Federal Law Enforcement Agency Meets Audit Security Needs
Ironstream and Splunk Help Federal Law Enforcement
In order to fulfill the frequently changing information-security obligations set by its auditors, a federal law-enforcement agency faced the looming task of collecting and analyzing operational log data from many of its IT systems, including the entirety of its history and current enterprise security information. Although the company had already utilized Splunk Enterprise® as its log management analytics platform, it was still missing the extremely sensitive log data of its mainframe systems; this problem is solved with the Ironstream solution
After a close analysis of the agency’s needs, Ironstream proved to offer the best overall solution. Created specifically for the purpose of collecting, transforming and forwarding log data of this magnitude to the Splunk® platform, Ironstream granted this law-enforcement agency the ability to obtain full visibility—in real time—into the most sensitive authentication procedures and data across its IT environment, ultimately enabling it to fulfill its audit obligations with ease.
A federal law-enforcement agency faced a big challenge. It had to respond to ever-changing reporting requests from its auditors in order to prove compliance with information-security requirements. For that it would need to collect and analyze operational log data from all of its many IT systems.
But an important source of log data was still missing.
That source was (and is) the agency’s mainframe systems, which possessed extremely sensitive authentication information, as well as enterprise-wide details on password changes, log-in successes and failures, and accounts being locked out of the mainframe systems. All of that detail, however, was beyond the reach of Splunk.
An extensive search brought up one product that offered the best solution — Ironstream from Precisely.
Ironstream for Splunk® was created specifically for the purpose of collecting log data from the System Management Facility of IBM z/OS, transforming it to generic machine language, and forwarding it in real time to the Splunk platform.
That was all the federal group needed to know, and they moved quickly to adopt.