Breach Detected: Respond in a Heartbeat
Project and Program: Enterprise Data Center
, Security and Compliance
, SHARE Fort Worth 2020
FACT: Breaches happen, even on the mainframe...
When they do, you'd better be ready and you'd better be right.
Step One: Detect / Confirm the Alarm - Conventional security depends on perimeter defenses. Stolen credentials, insiders and updates in error bypass access and identity controls. See how to detect such attacks but also distinguish from false alarms
Step Two: Automated Forensics – Using FIM data you know when the problem occurred and what it affected. By adding relevant SMF access data, who did it can be determined. “Was it was authorized?” comes from change control info. Adding in-stream compare tells you what line or character changed. By integrating all these tools, the fact-finding process can be reduced from days to seconds. Have all the data needed to react correctly.
Step Three: Know What to Restore - Knowing which components to restore and to what date can also be automated. Once restored a quick verify ensures you are back in the trusted state.
Now you can detect and recover in a heartbeat, while improving compliance.-Allen Saurette-MainTegrity Inc
Back to Proceedings File Library