Mainframe Security Automation Is Not a Luxury

As cyber threats grow, even the most securable platform is vulnerable and requires adaptive autonomous protection.

John McKenny, SVP/GM of ZSolutions, BMC Software

January 26, 2021

6 Min Read
Dark Reading logo in a gray background | Dark Reading

Business and IT leaders alike realize cybersecurity threats are constantly evolving in today's digital economy. This even applies to the most securable platform, the mainframe. Sixty-three percent of mainframe executives and practitioners cited security and compliance as their top priority for the platform, according to the recent BMC Annual Mainframe Survey. This wasn't surprising, as current cybersecurity approaches are often hampered by alert fatigue, complex environments with manual workflows, and a general lack of mainframe security expertise.

The Overlooked Mainframe
Visibility is an ongoing concern with Web-based, mobile, and customer-facing systems that seem most vulnerable to attack. However, CSOs could be overlooking opportunities hackers have to compromise their most mature enterprise platform: the mainframe.

A workhorse handling over 30 billion transactions daily, the mainframe powers the back end of applications enabling everyday activities such as online credit card transactions, mobile banking, and a wide variety of account inquiries from account balances to order and shipment delivery. In short, this is a "must not fail" system in the digital economy.

Ironically, the mainframe's reputation of reliability, stability, and security could be the reason cybersecurity teams are unknowingly neglecting it. This became apparent in research from Forrester: While 88% of mainframe organizations say they are confident they'd be aware of a malicious user, almost half admit to at least one or more incident of someone gaining unauthenticated mainframe access. With more than 1,500 exposed records and data breaches in the US alone in 2019, one questions if their security strategies are effectively ramping up — especially with increases in mainframe workloads spurred on by COVID-19.  

Mainframe Security Challenges
Security on the mainframe presents a challenge for business executives and IT security professionals. For executives, security is a priority, but many may be unaware of the need to secure mainframes after so many years of solid performance. For technologists, staffing and skills shortages specific to mainframes are more of a concern. Security teams facing challenges ranging from too many false positives to unpatched vulnerabilities are already overwhelmed. Complexity caused by a lack of security integration across multiple platforms is only adding to their burdens.

If an enterprise relies on the mainframe as a key piece of a larger transaction processing system, it is potentially exposing huge volumes of data when its security status is not certain. So despite its reputation, mainframe security cannot be assumed in this era of increasing threats. IT security leaders must know for a fact that their entire infrastructure is secure.

One big threat to mainframe security is credential theft. Much like as any other system, credentials on the mainframe can be leveraged by an attacker. Let's say you have an active user profile with elevated privileges but that person has left the company. This former privileged user could exploit the system unknowingly or maliciously. Remote connections into a mainframe could also allow attackers to leverage weak security controls or vulnerabilities to gain access via a back door. Of course, there's also the human factor: a successful phishing attempt that enables a keylogger to gain credentials and access the mainframe.

Mainframe Resurgence Demands Sophisticated Security
Mainframe security is increasingly important now because the platform is experiencing unprecedented growth some 55 years after its introduction. According to Allied Market Research, "the global mainframe market size was valued at $2,094.12 million in 2017, and is projected to reach $2,906.61 million by 2025, registering a CAGR of 4.3% from 2018 to 2025."

Mainframes continue to power businesses across industries despite a misinformed perception that the world's businesses run mostly on cloud. According to Forrester Consulting research, "64 percent of enterprises surveyed will run more than half of their critical applications on the [mainframe] platform within the next year, up from 57 percent this year, and 72 percent of customer-facing applications at these enterprises are completely or very reliant on mainframe processing."

Savvy business leaders today also recognize the connection between the mainframe and application development. According to a survey by Vanson Bourne, 47% of 400 IT leaders said the mainframe is running more business-critical apps than ever before.

A Smarter Approach to Security
All this renewed attention on mainframe emphasizes the need for adaptive security for the platform. Adaptive cybersecurity is the evolution of security functions that automatically sense, detect, react, and respond to access requests, authentication needs, as well as internal and external threats. It learns, evolves, and adapts to any threat, mitigating risk while meeting compliance requirements.

This approach can ease the top concerns of mainframe organizations: data protection, improving security detection and response, and reducing endpoint security risks (from the previously mentioned Forrester study, conducted in May 2020 during the peak of the pandemic).

Artificial intelligence and automation can mitigate the mainframe security conundrum by applying machine learning, predictive analytics, pattern analysis, and data correlation to security threat identification and mitigation. This pervasive strategy is a vital step on one's journey to become an autonomous digital enterprise, where technology works in service of security needs, freeing up staff from mundane tasks, allowing them to focus instead on driving business agility.

For enterprise security teams without mainframe expertise, automation is embedded with intelligence to detect and respond to, for instance, anomalous behavior indicative of a security event and communicate the incident to staff perhaps not as well-versed in mainframes. Depending on the event, security automation on the mainframe could also take action to prevent the threat from spreading and protect the larger computing environment.

Automated detection and response technologies provide the visibility into the mainframe that some security operations centers do not yet have, either because they have mistakenly overlooked the platform as secure enough or because they don't have the expertise in-house. Integrating mainframe security data with security incident and event management (SIEM) systems in real time also enables teams to fully incorporate the mainframe into an adaptive enterprise security strategy. Notice that I said real time. I draw your attention to that as I often meet executives who will tell me they integrate mainframe event data with their SIEM, but I later learn that they do so in a batch format once a day or week. Unfortunately, this can allow an attacker to operate unnoticed for hours or even days.

Business and IT leaders recognize the importance of enterprise security protections and now they must extend the significant efforts to the mainframe to avoid a brand-destroying breach. Without enough trained staff, CSOs can invest in technologies to augment the mainframe security brain trust and enable automation to do some of the work needed to protect the enterprise and the business.

About the Author

John McKenny

SVP/GM of ZSolutions, BMC Software

As SVP and General Manager of ZSolutions at BMC Software, John leads the R&D, Product Management and Solutions Marketing teams to innovate the mainframe to meet the needs of today's evolving digital economy. John has over 25 years of management experience at BMC alone and, prior to joining, he led various IT management teams and strategies for 15 years in the transportation and insurance industries.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights