Dramatically Improved Visibility Helps Stop Insider ThreatsAgainst Core Enterprise Systems of Record
- To mitigate cybersecurity risks and fulfull compliance mandates, enterprises must capture all relevant data about user access and behaviour across all systems, applications and databases
- While the main frame is inherently secure, audits of user activities have historically been limited to scans of disparate logs and SMF data that do not specifically capture start-to-finish user session activity.
- Compuware’s new web-enabled Application Audit overcomes this limitations with full visibility into mainframe session activity, dramatically expanding security audit dat and cross-platform insight into user behaviour
- Cybersecurity teams can leverage Application Audit data from leading SIEM solutions such as Splunk, IBM QRadar and HPE Security ArcSight ESM either directly or via tools from CorreLog, Syncsort and others.
Compuware Corporation today announced the availability of Application Audit™, an innovative cybersecurity and compliance solution that dramatically enhances the ability of enterprises to stop insider threats by fully capturing and analyzing start-to-finish mainframe application user behavior.
This enriched mainframe user behavior intelligence is especially important to large enterprises given the fact that their most sensitive data and most business-critical systems of record typically reside on the mainframe.
Most enterprises still rely on disparate logs and SMF data from security products such as RACF, CA-ACF2 and CA-Top Secret to piece together user behavior. Highly advanced IT security organizations may even go as far as to apply advanced analytics to these logs to deduce who did what when. None of these approaches are sufficiently complete, reliable or streamlined to meet the relentlessly escalating demands of cross-platform enterprise cybersecurity and increasingly burdensome global compliance mandates.
Compuware Application Audit provides a significantly superior approach by directly capturing complete, rich start-to-finish user session activity data in real time—including all successful logins, session keyboard commands and menu selections, specific data browsed, and more.
Application Audit’s intuitive web interface empowers anyone—including security and compliance staff without extensive mainframe platform experience—to set session recording parameters, review audit data, configure feeds and perform other administrative tasks. Plus, because Application Audit doesn’t require any changes to mainframe applications, it starts delivering benefits immediately.
Enterprise IT organizations can use the rich, complete and comprehensive mainframe session data provided by Application Audit both by itself and in conjunction with their security information and event management (SIEM) systems to more quickly and effectively:
- Detect, investigate and respond to inappropriate behavior by internal users with access
- Detect, investigate and respond to hacked or illegally purchased user accounts
- Support criminal/legal investigations with complete and credible forensics
- Fulfill compliance mandates regarding protection of sensitive data
The data collected by Application Audit is particularly valuable for maintaining control of privileged mainframe user accounts. Both private- and public-sector organizations are increasingly concerned about insider threats to both mainframe and non-mainframe systems. Privileged user accounts can be misused by their rightful owners, motivated by everything from financial gain to personal grievances, as well as by malicious outsiders who have illegally acquired the credentials for those accounts.
Through collaboration with CorreLog, Syncsort and Splunk, Compuware is enabling enterprise customers to integrate Application Audit’s mainframe intelligence with popular SIEM solutions such as Splunk, IBM QRadar and HPE Security ArcSight ESM. Additionally, Application Audit provides an out-of-the-box Splunk-based dashboard that delivers value on Day One. These integrations are particularly useful for discovering and addressing security issues associated with today’s increasingly common composite applications, which have components running on both mainframe and non-mainframe platforms. SIEM integration also ensures that security, compliance and other risk management staff can easily access mainframe-related data in the same manner as they access data from other platforms.
“Effective IT management requires effective monitoring of what is happening for security, cost reduction, capacity planning, service level agreements, compliance, and other purposes,” said Stu Henderson, Founder and President of the Henderson Group. “This is a major need in an environment where security, technology, budget, and regulatory pressures continue to escalate. I welcome a product that provides us a straightforward, comprehensive basis for such monitoring.”
With the introduction of Application Audit, Compuware has now released an innovative new mainframe software solution every 90 days for a remarkable ten consecutive quarters.
“As large enterprises continue to leverage the unmatched power and performance economics of the mainframe, they need better, more modern ways of doing everything from advancing mainframe DevOps to protecting invaluable data from cybersecurity threats,” said Compuware CEO Chris O’Malley. “Compuware is relentlessly and uniquely innovating to meet these evolving enterprise mainframe needs.”