monitoring
Log Retention
SIEM
Security Information and Event Management
9
10. The SIEM market is growing
$3.41 billion in 2020 to $4.10 billion in 2021
20% growth rate after 3.9% decline
Maturing at a rapid pace but still competitive
10 Source: https://www.gartner.com/reviews/market/security-information-event-management
11. And security use cases are expanding
11
Threat detection Response Exposure Management Compliance
Source: https://www.gartner.com/reviews/market/security-information-event-management
Mainframes are still the backbone for the biggest organizations in the world
71% of the fortune 500 rely on the mainframe for their mission critical transactional systems and they are present in every vertical from FinServ to Insurance to Retail.
When talking to these organizations, it’s not unusual to hear that up to 80% of their corporate data originates on the mainframe and that business is growing. The mainframe market is expected to grow to $2.9 billion by 2025.
Talk Track:
And data silos can be a big deal. Organizations can feel the impact of these data silos in several different ways. The overall problem is the lack on a true 360-enterprise view of the IT infrastructure. There is no way for IT teams to see all of the aspects of their environment and how they interact with each other, which snowballs into several other problems that can affect the time, money, and reputation of the team if something goes wrong. The health and status of these legacy systems is unknown, so if an incident occurs that involves the mainframe or IBM i it can takes teams a long time to determine that. They may even need to get an IBM systems SME or consultant involved. Requiring this extra involvement from a 3rd party is a challenge in itself due to the fact that expertise around these systems is rapidly shrinking. Even after the experts get involved, teams still need to figure out what is wrong. This results in long MTTIs (mean time to identification) and long MTTRs (mean time to resolution). These are often a metric of success for IT ops teams, so if they are very high upper levels of management may need to get involved and the team could lose support from these executives. All of these factors culminate in a mismanagement of resources. There is so much time spent trying to understand what is happening with the mainframe and IBM i that it takes away from teams actual day jobs. Not to mention all of the extra money being spent on an IBM systems SME.
PURPOSE: The negative consequences of disconnection.
Patrick
SIEM technology aggregates and provides real-time analysis of security alerts using event data produced by security devices, network infrastructure components, systems, and applications. A primary function of SIEM is to analyze security event data in real-time for internal and external threat detection to prevent potential hacks and data loss. This typically includes user behavior analytics (UBA) – understanding user behavior and how it might impact security. SIEM technologies also collect, store, analyze and report on data needed for regulatory compliance to ensure that audit requirements are met as dictated.
Threat detection:
Real-time analytics
Batch analytics
Data science algorithms
User- and entity-based analytics
Response:
SOAR
Incident management
Collaboration
Exposure management:
Asset details (criticality, grouping, location, patch status, etc.)
User details (criticality, peer grouping, business unit, role, incident history, etc.)
Configuration posture (cloud asset configuration, GPO settings, etc.)
Poly-cloud visibility and unified exposure understanding
Threat detection framework alignment
Compliance:
Reporting
Continuous monitoring requirements
Audits
Security system of record
There are also integrations with some Splunk Premium products…namely…
IT Service Intelligence for monitoring key performance indicators and health of business services
And Enterprise security integration for out of the box security surveillance
There are also integrations with some Splunk Premium products…namely…
IT Service Intelligence for monitoring key performance indicators and health of business services
And Enterprise security integration for out of the box security surveillance
IT operations and security use cases can all be played across these tools and platforms. Even combinations of these many different use cases.
From simple visibility…to operational insights…finding issues and resolving them quickly before your customers are aware…to improving your security, compliance and audit posture.
These are all possible…at your own pace…and in-line with your common or even unique requirements.