mainframe security
May 4, 2017 COBOL, Cybersecurity, Data, DevOps

Analyst Inspects ‘Application Audit’ and Uncovers Mainframe Security Progress

Designing tools that enable mainframe agility and DevOps is vital to advancing the platform in our digital age, but improving mainframe security for customers is equally important. This is especially true given rising concerns of internal and external system security threats, as well as increasingly stringent compliance measures companies must align security with.

That’s what Compuware Application Audit, a new mainframe cybersecurity and compliance solution, empowers companies to accomplish. Using Application Audit’s web-based interface, non-mainframe security analysts can capture and analyze start-to-finish user session activity, and integrate user behavior intelligence with popular SIEM engines like Splunk® and QRadar®, either directly or in combination with CorreLog® zDefenderTM for z/OS or Syncsort Ironstream®, to analyze the overall application environment.

In a new report, “Compuware’s newest solution curbs insider threats against mainframe systems!” Rich Ptak of analyst firm Ptak Associates writes, “Compuware is doing what it does best—removing the idiosyncrasies of the mainframe to enable non-mainframe staff to access and work with mainframe data in the same manner as they access data from other platforms.”

The Need for Improved Mainframe Security

Ptak points out that, despite the mainframe’s unmatched security, “threats evolve over time into new directions, demanding adaptive responses and new capabilities.”

Between 2014 and 2015, organizations experienced a five-percent increase in data breaches, according to the IBM X-Force® Research 2016 Cyber Security Intelligence Index. Sixty percent of that increase is attributable to insider activities. Additional research cited in Ptak’s report on Application Audit supports the analysts’ claims that security must evolve to cope with new threats emerging in our digital age.

“We agree that the mainframe is inherently secure from outside attacks. However, in today’s world, the risk and danger of exposure of sensitive data are increasingly coming from privileged users,” Ptak writes.

Ptak writes that “existing traditional solutions, e.g. SMF data, log scans, SIEM tools, RACF, CA ACF2, CA Top Secret, etc.,” are incapable of “directly assessing the need to specifically track and store user behavior in real-time.”

The introduction of Application Audit for detecting insider threats provides companies a superior method for collecting and providing access to “all user interactions with and in any application on the mainframe…in real-time…from a user perspective whether CICS transactions, 3270-based interactions—any interaction that takes place in and with any application” the analyst writes.

In theory, Application Audit sounds impressive. How well does it work in real scenarios? Ptak Associates outline three customer case studies—two major banks and one healthcare insurance company—where the tool enabled users to solve security problems and improve compliance. Read about them in the new report from Ptak Associates, and learn more about how Application Audit improves mainframe security and compliance.