SlideShare a Scribd company logo

An Introduction to zOS Real-time Infrastructure and Security Practices

Jerry Harding
Jerry Harding

This document discusses security threats to IBM mainframe systems running z/OS and introduces a real-time security monitoring solution called SMA_RT. It notes that existing security tools like RACF only provide batch auditing and monitoring, leaving systems vulnerable. SMA_RT was developed to enhance security by detecting malicious insider activity in real-time, identifying internal abuse patterns, and meeting government monitoring mandates. The document claims SMA_RT protects against insider threats unlike any other commercial mainframe software and works with other security tools to provide complete enterprise threat monitoring.

1 of 7
Download to read offline
Copyright 2015 and 2016 (©) Jerry Harding, Stephen D. Rubin, Inc. and William Buriak All Rights Reserved Worldwide. An Introduction to a z/OS Real-time Infrastructure and Security Practices Introduction: Today’s world of state sponsored computer-crime has greatly increased both the sophistication and volume of unauthorized attacks and theft of highly sensitive information both for the government and private corporations. It was reported by government officials that annual losses to U.S. firms attributed to hacking-related attacks alone amounted to billions. This malevolent hacking behavior amounts to Cyber war. In this world the CSO can’t assume that individual departments processing key company assets such as credit cards, or health and customer account records, etc. are safe unless the whole corporate enterprise has the proper protections in place. The Cyber- criminal will look for weaknesses throughout the whole IT enterprise as points of entry and z/OS systems are very large enticing targets. An equal if not greater challenge to the CSO is that of malicious activity by internal company employees. Many security practices and technologies have been designed to detect external cybersecurity threats to network security. However, they may not be sufficient enough to detect an employee with authorized access working with sensitive corporate data from conducting unauthorized activities. Employees with Sys/ID access if left unchecked may have the opportunity to divert company funds to their own accounts, alter data, down load confidential data and more. IBM mainframes running zSeries/Operating System (z/OS) play an important role within most corporations and government agencies. Web connections to data residing on the z/OS mainframe platform through z/OS Web Services, CICS and TSO have added functionality to legacy processing and brought transaction processing to new levels. It has also introduced a new perception of vulnerability. Mainframe z/OS Security Administrators sometimes view it as opening up the mainframe to “intruders.”
Copyright 2015 and 2016 (©) Jerry Harding, Stephen D. Rubin, Inc. and William Buriak All Rights Reserved Worldwide. Protecting z/OS systems and their data is as equally important as protecting all client operating systems, servers and firewalls. But regardless of the industry or the regulation mandate, every organization is at risk of losing information. (I know first-hand after receiving a letter from the US Office of Personnel Management on the status of my own personal information). Information security breaches may go beyond organizational boundaries and exposes them to unwanted legal actions. Security exposures derived from the theft of data has led to three class action law suits against the former Secretary of Veterans Affairs. The security breach affected 26.5 million records with a VA estimate of between $100 million and $500 million to prevent and cover possible losses from data theft. Unfortunately security is not always the highest priority in an organization until it is named in the lead story on the evening news or Wall Street Journal and you are requested to testify before Congress. Organizations must focus on ways to monitor z/OS security by thinking outside the box and to develop an efficient security framework to monitor security settings and protect confidential data from ‘bad guys’ in an effective and economical manner. They must explore the tools that are available for developing such a security framework. The Problem: There are three security products available on the IBM z/OS mainframe platform. These products are: IBM’s RACF (Resource Access Control Facility) and Computer Associates’ ACF2 (Access Control Facility 2) and TSS (Top Secret Security, not to be confused with Department of Defense top secret security clearances). RACF, ACF2 and TSS simply either allow or dis-allow access to a resource. They only provide auditing and monitoring processing by running a batch
