So-called “fake news” or “alternative facts” are a daily topic. The real world shows clearly the possible disturbances and wrong decisions that can be created by deliberately “injected” false reports.
The same risk also applies to SIEM systems. These solutions are used to “form an opinion” by filtering, correlating, and evaluating incoming events, and if necessary, deriving alerts and decisions on what to do.
Deliberately created “fake events,” e.g. as part of a professional attack, are able to distract an SIEM from, for example, its own actions, or to blame others or non-involved employees, to trigger alerts or implemented automations. In addition to suppressed events, fake events create a parallel risk, in particular, for critical infrastructures.
Our leading z/OS security and compliance solution, SF-Sherlock, is already trained for these “audit trail breaks”, and we would like to inform you that our upcoming updates will have the “fake events” topic as a sustainable focus for supplementary measures.
Therefore, SF-Sherlock is one of the most powerful and high-quality SIEM real-time connectors for z/OS, and supports all SIEM solutions available on the market. SF-Sherlock covers, in particular, all event sources, such as z/OS, RACF, DB2, CICS, IMS, MQ, SMF, Syslog, TCP/IP, WebSphere, USS, VTAM, etc.
Our high SIEM project competence makes us the ideal partner for your SIEM team during the SIEM implementation and integration of the mainframe. We know exactly what and how to monitor, correlate and alert to ensure that your SIEM becomes a “success story”, and complies with today’s compliance requirements (Bafin, SOX, PCI, …).