Intelligent CIO Europe Issue 25 - Page 34

EDITOR’S QUESTION “ INSIDER THREATS ARE SO MUCH HARDER TO DETECT, AS ON THE SURFACE, THE PERPETRATORS’ ACTIONS APPEAR LEGITIMATE. surface, the perpetrators’ actions appear legitimate. There is also the challenge of monitoring the access and usage of much of an organisation’s personally identifiable information, given that for large organisations, it usually resides on the mainframe. The mainframe brings the advantage of being a highly securable data repository, which is incredibly difficult to breach. Equally though, if an insider does breach the mainframe, the results can be severe. To protect against insider threats on the mainframe, organisations need to have the right systems and processes in place, as the platform is an incredibly complex rabbit warren of databases. valuable and sensitive data that resides on the mainframe from insider threats is to capture a complete picture of mainframe user activity in real-time. So much so, that research from Compuware revealed that this complexity has created a security blind-spot for 84% of organisations, who say it is difficult to monitor which employees are accessing which mainframe data and what they are doing with it. With this approach, organisations will have the ability to spot malicious employees or unwelcome insiders at the crime scene and in the early stages of a data breach. As a result, when investigating suspicious or malicious employee behaviour, security teams have a sketchy, incomplete view. The only effective way of protecting the hugely Organisations need insight into which users are accessing what information and when, in addition to which applications they are accessing, what data, and how the data is manipulated. This granular level of insight can only be obtained by directly capturing complete start-to-finish user session activity data in real-time and integrating it into a SIEM system such as Splunk and CorreLog, so it can be analysed for patterns that are out of line with normal employee behaviour. That’s a win-win for security teams and those whose personal data they are entrusted with protecting alike, going a long way towards ensuring an organisation doesn’t just become another statistic on the rapidly lengthening list of data breach incidents.