Application Security, Inc., a provider of database security, risk and compliance (SRC) solutions for the enterprise, and NEON Enterprise Software, a provider of solutions for mainframe customers, have announced a strategic alliance to deliver enterprise SRC solutions for monitoring database activity on the mainframe.
The AppSec and NEON alliance extends the enterprise platform support of AppSec's DbProtect, delivering a solution to reduce the cost and complexity of securing, auditing, and monitoring mainframes. The solution enables flexible database audit policies to support critical audit requirements such as Sarbanes-Oxley (SOX) and Payment Card Industry Data Security Standard (PCI DSS), and provides visibility into all activity occurring on the mainframe DB2 database including access to sensitive data and privileged user monitoring.
The "compliance tidal wave" that has been hitting IT is now crashing on the mainframe, Josh Shaul, vice president product management, AppSec, tells 5 Minute Briefing. As open systems have succeeded in becoming "much more locked down," regulators are naturally expanding the breadth of their audits to include the mainframes to ensure that proper controls are there as well, he explains. And while it is very hard to hack into mainframe systems, Shaul notes, for authorized users the potential for abuse that exists on the mainframe is the same as in distributed systems. "If you are someone from the inside with mainframe access, there might be nothing stopping you, or watching you." Just collecting audit logs is an important step but it doesn't necessarily find a problem, explains Shaul, who emphasizes that organizations have to be actively reviewing that information constantly and looking for anomalies. "That is the kind of thing our software will bring to the table."
By delivering a native z/OS DB2 collector covering all local and privileged activities, NEON extends the support of AppSec's DbProtect database SRC platform to organizations committed to mainframe technology. With this solution mainframe DB2 users gain a critical compliance control process to monitor real-time database activity and provide alerts of inappropriate access to sensitive data.
According to the vendors, DbProtect for DB2 on z/OS enables audit policies to operate against sensitive DB2 objects without resource-intensive internal tracing facilities. In addition, audit processing is offloaded to zIIP (System z Integrated Information Processor) specialty engines, which minimizes impact on mainframe central processors and avoids increased mainframe software licensing costs. With mainframe audit and threat monitoring integrated in AppSec's DbProtect solution, organizations can manage database security, risk and compliance for all their enterprise platforms from a single console.
"Our intention is to make the fact that we are monitoring and securing mainframes really transparent to users so that there is no need for mainframe expertise," Shaul emphasizes. The joint solution will be available later this year.
For more information about DbProtect, go here.