Why Do I Need z/Assure® VAP?
Key Resources created its z/Assure® Vulnerability Analysis Program (VAP) to support you in your effort to maintain security and data integrity on the mainframe. Up to 70% of a corporations financial data might reside on the mainframe – and it might be among the least secured systems.
Many companies suffer mainframe vulnerabilities due to a common myth, that the mainframe cannot be breached. This myth keeps organizations from taking the actions necessary to fully secure their mainframe. Also, most organizations do not understand what a z/OS integrity vulnerability is, and therefore, mainframe vulnerability testing is not generally included in a mainframe audit.
Every z/OS operating environment has vulnerabilities, and once a hacker has exploited one of these vulnerabilities, the exploitation can lead to undetected access to any data on that system.
It is your responsibility to ensure the integrity of any configuration based modifications and vendor software that you add to your z/OS mainframe. This is why we created z/Assure® VAP, so that you can quickly and efficiently identify vulnerabilities, protect your organization from hackers, and move forward on a path to remediation.
What Can Organizations Do to Protect Themselves?
Since scanning programs manually is impractical and costly, KRI recommends an automated interactive approach to identifying code vulnerabilities. Our interactive approach to vulnerability scanning includes the following steps:
- Initial scan to base line the production systems using a hardening environment
- Review of the Vulnerability Detail Reports(VDRs) for each code vulnerability
- Provide VDR’s to vendors
- Apply code vulnerability patches obtained from vendors
- Rescan to verify the code vulnerability has been addressed
- Scan every time maintenance is applied
Products that pass our Security Assessment are Awarded the z/Assured™ Certification
If you’re looking to find a way to make sure that your mainframe software developers are following the correct z/OS software coding techniques and security best practices, Key Resources has the answer. We can find integrity weaknesses and vulnerabilities in your code during the software development life-cycle. Earn the z/Assured product certification and demonstrate your commitment to security.
z/Assured certifications will help you demonstrate to your clients that your software is robust, secure and reliable. Software that is awarded the z/Assured certification must meet industry benchmarks for security and integrity. A z/Assured certification will not only enhance your reputation, it will set your product apart from competitors.
Conduct Your Own Security Assessments
z/Assure VAP is a unique vulnerability assessment solution designed to allow z/OS software vendors to conduct automated, comprehensive binary code testing throughout the product development and QA lifecycles. This testing platform provides you with the ability to automatically scan your software, Vulnerability Detail Report(s) for each vulnerablity it finds with the exact offset of the offending code,, and a Vulnerability Risk Assessment Report which provides an assessment of the severity of the vulnerabilities. Utilizing the z/Assure VAP Test Platform during the Quality Assurance process ensures that security is built into your products from the start.
Security Assessment with KRI
If you decide to conduct a product development security assessment with Key Resources, you can expect our team to thoroughly assess every aspect of code development that impacts z/OS security, conduct interviews with team members, and review development standards to track and align relevant security standards. Our team can also make recommendations to protect your software from cyber-attacks of all kinds.
- Our team will help you discover vulnerabilities and integrity exposures and resolve them efficiently and effectively, leading to robust final products.
- Patching requirements will be reduced if you conduct an assessment early on in the development process, reducing operational cost.
- Protect your customers from zero day attacks and cyber-attacks of all kinds by eliminating vulnerabilities.
- Create products that are secure, confidential, safe, reliable and built with integrity.
- Build trust with a z/Assured certification.
Products that pass our product development security assessment are awarded the z/Assured Product Certification. z/Assured certifications will help you demonstrate to your customers that your software is robust, secure and reliable. Software that is awarded z/Assured certification must meet industry benchmarks for security and integrity. A z/Assured certification will not only enhance your reputation, it will set your product apart from competitors.
Request More Information
Contact us today to schedule your product development security assessment. We are here to help you achieve a z/Assured certification that will alert your customers to your high standards of software security and integrity.