Mainframes continue to run many critical applications for Government agencies, and if you’re a government agency using Splunk, the Mainframe is often a major blind spot.
Ironstream is the industry’s leading high-performance, cost-effective solution for forwarding critical security and operational machine data from the mainframe to Splunk.
View this 20 minute demo to learn how Ironstream can deliver:
• Healthier IT operations by correlating events across all your IT Infrastructure – increasing efficiency, insight and cost-savings
• Clearer, more precise security information with complete visibility into enterprise wide security alerts and risks for all systems, including mainframes
• Less complexity by breaking down silos and seamlessly integrating with Splunk for a single view of all your systems, with no mainframe expertise required
We also share how one federal law-enforcement agency used Ironstream to meet the ever-changing reporting requests from its auditors in order to prove compliance with information-security requirements.
Government Agencies Using Splunk: Is Your Critical Data Missing?
1. Government Agencies Using Splunk:
Is Your Critical Data Missing?
Bill Hammond, Product Marketing
John de Saint Phalle, Sales Engineering
2. Mainframes &
IBM i servers
adapt and deliver
increasing value
with each new
technology wave
91%of executives predict long-term
viability of the mainframe as the
platform continues evolving to
meet digital business demands
>100kcompanies today use IBM i
technology to run significant
workloads & power critical
business applications
BMC 12th Annual Mainframe Research Results – Nov. 2017 Syncsort 2018 State of Resilience: The New IT Landscape for Executives:
Threats, Opportunities and Best Practices.” Jan. 2018
that’s 2,500,000,000 -- business
transactions per mainframe per day
2000+ organizations overall
2.5 B
3. Market
Landscape and
Key Concepts:
Data Analytics
Challenges
So many data sources
Mainframe:
Systems Management Facility (SMF),
Syslog, Log4j web and application logs,
RMF, RACF, USS files and standard
datasets
IBM i:
QAUD Journal, QHIST, Message Queues,
Database Journals
Format of data
Mainframe:
• Complex data structures (SMF) with
headers, product sections, data
sections, variable length and self-
describing
• EBCDIC not recognized outside of
the mainframe world
• Binary flags and fields
IBM i:
• Complex data structures with
unique journal entry types, headers,
product sections, data sections,
variable length and self-describing
• IBM i journals are held in DB2
• Performance Collection Services
• IBM i information needs to be
converted to workable formats
such as JSON, Syslog, CEF etc.
Volume of data
Millions of log records generated daily
• 9.7TB Average Daily Mainframe Log Data
Difficulty to get the
information in a timely
manner
• Not real-time, typically have to wait
overnight for an offload
• Typical daily FTP upload/downloads
can’t get granular
6. Ironstream Solutions
Application/System Monitoring
• Monitor operational status of enterprise IT infrastructure
• Make better decisions to take control of the IT infrastructure
• Monitor Resource utilization and availability
• Problem Detection & Isolation
• Ensure SLAs are met
• Reduce MTTI, MTTR
• System Health Monitoring with Splunk IT Service Intelligence
Security and Compliance
• Detect and prevent security threats
• Privileged activity
• Ensure compliance
• Ensure audits pass
• Enterprise Security Monitoring with Splunk ES
7. • High performance, low-cost, platform for collecting critical
system information in real-time
• Normalization of the z/OS and IBM i data so it can be used by off
platform analytics engines
• Full analytics, visualization, and customization with no limitations
on what can be viewed
• Ability to easily combine information from different data sources
and systems
• Address the SME challenge: use by network managers, security
analysts, application analysts, enterprise architects without
requiring mainframe access or expertise
What does Ironstream® deliver?
8. Syncsort
Ironstream for
IBM z and IBM i
• Enabling organizations to get
machine data from System z and
IBM i to Splunk for log analytics.
• Extend What Splunk Does
Already, to the Other ~40%-80%
of IT Processing
• 360ᵒ Degree View: Make the
Splunk View of the Enterprise
Complete
• Same Splunk Dashboards, Bigger,
More Complete Data Sets; Free
Apps
9. Why Ironstream
Less Complexity
Collect mainframe and IBM i data;
correlate with data from other
platforms; no legacy system expertise
required
Clearer Security Information
Identify unauthorized mainframe and
IBM i server access, other security
risks; prepares and visualizes key
data for compliance audits
Healthier IT Operations
Real-time alerts identify problems in
all key environments View latency,
transactions per second, exceptions,
etc.
Effective Problem-Resolution
Management
Real-time views to identify real or
potential failures earlier; view related
'surrounding' information to support
triage repair or prevention
Higher Operational Efficiency
Enhanced event correlation across
systems; Staff resolves problems faster;
“do more with less”
Eliminate Your Mainframe and
IBM i “Blind-Spots”
Splunk/Elastic + Ironstream = Your
360ᵒ Enterprise View
12. Federal Agency
Meets Audit &
Information Security
Requirements with
Syncsort Ironstream
Challenge:
Needed to collect and analyze
operational log data from all of its
many IT systems to meet ever-
changing compliance requirements.
The agency was (and is) using Splunk
Enterprise but was missing critical
Mainframe log data including:
• Extremely sensitive
authentication information
• Enterprise-wide details on
password changes, log-in
successes and failures
• Accounts being locked out of the
mainframe systems.
Results:
With Syncsort Ironstream they have
real-time enterprise-wide visibility
into the most sensitive authentication
procedures and data across their IT
environment:
The agency is now able to audit for
unusual activity at the individual user
levels, helping them detect security
exposures such as:
• Access from an unusual location,
unusual network zone, or unusual
time of day.
• Changes to user privileges and
rights.
• Excessive data transmissions.
• Unusual movement of data.