Type80's SMA_RT
HomeGroovy ?SolutionsNewsPartnersContact

 

Type80's SMA_RT: integrate your z/OS security events in real-time to Security Information and Event Management (SIEM) solutions

Type80 Security Software’s SMA_RT product brings mainframe security into the modern era.

By analyzing data from both WTO messages along with SMF data, Type80 gathers detailed information about security events on the mainframe. This data is then encapsulated in standard TCP/IP Syslog format and delivered in real-time to those responsible for enterprise security.

This gives an organization an enterprise-wide view of all the events they need to capture to stay abreast of attacks against their infrastructure.

FEATURES

  • Connectivity with ACF2, RACF and Top Secret
  • Supports z/OS and Unix System Services (USS).
  • Gathers events from System Management Facility and an Operating System interface
  • Uses SMF records to create SMA_RT profiles of TSO Users activity and then checks the SMA_RT during real-time monitoring looking for anomalies
  • Application Programming Interface (API) allows you to define specific security events
  • Batch Historical SMF Processing
  • Configurable rules within the TSO interface to filter out non-critical events
  • Security events are passed to other vendor’s monitoring products
  • Small footprint in each LPAR being monitored
  • Easy installation without requiring an IPL

BENEFITS

  • Real time alerting to security events occurring on the z/OS operating system
  • Security team alerted on threatening events and malicious activity
  • Protects from Denial of Service Attacks
  • Identifies internal patterns of security abuse
  • Saves on hundreds of man-hours tracking through SMF reports to investigate a security breach.
  • Leverages other security products currently licensed to provide complete enterprise-wide threat management coverage
  • Allows you to see what you want to see and when you want to see it

 

SPECIFICATIONS

The SMA_RT STC collects input from two separate real-time data streams.

  • The first data stream collects SMF records, including DB2 Audit SMF records
  • The second collects all WTO messages from within the LPAR.

SMF Exits

  • SMF records are captured in real time by using the Type80 supplied exits.

The Type80 Operating System Interface (message processor)

  • All WTO messages for the LPAR (not WTORs and their replies) enter the Type80-supplied Operating System Interface.

The Type80 TSO Interface

The SMA_RT software has a TSO Interface. The TSO Interface is a series of TSO panels that allows the Security Administrator to define what they would like to monitor and to tie the monitored resources into a Type80 rule set. The resultant rules are stored in VSAM files on the mainframe, with each LPAR having its set of VSAM files and rule sets. Type80 tracks by RACF USERID, IP address, SNA device address, by file names or by message Id’s.

The Type80 SIM/SEM/Log Consolidation Interface

All outbound event alerts from SMA_RT and SYSLOG to Threat Management Systems/SIM/SEM and Log Consolidation products are in the same industry standard "TCPIP,RFC 3164,SYSLOG" format. This allows these products to collect data from Type80 as if the mainframe were a UNIX box attached to the network. One parser algorithm will handle events being delivered from both of the Type80 products. Alerts are sent using a random port on the mainframe. The port and IP address of the recipient SIM/SEM product is defined in the Type80 configuration file.

Assembler written application that resides within an LPAR on the mainframe.

Each LPAR requires an instance of SMA_RT to be active to achieve complete enterprise monitoring.

SMA_RT is a started task (STC) process that can be started at IPL time.

 

MORE RESOURCES

for:

  • More technical information
  • Free trial

SMA_RT is a Type80 Security Software product.