Oct 31 ’17
The Mainframe is Not Immune to Cyberattacks: But Help is on the Way
At a time when IBM promised that automatic pervasive encryption on the new IBM Z would spell an end to worries about security, an Israeli company recently stepped forward to insist that the z14, or just Z, can’t do the entire job. Pervasive encryption can be undermined by Advanced Persistent Threats (APT), which co-op legit users as they access protected data. Illusive Networks introduced its security tool, Mainframe Guard, at Sibos in Toronto.
Mainframe Guard enables admins to take action against advanced, targeted cyberattacks by detecting and disrupting movement toward critical business assets early in the attack cycle. Illusive deploys sophisticated and confusing honeypots to distract, misguide and trap an attacker before he or she can touch the data. In short, the security staff can identify and intervene against advanced, targeted cyberattacks by detecting and disrupting movement toward critical business assets early. With the new Z and pervasive security, of course, that data will already be encrypted and the keys safely stored out of reach.
At a time when organizations of all types and in every market segment are under attack from hackers, ransomware, data breaches and more all data center managers should welcome any data protection tools that work. Yet 96 percent don’t even bother to encrypt—too costly, too cumbersome, too complicated. The list of excuses is endless. Of the 9 billion records breached since 2013 only 4 percent were encrypted! And you already know why: encryption is tedious, impacts staff, slows system performance, costs money and more.
Such attitudes, especially at a mainframe shop, invite serious breaches. While IBM’s latest mainframe automatically encrypts all transaction data, the vast majority of systems expose significant vulnerabilities.
Making the situation even worse; the need to secure against innovations such as mobile applications, cloud-based services and smart devices present new challenges. “Organizations are sometimes reluctant to upgrade legacy applications and databases on these enterprise servers, particularly in today’s always-on economy. But unless you address every link in the end-to-end process, you haven’t secured it.” noted Andrew Howard, CTO at Kudelski Security, which cites experience remediating mainframe systems in the wake of cyber breaches.
Even older mainframe shops—pre pervasive encryption—can have effective security. Consider adding Mainframe Guard, which requires you to actively follow the threats and initiate defensive actions.
So how might an attacker today get around the Z’s pervasive encryption? The attack typically starts with lurking and watching as legitimate users gain access to the system. The attacker will then impersonate a legit user. Illusive, however, lures the attacker to locations where the attacker may think he or she has found a trove of intelligence gold. “Remember, the attacker doesn’t know which machine he has landed on,” said Ofer Israeli, CEO of Illusive Networks. Unless the attacker brings inside information, he is blind inside the network. From there Illusive leads constantly baits the attacker with deceptive information, which the attacker will have to dodge correctly to avoid giving away the attack.
Leveraging Illusive’s deceptive approach, Mainframe Guard works by detecting malicious movement toward the mainframe and providing a non-intrusive method of protecting the systems, the data they host, and the services they support. The solution is comprised of:
- A family of deceptions for mainframe environments
- The ability to display mainframe assets along with other sensitive assets in the Illusive Attacker View portion of the management console, which enables security personnel to see potential attack paths toward the mainframe and track the proximity and progress of attackers toward these assets
- Purpose-built views of the mainframe environment monitor unexpected connections to mainframe servers
- An interactive layer added to the Illusive Trap Server mimics mainframe behavior and login screens, tricking attackers into believing they are interacting with an actual mainframe system.
When everything is encrypted and the keys, APIs and more are safeguarded with the Z’s pervasive encryption on top of Illusive’s deceptions, maybe you can finally begin to relax, at least until the next level of attacks start to emerge.