Fill your Mainframe Security Monitoring Gap via SIEM
Transcript of Fill your Mainframe Security Monitoring Gap via SIEM
![Page 1: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/1.jpg)
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM
Webinar
+
Fill your Mainframe Security Monitoring Gap
via SIEM
Custom, Granular Filtering
![Page 2: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/2.jpg)
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM
► Expert development & technical support teams based in Minneapolis, MN.
► 25+ products for z/OS, z/VM, z/VSE, and distributed platforms.
► Hundreds of organizations worldwide rely on SDS solutions.
► Focus on mainframe security and compliance.
► Cost savings and legacy tool replacements: DO MORE WITH LESS!
► Long-standing global partnerships complement SDS software.
► Recognized as cybersecurity trend-setter.
Quality Mainframe Software since 1982
sdsusa.comAbout Us
![Page 3: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/3.jpg)
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM
sdsusa.comFuture Events
Nov-DecOctober
16
• A joint webinar with the SSH experts at SSH Communications Technology!
• Register on www.sdsusa.com: 1:00PM CT and Available On Demand after the 16th!
► Secure FTP for z/OS –Exploring the Technology
► Happy Holidays everyone!
• We will pick up with webinars in January of 2020!
![Page 4: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/4.jpg)
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM
Importance of Incorporatingz/OS Security Events into SIEM and Custom, Granular Filtering
Colin van der RossSr. Systems Engineer
2018 Mainframe SIEMSurvey Results (from
Enterprise Systems Media)
Jed LampiOperations and Marketing Lead
Presenters
![Page 5: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/5.jpg)
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM
2018 Mainframe SIEMSurvey Results (from
Enterprise Systems Media)
Presenter
AgendaJed Lampi
Operations & Marketing Lead
► Results from 2018 ESM Survey focused on the state of SIEM in the enterprise
► Polls contain 2019 SIEM Questions – Answer to be included in this year’s results
![Page 6: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/6.jpg)
2018 SIEM Survey Results
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM
50%Yes31%
Weren’t sure
19%No
Organizations with an enterprise SIEM in place
Does your company have an enterprise Security Information and Event Management (SIEM) solution in place?
Question 1:
![Page 7: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/7.jpg)
2018 SIEM Survey Results
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM
Does your company have a SIEM solution in place for your IBM z/OS system?
19%Yes
31%Don’t have a z/OS SIEM
Solution
34%Weren’t
sure
Organizations with a z/OS SIEM Agent in place
16%Looking at
options
Question 2:
![Page 8: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/8.jpg)
2018 SIEM Survey Results
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM
How do you currently monitor your z/OS security events?
Current methods used to monitor z/OS security events
20%IDS
20%SAF SMS
Security
Report
60%Both IDS
and SAF SMS Security Reports
Question 3:
![Page 9: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/9.jpg)
2018 SIEM Survey Results
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM
Which SIEM areas are you most interested in, concerned about, or focused on? Select all the apply.
BatchSAF (ie. RACF)
WTO/console
messages
Data Set Access
USS CICSTask-related events (ie.
TSP)Db2MQSeries
Mainframe SIEM Areas of Interest
Question 4:
![Page 10: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/10.jpg)
2018 SIEM Survey Results
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM
Question 5: Please rank the following SIEM solution requirements from most
important to least important based on your job.
SIEM Solution Requirements(ranked from most to least important)
Multi-platform SIEM (z/OS, Windows, Linux,…)
Real-time threat analysis
Incident detection and response
Collecting, correlating, & reporting security events
Monitoring and auditing logs
![Page 11: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/11.jpg)
2018 SIEM Survey Results
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM
Question 6: Which group(s) in your company is pushing for Security
Information Event Management (SIEM) to be implemented?
