The problem with SIEM (security information & event management) is that it is mostly relegated to distributed systems while the most strategic IT asset in industries like finance, education, healthcare and government is mainframe. On the one hand, SIEM practitioners speak one language (Windows/UNIX/Linux), and mainframe practitioners speak a completely different group of programming languages.
Because the two groups speak different coding languages, there is really not much of a need for the two to communicate with one another unless a compliance manager or supervisor tells them to, which might be the case if a security operations center (SOC) needed mainframe logs. Unfortunately for the tech receiving this request, mainframes generally don’t send real-time data.
This paper describes how the CorreLog Agent for z/OS (aka CZAGENT), solves two problems - 1) how to get mainframe data to an SOC in the correct format, and 2) how to get mainframe data to an SOC in real time, as the log files are generated.
In order for your organization to have a proactive approach to SIEM, you need log management data in real time. Since mainframe programs generally run nightly or every few days, log data such as failed access attempts aren't received by the SOC when they happen and this is a big hindrance for preventing a breach.
Or if you prefer to contact us directly for the PDF file, please click here.