Partner Forum: Battlements, Siege Engines and Saboteurs: z/OS in the Age of Industrialized Attacks

By Jeff Cherrington, Advisor of Product Management at CA Technologies

The mainframe’s System z® and z/OS® have long been known as the impenetrable castle at the center of the enterprise. The concept has been illustrated as a visual metaphor in hundreds of presentations — a castle with high, thick battlements that attackers cannot scale or penetrate. Sometimes, the newer platforms are included in the depictions as lesser structures outside the castle’s wall, more easily breached and defeated. In many ways, this vision remains true: The mainframe is still the most secure platform in the enterprise architecture. Having the most mature and durable identity and access control systems, mainframes remain more resistant to attack than any alternative today.

Innovation Feeds Off Itself
Even in the days of old, the strongest fortifications were not able to stand against innovation. Attackers constructed scaling ladders to reach the tops of walls and battering rams to break down gates. Castle engineers countered with moats as obstacles to those new inventions, forcing attackers to develop siege engines, such as catapults and trebuchets, able to demolish the walls from a distance. Construction engineers continued to innovate until eventually castles evolved into the successors that we know today as bunkers on the one hand or mobile commands on the other. The point is that each innovation on one side drove additional innovation on the other.

Throughout history, considerable investments in walls, gates and guards were circumvented by spies and saboteurs many times. Agents who were already inside in a trusted position, or able to convince someone inside to let them in, were able to open gates and defeat other defenses without ever directly attacking the perimeter. For example, this maneuver might have been the work of a talented individual, evolving into the highly organized corps of intelligence officers who worked both sides of the Berlin Wall. Attacks by means of subterfuge were frequently more successful and always less expensive than frontal assaults. The only defense was constant vigilance and more stringent oversight of trusted staff.

Modernizing Today’s Mainframe
We are entering a period when the mainframe must drive innovation to stay ahead of attackers. Both technology and human factors are exploited in new ways that increase the risk to the valuable data held on the mainframe. Gottfrid Svartholm Warg’s conviction for hacking the Logica mainframe is the public precedent that establishes the mainframe is indeed subject to technical exploit in ways previously unimagined. While the mainframe remains the most protected platform in the enterprise, without innovation, it may be subject to attacks it cannot withstand, like the stone battlements in the days of castles and moats. As breach attacks move from the hands of individual thrill seekers and small groups of social anarchists into those of structured criminal organizations, the economics of attack compels attackers to take advantage of social engineering as an alternative to technical exploit to fraudulently obtain valuable data. While details are still emerging, some pundits point to social engineering exploits focused on obtaining privileged user credentials as the initial point of breach at some of the recent high-profile breaches, including Target Stores®, Sony Pictures® and the U.S. Office of Personnel Management.

Those charged with protecting the mainframe must take additional steps to remain ahead of attackers. Failing to do so may leave an enterprise’s mainframe in the same state as medieval castle walls suffering attack by brass cannon — the defenses will eventually crumble.

Protecting “Your Kingdom”
So what can you do to help protect the “mainframe kingdom?” Here are some areas to consider:

  • There is a need for additional automated scrutiny focused on the activity of privileged users and those system changes that might be used to disguise fraudulent activity. These efforts are most effective when implemented as real-time alerts, to consoles as email or as texts, offering the best chance for intervention to prevent problems.
  • Schedule recurring reviews of all user grants to identify those users who are no longer with the organization and delete them. Such entitlement reviews must also focus on unused or inappropriate access, reducing the mainframe’s exposed attack surface.
  • Understand what sensitive or business critical data resides on the mainframe and determine where it exists. This information is imperative as attackers continue to expose this most prized possession for financial gain.
  • Do not forget the operating system! As the mainframe continues to be “open,” situational awareness becomes critical in the day-to-day maintenance of the platform.

These reviews serve best and most efficiently when automated, rather than relying on manual research and review.

The fact remains that the mainframe still holds a substantial amount of mission-critical data and is the bulwark in the enterprise, protecting regulated and sensitive data better than any other platform at its disposal. This status can only be retained when steps are taken to ensure the mainframe remains ahead in the ongoing arms race with new, better organized and better funded attackers.

Jeff Cherrington, advisor, product management, CA Technologies, brings more than 30 years of experience to CA in technology development, implementation, sales and promotion, primarily focused on payments, banking and financial. More than half of that time was spent directly in the payments industry, either working for the largest third-party transaction processor or the largest issuer of Visa credit cards. In the latter role, he focused on regulatory compliance; vendor audit and security controls; and third-party service agreement negotiations. He joined the executive team of PKWARE, a leading provider of data management, protection and integrity applications, holding domestic and international positions in product management and sales, including vice president of product management and technical director for Europe, Middle East and Africa (EMEA). Immediately before joining CA, Cherrington worked as vice president, product management and marketing for Prime Factors, a leading provider of cryptographic payment card personalization software. Cherrington holds an executive MBA from the University of Nebraska. 

Recent Stories
Security Corner: Confronting Mainframe Security

A Legacy of Wisdom: The Dr. John Ehrman Interview - Introduction

Message from SHARE: FUD Fighting