Application and network scanning isn’t enough to protect the mainframe. You also need to scan for vulnerabilities in operating system layer (OS) code and security configurations. Key Resources created z/Assure® Vulnerability Analysis Program (VAP) to support you in your effort to maintain security and data integrity on the mainframe.
Why do I need z/Assure® VAP?
Up to 71% of a corporation’s financial data might reside on the mainframe – and it might be among the least secured systems.
Many companies suffer mainframe vulnerabilities due to a common myth: that the mainframe cannot be breached. This myth keeps organizations from taking the actions necessary to fully secure their mainframe. Also, most organizations do not understand what a z/OS integrity vulnerability is, and therefore, mainframe vulnerability testing is not generally included in a mainframe audit.
Every z/OS operating environment has vulnerabilities, and once a hacker has exploited one of these vulnerabilities, the exploitation can lead to undetected access to any data on that system.
It’s your responsibility to ensure the integrity of any configuration-based modifications and vendor software that you add to your z/OS mainframe. This is why we created z/Assure® VAP, so that you can quickly and efficiently identify vulnerabilities, protect your organization from hackers, and move forward on a path to remediation.
What can organizations do to protect themselves?
Since manually scanning programs is impractical and costly, Key Resources recommends an automated, interactive approach to identifying code-based vulnerabilities. Our interactive approach to vulnerability scanning includes the following steps:
- Initial scan to baseline the production systems using a hardening environment
- Review of the Vulnerability Detail Reports (VDRs) for each code vulnerability
- Provide VDRs to vendors
- Apply code vulnerability patches obtained from vendors
- Rescan to verify the code vulnerability has been addressed
- Scan every time maintenance is applied
Key Resources Security Assessment
If you decide to conduct a product development security assessment with Key Resources, you can expect our team to thoroughly assess every aspect of code development that impacts z/OS security, conduct interviews with team members, and review development standards to track and align relevant security standards. Our team can also make recommendations to protect your software from cyber-attacks of all kinds.
- Our team will help you discover vulnerabilities and integrity exposures and resolve them efficiently and effectively, leading to robust final products.
- Patching requirements will be reduced if you conduct an assessment early on in the development process, reducing operational costs.
- Protect your customers from zero-day attacks and cyberattacks of all kinds by eliminating vulnerabilities.
- Create products that are secure, confidential, safe, reliable, and built with integrity.
- Build trust with a z/Assured™ Certification.
Products that pass our Security Assessment are awarded the z/Assured™ Certification
If you’re looking to ensure that your mainframe software developers are following the correct z/OS software coding techniques and security best practices, Key Resources has the answer. We can find integrity weaknesses and vulnerabilities in your code during the software development lifecycle. Earn the z/Assured Product Certification and demonstrate your commitment to security.
z/Assured Certifications demonstrate to your clients that your software is robust, secure, and reliable. Software that is awarded the z/Assured Certification must meet industry benchmarks for security and integrity. A z/Assured Certification will not only enhance your reputation, it will set your product apart from competitors.
Conduct your own security assessments
z/Assure VAP is a unique vulnerability assessment solution designed to allow z/OS software vendors to conduct automated, comprehensive binary code testing throughout the product development and QA lifecycles. This testing platform provides you with the ability to:
- Automatically scan your software
- Produce Vulnerability Detail Reports (VDRs) for each vulnerability it finds, with the exact offset of the offending code
- Produce a Vulnerability Risk Assessment Report, which provides an assessment of the severity of the vulnerabilities
Utilizing the z/Assure VAP Test Platform during the Quality Assurance process ensures that security is built into your products from the start.
Request more information
Contact us today to schedule your product development security assessment. We are here to help you achieve a z/Assured certification that will alert your customers to your high standards of software security and integrity.