Page 13 - 2016
P. 13
Human resource specialization too is contributing to the (or Linux) machine can with relative ease, log into a
IT complexity issue which in-turn is complicating CISOs� mainframe dataset and virtually have at whatever data and
efforts to become proactive with InfoSec. Further programs are available to s/he.
exacerbating the complex security issue is the battle lines
drawn across mainframe resources versus distributed �The mainframe, in today�s (distributed) user experience,
(Windows and open source) resources. In the mid-1980s looks just like a big server sitting on the network,� says
when Microsoft Windows v2 came out there was absolutely George Faucher, CEO of CorreLog, Inc., a mainframe
no need for a mainframe system programmer, or sysprog, SIEM software vendor based in Naples, Florida. �There are
to ever interact with a Windows user. Consequently, the a lot of users now capable of accessing the mainframe that
Windows user would never need to interact with the used to never have access, and all access to data by these
sysprog. users needs to be monitored and logged for security and
compliance.�
Even if a Windows user would have been able to get into
the heavily fortified mainframe room, the technology and Faucher adds that in the past 10 years, InfoSec systems were
user interaction would have been so foreign that there built primarily for Windows/UNIX distributed
would be very low risk of data exposure. environments because these were the systems most closely
exposed to the perimeter 10-15 years ago. Today, all
Fast forward to 2016 and the communications dysfunction systems are exposed to the world wide web and InfoSec
between sysprogs and Windows systems admin is still systems are retroactively expanding to include more non-
there. The programming languages between the two distributed environments. �It�s not enough to just use the
systems are just as distant as the communication between monitoring capabilities of RACF (IBM z/OS�s built-in
the two human resources, yet we are expected to log all data security facility) to secure mainframe data,� Faucher adds.
in real time in a SIEM and manage/monitor all avenues of
intrusion� �Complementary systems like Database Activity
Monitoring, Data Loss Prevention, Intrusion Detection,
Proactive InfoSec takes all systems and resources being on and Event Correlation must be included in your mainframe
the same page within a single Security Operations Center SIEM strategies. When you think of the decades that
or SOC. But the IT complexity, disparate systems and mainframe users have been creating applications that have
incommunicative human resources have for some years access to data, there are years of legacy intrusion points that
now put the odds in the cyber criminals� favor. many large enterprises don�t even know about. All of this
access to your data needs to be accounted for and that�s a
Further complicating systems and human resources tall order for organizations large enough to have a
dysfunction in the datacenter is the fact that the mainframe, mainframe and this is primarily what CorreLog helps them
a highly strategic data source, is more �front and center;� with.�
The mainframe today is closer than it has ever been to the
Internet. The newest iteration of IBM�s z/OS mainframe launched
in January of 2015, the z13, was designed to handle the
IBM mainframes can now be accessed directly by onslaught of big data now being generated by a global
thousands of users at a time through a facility called �3270 mobile population. The z13, IBM claims, can process 2.5
Terminal Emulation.� Essentially, through an Internet billion transactions per day with the capability to address
or Intranet connection, a user with a Windows/UNIX up to 10 terabytes of memory across eight processing cores.
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 13
