fbpx
Contact us for Pricing or Questions:      (888) 682-5335          *We Ship Worldwide

Used IBM Servers | New Power9 Systems | QRadar SIEM Security

IBM z SIEM and SYSLOG Forwarding Considerations

IBM z SIEM and SYSLOG Forwarding Considerations
The IBM z mainframe system remains the workhorse for most of the largest and most successful companies in the world, maintaining both mission critical legacy software applications and new workloads. In the scope of sensitive data and security, the IBM z/OS protects the company’s jewels for good reason, but has a plethora of system and security event log sources that must be monitored and forwarded to a SIEM like IBM QRadar and LogRhythm or a SYSLOG Server like the Splunk.


Since IBM mainframe event logs do not conform to SIEM and SYSLOG industry standards, many IBM z shops are running batch reports and scrapping mainframe event logs manually before forwarding to their SIEM. As a result of this labor intensive process, only a few key event log sources end up being forwarded to the SIEM. With the huge volume of mainframe transactions, many important security event log sources are not getting forwarded to the SIEM: SMF records, RACF, Top Secret, SYSLOG, log4j, SyslogD, RMF, IMS, ACF2, Unix services, DB2, FTP, USS files, SYSOUT, and perhaps some application or other mainframe logs all contain critical security data for a SIEM’s AI and User Behavior Analytics algorithms.

Which IBM z event log sources contain security data a SIEM needs to identify a security breach? There are many event log sources that contain critical security data that a SIEM can use to discover internal and external threats, even simple workstation log-in attempts from one of many SMF record types can help identify a compromised asset or intruder. The number of records written to the SMF files or datasets can be astronomical, and is compounded by the number of vendor products installed. The IBM z/OS can create terabytes of security, operational, historical, diagnostic and like data in SMF daily. Of the 256 SMF record types, roughly 140 are actually used on most z/OS systems. SMF record types 0-127 are for z/OS components, and types 128-255 are used by other vendors to record activity and information related to their products.

Continue reading
  445 Views
  0 Comments
445 Views
0 Comments

IBM z: More than a legacy workhorse

IBM z: More than a legacy workhorse
IBM mainframe systems are still running the bulk of critical workloads at over 70% of the world’s largest and most successful companies. The first IBM mainframe and 911 Porcshe were both sold in same year, 1964. Most people do not realize how advanced and powerful the IBM z platform is, and always has been. The fact is, virtualization was being developed on the IBM mainframe in the 1960s and added this amazing new technology to the platform in 1972, decades before any other platform. To this day, companies are adding more and more workloads to their IBM z every day, because they are extremely fast, secure, flexible and scalable. No other platform can match the IBM mainframe in any of these categories, especially considering its ability handle very high volume OLTP workloads that would pummel most other systems beyond recognition. The IBM mainframe also has an amazing ability to consume and manage massive amounts of data very efficiently.

Note: I keep mentioning “IBM” every time “mainframe” is referenced. Once in a while there is negative press release involving a mainframe, and the article does not mention the manufacture. Most people automatically assume IBM anytime “mainframe” is discussed, but the negative articles I have read do not involve IBM. The Unisys mainframe was one being referenced in the articles I read, but was not specifically mentioned in any of the content.
 
True, the IBM z is known for maintaining legacy software applications, but it is also very much involved in ongoing development projects and carrying new workloads. Most IBM mainframe shops have plans to make use of their big iron as much as possible. Odds are, you were involved in several of mainframe transactions today; using your bank, health or insurance services, booking a room, renting a car, or perhaps you bought some merchandise or groceries at a local store or online. The IBM mainframe is used in just about every industry, and it remains the workhorse for key business transactions that other platforms simply are not capable of handling or likely trusted.

Companies are continuing to invest and develop on their mainframes for all the reasons already mentioned, and because the total cost of ownership looks really good on paper to management. Benchmarks show workloads running on an IBM mainframe can be over 50% cheaper than running on x86 servers or in the cloud, and an IDC study states companies can achieve over 300% ROI in 5 years and breakeven in less than 1 year. IBM has made major investments in advancing the z system to keep up with the times, and is capable of running Linux and Unix applications, support modern programming languages, and serve as the ideal ecosystem for x86 farms, cloud, big data analytics and AI solutions.

Enterprises with an IBM mainframe move applications to it for various reasons, but when security is a key factor, the decision is simple. For instance, the blockchain model is made up of a series of transaction records by assembling data blocks that cannot be altered, which makes the IBM mainframe the perfect platform. Even Amazon AWS is offering blockchain solutions for the IBM mainframe. The IBM z can process 12 billion encrypted transactions per day, encrypting the entire blockchain process without a hiccup. The IBM mainframe is able to encrypt data almost 20 times faster than x86 platforms and at 95% less cost. In fact, the IBM z can encrypt 100% of its software applications, database, mobile and cloud service data with no application changes and little impact on SLAs. The new IBM z also automatically protects encryption keys in the event any signs of tampering are discovered, and will protect data in-motion and at-rest.

Most companies do not have a mainframe, and even more do not believe they can afford one. However, maybe some companies should be exploring the value of IBM’s big iron. IBM has new affordable pricing models requiring low monthly commitments that smaller companies can likely take advantage of. IBM’s flexible consumption pricing lets companies pay as they go when deploying new applications on z/OS. Is it time for your company to explore what an IBM z can do for you?

 
  296 Views
  0 Comments
296 Views
0 Comments