Mainframe Security ‘Blind Spots’ Increase Risk of Insider Threats [New Research]
A new objective to improve mainframe security is gaining traction alongside broader enterprise transformation goals like achieving new application development and delivery velocity and improving collaboration across business units through DevOps.
New Compuware-commissioned research from Vanson Bourne that was made public today in a press release shows 78 percent of organizations consider the mainframe their most secure system, hence the reason 64 percent of organizations place their more sensitive data, including customers’ PII, on the platform.
However, the study also found 84 percent of companies lack the proper amount of visibility into their mainframe environments, and the same percentage have trouble tracking who has accessed data in those environments. These “blind-spots” in data access and control increase a company’s risk of insider threats.
Trouble arises when companies “rely solely on disparate logs and SMF data from security products such as RACF to piece together user behavior,” John Crossno, Compuware Product Manager for Application Audit, said.
Three-quarters of respondents said they still rely on log-files, which lack the depth of visibility necessary to track and analyze user behavior to prevent insider threats or identify them as they’re occurring.
“Even those who are integrating that data into their SIEM aren’t getting the level of insight needed to identify a malicious insider,” Crossno said.
That’s because that data still only reveals whether an employee accessed something, while failing to pinpoint what they did with it, how often they accessed it and whether that fell outside of normal parameters.
“Organizations need deep insight into what data was viewed, by whom and which applications were used to access it. This can only be achieved by directly capturing complete, start-to-finish user session activity data in real time, and integrating it into a SIEM platform such as Splunk for deep analysis,” Crossno said.
Is your company struggling to uncover mainframe security blind-spots? Read Compuware’s new white paper, “Mainframe Security in a Hybrid/Mobile World: New Best Practices for the New Threat Matrix,” to learn how what you can do to tighten mainframe security and diminish the risk of insider threats.