The mainframe has always had a reputation of being a very secure platform. In this episode of TFiR: T3M, Swapnil Bhartiya sits down with April Hickel, Vice President of Product Management at BMC Software, to share her insights on the current trends in the market, particularly in the mainframe security space.
Current trends in the market:
- In the annual BMC Mainframe Survey among technical and business respondents, security is the #1 priority for the mainframe ecosystem.
- The end user of a mainframe is the same person who’s using an iPhone. So, they’re prone to the same level of security threats.
- More and more customers are asking for a single approach to doing something, e.g., certificate management, and they want it connected to the expertise they have in their security operation center for handling incident response.
- Security is forcing a cultural change within organizations. There is a need for more collaboration as well as elevation of security knowledge in every role: developers not only need to use secure coding practices, but also need to understand how code scanning works and understand the details of software bill of materials (SBOMs). Administrators not only administer the security credentials, but also look for all privilege escalation and monitor file access and file integrity.
BMC helps customers by:
- Building a solution that automatically detects, responds, and integrates with the security operations center (SOC). BMC took all of its knowledge from years of penetration testing practices and experience from customer environments, built that into threat intelligence, and embedded it in a system. It quickly recognizes if one of those security access points exists in an environment. It then notifies the SOC with enriched information, so they know what to do.
- Building specific mainframe connectors for mainstream enterprise products that the security operations teams are already familiar with, such as Venafi (for certificate management) and Illumio (for network segmentation).
Advice for companies looking to improve their security posture:
- Take a disciplined approach to understanding and configuring your security profiles.
- Pick a framework: Look at Zero Trust. Look at the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK).
- Make sure you’re taking an intentional approach to your configuration, code testing, detection, notification, and response process.
- Administrators, developers, and the SOC need to work together to figure out how they’re going to secure the systems from delivery of the software all the way through implementation.
- Foster a culture of security awareness.
- Understand the implication of security tools and how they work.
This summary was written by Camille Gregory.