icon_CloudMgmt icon_DollarSign icon_Globe icon_ITAuto icon_ITOps icon_ITSMgmt icon_Mainframe icon_MyIT icon_Ribbon icon_Star icon_User icon_Users icon_VideoPlay icon_Workload icon_caution icon_close s-chevronLeft s-chevronRight s-chevronThinRight s-chevronThinRight s-chevronThinLeft s-chevronThinLeft s-trophy s-chevronDown
BMC

How strong are your mainframe security controls? Would you know if a threat event happened? Take the guesswork out of mainframe security with expert assessments and penetration tests.

Harden your mainframe against attacks with our Security Assessment service

  • We go beyond simple checklists that leave gaps in your defenses by reviewing all essential security controls.
  • Our experts use a proven methodology to surface findings an audit may not surface.

Keep it safe with penetration tests

  • Uncover new, unaddressed vulnerabilities in your infrastructure, software, and configurations
  • Our experts take a “think like an attacker” approach to identify and map the exploits that could be used to compromise your systems and allow breaches to occur

Not as safe as you think

89%
89% of mainframe organizations are confident a threat would be detected in real-time, but...
42%
42% have experienced someone getting unauthenticated access, and...
39%
39% had someone’s privileges elevated without their knowledge

Learn how we deliver our security services

How are security assessments performed?

Security Assessments

Following initial technical and scoping exercises:

  • Security configuration and controls defined in the External Security Manager (ESM) are examined for each database
  • Policies and procedures for formal and informal controls are evaluated for weaknesses
  • Poor or weak controls and protections for sensitive data, libraries, and user privileges are captured
  • A detailed report with summary, results, descriptions of vulnerabilities and a remediation project plan are delivered upon completion and reviewed with your team

How are penetration tests performed?

Penetration Tests

After initial data collection of datasets, hardware configuration, and security information from RACF, ACF2 and TSS, our experts will:

  • Examine your mainframe environment using the following checks: Library access, password, public dataset, public resource, user SVC, MVS and JES2/JES3 command authority, RACF/TSS/ACF2 exit, JES2/JES3 spool dataset, MVS subsystem (IMS, Db2, CICS, NETView, etc.), MVS UNIX environment, and other miscellaneous checks
  • Perform vulnerability scanning to identify system integrity issues in code, OS, routines, Authorized Program Function Calls and more
  • Share a report and review of the findings, a remediation checklist, and a demonstration of discovered exploits

Getting started with Mainframe Security Services is easy