RSM exceptionReporter enables enterprise Risk and Compliance functions to champion proactive mainframe security management strategies. By focusing attention on exception analysis, the suite of over sixty automated reports provided by RSM Solutions have yielded an eighty percent reduction in the time to detect and monitor ongoing security issues.
Based on over 400+ years of mainframe security experience and expertise, RSM exceptionReporter delivers best practice compliance / exception monitoring and reporting, while obviating the need to engage costly, expert resources or ongoing, internal maintenance overheads.
IBM® Security zSecure™ audit module is a pre-requisite for exceptionReporter.
Do I need zSecure to run exceptionReporter?
Yes, you require zSecure Admin+Audit
Can it replace all my security reports?
Yes, it reports on exceptions, all in one place, thus reducing headcount requirements.
Do I need to be an expert in CARLa coding?
No, we have done all the development for you. All you need to do is initial configuration to define your exceptions. We can help you with this.
Can’t we create this ourselves?
You could, but it took 1,500+ hours of development and requires subject matter experts that are the best in the business, and would require a headcount of 2-3 developers and RACF/zSecure Subject Matter Experts to develop and support.
Why has RSM written this?
Many of our customers struggle to cope with the number of daily security reports, and the volume of data within them. exceptionReporter reduces this problem by only showing exceptions, all in one centralized place.
Are there any other similar offerings in the marketplace?
We are not aware of any similar products.
I thought zSecure Admin/Audit provided me with security reporting?
zSecure Admin/Audit provide excellent tools for security reporting, but users need to be highly proficient in CARLa coding and experienced in RACF to produce meaningful reports. With exceptionReporter, RSM has done all the hard work for you and all report data is in one concise report, available as a drill-down spreadsheet.
How flexible is this tool in delivering only the reports I’m interested in?
exceptionReporter is very flexible. It can be customized to produce a subset of reports. You could, for example, send the full set to the security engineering team, and a subset of say six reports of interest to a user department.
Can I schedule when I want reports delivered?
You can use a standard job scheduling system to schedule the jobs. You can also run them ad-hoc.
What does exceptionREPORTER give me over and above IBM’s zSecure?
zSecure Admin provides an ISPF interface to RACF commands and RACF profiles, with the ability to create CARLa reports to report on the contents of the RACF database. Functions are available to clone RACF profiles, search the RACF DB, Mass delete profiles, etc. zSecure Audit provides an ISPF interface to audit functionality for RACF and z/OS, with the ability to create CARLa reports to report on any audit issues found. Also, an ISPF interface to READ SMF data, with the ability to create CARLa reports to report on those SMF records. The key words here are “… with the ability to create CARLa reports ….”. IBM’s zSecure suite is a very useful set of tools, but not a complete solution.
RSM has a strong reputation for knowledge in the mainframe security space and on several occasions we have been retained by clients to write the necessary CARLa code to generate various required security reporting. exceptionREPORTER aims to embody what we believe to be all the key controls in a RACF and z/OS environment.
exceptionReporter leverages RSM's 100’s of man years’ experience in mainframe security and zSecure.
How do I justify investment in exceptionReporter?
exceptionReporter saves clients the time and effort necessary in creating their own CARLa based security reporting. If a client were to try and create and maintain a suite of reports similar to exceptionReporter, they would be looking in excess of 150 days’ development effort and most likely 30-50 days per annum in maintenance and checking. Add to this that we deliver reporting in a consolidated, exception based view based on a simple to read traffic light system making issues very easy and quick to spot.
Does RSM maintain the currency and relevancy of the reporting provided?
RSM keeps the reporting delivered by exceptionReporter in sync with the latest zSecure updates. We also add new reports when RACF and z/OS are changed and create appropriate new reports when any new legislation is announced. Add to this that RSM is continually looking at what we believe best practices to be, as the need for certain security controls and reporting changes as time passes.
Do I need a license for each system in my 3 sysplexes?
You require a license for each SMF ID/LPAR you wish exceptionReporter to monitor and provide reporting on.
How does exceptionReporter differ from zDetect?
exceptionReporter is for monitoring exceptions on a daily basis, and provides an audit trail. zDetect is a real time monitor that detects threats in real-time. zDetect also delivers intelligent data to SIEM systems such as Splunk and Correlog. exceptionReporter reports can be viewed through zDetect.
Why do I need both?
zDetect is designed to immediately show potential threats and attacks, whereas exceptionReporter is used to simplify monitoring and reduce the number of reports that need reviewing on a daily basis.