• zDetect


  • Business Objective

    In a complex world and faced with an ever-changing threat landscape, organisations everywhere are looking to improve security management on the mainframe. Organisations worldwide want to better understand mainframe threats and vulnerabilities to:

    • Protect the organisation, systems and confidential data more effectively
    • Identify security threats as soon as they occur
    • Reduce the risk of security breaches occurring in the first place

    However, most mainframe security monitors simply collect security data and send it to a SIEM. Collecting data is the easy part: the real value lies in transforming that data into useable insight.

    In response, RSM Partners’ security consultants have developed zDetect software using knowledge and experience gained working for leading organisations on mainframe security management.

    RSM Solution

    zDetect is a powerful z/OS mainframe security monitoring tool that detects actual and potential security issues in real time. Unlike other security monitors, it doesn’t just collect security related information to send to an SIEM: zDetect monitors, records and uses sophisticated internal security algorithms to apply intelligent analysis to detect suspicious events.

    Events captured by zDetect can be sent to a SIEM or visualised through its easy to use yet comprehensive dashboard interface, running on a standard web browser.

    • Real time threat detection
    • Intelligent security analysis
    • Drill down capability to provide detailed threat analysis
    • Dashboard displaying relevant security information
    • Interfaces to SIEMs
    • Complements the IBM zSecure security suite
    • Identifies RACF threats and vulnerabilities including:
      • Poorly defined user controls
      • Poorly defined resource controls
      • Privilege elevation
      • Continual login failures
    • Identifies RACF weaknesses including:
      • Missing or weakly defined classes
      • Poorly defined sensitive resource controls
    • Identifies z/OS threats and vulnerabilities to:
      • Sensitive resources
      • Sensitive commands
      • System console
    • Identifies if known system vulnerabilities to z/OS are exploitable
    • Identifies z/OS subsystem threats and vulnerabilities
    • Detailed reporting capabilities
    • FAQs
    • Is the entire product encrypted?

      • All communication with the browser and cross LPARs is secured with SSL/TLS.

      What about ACF2 & TSS?

      • There is no support for ACF2 or TSS today, but it will exist in future releases.

      Secure connection?

      • All communication with the browser and cross LPARs is secured with SSL/TLS.

      Can all systems be controlled from one screen?

      • Yes.

      Can alerts be sent to SIEMs?

      • Yes.

      Which SIEMs are supported?

      • Alerts and events can be delivered to any SIEM that supports SyslogD format. This includes Splunk, Alien Vault, QRadar, Correlog.

      Can it detect security events outside of z/OS?

      • No.

      Are baselines for alerts configurable?

      • Yes.

      Do we need to have zSecure installed for zDetect to work?

      • No.

      Does it work with Vanguard security suite?

      • Yes.

      Can a user be limited on the functions he has access to?

      • Users must have specific RACF authority to view the zDetect dashboard.

      Is RRSF required?

      • No.

      Can we co-exist with RRSF?

      • Yes.

      Where is the audit log stored?

      • In an SQL database.

      How is the audit log protected?

      • Users must have specific RACF authority to view or download the Audit Log.

      Are SMF records still required?

      • zDetect intercepts SMF records and analyses them appropriately.

      What is the associated CPU overhead?

      • The CPU consumption of zDetect is minimal.

      Can we have our own company logo displaying on screen?

      • No, not today.

  • © RSM Partners Ltd 2016 | The Courtyard, Buntsford Dr, Stoke Pound, Bromsgrove, Worcestershire B60 3DJ | Site Map

    Site: PE