Achieving 100 Percent Mitigation Accuracy
The first step in integrating the mainframe and penetration testing methodologies together was to find mainframe systems programmers who could work and train the penetration team members. Training would cover both mainframe operating system fundamentals, as well as specific vulnerability testing procedures and mitigation processes.
The bank located two veteran systems programmers to assume this role, and Key Resources oversaw a six-month training program. Because the penetration testers were accustomed to PCs, where you don’t schedule jobs the way you would on a mainframe, they had to learn the mainframe scheduling language. The programmers-turned-mainframe-advocates in the bank were able to offer hands-on training, with Key Resources continuing to provide outside support in the event a critical question arises.
After picking up these basics, testers learned how to set up automatic vulnerability scanning schedules within z/Assure® Vulnerability Assessment Program (VAP), a Key Resources solution. Today, they’re able to re-test and perform mitigation assessments that don’t require re-running an entire set of schemes.
“Thanks to this assistance, the results of our mitigation efforts have been 100 percent accurate,” the bank said.
Penetration Testing and the Mainframe: Fully Integrated
Despite their PC-based background, the bank’s network penetration testing team is now capable of running automatic mainframe vulnerability checks on z/Assure® VAP, fully assuming responsibility for scanning of the firm’s mainframe systems for vulnerabilities.
They’re now well-versed in mainframe operating system fundamentals, from analyzing vulnerability reports that detail specific classes of vulnerabilities to running autonomous checks across the bank’s multiple data centers around the world.
“The integration process was even easier than we originally thought,” said the bank. “There were some bumps along the way, but overall it proceeded very smoothly.”
Learn how Key Resources helps businesses in financial services, including banks, protect their most important client assets.