IBM Security Z Security

 View Only

Extend data security on your mainframe with the new 11.3 release of IBM Security Guardium S-TAPs for Db2, IMS, and Data Sets on z/OS

By Mac Gupta posted Tue June 15, 2021 12:37 PM

  

Ron Aguirre, Sr. Manager, Rocket Software is the subject matter expert on this release, working closely with IBM. He can be reached at raguirre@rocketsoftware.com.

We are excited to share with you that the new release of the IBM Guardium S-TAPs Db2 for Db2, IMS, and Data Sets on z/OS is now generally available.  Please note for Db2 and IMS S-TAPs, you would need to apply a GA PTF (HIPER) during the upgrade.

Along with all PTF’s since version 10.1.3, this new release delivers performance and optimization to reduce overhead, new auditing, and filtering capabilities to further extend data protection and real-time analytics, usability, and supportability to help accelerate deployment, and diagnostics. Also, integration with Splunk and IBM Security Guardium Insights allows you to send mainframe events collected by IBM Security Guardium for z/OS for further insights.

A couple of most customer requested enhancements for auditing and filtering include the ability to audit CICS Unit of Work across subsystems – IBM Db2 for z/OS, IMS, and VSAM data sets, and Collect BIND/REBIND package and plan commands, and enable versioning of packages.

Another critical update is an additional data security option to block unauthorized user activities and issue a SQL code to fail an activity that violates a security policy.

For enhanced usability and supportability, the Security Guardium collector can send MUSTGATHER diagnostic information to IBM z/OS for analysis and troubleshooting. This command provides the z/OS System Administrator, who may not have access to the Security Guardium collector, to request the Security Guardium collector generate the diagnostic MUSTGATHER information that can be retrieved later by someone who does have access to the Guardium collector.

There are many more capabilities so please do check out the complete announcement. To round this out, below I have included a quick description of the architecture for S-TAP for Db2 for your reference. For more details, you can read the IBM product announcement.

Security Guardium S-TAP for Db2 Collector Agent


The Security Guardium S-TAP for Db2 Collector Agent runs as a started task on z/OS.  The Collector Agent receives audit policies and thread termination requests from the appliance.  The Collector Agent consists of the SQL Collector (sometimes referred to as ASC).

Audit SQL Collector (ASC)

Security Guardium S-TAP for Db2 V11.3 includes support for a) operational symmetry among Db2, IMS, Datasets S-TAPs and improved serviceability.

0 comments
18 views

Permalink