Insider threats

Stay Ahead of Insider Threats to Mainframe Systems

[Average: 5]

Many assume that because the mainframe was designed with security in mind, the business-critical applications and data residing on it reflect the same level of protection. However, the rise of insider threats on the mainframe is a growing concern that puts this sensitive information at risk of malicious activity.

In Cisco’s 2016 Annual Security Report, 47 percent of respondents indicated internal security breaches are a significant threat to their organizations, shadowed only by malicious software downloads (54 percent). A December 2016 report from McAfee Labs, as reported in CIO Insight, showed a 67-percent increase in security breaches at respondents’ companies, demonstrating a decline in effective security measures.

On the mainframe, a typical hacker would have significant trouble accessing applications and data; however, it’s possible for them to obtain authorized users’ credentials to access sensitive information under the radar.

Whether insider threats stem from employees or people posing as them, you likely don’t have advanced enough tools or deep enough visibility to know who’s doing what in your mainframe environment, when, how or why. What’s more, there’s no feasible way to pick up on what’s happening in real time.

Mainframe Security Monitoring Shortcomings

Mainframe SMF data and disparate logs that are processed to produce audit reports offer limited visibility and exclude critical information about users, such as who they are, what they were doing when or how they found access to something in the first place.

Without a good view of mainframe activity from the user’s perspective, what happens after an unauthorized user gets their hands on an authorized user’s credentials and gains unapproved access to sensitive mainframe applications or data?

It could damage your company’s reputation with customers, or cause it to suffer penalties for failing to comply with security policies or tightening government regulations, such as the General Data Protection Regulation (GDPR) slated to come into full force in May 2018.

To catch bad behavior sooner and avoid these potentially catastrophic situations, companies can’t continue relying on SMF and log records, which primarily notify you of security violations after a user does something to put sensitive applications and data at risk.

Compuware Application Audit web UI

Compuware Application Audit for Mainframe Cybersecurity and Compliance

Application Audit is Compuware’s mainframe cybersecurity and compliance solution, providing an auditor-friendly web UI to help mainframe-inexperienced security personnel manage the criteria for the data being captured from their mainframe.

Application Audit helps security teams:

  • Deter insider threats by capturing and analyzing start-to-finish user session activity
  • Integrate user behavior intelligence with popular SIEM engines to analyze the overall application environment
  • Support criminal/legal investigations with complete and credible forensics
  • Fulfill compliance mandates regarding protection of sensitive data

Application Audit provides a good view of mainframe activity and pushes information on that activity to your security information and event management (SIEM) engine like Splunk for the advantage of combining mainframe data related to application usage with data collected from other systems in your enterprise, either directly or in combination with CorreLog®, zDefender™ for z/OS or Syncsort Ironstream®.

Compuware Application Audit | Splunk | Syncsort | Correlog

Application Audit also gives you access to an out-of-the-box Splunk-based dashboard where you can analyze several statistics around user behavior.

Compuware Application Audit Splunk dashboard

No company or industry is free from the risk of insider breaches, nor is any platform, including the mainframe, where your company runs its most sensitive, mission-critical applications and data. Just as a company needs to know how programs and data interact with each other, they need to know how users interact with the environments in which those assets exist.

Application Audit allows you to keep a closer eye on what’s going on in your mainframe environment, giving you unprecedented visibility from an end user’s perspective into:

  • Who sees what data
  • What they do with that data
  • When that data is accessed
  • How they gain access to that data

Only with the proper auditing tool can your company keep a closer eye on what’s going on in its mainframe environment and fight against growing insider threats. To learn more about how Compuware Application Audit can help your company improve the security of its mainframe environment, watch this demo.

The following two tabs change content below.

John Crossno

John Crossno is the Product Manager for Compuware’s Security Solutions. In addition to his history of a pragmatic approach to product management in various mainframe software and storage environments, he has an extensive background in development and field technical services.