Copyright 2015 and 2016 (©) Jerry Harding, Stephen D. Rubin, Inc. and William Buriak All Rights Reserved Worldwide. process the following day or by special request if a specific event is being investigated (after the fact). It is common practice for corporations and federal agencies to license Security Information Event Monitoring (SIEM) products like HP Arcsight and security log collection software like Splunk. Some organizations may have SIEM software but are not sending their z/OS security logs to the SIEM product. Instead they remain dependent on a z/OS security administrator to run batch jobs to monitor security events or breaches. This is what we refer to as the “fox guarding the hen house” scenario. It violates good security practices and federal mandates for separation of duty. SIEM products allow for the monitoring of security logs and events by receiving client server and firewall security logs in Real-Time1 . However, the software vendors have failed to provide the same Real-Time capabilities from z/OS. Instead they mostly use an interval scheduled batch process followed by an FTP to move the data across the network to the security log collector. This design often overloads the network and prolongs the analysis of a possible security breach. All of these examples violate a host of regulations and demonstrate a bad continuous z/OS security monitoring practice. Hardening Your Organizations’ z/OS Real-Time Infrastructure An attack, especially on DB2 z/OS to obtain the privilege settings of the DB2 System Administrator, allows for a stealthy security breach. Therefore, it is no longer efficient or safe to rely solely on batch reporting and mainframe security systems that work strictly inside the mainframe, only recording incidents where security has been violated. It is now possible to use products to monitor z/OS mainframe security from outside the mainframe itself and to track events EVEN IF THE USER HAS THE PROPER AUTHORITIES. Companies should not wait for the incident to happen and make newspaper headlines before they consider their own security issues. Although the cost of protecting data effectively is high, the cost of a security breach is even higher considering the new laws governing the compromise of data. Companies can breathe a sigh of relief now that there is cost effective and comprehensive mainframe software available in the market. Some products meet the current needs of the corporations in the area of securing confidential records of their own businesses as well as of their clients, and 1 Definition of Real-Time Computing: of or relating to a system in which input data is processed within milliseconds so that it is available
Copyright 2015 and 2016 (©) Jerry Harding, Stephen D. Rubin, Inc. and William Buriak All Rights Reserved Worldwide. have all the qualities that are required to counter today’s security threats. They work efficiently with existing z/OS security products and make use of SMF and console messages in appropriate ways. They are capable of tracking audited events, several types of insider threats, delivering mainframe alerts in Real-Time and easily integrating with other existing security monitors. Here are some criteria that you may consider when evaluating a z/OS security monitoring product for your organization: • Scalable • Ease of use • Real-Time 24/7 access to resources and other event monitoring • Eliminating unwanted events by employing customer defined filters • Promotes true audit independence and analysis, with decimal data presented in a clear- text format so it may be interpreted by non-technical personnel within the IT organization. • Facilitates spot security checks ‘anytime’ outside of the standard quarterly security audit • Ease of configuration and installation • Small footprint of mainframe processing and minimum performance impact on mainframe systems So, don’t let data breaches derail your career, or more importantly, your boss’s. Proactive companies, having a track record of monitoring security logs from outside the box, are in the forefront of Government requirements and have a solid framework in place to manage z/OS data and its associated risks. Doing so puts you, regardless of your industry, in a better competitive position, with an ideal security posture that will allow them to participate in the very important data-sharing evolution taking place. The Solution: Type80 Security Software, Inc. (Type80) develops and markets proprietary Real-Time event notification software for insider threats and intrusion detection against IBM mainframe computers running on z/OS. Type80’s primary software product is called Security Monitor Alerts in Real-Time (SMA_RT). SMA_RT enhances the collection and analysis of the insider and foreign threat to organizations and our national infrastructure by: • Detecting malicious activity, including an insider’s actions that have been authorized by existing security settings • Protecting against insider threats unlike any other commercial mainframe software available • Identifying internal patterns of abuse • Meeting Government Security Requirements and Mandates for continuous monitoring of computer systems, separation of duties, and file integrity monitoring
Copyright 2015 and 2016 (©) Jerry Harding, Stephen D. Rubin, Inc. and William Buriak All Rights Reserved Worldwide. • Working in tandem with all other client, server and firewall security monitoring products already deployed to provide complete Real-Time enterprise-wide threat management coverage • Saving hundreds of hours searching through batch reports when investigating a security breach The delivery of security events in Real-Time is an important aspect of any robust security program, and may be required to maintain compliance with the various continuous monitoring initiatives within your organization. Type80’s SMA_RT software does exactly that by enabling the Security Operations Center (SOC) to know the true security state of mainframe security moment by moment and when working in concert with a SIEM product, allows authorized SOC personnel to take the appropriate actions associated with the level of the security breach. SMA_RT does this by Real-Time capturing system management function (SMF) log data, operating system messages, application program messages, database messages, TSO (time- sharing option) messages and customer-specific events generated by using our API (application programming interface for customized event monitoring within an application program running on the mainframe). These input streams are used to determine possible security attacks or customer defined event violations on the mainframe by using a combination of configurable security rules and basic anomaly detection abilities. It is possible to have organizations running multiple z/OS mainframes using different security products (RACF, ACF2 or TSS) along with different SIEM and security log collection products (HP Arcsight, Splunk, Dell SecureWorks, LogRhythm, etc.). How would one central Cyber Security Center be able to oversee and monitor mainframe logs from all of the various products?
