Easily Add z/OS Events to SIEM
Although mainframes produce plenty of information about what’s happening (event log, audit log, syslog, etc.), you need a way to quickly and easily separate critical security incidents from business-as-usual events – and send them in the right format to your enterprise SIEM.
VitalSigns SIEM Agent for z/OS (VSA, formerly SMA_RT) forwards these mainframe log messages in the proper format, as well as those from RACF, ACF2, Top Secret, DB2, CICS, and FTP, to Security Information and Event Management (SIEM) systems such as ArcSight, IBM® QRadar®, Splunk®, and others. Mainframe teams must comply with strict audit policies but may not have the time or the resources to filter and format the right data and send it to the enterprise SIEM. Let VSA help.
VSA brings your z/OS mainframes into the center of your enterprise security infrastructure without hassle and in real time.
Want more videos? View our collection of SIEM videos and our previous VSA webinars.
Compliance
VSA is an invaluable tool to help your business comply with FISMA, GDPR, GLBA, HIPAA, PCI, SOX, and other standards. Administrators can define specific parameters to monitor with more detail and at greater depth, and automatically send data to any enterprise SIEM.
Security
With VSA monitoring the mainframes, your security team has a central, enterprise-wide view of all the events they need to capture and all the security threats they need to recognize.
Transparency
Mainframe security no longer needs to depend on batch jobs running long after any incident. Events are tracked and uncovered in real time, from all corners of the business.
This z/OS SIEM solution is flexible enough to integrate with any distributed SIEM product; VSA has certified integration with both ArcSight and IBM QRadar (Ready for Security Intelligence). VSA provides mainframe data while integrating well with Splunk, LogRhythm, McAfee® Enterprise Security Manager, Dell RSA® Security Analytics, Dell SecureWorks®, and others.
Want even more z/OS security with compliance help?
Consider these 2 Security Solutions
Both FIM+ and IronSphere provide unique mainframe security and compliance benefits. Visit their product pages to learn more about their individual benefits and features.
FIM+ for z/OS
- The first real mainframe FIM (File Integrity Monitoring) solution, FIM+ performs automatic, continuous scans of your entire mainframe efficiently and securely. Because it costs so little CPU time (< 1 CPU second) to scan your system for any change or anything unexpected, you can run scans as often as you like.
- It works well by itself, but when FIM+ is combined with a z/OS event monitoring tool like VSA, you can continuously log all events and monitor all data to better distinguish security threats from all the clutter and false positives. Imagine cutting out 90% of your false alarms?
SDS IronSphere for z/OS
- This product enhances security by automating the tedious DISA STIG compliance process. IronSphere can scan the mainframe looking for security vulnerabilities, adding another layer on top of the event monitoring available with VSA! Also, IronSphere follows the same risk-based security protocol (RMF) that US Federal Government agencies and DoD-connected businesses are required to implement.
- The core processes of IronSphere (z/OS STIG automation, which finds vulnerabilities, alerts you, and then delivers you the remediation steps to eliminate the risk) become even more powerful when combined with z/OS event log information from a SIEM agent like VSA.
The major benefits of both FIM+ and IronSphere have potential to become even more powerful when combined with a mainframe SIEM solution like VSA.
Contact us to learn more and be sure to ask about an individualized demo or trial.
Features
- Delivers mainframe data to all conventional SIEM products
- Connects with standard z/OS security products
- Monitors z/OS and UNIX System Services (USS)
- Gathers intelligence from z/OS SMF and the system operator interface
- Uses both signature- and anomaly-based attack detection
- Provides real-time alerts that can be managed, filtered, routed, and searched via SIEM software
- APIs allow for defining and filtering TSO, CICS, and batch events
- Easy installation does not require z/OS IPLs
- A small footprint in each LPAR, with little CPU overhead
Datasheet
White Paper
Resources
Request Info
These days, every company stands the chance of being hacked – and you don’t want to be the next headline. VSA gives you central, end-to-end systems visibility to help you stay in control of data security. Because the truth is, your business is about to be compromised… or it already has been.
VSA is a Ready for IBM Security Intelligence solution
VSA is an ArcSight CEF Certified solution
Free Demo/Trial
We offer individualized product demonstrations by request. Your company can also try SDS software on your system for 30 days, free of charge.
Contact SDS
Phone: (800) 443-6183
Phone: (763) 571-9000
Fax: (763) 572-1721
1322 81st Ave NE
Spring Lake Park, MN
55432-2116 USA