Easily Add z/OS Events to any SIEM
Although mainframes produce plenty of information about what’s happening (event log, audit log, syslog, etc.), you need a way to quickly and easily separate critical security incidents from business-as-usual events – and send them in the right format to your enterprise SIEM.
VitalSigns SIEM Agent for z/OS (VSA, formerly SMA_RT) forwards filtered mainframe security logs and messages (from RACF, ACF2, Top Secret, DB2, CICS, FTP, etc.) in the proper format, to Security Information and Event Management (SIEM) systems such as Splunk®, LogRhythm NextGen SIEM, IBM® QRadar®, AlienVault, ArcSight, and others. Mainframe teams must comply with strict audit policies but may not have the time or the resources to filter and format the right data and send it to the enterprise SIEM. Let VSA help.
VSA brings your z/OS mainframe into the center of your enterprise security infrastructure without hassle and in real time.
VSA is an invaluable tool to help your business comply with FISMA, GDPR, GLBA, HIPAA, PCI, SOX, and other standards. Administrators can define specific parameters to monitor with more detail and at greater depth, and automatically send data to any enterprise SIEM.
With VSA monitoring the mainframes, your security team has a central, enterprise-wide view of all the events they need to capture and all the security threats they need to recognize.
Mainframe security no longer needs to depend on batch jobs running long after any incident. Events are tracked and uncovered in real time, from all corners of the business.
This z/OS SIEM solution is flexible enough to integrate with any distributed SIEM product and is certified for CEF and LEEF formats. VSA is a Ready for IBM Security Intelligence product. In addition, VSA integrates well and provides mainframe data to these SIEM solutions: Splunk, LogRhythm NextGen SIEM, AlienVault, ArcSight, McAfee® Enterprise Security Manager, and others.
- Delivers mainframe data to all conventional SIEM products
- Certified for CEF and LEEF formats
- Connects with standard z/OS security products
- Monitors z/OS and UNIX System Services (USS)
- Gathers intelligence from z/OS SMF and the system operator interface
- Uses both signature- and anomaly-based attack detection
- Provides real-time alerts that can be managed, filtered, routed, and searched via SIEM software
- APIs allow for defining and filtering TSO, CICS, and batch events
- Easy installation does not require z/OS IPLs
- A small footprint in each LPAR, with little CPU overhead
These days, every company stands the chance of being hacked. Especially in 2020, hackers have gone on the offensive and increased their attacks.
VSA gives you the central, end-to-end systems visibility you need to help stay in control of your organization’s data security. Because the truth is, your business is about to be compromised… or it already has been.
DBTA Trend-Setting Products List for 2020
VSA was chosen as one of the top 100 Trend-Setting Products by DBTA for 2020. We’re thrilled to be included in this prestigious list.
Read the VSA Product Spotlight that was included in this DBTA edition.
Importance of Delivering Critical z/OS Security Events to your SIEM in Real Time
Thank you for those who joined us on Thursday, January 20 for a 30-minute webinar.
We discussed the importance of delivering z/OS security events to your SIEM in real time. Plus, we provided an overview of new VitalSigns SIEM Agent for z/OS features and a demo of VSA delivering events to Splunk.
z/OS Security & Compliance Software
Check out the latest SDS mainframe security software solutions. These popular products also offer relevant and significant compliance assistance on z/OS.