Syncsort has announced Medical Mutual of Ohio is using Syncsort’s unique Ironstream® software to make mainframe security data available in real time to the Splunk® Enterprise platform to help protect customer information stored in DB2 from unauthorized access.
Now, Medical Mutual is able to see previously hard-to-access mainframe data, alongside other security information it was already analyzing in Splunk Enterprise. Splunk Enterprise enables a consolidated enterprise-wide view of machine data collected across the business, which makes it possible to correlate events that might not raise suspicion alone, but could be indicative of a threat when seen together.
“Medical Mutual of Ohio has been using Splunk Enterprise to monitor unauthorized access on distributed systems,” said Craig Fox, Security Specialist at Medical Mutual of Ohio. “Now by adding mainframe data provided by Ironstream into Splunk Enterprise, we finally have a real-time, 360-degree view that enables us to correlate all of our security data from across the enterprise and gain visibility into user-authentication data and access attempts tracked on the mainframe.”
With Ironstream leveraging Splunk Enterprise, Medical Mutual has now implemented what’s known as a Big Iron to Big Data security strategy enabling them to:
Track security events and data from multiple platforms including IBM z/OS mainframes, Windows and distributed servers and correlate the information in Splunk Enterprise for better security.
Diagnose and respond to high severity security issues more quickly since data across the entire enterprise is being monitored in real time.
Provide monthly and daily reporting with an up-to-the-minute account of unusual user activity.
Detect security anomalies and analyze their trends – the cornerstone of Security Information and Event Management (SIEM) strategies.
“We have been impressed with the Splunk platform’s ability to handle massive amounts of data from different formats and indexes and to decipher and correlate security events through analytics,” continued Fox. “Now, with Ironstream, we can also stream mainframe security data for even greater insights. Our mainframe team is also satisfied with Ironstream’s low overhead, which keeps mainframe processing costs low.”
Organizations can download a free Ironstream Starter Edition and begin streaming z/OS Syslog data into Splunk solutions. Unlike typical technology trials, the Starter Edition is not time-limited and may be used in production at no charge. This includes access to the Ironstream applications available for download on Splunkbase.