Departments Pushing SIEM
SecurityManagement
ITDepartment
InternalAuditors
ExternalAuditors
ExecutiveLevel (CIO, CTO, CSO)
Compliance
![Page 12: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/12.jpg)
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM
Importance of Integratingz/OS Security Events into SIEM & Granular Filtering
Presenter
AgendaColin van der Ross
Sr. Systems Engineer
► What is a SIEM and why incorporate z/OS data into your SIEM ?
► What’s new in VSA 4.1?
► VSA 4.1 Data Dictionary
► Demo of VSA 4.1 Filters
![Page 13: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/13.jpg)
SIEM: What is it?
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM
► Security Management provides a holistic view of an organization’s information technology security
► SIEM combines SIM (Security Information Management) and SEM (Security Event Management) functions into ONE Security Management System
![Page 14: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/14.jpg)
Importance of SIEM
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM
SIEM – Security Information & Event Management
![Page 15: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/15.jpg)
Importance of SIEM
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM
Security Requirements► SIEM is the core of a defense in-depth strategy
► Attackers leave behind a trace – Logs
► Security Events provide insight into• When the event occurred
• Why it happened
• What happened
![Page 16: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/16.jpg)
Why Incorporate z/OSEvents into SIEM?
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM
►Why incorporate z/OSEvents into SIEM?
![Page 17: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/17.jpg)
Why Incorporate z/OSEvents into SIEM?
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM
![Page 18: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/18.jpg)
Why Incorporate z/OSEvents into SIEM?
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM
► Mainframe contains sensitive data• Large corporations have 70% of data on mainframes
► z/OS is NOT invulnerable
► If you have a SIEM, why not include your mainframe data
► Compliance requirement • PCI, SOX, HIPAA,GLBA, etc.
More Reasons for z/OS SIEM
![Page 19: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/19.jpg)
VitalSigns SIEM Agent for z/OS
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM
► Dynamic Configuration Updates
► Simplified Installation
► Greater Consistency in Function and Appearance
► Improved Reliability and Service Ability
► Simplified and modernized code base in preparation for future enhancements
What’s New in VSA 4.1?
![Page 20: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/20.jpg)
VitalSigns SIEM Agent for z/OS
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM
What’s New in VSA 4.1?► New Infrastructure
► Improved Licensing Process
► New and Simplified Configuration model
► New Messages
► New Set of Commands for operator interaction
![Page 21: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/21.jpg)
VitalSigns SIEM Agent for z/OS
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM
What’s New in VSA 4.1?► Multiple TCP Server Destinations using TCP
► Dynamic MCS Consoles• The Subsystem Interface (SSI) is replaced with a
MCS Console
► Dynamic SMF Exits• The SMF exits are dynamically loaded and installed
using the system CSVDYNEX facility. It is no longer necessary to add the load library to the LNKLIST or LPA.
![Page 22: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/22.jpg)
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM
► Complex SMF Filters
• Complex SMF Filters allow you to escalate or suppress SMF records at field level
• A Data Dictionary containing over 900 individual fields and Boolean values has been defined, together with filtering semantics that give you unprecedented control over the decision to escalate an SMF record into a SIEM event or drop it from consideration.
• The Data Dictionary describes all the field values that may be used in complex filters, their lengths, and their default formats
What’s New in VSA 4.1?
VitalSigns SIEM Agent for z/OS
![Page 23: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/23.jpg)
VitalSigns SIEM Agent for z/OS
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM
![Page 24: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/24.jpg)
VitalSigns SIEM Agent for z/OS
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM
![Page 25: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/25.jpg)
VitalSigns SIEM Agent for z/OS
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM
![Page 26: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/26.jpg)
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM
Demonstration
Time for a Demo!VSA 4.1 Filters
![Page 27: Fill your Mainframe Security Monitoring Gap via SIEM](https://reader034.fdocuments.net/reader034/viewer/2022042415/625f174ddf4cb170993a06f9/html5/thumbnails/27.jpg)
(800) 443-6183(763) 571-9000
[email protected] www.sdsusa.com
Would you like additional information?
Have a Question?
MAINFRAME SECURITY ADD z/OS EVENTS TO SIEM