Mainframes come with plenty of security – why should they use a Security Information and Event Management (SIEM), when it doesn’t even run on the mainframe? This is pretty much the opening argument from most mainframers when talking about SIEMs, and, at first glance, it seems pretty reasonable, but is it?
SIEM software products and services combine Security Information Management (SIM) and Security Event Management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware. SIEM products that you may have come across include: ArcSight and IBM QRadar, Splunk, LogRhythm, McAfee Enterprise Security Manager, Dell RSA Security Analytics, or Dell SecureWorks.