Menu Close
Data infrastructure optimization, availability & security software
Data integration & quality software
The Next Wave of technology & innovation

Customer Story

Compliance Rules Lead Client-focused Healthcare Company to Ironstream + Splunk


Organizations’ mandates to get certified for the adequacy of their IT controls for regulatory compliance are a significant driver of a shift taking place in IT infrastructures For leading enterprises, this shift includes efficiently adopting “Big Iron to Big Data” strategies, such that security and compliance-relevant mainframe data (in this case, specified SMF files) are streamed to the big data analytics platform chosen for enterprise security and compliance.

Such certification is needed so that organizations can assure their clients and customers that their sensitive information is protected. Organizations also need to “pass the audit,” and for all of that they need to combine and correlate the relevant mainframe data with its relevant distributed data counterpart.

Like so many other enterprises, one particular healthcare company was having trouble meeting all the varied requirements for certification under the standard known as SOC2. The SOC2 standard focuses on non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy, and of course they apply to the systems that touch the data.

To process all the relevant SMF security records generated each day by its three IBM mainframes, this company was using IBM’s zSecure products plus some home-grown elements. But that had proved to be excessively labor intensive and kept them from meeting all the SOC2 reporting requirements, especially those for the claimsprocessing application running on the mainframes. They needed a better solution to address the requirement and more fully address the need. SOC2 reporting requirements include the proper monitoring of log-on attempts, password changes, and user access violations. Given this system’s size and growth — it manages a portfolio of diverse health-related businesses serving 50 million people — that’s a lot of SMF records to access and analyze.


For some time, the company had been discussing the problem with Syncsort as well as a number of other vendors in the SIEM (security information and event management) space. Their search for a solution kicked into high gear when they were facing important compliance targets that had to be met in just a few months time. Syncsort quickly arranged a Proof of Concept (POC) demonstration of its Ironstream product together with Splunk Enterprise, using a sample of the customer’s own SMF data.

The POC proved Ironstream’s ability to replace the zSecure manual processes. That, plus the value-pricing and the track record of the Ironstream + Splunk Enterprise combination at other companies within the healthcare industry persuaded the company to choose Ironstream + Splunk Enterprise over the competition.

The customer began securely forwarding ~20 gigabytes of SMF records per day through Ironstream to the Splunk platform for efficient, real-time monitoring and analysis, a volume that could eventually grow to 800 GB per day when you factor in growth and having other mainframe data sources brought in. With Ironstream’s innovative filtering, though, they can minimize the streamed data to include only those that are relevant to the use case.

Among the Results

  • The monitoring of security activity on their mainframe applications in Splunk Enterprise, including log-on attempts, password changes, user access violations, etc., met the audit and compliance thresholds for SOC2 certification.
  • The manual processes and related efforts and costs associated with using zSecure were eliminated.
  • The SMF forwarding became automated and started being done in real-time.
  • They were able to select and forward to Splunk Enterprise only those records related to security and compliance, without having to process the entire SMF record set, significantly reducing the volume of data forwarded and controlling resource consumption.

With Ironstream’s industry-best file-type support, low overhead, and innovative filtering, this healthcare leader can easily expand to other use cases while keeping costs to a minimum. They are equipped to garner new insights from their data and can easily adapt to changing needs.