Copyright 2015 and 2016 (©) Jerry Harding, Stephen D. Rubin, Inc. and William Buriak All Rights Reserved Worldwide. The SMA_RT software runs independent of each of the corporations’ or federal agencies z/OS mainframe security products, their selection of SIEM and security log collection software, and sends mainframe logs and event notifications to multiple locations. This transparency allows the local mainframe Security Administrators to perform their normal duties, the local SOC to perform theirs, and permits a Managed Services Cyber Security Center to monitor mainframe logs and events from several customers in Real-Time. DB2®, CICS®, SMF®, and z/OS® are registered trademarks of International Business Machines. All references to them and field names remain the property of International Business Machines Corporation. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. While we take every care to ensure the accuracy of the information contained in this material, the facts estimates and opinions stated are based on information and sources which, while we believe them to be reliable, are not guaranteed. In particular, it should not be relied upon as the sole source of reference in relation to the subject matter. No liability can be accepted by the authors for any loss occasioned to any person or entity acting or failing to act as a result of anything contained in or omitted from the content of this material, or our conclusions as stated. About the Authors Stephen D. Rubin Stephen D. Rubin is the founder and president of MMI. Under his leadership MMI has a track record of 20 years of financial success in creating business markets for information technology services (IT) across North America. Areas of business include training, consulting services, and software. MMI has trained over 3,000 IT students representing over 400 corporations in database design, information security, capacity planning and distributed application development. Professional service engagements have included information security, server consolidation, and the auditing of capacity planning and chargeback methodologies for both public and private sectors. Stephen has authored white papers to drive market recognition and helped create the United States marketplace for a European software start-up client. William Buriak William Buriak has over 25 years of information technology experience with an extensive background in financial services, healthcare, and technical and management consulting. Bill is a Senior Executive with demonstrated experience in planning, developing, and implementing cost effective, innovative solutions to address complex business problems. He has broad recognized experience in managing mainframe systems, Web based, and distributed systems. He has extensive qualifications including vendor management, consensus building, and strategic
Copyright 2015 and 2016 (©) Jerry Harding, Stephen D. Rubin, Inc. and William Buriak All Rights Reserved Worldwide. planning skills. Currently working in the Security Engineering area of a major world bank, Mr. Buriak is responsible for compliance and control of a large number of global products. Jerry Harding Jerry Harding is CEO of Type80 Security Software, Inc. He has over 25 years of mainframe Systems Programming experience, providing professional services to commercial clients and government agencies. He also has over 15 years of security experience including providing training to NATO’s Counterintelligence Agency (ACE CI), the Supreme Headquarters Allied Powers Europe (SHAPE), as well as other public and private organizations. About Type80: Type80 Security Software is an IBM Business Partner in software development and was founded by experts in the areas of mainframe z/OS Systems Programming and Information Security. The company draws from a diverse background, from providing cybersecurity training to NATO counter intelligence, conducting enterprise-wide security assessments for companies maintaining the nation's critical infrastructure, and developing high-level mainframe applications for major financial institutions. Our primary software product is called SMA_RT (Security Monitor Alerts in Real-Time). Our SMA_RT software development began in 1998, the product availability was announced in 2002, and awarded a US Patent in 2007, making it the first Real-Time mainframe intrusion detection, z/OS SIEM agent and log event processing software of its kind. SMA_RT has been deployed across four continents with commercial customers in the Financial, Banking, Payment Card Processing, Automobile Importers, Retail Sales, International Hotel/Travel, Corporate Management, HealthCare, Insurance, Educational, Telecommunications and Home Security industries. Please visit our website at www.type80.com and contact us or one of our preferred reseller partners for additional information or if you have any questions on our software.

