Question 1

What does MEAS do?

Accepted Answer

MEAS is a software product designed to forward z/OS events to Security Information and Event Management (SIEM) systems. It captures events occurring on the z/OS platform and transmits them to other platforms for centralized security monitoring and analysis. This allows organizations to gain visibility into z/OS security events within their broader security landscape.

Question 2

Is this a system, application, or tool?

Accepted Answer

MEAS is best described as middleware. It acts as an intermediary, collecting data from the z/OS system and forwarding it to other systems, specifically SIEM solutions. It is not an end-user application or a development framework, but rather a component that facilitates communication between systems.

Question 3

What types of organizations use this?

Accepted Answer

Organizations that rely on the z/OS platform for critical applications and data, and that also use a SIEM solution for security monitoring, are the best fit for MEAS. This includes large enterprises in industries such as banking, finance, insurance, and government. Any organization needing to integrate z/OS security events into a centralized security monitoring platform should consider MEAS.

Question 4

When should we consider MEAS?

Accepted Answer

A company should consider using MEAS when they need to integrate z/OS security events into their existing SIEM infrastructure. If an organization wants to gain a comprehensive view of its security posture, including events occurring on the mainframe, MEAS provides a solution for forwarding those events to a centralized SIEM platform.

Question 5

What are the alternatives to MEAS?

Accepted Answer

Alternatives to MEAS include other z/OS event forwarding solutions, such as IBM Z Operational Log and Data Analytics, Type80 Syslog, Ironstream, and potentially custom-built solutions. The key difference often lies in the specific features, ease of integration with particular SIEM platforms, and the level of support provided.

Question 6

For mainframe products: Does this run in an LPAR?

Accepted Answer

MEAS runs on the z/OS platform and is z/OS dependent. It operates within an LPAR (Logical Partition) and requires access to z/OS subsystems to capture the necessary event data. It is not a standalone product and must be deployed within a z/OS environment.

Question 7

What infrastructure is required?

Accepted Answer

MEAS requires a z/OS environment with the necessary subsystems and security configurations in place. It also requires a SIEM solution on another platform to receive the forwarded events. Network connectivity between the z/OS system and the SIEM platform is essential for proper operation.

Question 8

What is the exact syntax for basic operations?

Accepted Answer

The exact syntax for basic operations depends on the specific configuration and interfaces provided by MEAS. However, common operations involve configuring event filters, defining target SIEM servers, and starting/stopping the event forwarding process. Configuration files are typically used to define these parameters.

Question 9

What are the main system components?

Accepted Answer

The main system components of MEAS include the event capture module, the data transformation module, and the communication module. The event capture module intercepts z/OS events, the data transformation module formats the events for the SIEM, and the communication module transmits the events to the SIEM platform.

Question 10

What business problem does it solve?

Accepted Answer

MEAS solves the business problem of integrating z/OS security events into a centralized security monitoring platform. Without MEAS, organizations would have limited visibility into security events occurring on their mainframes, potentially missing critical security incidents. This can lead to delayed incident response and increased security risks.

Question 11

What would happen if an organization did NOT use this product?

Accepted Answer

If an organization did not use MEAS, they would lack centralized visibility into z/OS security events. This could result in a fragmented view of their security posture, making it difficult to detect and respond to security incidents effectively. They would need to rely on other methods for monitoring z/OS security, which may be less efficient and comprehensive.

Question 12

How does this product integrate with enterprise ecosystems?

Accepted Answer

MEAS integrates with enterprise ecosystems by forwarding z/OS events to SIEM platforms. This allows organizations to correlate z/OS security events with events from other systems, providing a more holistic view of their security landscape. It enables them to leverage their existing SIEM infrastructure to monitor and manage z/OS security.

Question 13

What specific authentication methods are supported?

Accepted Answer

MEAS supports various authentication methods, including those provided by z/OS security subsystems such as RACF, ACF2, and Top Secret. It leverages these existing security mechanisms to authenticate users and control access to its functions.

Question 14

What access control model is used?

Accepted Answer

MEAS uses an access control model based on z/OS security mechanisms. It leverages RACF, ACF2, or Top Secret to control access to its functions and data. This allows organizations to manage access to MEAS using their existing z/OS security infrastructure.

Question 15

What encryption is used and where?

Accepted Answer

MEAS encrypts sensitive data during transmission to the SIEM platform. The specific encryption algorithms used depend on the configuration and capabilities of both MEAS and the SIEM solution. Common encryption protocols such as TLS/SSL are typically supported.

Question 16

What audit/logging capabilities exist?

Accepted Answer

MEAS provides audit and logging capabilities to track user activity and system events. These logs can be used to monitor security-related actions and investigate potential security incidents. The logs are typically stored in z/OS datasets and can be integrated with SIEM solutions for centralized analysis.

Question 17

What level of technical expertise is required to implement it?

Accepted Answer

Implementing MEAS requires technical expertise in z/OS, security, and networking. Personnel need to understand z/OS security subsystems, SIEM integration, and network protocols. Ongoing operational requirements include monitoring the health of the MEAS system, maintaining network connectivity, and managing user access.

Question 18

What are common implementation challenges?

Accepted Answer

Common implementation challenges include configuring event filters correctly, ensuring network connectivity between z/OS and the SIEM platform, and managing the volume of event data being forwarded. Careful planning and testing are essential for a successful implementation.

Question 19

What administrative interfaces are available?

Accepted Answer

Administrative interfaces for MEAS typically include a command-line interface (CLI) and potentially a web-based console. The CLI is used for configuring and managing the system, while the web console provides a graphical interface for monitoring and administration.

Question 20

How is user management handled?

Accepted Answer

User management in MEAS is handled through z/OS security subsystems such as RACF, ACF2, or Top Secret. These subsystems are used to define user accounts, assign permissions, and control access to MEAS functions. This ensures that user management is integrated with the existing z/OS security infrastructure.

Share Your Product Experience

MEAS

Product Overview

Frequently Asked Questions

What does MEAS do?

Is this a system, application, or tool?

What types of organizations use this?

When should we consider MEAS?

What are the alternatives to MEAS?

For mainframe products: Does this run in an LPAR?

What infrastructure is required?

What is the exact syntax for basic operations?

What are the main system components?

What business problem does it solve?

What would happen if an organization did NOT use this product?

How does this product integrate with enterprise ecosystems?

What specific authentication methods are supported?

What access control model is used?

What encryption is used and where?

What audit/logging capabilities exist?

What level of technical expertise is required to implement it?

What are common implementation challenges?

What administrative interfaces are available?

How is user management handled?

Related Products

Similar Products

2cOPS

Adabas Text Retrieval

Application Discovery

Application Discovery and Delivery Intelligence

ASG-becubic

ASG-Manager Products

Help Improve This Directory

Are You a Vendor? Claim Your Listing