Frequently, Enterprise Security teams remain segmented. Despite the integration of hybrid environments and the numerous requirements needed, 24/7 mainframe operations are often treated separately which can create blind spots. These blind spots make it difficult to troubleshoot issues when they arise. By bringing z/OS mainframe data into a SIEM software platform, we can help our customers eliminate those blind spots.
SIEM connectivity for Vanguard Compliance Manager (VCM) allows organizations to monitor, search, analyze, and visualize a system’s compliance data in real-time for automated reporting. Enterprise Security Teams can quickly access this data, identify trends and alerts to gain insights, and act based on those insights all in near real-time. Developers can also continuously build while improving applications and enhancements while seeing impacts on the broader environment.
Aggregation and Delivery
Vanguard Aggregation and Delivery STC (VAD) provides the ability to pull aggregated VCM results and deliver new client baselines across the z/OS enterprise. The resulted information can be delivered to the SIEM of choice – or use standardized reports provided for the Splunk platform. VAD provides improved operational efficiency across the z/OS enterprise and a robust reporting structure for all stakeholders to review compliance and audit requirements.
Splunk® & Industry Standard SIEMs
Splunk is a web-based SIEM software platform widely used for monitoring, searching, analyzing and visualizing the machine-generated data in real-time. It performs capturing, indexing, reporting and correlating the real-time data in a searchable container and produces graphs, alerts, interactive dashboards, and visualizations. VCM is currently available for the Splunk ecosystem.
Features:
- Easy-to-use customizable dashboards.
- Supports DISA STIG and CIS baseline checks.
- RACF, ACF2, and Top Secret (TSS) support.