Recommended

Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White Paper
NetIQ
 
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataX-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
IBM Security
 
DB2 Security Thinking Outside the Box
DB2 Security Thinking Outside the BoxDB2 Security Thinking Outside the Box
DB2 Security Thinking Outside the BoxJerry Harding
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
DMI
 
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM Security
 
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframeBig Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Precisely
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
IBM Security
 
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence QuarterlyIBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM Security
 

Recommended

Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White Paper
NetIQ
 
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataX-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
IBM Security
 
DB2 Security Thinking Outside the Box
DB2 Security Thinking Outside the BoxDB2 Security Thinking Outside the Box
DB2 Security Thinking Outside the BoxJerry Harding
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
DMI
 
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM Security
 
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframeBig Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Precisely
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
IBM Security
 
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence QuarterlyIBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM Security
 
Information security trends and concerns
Information security trends and concernsInformation security trends and concerns
Information security trends and concerns
John Napier
 
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
IBM Security
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
Patrick Bouillaud
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
IBM Security
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
DMIMarketing
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_print
james morris
 
Data Breaches: Is IBM i Really at Risk?
Data Breaches: Is IBM i Really at Risk?Data Breaches: Is IBM i Really at Risk?
Data Breaches: Is IBM i Really at Risk?
HelpSystems
 
The 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach StudyThe 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach Study
IBM Security
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business Case
Enterprise Technology Management (ETM)
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
Murray Security Services
 
Intellinx.z watch
Intellinx.z watchIntellinx.z watch
Intellinx.z watch
Jim Porell
 
REAL TIME ENDPOINT INSIGHTS
REAL TIME ENDPOINT INSIGHTS REAL TIME ENDPOINT INSIGHTS
REAL TIME ENDPOINT INSIGHTS
Accelerite
 
Information security
Information securityInformation security
Information security
LJ PROJECTS
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...SafeNet
 
Intellinx overview.2010
Intellinx overview.2010Intellinx overview.2010
Intellinx overview.2010
Jim Porell
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
IBM Security
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
IBM Security
 
What's your approach. ethikos article
What's your approach. ethikos articleWhat's your approach. ethikos article
What's your approach. ethikos article
Jyoti Pandey
 
Assignment 2
Assignment 2Assignment 2
Assignment 2Domardine
 
Article on Sustainability Rporting in ethikos
Article on Sustainability Rporting in ethikosArticle on Sustainability Rporting in ethikos
Article on Sustainability Rporting in ethikosJyoti Pandey
 
What's your approach. ethikos article
What's your approach. ethikos articleWhat's your approach. ethikos article
What's your approach. ethikos articleJyoti Pandey
 

More Related Content

What's hot

Information security trends and concerns
Information security trends and concernsInformation security trends and concerns
Information security trends and concerns
John Napier
 
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
IBM Security
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
Patrick Bouillaud
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
IBM Security
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
DMIMarketing
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_print
james morris
 
Data Breaches: Is IBM i Really at Risk?
Data Breaches: Is IBM i Really at Risk?Data Breaches: Is IBM i Really at Risk?
Data Breaches: Is IBM i Really at Risk?
HelpSystems
 
The 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach StudyThe 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach Study
IBM Security
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business Case
Enterprise Technology Management (ETM)
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
Murray Security Services
 
Intellinx.z watch
Intellinx.z watchIntellinx.z watch
Intellinx.z watch
Jim Porell
 
REAL TIME ENDPOINT INSIGHTS
REAL TIME ENDPOINT INSIGHTS REAL TIME ENDPOINT INSIGHTS
REAL TIME ENDPOINT INSIGHTS
Accelerite
 
Information security
Information securityInformation security
Information security
LJ PROJECTS
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...SafeNet
 
Intellinx overview.2010
Intellinx overview.2010Intellinx overview.2010
Intellinx overview.2010
Jim Porell
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
IBM Security
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
IBM Security
 

What's hot (18)

Information security trends and concerns
Information security trends and concernsInformation security trends and concerns
Information security trends and concerns
 
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_print
 
Data Breaches: Is IBM i Really at Risk?
Data Breaches: Is IBM i Really at Risk?Data Breaches: Is IBM i Really at Risk?
Data Breaches: Is IBM i Really at Risk?
 
The 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach StudyThe 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach Study
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business Case
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - Web
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
 
Intellinx.z watch
Intellinx.z watchIntellinx.z watch
Intellinx.z watch
 
REAL TIME ENDPOINT INSIGHTS
REAL TIME ENDPOINT INSIGHTS REAL TIME ENDPOINT INSIGHTS
REAL TIME ENDPOINT INSIGHTS
 
Information security
Information securityInformation security
Information security
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
 
Intellinx overview.2010
Intellinx overview.2010Intellinx overview.2010
Intellinx overview.2010
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
 

Viewers also liked

What's your approach. ethikos article
What's your approach. ethikos articleWhat's your approach. ethikos article
What's your approach. ethikos article
Jyoti Pandey
 
Assignment 2
Assignment 2Assignment 2
Assignment 2Domardine
 
Article on Sustainability Rporting in ethikos
Article on Sustainability Rporting in ethikosArticle on Sustainability Rporting in ethikos
Article on Sustainability Rporting in ethikosJyoti Pandey
 
What's your approach. ethikos article
What's your approach. ethikos articleWhat's your approach. ethikos article
What's your approach. ethikos articleJyoti Pandey
 
Presentation pain management
Presentation pain managementPresentation pain management
Presentation pain managementDr Lekan Bello
 
What we measure may deserve a shift in focus...
What we measure may deserve a shift in focus...What we measure may deserve a shift in focus...
What we measure may deserve a shift in focus...
Jyoti Pandey
 
