Guardium Offers Visibility Into Mainframe DB2 Blind Spot

When it comes to security auditing, the mainframe just hasn't kept up with the times.

So today database security firm Guardium and mainframe software firm Neon Enterprise Software will announce that they have teamed up on a new database security monitoring product that helps bring the DB2 mainframe database into the auditing age, Dark Reading has learned.

"The mainframe has been a black hole for auditing, especially when you're talking about the database," says Rich Mogull, an independent consultant and founder of Securosis LLC.

The new Guardium for Mainframes product, a combination appliance and software, provides visibility into all DB2 activity, including who's reading what on the database. "This would be important for PCI because you need to know who's accessing sensitive data," says Phil Neray, vice president of marketing for Guardium. "Until now, there's not been a practical way to track all database activities without impacting performance."

While built-in mainframe database logging offers some of these capabilities, it wasn't built for auditing, but instead for disaster recovery purposes, he says. The analysis doesn't occur in real time, so a breach wouldn't be detected until after the fact, and it dramatically slows performance. "You could turn on trace logging in the database... You'd get lots of read operations, but it will produce massive amounts of data and kill performance. And it would have to be stored in the database itself."

The Guardium for Mainframes product is based on a Linux appliance, which performs analysis off the mainframe, and stores the audit data. There's also a host-based monitoring service for the z/OS mainframe environment from Neon called Z-TAP that tracks DB2 queries and changes, and a set of Web-based security monitoring apps that run on the Linux appliance.

The mainframe product drills down into specific database transactions for auditing purposes as well as for monitoring for breaches. It generates an alert when there's unusual activity, such as if there was suddenly a request for 1,000 credit card numbers.

"You can gain visibility into select transactions using their stuff," Mogull says. "And you can do it consistently across all your databases, including SQL Server." Existing products for mainframe database auditing basically just "sniff" SQL connections, he notes.

Guardium's Neray says the data generated from its software can be exported to SIEM tools. Guardium for Mainframes will be available for pre-release customers within the next three months, and pricing is still being finalized, he says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.