How to Make Your Mainframe Hard to Hack
For a long time, the IT vox populi said no one could hack a mainframe. Establishing granular rules that defined who could access what was considered a negligible practice. But that’s changing with the increase of insider threats, which accounted for four billion leaked records of data (beyond just mainframe systems) in 2016, according to IBM X-Force.
While the mainframe is still the most securable platform in the world, don’t assume it’s invincible to threats. Though it would have been a difficult to hack one even ten years ago, today and moving forward, mainframe cybersecurity needs to be continually improved upon as hackers’ technical proficiency increases with digital progress.
Philip Young—aka Soldier of Fortran—and Chad Rikansrud—aka Bigendian Smalls and RSM Partners’ Director of North American Operations—have shown how easy it is to sniff credentials off the wire, trying various user IDs over time to get into a mainframe. You can watch some of these presentations on Phil’s YouTube channel for a truer depiction, but, in essence, once a hacker gets into your mainframe, it can be easy for them to escalate their privileges.
The frightening thing is how easy it can be to hack into a poorly secured mainframe, but also how under-the-radar a hacker can remain. Eventually, they can gain full system control without significant effort.
Hack-proofing with Mainframe Cybersecurity Tools
Despite platform security enhancements, such as pervasive encryption on the z14 mainframe, there are still ways for authorized or unauthorized users to hack into and exploit the mission-critical applications and data on your mainframe for nefarious purposes. Ultimately, you need to secure your mainframe at various levels, including the system and applications, and make it easy to detect and analyze suspicious user behavior.
Breakglass addresses the security risk posed by the occasional need to grant temporary elevated security privileges in order to complete a specific task. Breakglass provides the essential mechanism and process for doing so—a fully secured and audited way for users to request and temporarily gain additional security permissions.
zDetect is a uniquely powerful z/OS mainframe security monitoring tool that detects actual and potential security issues in real time. Unlike other security monitors, it doesn’t just collect security related information to send to an SIEM—zDetect uses sophisticated behavioral algorithms, leveraging RSM’s deep understanding of mainframe security to detect suspicious events.
Application Audit for mainframe cybersecurity and compliance enables enterprises to capture all relevant data about user access and behavior on the mainframe to mitigate mainframe cybersecurity risks and fulfill compliance mandates.
The Compuware-RSM Combo
Separately, these tools can help you improve mainframe cybersecurity—but even then, you’ll find gaps that are just wide enough for a hacker or malicious insider to slip through and wreak havoc. A much more failsafe solution is to leverage the strengths of each tool together.
Here’s how you can leverage the tools together:
RSM Partners provides you with Breakglass and zDetect to ensure the necessary discipline in allowing privileged access, at the same time proactively monitoring in real time for any emerging threats. When a threat is detected, Application Audit is called to start recording the activity of a particular user ID from that point forward. At same time, an alert is sent to an analyst monitoring security events on the system so they look at Application Audit to see what activity is occurring.
You can watch “Detecting Insider Threats with Multi-layered Mainframe Security”, a joint webcast with Compuware and RSM Partners hosted by IBM Systems Magazine, to get a better idea of how these tools can work together. Compuware Product Manager John Crossno and RSM Technical Director Mark Wilson:
- Discuss the state of mainframe security today
- Explain how to close mainframe security gaps and reach compliance
- Describe the advantages of leveraging system- and application-level security solutions together
You may think it’s less likely for hackers to infiltrate your mainframe over other enterprise systems, but given the rise of insider threats that could compromise sensitive, mission-critical assets your mainframe protects, it’s not enough to rely on the platform’s inherent security. You need to keep vigil of activity that isn’t readily visible and have the means to analyze it. Used together, Compuware and RSM Partners’ mainframe cybersecurity tools can enable that for you.
Learn more about Application Audit.