Matt Rawson CV 2015
Matt Rawson CV 2015Matt Rawson CV 2015
Matt Rawson CV 2015Matt Rawson
 
모션그래픽 중간발표 _ 박혜진
모션그래픽 중간발표 _ 박혜진모션그래픽 중간발표 _ 박혜진
모션그래픽 중간발표 _ 박혜진semohyejin
 
Top 10 Web Hacks 2013
Top 10 Web Hacks 2013Top 10 Web Hacks 2013
Top 10 Web Hacks 2013
Matt Johansen
 
Top 10 Web Hacks 2012
Top 10 Web Hacks 2012Top 10 Web Hacks 2012
Top 10 Web Hacks 2012
Matt Johansen
 
모션그래픽 기말발표
모션그래픽 기말발표모션그래픽 기말발표
모션그래픽 기말발표semohyejin
 
Considerations for UC and cloud deployments
Considerations for UC and cloud deploymentsConsiderations for UC and cloud deployments
Considerations for UC and cloud deployments
Todd Landry
 
DB2 Security Thinking Outside the Box
DB2 Security Thinking Outside the BoxDB2 Security Thinking Outside the Box
DB2 Security Thinking Outside the Box
Jerry Harding
 
Overview of UNIVERGE 3C
Overview of UNIVERGE 3COverview of UNIVERGE 3C
Overview of UNIVERGE 3CTodd Landry
 

Viewers also liked (15)

What's your approach. ethikos article
What's your approach. ethikos articleWhat's your approach. ethikos article
What's your approach. ethikos article
 
Assignment 2
Assignment 2Assignment 2
Assignment 2
 
Article on Sustainability Rporting in ethikos
Article on Sustainability Rporting in ethikosArticle on Sustainability Rporting in ethikos
Article on Sustainability Rporting in ethikos
 
What's your approach. ethikos article
What's your approach. ethikos articleWhat's your approach. ethikos article
What's your approach. ethikos article
 
Presentation pain management
Presentation pain managementPresentation pain management
Presentation pain management
 
What we measure may deserve a shift in focus...
What we measure may deserve a shift in focus...What we measure may deserve a shift in focus...
What we measure may deserve a shift in focus...
 
Matt Rawson CV 2015
Matt Rawson CV 2015Matt Rawson CV 2015
Matt Rawson CV 2015
 
모션그래픽 중간발표 _ 박혜진
모션그래픽 중간발표 _ 박혜진모션그래픽 중간발표 _ 박혜진
모션그래픽 중간발표 _ 박혜진
 
Top 10 Web Hacks 2013
Top 10 Web Hacks 2013Top 10 Web Hacks 2013
Top 10 Web Hacks 2013
 
Top 10 Web Hacks 2012
Top 10 Web Hacks 2012Top 10 Web Hacks 2012
Top 10 Web Hacks 2012
 
모션그래픽 기말발표
모션그래픽 기말발표모션그래픽 기말발표
모션그래픽 기말발표
 
Woodbury sitemap r5
Woodbury sitemap r5Woodbury sitemap r5
Woodbury sitemap r5
 
Considerations for UC and cloud deployments
Considerations for UC and cloud deploymentsConsiderations for UC and cloud deployments
Considerations for UC and cloud deployments
 
DB2 Security Thinking Outside the Box
DB2 Security Thinking Outside the BoxDB2 Security Thinking Outside the Box
DB2 Security Thinking Outside the Box
 
Overview of UNIVERGE 3C
Overview of UNIVERGE 3COverview of UNIVERGE 3C
Overview of UNIVERGE 3C
 

Similar to An Introduction to zOS Real-time Infrastructure and Security Practices

Big Data Analytics Solutions
Big Data Analytics SolutionsBig Data Analytics Solutions
Big Data Analytics Solutions
harman041
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
IBM Security
 
NIST-Cloud-Presentation-Industry-Day-Release.pptx
NIST-Cloud-Presentation-Industry-Day-Release.pptxNIST-Cloud-Presentation-Industry-Day-Release.pptx
NIST-Cloud-Presentation-Industry-Day-Release.pptx
KellyMcBrair
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
DMIMarketing
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSridhar Karnam
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
IBM Security
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
wbesse
 
cybersecurity_alert_feb_12_2015
cybersecurity_alert_feb_12_2015cybersecurity_alert_feb_12_2015
cybersecurity_alert_feb_12_2015Paul Ferrillo
 
Clearswift f5 integration
Clearswift f5 integrationClearswift f5 integration
Clearswift f5 integration
Marco Essomba
 
