Verifies mainframe security policies and security compliance

zSecure Audit helps you extend and enrich the existing Z Systems security (IBM RACF, CA ACF2, or CA Top Secret) by enforcing and enhancing security policies in repeatable, sustainable, and automated fashion. These automated reports also help you quickly locate vulnerabilities and compliance issues in strict security compliance environments such as for the Payment Card Industry Data Security Standard (PCI DSS), Security Technical Implementation Guide (STIG) and other similar standards

zSecure Audit can email customizable reports daily when specific events occur or when there is a potential security breach. Audit events and user access logs generated by IBM security management tools can be populated within Security Information and Event Management (SIEMs) tools such as IBM QRadar for normalization and compliance reporting.

Feature

• Automated detection of security exposure or misconfigurations
• Automatically generated reports in standard or customized format help you to quickly locate problems, providing vulnerability analysis of your mainframe, drive discretionary access control, and reduce errors.
• Event collection from multiple event-collection providers
• Automated compliance framework testing and enhanced reporting capabilities help you quickly locate vulnerabilities and compliance issues in strict environments such as for Payment Card Industry Data Security Standard (PCI DSS), Security Technical Implementation Guide (STIG) and other similar standards.
• Customizable reports
• zSecure Audit can email reports daily when specific events occur or when there is a security breach. Extensive reporting capabilities allow you multiple customizable capabilities.
• Integration with SIEMs including QRadar
• You can access audit events and user access logs generated by IBM security management tools populated within Security Information and Event Management (SIEM) tools including IBM QRadar for normalization and compliance reporting, harmonizing the collection infrastructure among the product lines.
• Modernize with IBM Cloud Pak for Security (Unified Console)
• With IBM zSecure Audit and/or IBM zSecure Alert you can send events into common security event repositories such as SIEM, QRadar and exploit the power of IBM Cloud Pak for Security (CP4S) in your Z environment. What is CP4S? CP4S brings data and workflows into one platform to help security teams: (1) Gain enterprise-wide security insights through a unified console for IBM and 3rd party security tools. CP4S ingests the security events as they come in through common security event repositories such as QRadar. (2) Act faster with AI and automation, simplified operations and streamlined response. And (3) through modernized architecture, access the console anywhere with an open, multicloud platform.
• Extensive coverage of SMF records
• zSecure Audit offers extensive coverage of System Management Facilities (SMF) records and pre-defined event reports enabling you to report on user behavior and identify users who circumvent system security. The CARLa Auditing and Reporting Language (CARLa) used in zSecure Audit enables you to modify the displays and reports using SMF and other data sources.
• Automated detection of security exposure or misconfigurations
• Customizable reports
• Modernize with IBM Cloud Pak for Security (Unified Console)
• Event collection from multiple event-collection providers
• Integration with SIEMs including QRadar
• Extensive coverage of SMF records