Sponsored content from Broadcom
As an entry point for almost all cyberthreats, your network stack security is incredibly important; however, this key area of security is often overlooked for mainframes because they are considered “secure-by-design”. This thinking can be dangerous as today’s hybrid cloud applications, mobile computing, and e-commerce depend on the mainframe to be a connected and essential component of the network. Security strategies cannot be siloed by platform because every app is a hybrid app, crossing multiple systems and networks; a holistic infrastructure-wide view is needed that is inclusive of the mainframe. Hybrid IT computing makes mainframes more vulnerable than ever before because of all the new network connections that allow them to power the digital economy. As such, your mainframe needs to be protected like every other connected server.
There is a sense that mainframes are inherently secure, and what often ends up happening is the mainframe becomes an afterthought when defining security strategies, with the focus placed on other more vulnerable areas. However, in today's threat landscape, you cannot ignore the importance of protecting your mainframe as a major component of your data center. Hackers are continually probing for security flaws, ransomware is rampant, and data breaches seem to occur almost every day. A layered and integrated approach to network security management and monitoring is needed. A security strategy that is inclusive of the mainframe and continuously monitored end-to-end is critical so that you can quickly adjust as new threats evolve.
Modern Mainframes need Modern Network Security
Mainframes are designed with security features that are deeply integrated into the hardware and software. Mainframe features and capabilities for security and compliance include: multi-factor authentication, encryption, system authorization facilities, and systems management facilities. There are also network management tools, like NetMaster™ Network Intelligence, which provide network security insights about network connections and how applications are being used.
Strategies such as network monitoring and intelligence, zero trust, identity and access management, and cyber resiliency are imperative in today’s modern network. Most importantly, your mainframe needs to be included in your security operation center (SOC). A modern approach to network security is needed to avoid your Protect Surface — the most crucial data and apps normally residing on the mainframe — from becoming a blind spot in your security operations.
As infrastructure modernization and hybrid apps bring more network connectivity to the mainframe, you should closely manage your mainframe’s network activity. Since all software has vulnerabilities that could possibly be exploited, you need to be vigilant in detecting malicious activity. This can be done by ingesting mainframe logs into the SOC and proactively monitoring the mainframe network traffic. Hackers can gain access to mainframe systems through any weak spot in the security infrastructure and take advantage of configurations and gaps to bypass security controls. Let's take a closer look at some of the top network security vulnerabilities in mainframes.
Mainframe Network Security Vulnerabilities
1. Unsecure applications
Applications with insufficient security or vulnerabilities that enable authentication to be bypassed or unauthorized code to be executed can put your mainframe at risk. Scanning applications for vulnerabilities and looking for indicators in network traffic can help find vulnerable applications.
2. Missing fixes
Software that has not been updated to fix critical vulnerabilities and exposures also creates risk. Hackers quickly develop exploits and scan networks for known vulnerabilities. Missing patches make mainframes susceptible to these attacks; over time the threat becomes greater that attackers will gain access to unauthorized data. Continuous monitoring identifies vulnerable software and notifies when patches are available.
3. Unencrypted protocols
Unencrypted protocols enable hackers to see data in transit. Some installations still use unencrypted protocols such as telnet, FTP, and HTTP, all of which allow a network snooper to see sensitive data, including usernames and passwords. NetMaster Network Intelligence can report unencrypted and unsecure protocols used on the mainframe.
4. Server security misconfiguration
Misconfigured servers and certificates allow hackers to bypass security controls and break data security protocols. Regular scanning of network servers and monitoring of network protocols can detect misconfigured servers.
5. Lack of network segregation
Improper access to network resources can allow hackers to see mainframe data. Having specific network segments for different purposes and keeping inter-connectivity on a ‘need-to-access’ basis can limit access privileges to those who truly need it. Network segregation protects the network from widespread cyberattacks by isolating systems. Monitoring for unauthorized network connections identifies improperly or misconfigured network segments.
Modern SOCs are able to detect many of these vulnerabilities through centralized network monitoring, scanning, and system log auditing. Mainframes have all the software necessary to integrate into your SOC, Security Information Event Management (SIEM) system, and Zero Trust strategy, enabling you to detect and respond to security incidents with increased efficiency and high accuracy.
Security and compliance are more important than ever and the mainframe remains essential to the always-on digital economy. Therefore, organizations need to change the way they think about mainframe security and take a modern approach to protecting their mainframe network. As an integrated part of hybrid IT and the enterprise data center, the mainframe should no longer be perceived as a “walled garden.” Modern SOCs can reduce the risk associated with hybrid applications that are critical to top retailers, banks, airlines, and other industries. While mobile computing devices, the web, and cloud computing systems often drive the “sexy” apps you see when you use your phone or laptop, the high security, reliability, availability, and powerful processing of mainframes are the backbone of business. Without mainframe systems processing transactions and performing database queries, the global economy would come to a halt.
Being vigilant about securing your mainframe networks, data, and apps is more important than ever. Broadcom solutions work together to protect your mainframe, starting with securing your network. For more information, please visit Broadcom Mainframe Security.
John Krautheim is a principal engineer in the Mainframe Software Division at Broadcom. He has over 25 years’ experience in cyber security and engineering. As a professor of cyber security, he has taught at Augusta University, the Naval Postgraduate School, and Capitol Technology University. He has worked for the National Security Agency and the Payment Card Industry Security Standards Council (PCI-SSC). John holds a Ph.D. in computer engineering from the University of Maryland, Baltimore County and is a Certified Information Systems Security Professional and Information Systems Security Engineering Professional (CISSP-ISSEP). John is currently responsible for network security within Broadcom’s Mainframe AIOps portfolio