10 Security issues facing NZ Enterprises
10 Security issues facing NZ Enterprises10 Security issues facing NZ Enterprises
10 Security issues facing NZ Enterprises
Nigel Hanson
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
Splunk
 
Key elements of security threat
Key elements of security threatKey elements of security threat
Key elements of security threat
Araf Karsh Hamid
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
GFI Software
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
cuddietheresa
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
salmonpybus
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 

Similar to An Introduction to zOS Real-time Infrastructure and Security Practices (20)

Big Data Analytics Solutions
Big Data Analytics SolutionsBig Data Analytics Solutions
Big Data Analytics Solutions
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
NIST-Cloud-Presentation-Industry-Day-Release.pptx
NIST-Cloud-Presentation-Industry-Day-Release.pptxNIST-Cloud-Presentation-Industry-Day-Release.pptx
NIST-Cloud-Presentation-Industry-Day-Release.pptx
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWP
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
 
cybersecurity_alert_feb_12_2015
cybersecurity_alert_feb_12_2015cybersecurity_alert_feb_12_2015
cybersecurity_alert_feb_12_2015
 
Network monitoring white paper
Network monitoring white paperNetwork monitoring white paper
Network monitoring white paper
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
Clearswift f5 integration
Clearswift f5 integrationClearswift f5 integration
Clearswift f5 integration
 
10 Security issues facing NZ Enterprises
10 Security issues facing NZ Enterprises10 Security issues facing NZ Enterprises
10 Security issues facing NZ Enterprises
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
 
Key elements of security threat
Key elements of security threatKey elements of security threat
Key elements of security threat
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
 

