Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

1/26/2021
10:00 AM
John McKenny
John McKenny
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

Mainframe Security Automation Is Not a Luxury

As cyber threats grow, even the most securable platform is vulnerable and requires adaptive autonomous protection.

Business and IT leaders alike realize cybersecurity threats are constantly evolving in today's digital economy. This even applies to the most securable platform, the mainframe. Sixty-three percent of mainframe executives and practitioners cited security and compliance as their top priority for the platform, according to the recent BMC Annual Mainframe Survey. This wasn't surprising, as current cybersecurity approaches are often hampered by alert fatigue, complex environments with manual workflows, and a general lack of mainframe security expertise.

The Overlooked Mainframe
Visibility is an ongoing concern with Web-based, mobile, and customer-facing systems that seem most vulnerable to attack. However, CSOs could be overlooking opportunities hackers have to compromise their most mature enterprise platform: the mainframe.

Related Content:

Successful Malware Incidents Rise as Attackers Shift Tactics

Special Report: Understanding Your Cyber Attackers

Understanding TCP/IP Stack Vulnerabilities in the IoT

A workhorse handling over 30 billion transactions daily, the mainframe powers the back end of applications enabling everyday activities such as online credit card transactions, mobile banking, and a wide variety of account inquiries from account balances to order and shipment delivery. In short, this is a "must not fail" system in the digital economy.

Ironically, the mainframe's reputation of reliability, stability, and security could be the reason cybersecurity teams are unknowingly neglecting it. This became apparent in research from Forrester: While 88% of mainframe organizations say they are confident they'd be aware of a malicious user, almost half admit to at least one or more incident of someone gaining unauthenticated mainframe access. With more than 1,500 exposed records and data breaches in the US alone in 2019, one questions if their security strategies are effectively ramping up — especially with increases in mainframe workloads spurred on by COVID-19.  

Mainframe Security Challenges
Security on the mainframe presents a challenge for business executives and IT security professionals. For executives, security is a priority, but many may be unaware of the need to secure mainframes after so many years of solid performance. For technologists, staffing and skills shortages specific to mainframes are more of a concern. Security teams facing challenges ranging from too many false positives to unpatched vulnerabilities are already overwhelmed. Complexity caused by a lack of security integration across multiple platforms is only adding to their burdens.

If an enterprise relies on the mainframe as a key piece of a larger transaction processing system, it is potentially exposing huge volumes of data when its security status is not certain. So despite its reputation, mainframe security cannot be assumed in this era of increasing threats. IT security leaders must know for a fact that their entire infrastructure is secure.

One big threat to mainframe security is credential theft. Much like as any other system, credentials on the mainframe can be leveraged by an attacker. Let's say you have an active user profile with elevated privileges but that person has left the company. This former privileged user could exploit the system unknowingly or maliciously. Remote connections into a mainframe could also allow attackers to leverage weak security controls or vulnerabilities to gain access via a back door. Of course, there's also the human factor: a successful phishing attempt that enables a keylogger to gain credentials and access the mainframe.

Mainframe Resurgence Demands Sophisticated Security
Mainframe security is increasingly important now because the platform is experiencing unprecedented growth some 55 years after its introduction. According to Allied Market Research, "the global mainframe market size was valued at $2,094.12 million in 2017, and is projected to reach $2,906.61 million by 2025, registering a CAGR of 4.3% from 2018 to 2025."

Mainframes continue to power businesses across industries despite a misinformed perception that the world's businesses run mostly on cloud. According to Forrester Consulting research, "64 percent of enterprises surveyed will run more than half of their critical applications on the [mainframe] platform within the next year, up from 57 percent this year, and 72 percent of customer-facing applications at these enterprises are completely or very reliant on mainframe processing."

Savvy business leaders today also recognize the connection between the mainframe and application development. According to a survey by Vanson Bourne, 47% of 400 IT leaders said the mainframe is running more business-critical apps than ever before.

A Smarter Approach to Security
All this renewed attention on mainframe emphasizes the need for adaptive security for the platform. Adaptive cybersecurity is the evolution of security functions that automatically sense, detect, react, and respond to access requests, authentication needs, as well as internal and external threats. It learns, evolves, and adapts to any threat, mitigating risk while meeting compliance requirements.

This approach can ease the top concerns of mainframe organizations: data protection, improving security detection and response, and reducing endpoint security risks (from the previously mentioned Forrester study, conducted in May 2020 during the peak of the pandemic).

Artificial intelligence and automation can mitigate the mainframe security conundrum by applying machine learning, predictive analytics, pattern analysis, and data correlation to security threat identification and mitigation. This pervasive strategy is a vital step on one's journey to become an autonomous digital enterprise, where technology works in service of security needs, freeing up staff from mundane tasks, allowing them to focus instead on driving business agility.

For enterprise security teams without mainframe expertise, automation is embedded with intelligence to detect and respond to, for instance, anomalous behavior indicative of a security event and communicate the incident to staff perhaps not as well-versed in mainframes. Depending on the event, security automation on the mainframe could also take action to prevent the threat from spreading and protect the larger computing environment.

Automated detection and response technologies provide the visibility into the mainframe that some security operations centers do not yet have, either because they have mistakenly overlooked the platform as secure enough or because they don't have the expertise in-house. Integrating mainframe security data with security incident and event management (SIEM) systems in real time also enables teams to fully incorporate the mainframe into an adaptive enterprise security strategy. Notice that I said real time. I draw your attention to that as I often meet executives who will tell me they integrate mainframe event data with their SIEM, but I later learn that they do so in a batch format once a day or week. Unfortunately, this can allow an attacker to operate unnoticed for hours or even days.

Business and IT leaders recognize the importance of enterprise security protections and now they must extend the significant efforts to the mainframe to avoid a brand-destroying breach. Without enough trained staff, CSOs can invest in technologies to augment the mainframe security brain trust and enable automation to do some of the work needed to protect the enterprise and the business.

As SVP and General Manager of ZSolutions at BMC Software, John leads the R&D, Product Management and Solutions Marketing teams to innovate the mainframe to meet the needs of today's evolving digital economy. John has over 25 years of management experience at BMC alone and, ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8032
PUBLISHED: 2021-02-25
A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions.
CVE-2020-36254
PUBLISHED: 2021-02-25
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.
CVE-2021-27670
PUBLISHED: 2021-02-25
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.
CVE-2021-27671
PUBLISHED: 2021-02-25
An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.
CVE-2020-9051
PUBLISHED: 2021-02-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.