Posts Tagged ‘CA-ACF2’

Compuware-Syncsort-Splunk to Boost Mainframe Security

April 6, 2017

The mainframe has proven to be remarkably secure over the years, racking up the highest security certifications available. But there is still room for improvement. Earlier this week Compuware announced Application Audit, a software tool that aims to transform mainframe cybersecurity and compliance through real-time capture of user behavior.

Capturing user behavior, especially in real-time, is seemingly impossible if you have to rely on the data your collect from the various logs and SMF data.  Compuware’s solution, Application Audit, in conjunction with Syncsort and Splunk, fully captures and analyzes start-to-finish mainframe application user behavior.

As Compuware explains: Most enterprises still rely on disparate logs and SMF data from security products such as RACF, CA-ACF2 and CA-Top Secret to piece together user behavior.  This is too slow if you want to capture bad behavior while it’s going on. Some organization try to apply analytics to these logs but that also is too slow. By the time you have collected enough logs to deduce who did what and when the damage may have been done.  Throw in the escalating demands of cross-platform enterprise cybersecurity and increasingly burdensome global compliance mandates you haven’t a chance without an automated tool optimized for this.

Fortunately, the mainframe provides rich and comprehensive session data you can run through and analyze with Application Audit and in conjunction with the organization’s security information and event management (SIEM) systems to more quickly and effectively see what really is happening. Specifically, it can:

  • Detect, investigate, and respond to inappropriate behavior by internal users with access
  • Detect, investigate, and respond to hacked or illegally accessed user accounts
  • Support criminal/legal investigations with complete and credible forensics
  • Fulfill compliance mandates regarding protection of sensitive data

IBM, by the way, is not ignoring the advantages of analytics for z security.  Back in February you read about IBM bringing its cognitive system to the z on DancingDinosaur.  IBM continues to flog cognitive on z for real-time analytics and security; promising to enable faster customer insights, business insights, and systems insights with decisions based on real-time analysis of both current and historical data delivered on an analytics platform designed for availability, optimized for flexibility, and engineered with the highest levels of security. Check out IBM’s full cognitive for z pitch.

The data Compuware and Syncsort collect with Application Audit is particularly valuable for maintaining control of privileged mainframe user accounts. Both private- and public-sector organizations are increasingly concerned about insider threats to both mainframe and non-mainframe systems. Privileged user accounts can be misused by their rightful owners, motivated by everything from financial gain to personal grievances, as well as by malicious outsiders who have illegally acquired the credentials for those accounts. You can imagine what havoc they could wreak.

In addition, with Application Audit Compuware is orchestrating a number of players to deliver the full security picture. Specifically, through collaboration with CorreLog, Syncsort and Splunk, Compuware is enabling enterprise customers to integrate Application Audit’s mainframe intelligence with popular SIEM solutions such as Splunk, IBM QRadar, and HPE Security ArcSight ESM. Additionally, Application Audit provides an out-of-the-box Splunk-based dashboard that delivers value from the start. As Compuware explains, these integrations are particularly useful for discovering and addressing security issues associated with today’s increasingly common composite applications, which have components running on both mainframe and non-mainframe platforms. SIEM integration also ensures that security, compliance and other risk management staff can easily access mainframe-related data in the same manner as they access data from other platforms.

“Effective IT management requires effective monitoring of what is happening for security, cost reduction, capacity planning, service level agreements, compliance, and other purposes,” noted Stu Henderson, Founder and President of the Henderson Group in the Compuware announcement. “This is a major need in an environment where security, technology, budget, and regulatory pressures continue to escalate.”

DancingDinosaur is Alan Radding, a veteran information technology analyst, writer, and ghost-writer. Please follow DancingDinosaur on Twitter, @mainframeblog. See more of his IT writing at and here.



The Mainframe at the Heart of the Security Storm

December 18, 2014

A survey of Chief Information Security Officers (CISOs) released by IBM in early December found more than 80% of security leaders believe the challenge posed by external threats is on the rise, while 60% also agree their organizations are outgunned in the cyber war. Even mainframe shops—the zEC12 has received the highest security rating, EAL 5+ —should not get complacent. There are a lot of bad guys gunning for the data center. Just ask Sony.

 ciso study ibm 2014

At least top management is putting resources into security. Three quarters of the CISO respondents expect their security budgets to increase dramatically over the next 3-5 years. IBM is jumping in with a security paper geared specifically for mainframe shops titled Security Intelligence for Mainframe Environments.