An Introduction to zOS Real-time Infrastructure and Security Practices

  • 1. Copyright 2015 and 2016 (©) Jerry Harding, Stephen D. Rubin, Inc. and William Buriak All Rights Reserved Worldwide. An Introduction to a z/OS Real-time Infrastructure and Security Practices Introduction: Today’s world of state sponsored computer-crime has greatly increased both the sophistication and volume of unauthorized attacks and theft of highly sensitive information both for the government and private corporations. It was reported by government officials that annual losses to U.S. firms attributed to hacking-related attacks alone amounted to billions. This malevolent hacking behavior amounts to Cyber war. In this world the CSO can’t assume that individual departments processing key company assets such as credit cards, or health and customer account records, etc. are safe unless the whole corporate enterprise has the proper protections in place. The Cyber- criminal will look for weaknesses throughout the whole IT enterprise as points of entry and z/OS systems are very large enticing targets. An equal if not greater challenge to the CSO is that of malicious activity by internal company employees. Many security practices and technologies have been designed to detect external cybersecurity threats to network security. However, they may not be sufficient enough to detect an employee with authorized access working with sensitive corporate data from conducting unauthorized activities. Employees with Sys/ID access if left unchecked may have the opportunity to divert company funds to their own accounts, alter data, down load confidential data and more. IBM mainframes running zSeries/Operating System (z/OS) play an important role within most corporations and government agencies. Web connections to data residing on the z/OS mainframe platform through z/OS Web Services, CICS and TSO have added functionality to legacy processing and brought transaction processing to new levels. It has also introduced a new perception of vulnerability. Mainframe z/OS Security Administrators sometimes view it as opening up the mainframe to “intruders.”
  • 2. Copyright 2015 and 2016 (©) Jerry Harding, Stephen D. Rubin, Inc. and William Buriak All Rights Reserved Worldwide. Protecting z/OS systems and their data is as equally important as protecting all client operating systems, servers and firewalls. But regardless of the industry or the regulation mandate, every organization is at risk of losing information. (I know first-hand after receiving a letter from the US Office of Personnel Management on the status of my own personal information). Information security breaches may go beyond organizational boundaries and exposes them to unwanted legal actions. Security exposures derived from the theft of data has led to three class action law suits against the former Secretary of Veterans Affairs. The security breach affected 26.5 million records with a VA estimate of between $100 million and $500 million to prevent and cover possible losses from data theft. Unfortunately security is not always the highest priority in an organization until it is named in the lead story on the evening news or Wall Street Journal and you are requested to testify before Congress. Organizations must focus on ways to monitor z/OS security by thinking outside the box and to develop an efficient security framework to monitor security settings and protect confidential data from ‘bad guys’ in an effective and economical manner. They must explore the tools that are available for developing such a security framework. The Problem: There are three security products available on the IBM z/OS mainframe platform. These products are: IBM’s RACF (Resource Access Control Facility) and Computer Associates’ ACF2 (Access Control Facility 2) and TSS (Top Secret Security, not to be confused with Department of Defense top secret security clearances). RACF, ACF2 and TSS simply either allow or dis-allow access to a resource. They only provide auditing and monitoring processing by running a batch
  • 3. Copyright 2015 and 2016 (©) Jerry Harding, Stephen D. Rubin, Inc. and William Buriak All Rights Reserved Worldwide. process the following day or by special request if a specific event is being investigated (after the fact). It is common practice for corporations and federal agencies to license Security Information Event Monitoring (SIEM) products like HP Arcsight and security log collection software like Splunk. Some organizations may have SIEM software but are not sending their z/OS security logs to the SIEM product. Instead they remain dependent on a z/OS security administrator to run batch jobs to monitor security events or breaches. This is what we refer to as the “fox guarding the hen house” scenario. It violates good security practices and federal mandates for separation of duty. SIEM products allow for the monitoring of security logs and events by receiving client server and firewall security logs in Real-Time1 . However, the software vendors have failed to provide the same Real-Time capabilities from z/OS. Instead they mostly use an interval scheduled batch process followed by an FTP to move the data across the network to the security log collector. This design often overloads the network and prolongs the analysis of a possible security breach. All of these examples violate a host of regulations and demonstrate a bad continuous z/OS security monitoring practice. Hardening Your Organizations’ z/OS Real-Time Infrastructure An attack, especially on DB2 z/OS to obtain the privilege settings of the DB2 System Administrator, allows for a stealthy security breach. Therefore, it is no longer efficient or safe to rely solely on batch reporting and mainframe security systems that work strictly inside the mainframe, only recording incidents where security has been violated. It is now possible to use products to monitor z/OS mainframe security from outside the mainframe itself and to track events EVEN IF THE USER HAS THE PROPER AUTHORITIES. Companies should not wait for the incident to happen and make newspaper headlines before they consider their own security issues. Although the cost of protecting data effectively is high, the cost of a security breach is even higher considering the new laws governing the compromise of data. Companies can breathe a sigh of relief now that there is cost effective and comprehensive mainframe software available in the market. Some products meet the current needs of the corporations in the area of securing confidential records of their own businesses as well as of their clients, and 1 Definition of Real-Time Computing: of or relating to a system in which input data is processed within milliseconds so that it is available
  • 4. Copyright 2015 and 2016 (©) Jerry Harding, Stephen D. Rubin, Inc. and William Buriak All Rights Reserved Worldwide. have all the qualities that are required to counter today’s security threats. They work efficiently with existing z/OS security products and make use of SMF and console messages in appropriate ways. They are capable of tracking audited events, several types of insider threats, delivering mainframe alerts in Real-Time and easily integrating with other existing security monitors. Here are some criteria that you may consider when evaluating a z/OS security monitoring product for your organization: • Scalable • Ease of use • Real-Time 24/7 access to resources and other event monitoring • Eliminating unwanted events by employing customer defined filters • Promotes true audit independence and analysis, with decimal data presented in a clear- text format so it may be interpreted by non-technical personnel within the IT organization. • Facilitates spot security checks ‘anytime’ outside of the standard quarterly security audit • Ease of configuration and installation • Small footprint of mainframe processing and minimum performance impact on mainframe systems So, don’t let data breaches derail your career, or more importantly, your boss’s. Proactive companies, having a track