SF-DeepDive

Due diligence (DD) software package for mainframe outsourcers

The SF-DeepDive due diligence (DD) software package provides exactly what a mainframe outsourcer needs to get a clearer insight into given systems in a short amount of time.

When it comes to making decisions about the future of a mainframe, outsourcing is one option to consider. Of course, both sides involved in such a step have their own interests, and there is even tough competition among today’s outsourcing service providers.

Therefore, outsourcers definitely need an easy, early and deep insight into their potential “inheritance” and a curiosity about the quality and security of the given systems in terms of a clean and well maintained operating system, good security controls, proper compliance without vulnerabilities, well-established operational procedures via system automation, and other aspects. A failure of quality may result in additional costs and efforts that are hard to calculate; corresponding improvements have to be defined as prerequisites before responsibility can be fully undertaken, or can be offered as extra, paid services that are performed later.

The SF-DeepDive due diligence (DD) software package provides exactly what a mainframe outsourcer needs to get a clearer insight into given systems in a short amount of time. As an option, it can be combined with local assessment services from our company. As a kind of “Swiss Army Knife,” it provides all plug & play tools needed to deeply assess the quality and security of the configuration within a given mainframe infrastructure; if well prepared, it can be done in a one- or two-day visit. The outsourcer’s own technical experts can quickly gain a picture of their “inheritance” when they take over responsibility in the future.

SF-Sherlock’s automated 360 degree assessment and penetration simulation technologies for z/OS allow outsourcers to easily “X-ray” a potential customer’s mainframe platform to get a comprehensive view so as to fairly evaluate possible risks that would result from taking over the responsibility for a potential customer’s systems – that is, when doing a due diligence. One aspect concerns operational risks, that is, how clean and “rectangular” the given systems’ configurations are, and the other concerns security and compliance. SF-Sherlock’s comprehensive assessment report covers both aspects of quality with more than 1000 check points in total. Thanks to SF-Sherlock’s “easy installation” option, the outsourcer may perform such a “CT scan” of a given z/OS sysplex in one day. It has never been easier and more reliable to check on any “z inheritance.”

Apart from its “one shot use” for performing a deep dive during the due diligence phase, SF-Sherlock is also of great value later on. It allows outsourcers highly efficient, cost-effective and comprehensive 360-degree quality and security monitoring on clients’ mainframes so as to avoid problems through early identification. We are talking here about problems that may easily result in down times, breaches, or similar events, and, as a consequence, in “relationship problems” or even disputes. A classic feature as regards this early error detection is SF-Sherlock’s IPL simulation and constant parmlib verification. In this context, it can be connected to any SIEM, system automation or other monitoring solution, apart from sending emails.

To respond to the special demands on outsourcers in the current climate of high competition and steep obligations, we provide the option to add SF-SafeDump to the new SF-DeepDive solution package so as to perfectly fit the demands of outsourcers to provide cost-effective no-loss offers and to have all options for satisfying the expectations of more demanding clients with regards to today’s data protection, security and compliance obligations.

If you are an outsourcing service provider and think this could be of interest to your business and your team, please do not hesitate to contact us.

Automate your IT Security and Compliance to the max today!

Solutions to the max.

Cross-Platform Security Solutions

Constant monitoring and auditing of all computer systems is state of the art. For large enterprises it also requires a real-time integration of the mainframe platforms governing event monitoring, vulnerability assessment and compliance checking. With SF-Sherlock and SF-NoEvasion, your security monitoring solution is powerful and can be implemented across your enterprise through the easy integration of the mainframe.

Compliance

Over the past several years, compliance has become more and more an important issue, but also a tedious task. Our SF solutions assist you in automating the resulting workload to the max by also covering the entire mainframe platform - thanks to a 360-degree approach.

Protection

With SF-Sherlock, you can also protect your mainframe platform against attacks and combat high-level risks. Thanks to our max approach this also includes malicious code and exploits. Yes, both of these are real risks on the mainframe platform!

SF Solutions

All SF solutions are invented and developed in-house. Therefore, you can count on both our unique expertise and our high level of motivation in providing you with solutions and services with maximum performance, effectiveness, and productivity.

Are you expecting a governmental audit of your mainframe platform soon, as by the BaFin or ECB?

Let us help you prepare your mainframe security and compliance.

++800 - 37 333 853 or simply dial: ++800 - DRFEDTKE

Call our world-wide toll-free number now!

(++ represents the prefix for international calls; in most countries it is 00; in the U.S. it corresponds to 011)

News & IT Security Forum

SF-Sherlock filter to detect bypassing mandatory usage of Privileged Account Security solutions, such as CyberArk

Privileged Account Security solutions, such as CyberArk, became almost mandatory for larger data centers – definitely in case of critical infrastructures. They support your compliance by managing the passwords of your privileged users, recording their screen while working on given systems, and by strict policies it’s only allowed for privileged users to work when their sessions are recorded.

In case of mainframes, in order to comply with this regulation, the 3270 emulation session has to be established from specific servers for guaranteeing the required recording; the same is true for any session via PUTTY, FTP, etc. Accordingly it has to be detected, such as via the given SIEM solution, if someone tries to bypass this session recording obligation by connecting from outside the Privileged Account Security solution’s surveillance scope. For properly detecting any bypassing a corresponding monitoring is required on the mainframe.

All SF-Sherlock users may now participate in our latest experience to establish such a bypass detection. A set of specialized filters has been developed to select and forward all required details to your SIEM solution – almost spoon-ready for an easy filter and correlation definition.

SF-SafeDump supports XML and JSON files

SF-SafeDump’s new PTF level 021 supports high-quality anonymization of log files in the XML and JSON formats. This new feature supports mainframe data centers providing XML- and JSON-based diagnostic and debug information to their software vendors or internal development departments. Please ask our support to receive SF-SafeDump’s latest update.

Join our newsletter list

Worldwide toll-free phone number

++800 - 37 333 853
or simply dial:
++800 - DRFEDTKE

Alternatively:
+41 41 710 4005

(++ represents the prefix for international calls; in most countries it is 00; in the U.S. it corresponds to 011)

Find Us

Headquarters

Seestrasse 3a, 6300 Zug, Switzerland

Visitors & Training

Dammstrasse 19, 6301 Zug, Switzerland

Social Media

Xing → Linkedin →

Write Us

Marketing
marketing@enterprise-it-security.com
copy the address

Technical support and hotline
hotline@enterprise-it-security.com
copy the address

Legal and compliance
legal@enterprise-it-security.com
copy the address