Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protected?

792 views

Published on

Businesses and governments alike are experiencing an alarming rate of malicious activity from both external and internal actors.

Not surprisingly, mission-critical mainframe applications make for desirable targets with large repositories of enterprise customer sensitive data. Mainframe environments are increasingly at risk opening accesses through the internet, mobile initiatives, big data initiatives, social initiatives, and more to drive the business forward. Additionally, there are some security challenges that are specific to the mainframe - traditional protection methods are no longer enough, insider threats are also on the rise, mainframe environments could be more vulnerable with reliance on privilege users to administer security, silo-ed mainframe IT management, limited ownership visibility, and lack of uniformed security management across the enterprise.

View this on-demand webcast to learn more about specific mainframe data protection challenges, top tips for protecting sensitive data, and key data protection capabilities that you should consider to address these challenges.

Register here for the playback: https://event.on24.com/wcc/r/1461947/D9664CC82EC641AA58D35462DB703470

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protected?

  1. 1. Your Mainframe Environment Is a Treasure Trove: Is Your Sensitive Data Protected? Data protection with visibility and control 8 August 2017 Peter Mandel Guardium Product Manager mandel@us.ibm.com
  2. 2. 2© 2015 IBM Corporation Attackers break through conventional safeguards every day Source: IBM X-Force Threat Intelligence Index - 2017 $7M average cost of a U.S. data breachaverage time to identify data breach 206 days 2014 1B+ records breached 2015 Healthcare mega-breaches 2016 4B+ records breached
  3. 3. 3 IBM Security What’s on the inside counts Your next attacker is likely to be someone you thought you could trust.** **Source: IBM X-Force Research 2016 Cyber Security Intelligence Index 60% of all attacks are caused by insider threats**
  4. 4. 4 IBM Security Not all insider threats are created equal Employees with privileged access to sensitive data carry the greatest risks! Who represents an insider threat?  An inadvertent actor  A malicious employee  A 3rd party/partner with access to sensitive data (And falls into one of the categories above) Image Source: IBM X-Force Research 2016 Cyber Security Intelligence Index
  5. 5. 5 IBM Security How are most companies combating insider threats today? 61% of organizations do not monitor and audit the actions of users with privileges more closely than non- privileged users* *According to a 2015 UBM study of more than 200 organizations 70% of organizations do not have a data security solution that supports entitlement reporting*
  6. 6. 6 IBM Security Today’s technologies have eliminated “mainframe isolation” The increasingly desirable target of the mainframe % of all active code runs on the mainframe80 % of enterprise data is housed on the mainframe80 Internet Cloud Social Mobile Big Data Business Innovation
  7. 7. 7 IBM Security Key concerns Mainframe customers are more vulnerable to security incidents: Source: IBM Webinar 2/6/2014, Security Intelligence Solutions for System z and the Enterprise “As mainframes become a major component in service- oriented architectures, they are increasingly exposed to malware. Web services on the mainframe have significantly impacted security.” Meenu Gupta President, Mittal Technologies Inc. The solution… % concerned with privileged insiders50% concerned with advanced persistent threats21 % concerned with web- enabled z/OS apps29 % of customers agree that deploying multiple layers of defense provides the best mainframe protection86
  8. 8. 8 IBM Security 8 Can you prove that privileged users have not inappropriately accessed or jeopardized the integrity of your sensitive customer, financial and employee data?
  9. 9. 9 IBM Security Where is the sensitive data? How to prevent unauthorized activities? How to protect sensitive data to reduce risk? How to secure the repository? Discovery Classification Identity & Access Management Activity Monitoring Blocking Quarantine Masking Encryption Vulnerability Assessment Who should have access? What is actually happening? Discover Harden Monitor Block Mask Data Security best practices
  10. 10. 10 IBM Security Comprehensive protection requires watchfulness and control  Watch sensitive data & data access all the time  Monitor it everywhere it lives  Protect against unauthorized access  Easily review results and monitor your data security heartbeat
  11. 11. 11 IBM Security Automated analytics can highlight behavioral risks … Apply machine learning & intelligence to uncover behavioral changes and risks 1. Policy-based, real-time monitoring* reveals behavior patterns over time 2. Analytics run and anomalies are surfaced 3. Anomalies are sent for manual review OR triggers action *including actions by privileged users
  12. 12. 12 IBM Security … and specialized threat detection analytics can spot and stop attack symptoms early • Scan and analyze data to detect symptoms of data repository attacks • Look for specific patterns of events and behaviors that indicate trouble • Identify both SQL injections and malicious stored procedures • Do not rely on attack signature dictionary comparisons (they go out of date quickly) Drill down on any aspect of a threat
  13. 13. 13 IBM Security Security challenges specific to the mainframe: Lack of visibilityIncreasing complexity Ensuring complianceRising costs Mainframe security administration is typically a manual operation and relies upon old and poorly-documented scripts; highly-skilled mainframe administration resources are limited Compliance verification is a manual task with alerts coming only AFTER a problem has occurred, if at all! The mainframe is an integral component of many large business services, making managing security threats extremely complex creating a higher risk to the business Mainframe processes, procedures, and reports are often siloed from the rest of the organization
