EDITOR’S QUESTION
“
INSIDER
THREATS ARE SO MUCH
HARDER TO DETECT, AS
ON THE SURFACE, THE
PERPETRATORS’ ACTIONS
APPEAR LEGITIMATE.
surface, the perpetrators’ actions appear
legitimate. There is also the challenge
of monitoring the access and usage of
much of an organisation’s personally
identifiable information, given that for
large organisations, it usually resides on
the mainframe. The mainframe brings the
advantage of being a highly securable data
repository, which is incredibly difficult to
breach. Equally though, if an insider does
breach the mainframe, the results can be
severe. To protect against insider threats on
the mainframe, organisations need to have
the right systems and processes in place, as
the platform is an incredibly complex rabbit
warren of databases. valuable and sensitive data that resides on
the mainframe from insider threats is to
capture a complete picture of mainframe
user activity in real-time.
So much so, that research from Compuware
revealed that this complexity has created a
security blind-spot for 84% of organisations,
who say it is difficult to monitor which
employees are accessing which mainframe
data and what they are doing with it. With this approach, organisations will have
the ability to spot malicious employees or
unwelcome insiders at the crime scene and
in the early stages of a data breach.
As a result, when investigating suspicious
or malicious employee behaviour, security
teams have a sketchy, incomplete view. The
only effective way of protecting the hugely
Organisations need insight into which users
are accessing what information and when,
in addition to which applications they are
accessing, what data, and how the data is
manipulated. This granular level of insight
can only be obtained by directly capturing
complete start-to-finish user session activity
data in real-time and integrating it into a
SIEM system such as Splunk and CorreLog,
so it can be analysed for patterns that are
out of line with normal employee behaviour.
That’s a win-win for security teams and those
whose personal data they are entrusted with
protecting alike, going a long way towards
ensuring an organisation doesn’t just become
another statistic on the rapidly lengthening
list of data breach incidents.
www.intelligentcio.com