Select Page

Penetration Test

Trouble-free Mainframe Penetration Test

Our penetration test puts the security of your mainframe platform to the test and reveals just how impenetrable your systems are.

Finding the risks in your mainframe systems allows you to plan appropriate measures to secure your critical infrastructure and strengthen your defenses. In this way, you protect your business-critical operations and meet the standards of your industry.

Mainframe security vulnerabilities can lead to external or internal breaches of the existing security controls. Once breached, there is high risk of compromising the confidentiality, integrity, and availability of the mainframe’s systems or data.

Penetrating your systems by our specialists lets you determine security gaps that make your company vulnerable. In addition to determining security gaps we also give you professional advice on how to remove those deficits quickly. Our penetration test gives you an easy evaluation of your current situation, and is also a good basis for introducing security and quality automation.

Only a few markets, like here in Switzerland, can boast of maximum or extraordinary information protection laws and requirements. For more than a decade, the Swiss financial sector has counted on our unique software solution to both achieve and maintain maximum security.

Your business advantages:

N
Analysis of your current situation and security level by professionals.
N
Perfect kick-off for introducing real security on your systems.

Why perform a z/OS penetration test in regular intervals? Since we offer a trouble-free penetration test on a simulation basis for a flat rate.

Your mainframe platform is finally actively protected to the max by our maximum security software SF-Sherlock – a single, integrated, plug & play auditing solution. SF-Sherlock’s all-inclusive real-time configuration and event auditing software does it all. It detects, verifies and/or blocks suspicious behavior, manipulation, and fraud in both the dynamic and static functions of your entire system.

During a z/OS penetration test, or “pen test”, we will check the vulnerability of your IT infrastructure concerning the z/OS mainframe platform. Any general concerns regarding a possible negative impact on the availability of your productive IT operation or higher costs are unfounded when you work with the right partner and method. The unique technology we have developed is a trouble-free penetration on a simulation basis that permits a deep security analysis without operational risks and the usual cost of time and money.  This allows you to avoid the typical risks of penetration testing.

Our company is both the manufacturer of this market-leading security automation technology and the IT security service provider. Therefore, we can offer a z/OS penetration test at a special all-inclusive flat rate based on 5 man days.

Our company, our technology, our services, and our “value added”-based pricing have the references to prove it. Improving security and reducing costs are no longer contradictory.

Cyber Security

 

Cyber security risks are not deterred from the mainframe. It’s simply too connected to remain invisible and unreachable to hackers and others with bad intentions. You would be very much surprised to see the large number of highly-skilled specialists who are engaged in challenging the security and safety of a mainframe.

Compliance

 

Since our compliance automation solutions have been invented and developed in-house, we definitely know what is necessary to comply with all the many different regulations, and how compliance monitoring can be automated to the max.

SF Solution Support

 

We would be happy to fully assist you to efficiently as well as effectively implement and operate all the SF solutions you use.

Forensic & Emergency

 

Just in case! If your installation is the victim of any kind of internal or external attack, we are on stand-by to assist you in analyzing, fixing and managing the given situation. Thanks to our unique expertise, we know how to handle any situation. 

Are you expecting a governmental audit of your mainframe platform soon, as
by the BaFin, ECB, or one of
the “Big Four”?

Let us help you prepare your mainframe security and compliance.

+800 - 37 333 853 or simply dial: +800 - DRFEDTKE

Call our world-wide toll-free number now!

(+ represents the prefix for international calls; in most countries it is 00, and you have to dial 00800-37333853; in the U.S. it corresponds to 011)

News & IT Security Forum

System REXX and BCPii are the ”next APF“

If you look back along the evolutionary steps of mainframe security, APF libraries play a leading role – due to their “superpower.” Until the 1980s, “almost anyone” working on a mainframe was able and allowed to define one themselves. In most cases, there was no APF library protection at all. Then there was a phase where APF-related auditing received more and more attention, and correspondingly became an important audit issue.

The attention that “APF” received as a security risk has continued to increase over time. Today, it has almost reached the highest level of awareness: only a very few members of a company’s mainframe team are allowed to define a new APF library or update existing ones. Any such action requires prior permission, not just some documentation after it has happened. On our customer visits, we have seen companies where a new APF library requires not only an official change request, but up to “5 signatures.” Otherwise, you lose your job. Correspondingly, relentless monitoring and compliance reporting has become standard for the “APF” risk, resulting in real-time security alerts by a SIEM if corresponding rules are bypassed.

So far, so good. Now that there is great awareness of “APF,” the question will be if the entire mainframe security mission has now been accomplished? Or what’s the next superpower, following “APF,” that mainframe users need to focus on?

Based on our worldwide penetration testing experience, we have determined that “System REXX” and “BCPii” are two further members of the superpower league; both are good candidates for becoming the next “big focus.” In recent years, both z/OS features have been improved so that they are now “easy-to-use” functions. But there is no free lunch. As a consequence, highly critical operations became minimally complex, and you have to “pay” the price for setting up gap-free security measures. User-friendly and easy-to-use superpower features are an invitation to attackers. Complexity is a kind of protection. Compared to assembler programming or disassembling machine code, REXX programming is pretty trivial!

This is why SF-Sherlock focuses intensively on both of these areas. Please feel free to contact us to discuss additional details of what is necessary to properly protect System REXX and BCPii.

Join our newsletter list

Worldwide toll-free phone number

+800 - 37 333 853
or simply dial:
+800 - DRFEDTKE

Alternatively:
+41 (0)41 710 7444

(+ represents the prefix for international calls; in most countries it is 00, and you have to dial 00800-37333853; in the U.S. it corresponds to 011, and you have to dial 011-800-37333853)

Find Us

Headquarters

Seestrasse 3a, 6300 Zug, Switzerland

Visitors & Training

Dammstrasse 19, 6301 Zug, Switzerland

Social Media

Xing → Linkedin →

Write Us

Marketing
marketing@enterprise-it-security.com
copy the address

Technical support and hotline
hotline@enterprise-it-security.com
copy the address

Legal and compliance
legal@enterprise-it-security.com
copy the address

error: Content is protected!