  14. 14. 14 IBM Security But System z is already secure – why do we need more?  Separation of duties – Privileged users “need to know” vs abuse or mistake – Trace-based auditing controlled by privileged users – System Authorization Facility (SAF) plays a vital role in protection of data on z/OS, but is not tamper-resistant and actionable  Achieving audit readiness is labor-intensive and introduces latency – RACF lacks sufficient granularity for reporting – DB2 Audit Trace requires externalization to SMF and customer provided reporting infrastructure  Real-time event collection – Batch processing of audit data from external sources prevents real time alerts
  15. 15. 15 IBM Security Guardium helps secure mission-critical mainframe data Guardium extends z Systems data security to provide  End-to-End access rights management and controls  Separation of Duty (SOD) with privilege users  Real-time data activity monitoring and actionable alerts  Block unauthorized database activities & quarantine at risk users  Low monitoring overhead, can be offloaded to zIIP  Proof points to quickly and efficiently meet audit requirements  Lower cost and complexity of meeting compliance Guardium enhances mainframe security intelligence  Single consolidated view of security events across the entire enterprise  Bi-directional integration with Qradar, send alerts to Guardium of asset risks such as rogue users and IP addresses  Machine learning and outlier activities detection, send real-time alerts for investigation  Enterprise-wide search and forensics investigation of anomalous events
  16. 16. 16 IBM Security Guardium for System z: Components  Guardium Collector appliance for System z ̶ Securely stores audit data collected on the mainframe ̶ Provides analytics, reporting & compliance workflow automation ̶ Integrated with Guardium enterprise architecture  Centralized, cross-platform audit repository for enterprise-wide analytics and compliance reporting across mainframe & distributed environments • S-TAP (for DB2, IMS or Data Sets) on z/OS event capture ̶ Mainframe probe ̶ Collects audit data for Guardium appliance ̶ Collection profiles managed on the Guardium appliance ̶ Extensive filtering available to optimize data volumes and performance ̶ Enabled for zIIP processing ̶ Audit data streamed to appliance – small mainframe footprint 16
  17. 17. 17 IBM Security Guardium for DB2/z protection • Capture all database activities on DB2 for z/OS ̶ Including: SELECTs, DML, DDL, and authorization changes • Very low performance overhead (typically less than using DB2 traces) ̶ zIIP eligible processes • Flexible filtering ̶ Helps manage data volume and performance overhead • Direct streaming of audit data • Centralized interaction ̶ Goes through the Guardium appliance • Common event collection ̶ Is supported with IBM Query Monitor
  18. 18. 18 IBM Security Guardium for Datasets protection • Activity monitoring for files outside of a DBMS ̶ Monitor VSAM files, PDS, sequential file access activity • Why should we monitor data store outside a DBMS? ̶ Sensitive data may be stored in these files ̶ DB2 and IMS store data in VSAM files • Utilities operate directly on the VSAM LDS files • Guardium for Datasets reports when the VSAM LDS files are accessed ̶ Monitor and audit configuration files ̶ Capture CICS transaction information and identify the CICS sign-on that was used for a specific file access event
  19. 19. 19 IBM Security Guardium for IMS protection • Monitor all READ, INSERT, UPDATE and DELETE access to databases and segments • Applies to IMS Batch and IMS Online regions • You can select which calls to audit per target ̶ For example: all databases, all segments, one DB and one segment of the DB, etc. ̶ Each segment can have different calls audited • When a call is collected, all relevant information is captured • call type, userid, PSB name, DBName, Segment Name, etc.
  20. 20. 20 IBM Security Pervasive Encryption: Multiple layers of data privacy protection App Encryption hyper-sensitive data Database Encryption Provide protection for sensitive data in- use at DB level, in-flight & at-rest File or Dataset Level Encryption Provide broad coverage for sensitive data using encryption tied to access control for in-flight & at-rest data protection (from unauthorized copying of the files) Full Disk and Tape Encryption Provide 100% coverage for in-flight & at-rest data with zero host CPU cost Coverage Complexity&SecurityControl Protection against intrusion, tamper or removal of physical infrastructure Broad protection & privacy managed by OS… ability to eliminate storage admins from compliance scope Granular privacy protection from DB Privilege Users accesses … selective encryption & key management to control sensitive data access Data protection & privacy provided and managed by the application… encryption of sensitive data when lower levels of encryption not available or suitable
  21. 21. 21 IBM Security Filters and Sort Controls Result History Current Test Results Detailed Remediation Suggestions Harden DB2/z further with Vulnerability Assessment Prioritized Breakdown Detailed Test Results Identify key APARs and mis-configured systems
  22. 22. 22 IBM Security Chosen by leading organizations worldwide to secure sensitive data 5 of the top 5 global banks XX Protecting access to over $10,869,929,241 in financial assets 2 of the top 3 global retailers XX Safeguarding the integrity of 2.5 billion credit card or personal information transactions per year 5 of the top 6 global insurers Protecting more than 100,000 databases with personal and private information Top government agencies Safeguarding the integrity of the world’s government information and defense 8 of the top 10 telcos worldwide Maintaining the privacy of over 1,100,000,000 subscribers 4 of the top 4 global managed healthcare providers Protecting access to 136 million patients private information The most recognized name in PCs Protecting over 7 million credit card transactions per year
  23. 23. ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions © Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. FOLLOW US ON: THANK YOU

×