record of monitoring security logs from outside the box, are in the forefront of Government requirements and have a solid framework in place to manage z/OS data and its associated risks. Doing so puts you, regardless of your industry, in a better competitive position, with an ideal security posture that will allow them to participate in the very important data-sharing evolution taking place. The Solution: Type80 Security Software, Inc. (Type80) develops and markets proprietary Real-Time event notification software for insider threats and intrusion detection against IBM mainframe computers running on z/OS. Type80’s primary software product is called Security Monitor Alerts in Real-Time (SMA_RT). SMA_RT enhances the collection and analysis of the insider and foreign threat to organizations and our national infrastructure by: • Detecting malicious activity, including an insider’s actions that have been authorized by existing security settings • Protecting against insider threats unlike any other commercial mainframe software available • Identifying internal patterns of abuse • Meeting Government Security Requirements and Mandates for continuous monitoring of computer systems, separation of duties, and file integrity monitoring
  • 5. Copyright 2015 and 2016 (©) Jerry Harding, Stephen D. Rubin, Inc. and William Buriak All Rights Reserved Worldwide. • Working in tandem with all other client, server and firewall security monitoring products already deployed to provide complete Real-Time enterprise-wide threat management coverage • Saving hundreds of hours searching through batch reports when investigating a security breach The delivery of security events in Real-Time is an important aspect of any robust security program, and may be required to maintain compliance with the various continuous monitoring initiatives within your organization. Type80’s SMA_RT software does exactly that by enabling the Security Operations Center (SOC) to know the true security state of mainframe security moment by moment and when working in concert with a SIEM product, allows authorized SOC personnel to take the appropriate actions associated with the level of the security breach. SMA_RT does this by Real-Time capturing system management function (SMF) log data, operating system messages, application program messages, database messages, TSO (time- sharing option) messages and customer-specific events generated by using our API (application programming interface for customized event monitoring within an application program running on the mainframe). These input streams are used to determine possible security attacks or customer defined event violations on the mainframe by using a combination of configurable security rules and basic anomaly detection abilities. It is possible to have organizations running multiple z/OS mainframes using different security products (RACF, ACF2 or TSS) along with different SIEM and security log collection products (HP Arcsight, Splunk, Dell SecureWorks, LogRhythm, etc.). How would one central Cyber Security Center be able to oversee and monitor mainframe logs from all of the various products?
  • 6. Copyright 2015 and 2016 (©) Jerry Harding, Stephen D. Rubin, Inc. and William Buriak All Rights Reserved Worldwide. The SMA_RT software runs independent of each of the corporations’ or federal agencies z/OS mainframe security products, their selection of SIEM and security log collection software, and sends mainframe logs and event notifications to multiple locations. This transparency allows the local mainframe Security Administrators to perform their normal duties, the local SOC to perform theirs, and permits a Managed Services Cyber Security Center to monitor mainframe logs and events from several customers in Real-Time. DB2®, CICS®, SMF®, and z/OS® are registered trademarks of International Business Machines. All references to them and field names remain the property of International Business Machines Corporation. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. While we take every care to ensure the accuracy of the information contained in this material, the facts estimates and opinions stated are based on information and sources which, while we believe them to be reliable, are not guaranteed. In particular, it should not be relied upon as the sole source of reference in relation to the subject matter. No liability can be accepted by the authors for any loss occasioned to any person or entity acting or failing to act as a result of anything contained in or omitted from the content of this material, or our conclusions as stated. About the Authors Stephen D. Rubin Stephen D. Rubin is the founder and president of MMI. Under his leadership MMI has a track record of 20 years of financial success in creating business markets for information technology services (IT) across North America. Areas of business include training, consulting services, and software. MMI has trained over 3,000 IT students representing over 400 corporations in database design, information security, capacity planning and distributed application development. Professional service engagements have included information security, server consolidation, and the auditing of capacity planning and chargeback methodologies for both public and private sectors. Stephen has authored white papers to drive market recognition and helped create the United States marketplace for a European software start-up client. William Buriak William Buriak has over 25 years of information technology experience with an extensive background in financial services, healthcare, and technical and management consulting. Bill is a Senior Executive with demonstrated experience in planning, developing, and implementing cost effective, innovative solutions to address complex business problems. He has broad recognized experience in managing mainframe systems, Web based, and distributed systems. He has extensive qualifications including vendor management, consensus building, and strategic
  • 7. Copyright 2015 and 2016 (©) Jerry Harding, Stephen D. Rubin, Inc. and William Buriak All Rights Reserved Worldwide. planning skills. Currently working in the Security Engineering area of a major world bank, Mr. Buriak is responsible for compliance and control of a large number of global products. Jerry Harding Jerry Harding is CEO of Type80 Security Software, Inc. He has over 25 years of mainframe Systems Programming experience, providing professional services to commercial clients and government agencies. He also has over 15 years of security experience including providing training to NATO’s Counterintelligence Agency (ACE CI), the Supreme Headquarters Allied Powers Europe (SHAPE), as well as other public and private organizations. About Type80: Type80 Security Software is an IBM Business Partner in software development and was founded by experts in the areas of mainframe z/OS Systems Programming and Information Security. The company draws from a diverse background, from providing cybersecurity training to NATO counter intelligence, conducting enterprise-wide security assessments for companies maintaining the nation's critical infrastructure, and developing high-level mainframe applications for major financial institutions. Our primary software product is called SMA_RT (Security Monitor Alerts in Real-Time). Our SMA_RT software development began in 1998, the product availability was announced in 2002, and awarded a US Patent in 2007, making it the first Real-Time mainframe intrusion detection, z/OS SIEM agent and log event processing software of its kind. SMA_RT has been deployed across four continents with commercial customers in the Financial, Banking, Payment Card Processing, Automobile Importers, Retail Sales, International Hotel/Travel, Corporate Management, HealthCare, Insurance, Educational, Telecommunications and Home Security industries. Please visit our website at www.type80.com and contact us or one of our preferred reseller partners for additional information or if you have any questions on our software.