z/Assure® VAP scans the operating system layer in real-time looking for integrity-based code vulnerabilities using proprietary algorithms and advanced intelligence to detect threats. It conducts runtime analysis of operating system level code, memory, and data flows to identify vulnerabilities, perform forensics analysis, prioritize risks, and then reports the location of the exploitable code for ease of remediation.
Application and network scanning isn’t enough to protect the mainframe. You also need to scan for Integrity Vulnerabilities in operating system layer (OS) code and security configurations. Key Resources created z/Assure® Vulnerability Analysis Program (VAP) to support you in your effort to maintain security and data integrity on the mainframe. An Integrity Vulnerability occurs when one of the authorized programs on your z/OS system violates the IBM Statement of Integrity. The program can come from IBM supplied software, a third-party vendor, or from an in-house written exit.
Why do I need z/Assure® VAP?
Up to 71% of a corporation’s financial data might reside on the mainframe – and it is among the least secured systems.
Many companies suffer mainframe vulnerabilities due to a common myth: that the mainframe cannot be breached. This myth keeps organizations from taking the actions necessary to fully secure their mainframe. Also, most organizations do not understand what a mainframe Integrity Vulnerability is, and therefore, mainframe vulnerability testing is not generally part of the vulnerability management program.
Every z/OS operating environment has vulnerabilities, and once a hacker has exploited one of these vulnerabilities, the exploitation can lead to undetected access to any data on that system.
It is your responsibility to ensure the integrity of configuration-based modifications and vendor software that you add to your z/OS mainframe. This is why we created z/Assure® VAP, so that you can quickly and efficiently identify vulnerabilities, protect your organization from hackers, and move forward on a path to remediation.
What can organizations do to protect themselves?
Since manually scanning programs is impractical and costly, Key Resources recommends an automated, interactive approach to identifying code-based vulnerabilities. Our interactive approach to vulnerability scanning includes the following steps:
- Initial scanning to baseline the enterprise.
- Review of the Vulnerability Detail Reports (VDRs) for each code vulnerability.
- Provide VDRs to vendors.
- Apply code vulnerability patches obtained from vendors.
- Rescan to verify the code vulnerability has been addressed.
- Scan every time maintenance is applied.
Key Resources Security Assessment
If you decide to conduct a product development security assessment with Key Resources, you can expect our team to thoroughly assess every aspect of code development that impacts z/OS security, conduct interviews with team members, and review development standards to track and align relevant security standards. Our team can also make recommendations to protect your software from cyber-attacks of all kinds.
- Our team will help you discover vulnerabilities and integrity exposures and resolve them efficiently and effectively, leading to robust final products.
- Patching requirements will be reduced if you conduct an assessment early on in the development process, reducing operational costs.
- Protect your customers from zero-day attacks and cyberattacks of all kinds by eliminating vulnerabilities.
- Create products that are secure, confidential, safe, reliable, and built with integrity.
- Build trust with a z/Assured™ Certification.
Products that pass our Security Assessment are awarded the z/Assured™ Certification
If you’re looking to ensure that your mainframe software developers are following the correct z/OS software coding techniques and security best practices, Key Resources has the answer. We can find integrity weaknesses and vulnerabilities in your code during the software development lifecycle. Earn the z/Assured™ Product Certification and demonstrate your commitment to security.
z/Assured™ Certifications demonstrate to your clients that your software is robust, secure, and reliable. Software that is awarded the z/Assured™ Certification must meet industry benchmarks for security and integrity. A z/Assured™ Certification will not only enhance your reputation, it will set your product apart from competitors.
Conduct your own security assessments
z/Assure® VAP is a unique vulnerability assessment solution designed to allow z/OS software vendors to conduct automated, comprehensive binary code testing throughout the product development and QA lifecycles. This testing platform provides you with the ability to:
- Automatically scan your software
- Produce Vulnerability Detail Reports (VDRs) for each vulnerability it finds, with the exact offset of the offending code
- Produce a Vulnerability Risk Assessment Report, which provides an assessment of the severity of the vulnerabilities
Utilizing the z/Assure® VAP Test Platform during the Quality Assurance process ensures that security is built into your products from the start.
Request more information
Contact us today to schedule your product development security assessment. We are here to help you achieve a z/Assured™ certification that will alert your customers to your high standards of software security and integrity.