So what are the threats keeping CISOs awake at night?  Based on the study sophisticated external threats were identified by 40% of security leaders as their top concerns. Expect the extra budget to be thrown at these threats, which will require the most organizational effort over the next three to five years, as much as regulations, new technologies, and internal threats combined, according to the IBM analysts.

Although a majority of the CISOs surveyed appear confident their mature, traditional technologies that focus on network intrusion prevention, advanced malware detection, and network vulnerability scanning will fend off outside threats, nearly half reported that deploying new security technology is the top focus area for their organization. Their top worries: data leakage, cloud security, and mobile/device security.

Some other interesting findings from the survey:

  • While concern over cloud security remains strong, still close to 90% of respondents have adopted cloud or are currently planning cloud initiatives. Of this group, most expect their cloud security budget to increase dramatically over the next three to five years.
  • Over 70% of security leaders said real-time security intelligence is increasingly important to their organization. Yet about half found areas such as data classification and discovery and security intelligence analytics have relatively low maturity and require improvement or transformation.
  • Not surprisingly, despite the growing mobile workforce, only 45% believe they have an effective mobile device management approach. According to the study, mobile and device security ranked at the bottom of the maturity list.

Although your data center provides a tempting target to attackers, it also can protect you with an effective counter-punch. That counter-punch is delivered through increasingly powerful and fast analytics, especially real-time analytics. The objective is to identify attacks as they are underway. Otherwise, you are left scrambling to close the proverbial barn door after the horses (data) have left.

This will entail systems that identify who did what and when, recognizing what’s normal behavior versus abnormal, and obtaining visibility into subtle connections between millions of data points. This requires a great deal of contextual data and the analytical means to make sense of it. And here is where you come in: your team needs to integrate mainframe data with distributed events to gain insights that apply to the entire enterprise.

In fact, IBM identifies a series of issues that put the mainframe squarely at the heart of the challenge and the solution:

  • Complexity: The mainframe is an integral component of multiple, often large and complex business services, making it difficult to identify and analyze threats.
  • Visibility: Mainframe processes, procedures and reports are often siloed, impeding cross-enterprise information sharing to combat threats. (But silos also help protect mainframe data—be selective in breaking down the silos.)
  • Compliance: Verification of compliance is frequently a manual task—with problem alerts all too often received only after a problem has occurred.
  • Cost: Mainframe management requires highly skilled administrators, who often are costly and in short supply.

You already have many of the solutions IBM recommends, like RACF, CA-Top Secret, and CA-ACF2. The mainframe security paper cited above covers the rest. Given what happened to Sony, it’s worth reading the paper closely.

Best wishes for the holidays. DancingDinosaur is Alan Radding. You can follow DancingDinosaur on Twitter, @mainframeblog. Check out more of my IT writing and analysis at and here.

IBM Creates Comprehensive Cloud Security Portfolio

November 6, 2014

On Wednesday IBM introduced what it describes as the industry’s first intelligent security portfolio for protecting people, data, and applications in the cloud. Not a single product but a set of products that taps a wide range of IBM’s cloud security, analytics, and services offerings.  The portfolio dovetails with IBM’s end-to-end mainframe security solution as described at Enterprise2014 last month.

Cloud security certainly is needed. In a recent IBM CISO survey, 44% of security leaders said they expect a major cloud provider to suffer a significant security breach in the future; one that will drive a high percentage of customers to switch providers, not to mention the risks to their data and applications.  Cloud security fears have long been one of the biggest impediments to organizations moving more data, applications, and processes to the cloud. These fears are further complicated by the fact the IT managers feel that much their cloud providers do is beyond their control. An SLA only gets you so far.

2014 IBM study of CISO 44 high

The same survey found 86% of leaders surveyed say their organizations are now moving to cloud, of those three-fourths see their cloud security budget increasing over the next 3-5 years.

