Guardium Offers Visibility Into Mainframe DB2 Blind Spot

Guardium to add its database security monitoring software for the DB2 mainframe environment

When it comes to security auditing, the mainframe just hasn't kept up with the times.

So today database security firm Guardium and mainframe software firm Neon Enterprise Software will announce that they have teamed up on a new database security monitoring product that helps bring the DB2 mainframe database into the auditing age, Dark Reading has learned.

"The mainframe has been a black hole for auditing, especially when you're talking about the database," says Rich Mogull, an independent consultant and founder of Securosis LLC.

The new Guardium for Mainframes product, a combination appliance and software, provides visibility into all DB2 activity, including who's reading what on the database. "This would be important for PCI because you need to know who's accessing sensitive data," says Phil Neray, vice president of marketing for Guardium. "Until now, there's not been a practical way to track all database activities without impacting performance."

While built-in mainframe database logging offers some of these capabilities, it wasn't built for auditing, but instead for disaster recovery purposes, he says. The analysis doesn't occur in real time, so a breach wouldn't be detected until after the fact, and it dramatically slows performance. "You could turn on trace logging in the database... You'd get lots of read operations, but it will produce massive amounts of data and kill performance. And it would have to be stored in the database itself."

The Guardium for Mainframes product is based on a Linux appliance, which performs analysis off the mainframe, and stores the audit data. There's also a host-based monitoring service for the z/OS mainframe environment from Neon called Z-TAP that tracks DB2 queries and changes, and a set of Web-based security monitoring apps that run on the Linux appliance.

The mainframe product drills down into specific database transactions for auditing purposes as well as for monitoring for breaches. It generates an alert when there's unusual activity, such as if there was suddenly a request for 1,000 credit card numbers.

"You can gain visibility into select transactions using their stuff," Mogull says. "And you can do it consistently across all your databases, including SQL Server." Existing products for mainframe database auditing basically just "sniff" SQL connections, he notes.

Guardium's Neray says the data generated from its software can be exported to SIEM tools. Guardium for Mainframes will be available for pre-release customers within the next three months, and pricing is still being finalized, he says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights