Enterprise-IT-Security.com Achieves CEF Certification with ArcSight

Share Article

Partnership enables z/OS mainframe monitoring with ArcSight

Enterprise-IT-Security.com, a leading provider of security and compliance solutions and services for both the mainframe and client-server platforms, announced today that it has achieved certification for the Common Event Format (CEF) Standard from ArcSight, Inc., a leading global provider of security and compliance management solutions that protect enterprises and government agencies. CEF certification allows ArcSight users to easily integrate with Enterprise-IT-Security.com's SF-Sherlock security and compliance monitoring solution, a comprehensive and powerful z/OS monitoring system, to achieve 100% coverage of their cross-platform security strategy.

CEF is an open log management standard that improves the interoperability of security-related information from different security and network devices and applications. The CEF connector allows the ArcSight SIEM Platform to connect to, aggregate, filter, correlate, and analyze events from applications and devices which output their logs in the CEF standard, utilizing the syslog transport protocol. With the plug and play CEF connector for SF-Sherlock, z/OS audit data becomes part of ArcSight's powerful correlation and detection capabilities, making z/OS audit data available and preventing its suppression.

Complete and authentic audit data is essential, not only for legal reasons, but also to obtain the benefits resulting from ArcSight's correlation and detection capabilities. SF-Sherlock therefore supports audit data on z/OS and provides this data in real-time. To prevent fraud on a professional level, SF-Sherlock also detects and reports tricky attacks, such as breaking audit trails, bypassing the security system, and more serious risks.

The audit data forwarded to ArcSight is not limited to events, but also includes all configuration-related information. SF-Sherlock performs a constant assessment of the entire z/OS system to identify its current status as well as errors and weaknesses. For example, it detects controls disabling required logging, user IDs with an unsafe password, unprotected critical resources, and more.

"The z/OS mainframe platform is too important to be excluded from a company's overall security and compliance monitoring strategy," said Dr. Stephen Fedtke, CEO of Enterprise-IT-Security.com. "The fact is the mainframe is vulnerable. Additional measures must be taken to ensure effective real-time monitoring and the required level of protection and compliance on z/OS. Simply processing some syslog messages and particular service management facility records is insufficient for today's requirements when both security risks and legal obligations are considered."

"The growth in cyber crime has led to regulation and requirements for tighter controls, real-time monitoring of those controls is essential," said Jeff Scheel, senior vice president of business development at ArcSight. "Enterprise-IT-Security.com's mainframe monitoring solutions combined with the ArcSight Platform provide visibility into both the information that the user accesses and the actions they have taken, resulting in better overall security insight for the enterprise."

About Enterprise-IT-Security.com

Enterprise-IT-Security.com is a leading provider of security and compliance solutions and services for both the mainframe and client-server platforms. By constantly developing and implementing highly innovative and reliable technologies, Enterprise-IT-Security.com successfully maintains extremely secure environments for the world's largest companies and institutions.

z/OS is a trademark of IBM Inc.

Contact Information:

Dr. Stephen Fedtke

Seestrasse 3a
CH-6300 Zug
Tel. ++41-(0)41-710-4005


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Visit website