As is typical of IBM when it identifies an issue and feels it has an edge, the company assembles a structured portfolio of tools, a handful of which were offered Wednesday. The portfolio includes versions of IBM’s own tools optimized for the cloud and tools and technologies IBM has acquired.  Expect more cloud security tools to follow. Together the tools aim to manage access, protect data and applications, and enable visibility in the cloud.

For example, for access management IBM is bringing out Cloud Identity Services which  onboards and handles users through IBM-hosted infrastructure.  To safeguard access to cloud-deployed apps it is bringing a Cloud Sign-On service used with Bluemix. Through Cloud Sign-On developers can quickly add single-sign on to web and mobile apps via APIs.  Another product, Cloud Access Manager, works with SoftLayer to protect cloud applications with pattern-based security, multi-factor authentication, and context-based access control. IBM even has a tool to handle privileged users like DBAs and cloud admins, the Cloud Privilege Identity Manager.

Here is a run-down of what was announced Wednesday. Expect it to grow.

  • Cloud Identity Services—IBM Cloud Identity Services
  • Cloud Sign-On Service –IBM Single Sign On
  • Cloud Access Manager –IBM Security Access Manager
  • Cloud Privileged Identity Manager—IBM Security Privileged Identity Manager (v2.0)
  • Cloud Data Activity Monitoring—IBM InfoSphere Guardium Data Activity Monitoring
  • Cloud Mobile App Analyzer Service –IBM AppScan Mobile Analyzer
  • Cloud Web App Analyzer Service –IBM AppScan Dynamic Analyzer
  • Cloud Security Intelligence –IBM QRadar Security Intelligence (v7.2.4)
  • Cloud Security Managed Services –IBM Cloud Security Managed Services

Now let’s see how these map to what the z data center already can get with IBM’s End-to-End Security Solution for the Mainframe. For starters, security is built into every level of the System z structure: processor, hypervisor, operating system, communications, and storage.

In terms of security analytics; zSecure, Guardium, AppScan, and QRadar improve your security intelligence. Some of these tools are included in the new Cloud security portfolio. Intelligence is collected from z/OS, RACF, CA ACF2, CA Top Secret, CICS, and DB2. The zSecure suite also helps address compliance challenges. In addition, InfoSphere Guardium Real-time Activity Monitoring handles activity monitoring, blocking and masking, and vulnerability assessment.

Of course the z brings its crypto coprocessor, Crypto Express4S, which complements the cryptographic capabilities of CPACF. There also is a new zEC12 coprocessor, the EP11 processor, amounting to a Crypto Express adapter configured with the Enterprise PKCS #11 (EP11) firmware, also called the CEX4P adapter. It provides hardware-accelerated support for crypto operations that are based on RSA’s PKCS #11 Cryptographic Token Interface Standard. Finally, the z supports the necessary industry standards, like FIPS 140-2 Level 4, to ensure multi-tenanted public and private cloud workloads remain securely isolated. So the cloud, at least, is handled to some extent.

The mainframe has long been considered the gold standard for systems security. Now it is being asked to take on cloud-oriented and cloud-based workloads while delivering the same level of unassailable security. Between IBM’s end-to-end mainframe security solution and the new intelligent (analytics-driven) security portfolio for the cloud enterprise shops now have the tools to do the job right.

And you will want all those tools because security presents a complex, multi-dimensional puzzle requiring different layers of integrated defense. It involves not only people, data, applications, and infrastructure but also mobility, on premise and off premise, structured, unstructured, and big data. This used to be called defense in depth, but with the cloud and mobility the industry is moving far beyond that.

DancingDinosaur is Alan Radding, a veteran IT analyst with well over 20 years covering IT and the System z. You can find more of my writing at and here. Also follow DancingDinosaur on Twitter, @mainframeblog.

