It is generally accepted that the mainframe, AKA Big Iron, is the most secure IT platform available, and a significant reason why: 55% of enterprise apps need the mainframe; 70% of enterprise transactions touch a mainframe; and, 70-80% of the world’s corporate data resides on a mainframe. However, the things which are driving today’s dominant IT paradigm, digital transformation — cloud computing, Internet of Things (IoT), big data and analytics (BDA), mobility, social media and security — are also increasing the mainframe threatscape, and Compuware is trying to do something about that.
“It is the most secure platform by far,” said Compuware CEO, Chris O’Malley. But breaches happen, he tells IT Trends & Analysis, although most of these things that happen can be prevented. “Most of the breaches are from the inside.”
That was the challenge a customer presented to Compuware, identify where and how recurring breach was taking place. The mainframe software vendor’s response led to Compuware Application Audit, a cybersecurity and compliance solution that ‘enhances the ability of enterprises to stop insider threats by fully capturing and analyzing start-to-finish mainframe application session user activity.’
The new standalone solution is a one-stop shop to:
-detect, investigate and respond to inappropriate activity by internal users with access;
-detect, investigate and respond to hacked or illegally purchased user accounts;
-support criminal/legal investigations with complete and credible forensics; and,
-fulfill compliance mandates regarding protection of sensitive data.
A year ago the company partnered with CorreLog to provide a similar set of capabilities by integrating Compuware’s Hiperstation Application Auditing solution with CorreLog SIEM Agent for z/OS. The new solution brings a number of advantages, including collaborations with CorreLog, Syncsort and Splunk, to enable it to be integrated with popular SIEM solutions such as Splunk, IBM QRadar SIEM and HPE Security ArcSight ESM.
While cybersecurity is not and won’t be a core focus of the company, Compuware Application Audit continues the company’s recent practice of making a major product introduction every 90 days. “We’ve put in more innovation in the last 10 quarters than our competitors have done in the last 10 years,” said O’Malley.
The mainframe computing environment, with protocols dating back decades, is a new frontier of exploration for both the White Hat (ethical) and the Black Hat (criminal) hackers. “Ultimately we want people to understand that, because of its widespread usage as a core system in many critical infrastructures from finance to air travel; its relative obscurity; and lack of real wide-spread exposure to the hacking public; this system is rife with opportunities to be further secured and hardened.“ Chad Rikansurd (@bigendiansmalls)
What he’s saying is that mainframe computing environments are vulnerable. No surprise there, but what’s new is that hackers are cracking old protocols, like TN3270, and building tools for others to do the same.
That mainframes are under increasing threat shouldn’t come as a surprise: everybody and everything is under increasing attack. In addition, as data is becoming more valuable, it’s only natural that the platform controlling the most data would become more popular for cybercriminals, hackers, rogue governments and disaffected and/or sloppy employees.
People are the big problem. Over half (55%) of all attacks were carried out by either malicious insiders or inadvertent actors, and over 95% of breaches caused by insiders were caused by human error
“While the amount of time it takes to discover an inside security threat is dependent on many things, we believe adding Application Audit to standard breach detection methods can reduce the amount of time to identify an inside threat against mainframe applications by at least 30%,” said Compuware’s Sam Knutson, VP of Product Management.
A 30% reduction in time to detection is impressive, but it still leaves a lot of room for improvement. According to Cisco’s ‘2017 Annual Cybersecurity Report’:
-just 56% of security alerts are investigated and less than half of legitimate alerts remediated;
-more than 50% of organizations faced public scrutiny after a security breach;
-for organizations that experienced an attack, the effect was substantial: 22% of breached organizations lost customers — 40% of them lost more than 20% of their customer base; 29% lost revenue, with 38% percent of that group losing more than 20% of revenue; and, 23% lost business opportunities, with 42% percent of them losing more than 20%.
Cisco claims it has reduced the ‘time to detection’, the window of time between a compromise and the detection of a new threat, from a median of 14 hours in early 2016 to as low as six hours in the last half of the year. However, in almost all breaches (93%), it took attackers minutes or less to compromise systems, and data exfiltration occurred within minutes in 28% of the cases.
Compliance is a top-five priority for the next 12 months, according to BMC’s 11th annual survey of more than 1,200 mainframe professionals. One reason why compliance is important is that more than half of all employees (59%) steal confidential company information when they quit or are fired, according to another mainframe ISV, CA Technologies.
Another reason for renewed interest in security is that the mainframe is expected to play a central role in organizations’ digital transformation journey, stated IDC, and, as a result, achieve a compelling ROI. Early adopters of a ‘connected mainframe’ strategy have achieved more than 300% return on investment (ROI), with over 50% of the benefit value coming from business productivity gains, realized from higher transaction volumes, new services, and/or business expansion.
Compuware Application Audit went GA this week, but has been available for some time, said O’Malley. “It’s created some doubling of interest that we didn’t foresee.”
Disclosure: I hold shares of several of the companies mentioned in this article.