Rocket z/SQL Accesses Non-SQL Mainframe Data

August 2, 2013

Rocket Software’s z/SQL enables access to non-SQL mainframe data using standard SQL commands and queries.  The company is offering a z/SQL free trial; you can install it no charge and get full access for as many users as you want. The only caveat, the free version is limited to three files. You can download the free trial here.

z/SQL will run SQL queries against any data source that speaks ANSI 92. “The tool won’t even know it is running relational data,” explained Gregg Willhoit, managing director of the Rocket Data Lab. That means you can run it against VSAM, IMS, Adabas, DB2 for z/OS, and physical sequential files.  In addition, you can use z/SQL to make real-time SQL queries directly to mainframe programs, including CICS TS, IMS TM, CA IDMS, and Natural.

By diverting up to 99% of processing-intensive data mapping and transformation from the mainframe’s CPU to the zIIP, z/SQL lowers MIPS capacity usage and its associated costs, effectively reducing TCO. And, it opens up the zIIP to extend programs and systems of record data to the full range of environments noted above.

z/SQL’s ability to automatically detect the presence of the z’s zIIP assist processor allows it to apply its patent pending technology to further boost the zIIP’s performance advantages.  The key attributes of the zIIP processor—low  cost,  speeds often greater than the speed of the mainframe engines (sub-capacity mainframe license), and its typical low utilization—are fully exploited by z/SQL for lowering a mainframe shop’s  TCO while providing for an accelerated ROI.

Rocket z/SQL is built on Metal C, a z/OS compiler option that provides C-language extensions allowing you to specify assembly statements that call system services directly. The DRDA support and the ANSI 92 SQL engine have been developed using what amounts to a new language that allows even more of z/SQL’s work to continue to run on the zIIP.  One of the key features in Metal C is allowing z/SQL to optimize its code paths for the hardware that it’s running on.  So, no matter if you’re running on older z9 or z10 or the latest zEC12 and zBC12 processors, z/SQL chooses the code path most optimized for your hardware.

With z/SQL you can expand your System z analytics effort and push a wider range of mainframe data analytics to near real time.  Plus, the usual ETL and all of its associated disadvantages are no longer a factor.  As such z/SQL promises to be a disruptive technology that eliminates the need for ETL while pushing the analytics to where the data resides as opposed to ETL, which must bring the data to the analytics.  The latter, noted Willhoit, is fraught with performance and data currency issues.

It’s not that you couldn’t access non-SQL data before z/SQL, but it was more cumbersome and slower.  You would have to replicate data, often via FTP to something like Excel. Rocket, instead, relies on assembler to generate an optimized SQL engine for the z9, z10, z196, zEC12, and now the zBC12.  With z/SQL the process is remarkably simple: no replication, no rewriting of code, just recompile. It generates the optimized assembler (so no assembler work required on your part).

Query performance, reportedly, is quite good.  This is due, in part, because it is written in assembler, but also because it takes advantage of the z’s multi-threading. It reads the non-relational data source with one thread and uses a second thread to process the network I/O.  This parallel I/O architecture for data promises game changing performance, especially for big data, through significant parallelism of network and database I/O.  It also takes full advantage of the System z hardware by using buffer pools and large frames, essentially eliminating dynamic address translation.

z/SQL brings its own diagnostic capabilities, providing a real-time view into transaction threads with comprehensive trace/browse capabilities for diagnostics.  It enables a single, integrated approach to identifying, diagnosing and correcting data connectivity issues between distributed ODBC, ADO.NET, and JDBC client drivers and mainframes. Similarly z/SQL provides dynamic load balancing and a virtual connection facility that reduces the possibility of application failures, improves application availability and performance, as well as supports virtually unlimited concurrent users and transaction rates, according to the company. Finally, it integrates with mainframe RACF, CA-TopSecret, and CA-ACF2 as well as SSL and client-side, certificate-based authentication on distributed platforms. z/SQL fully participates in the choreography of SSL between the application platform and the mainframe.

By accessing mainframe programs and data stored in an array of relational and non-relational formats z/SQL lets you leave mainframe data in place, on the z where it belongs, and avoids the cost and risk of replication or migration. z/SQL becomes another way to turn the z into an enterprise analytics server for both SQL and non-SQL data.

Rocket calls z/SQL the world’s most advanced mainframe access and integration software. A pretty bold statement that begs to be proven through data center experience. Test it in your data center for free.  As noted above, you can download the free trial here. If you do, please let me know how it works out. (Promise it won’t be publicized here.)

%d bloggers like this: