SF-SecuClean
RACF database cleanup for z/OS

Downloads

SF-SecuClean Product Description as PDF →

SF-SecuClean, your ultimate RACF cleanup and initial role model creator. Clean up your RACF database without any risk, and set up an initial role model efficiently!

Clean up the RACF database and obtain an initial role model.

An elementary fact regarding security becomes very apparent whenever you react to the results of a z/OS penetration test or audit, as well as during the initial setup of a role model: it is particularly difficult to eliminate excessive or redundant authorizations in RACF, i.e. to streamline access lists, lower the universal access authority (UACC) or even delete profiles. Cleaning up the RACF database and the subsequent “tightening” of your existing security configuration is simply one of the most “feared” consequences of any audit report or role-modeling project.

What are the practical problems involved when cleaning up the RACF database? To retroactively improve a system’s security, i.e. to question existing authorizations by removing, reorganizing or reducing these, always involves the real risk of negatively influencing productive processes and provoking subtle failures. Actually, a golden rule in IT is to “never change a running system!” Nobody knows which users access which resources and would eventually sign a corresponding statement as definitive. Management is therefore constantly challenged to provide their security team with the necessary motivation for such a cleanup project while taking into account its primarily abstract values of security and compliance. At first glance, it seems as if everyone involved “has nothing to gain.” But this is no longer true – there is good news!

The right technology and support make it easy to clean up RACF – and also worthwhile from a practical point of view. Deleted profiles, streamlined access lists, compact groups – all these avoid overhead in RACF’s processing and thus save CPU time concerning each resource access check – several millions of which occur daily.

Setting up an initial role model creates challenges quite similar to those of an RACF cleanup. The first step is to define the current status quo of the required authorizations for all users. You must determine which resources each user must access regarding his or her “role(s)” in the company’s business. A complete and comprehensive assessment in this field is a prerequisite for the second step, which includes the development of a role model based on effectively required, i.e. non-excessive authorizations.

Both challenges – cleaning up RACF and setting up an initial role model – provoke a common technological desire to perform a long-term observation of all resource access requests. SF-SecuClean provides you with this efficient long-term monitoring for RACF environments. Its high performance and cost-effective technology allows you to easily 1) clean up and streamline the security configurations defined by the RACF database (e.g. streamlining access lists, lowering UACCs, removing global access authorizations, deleting profiles, etc.), and 2) perform the necessary assessment of the currently required access authorities to set up an initial role model.

SF-SecuClean’s technology extends the standard RACF environment with the required resource access monitoring without influencing RACF’s actual decisions. All resource access requests are registered in a database (DB2) that is available for online evaluation and reporting at any time. A precise knowledge base is created over time regarding which users (must) access which resources on which access levels for their daily work. The longer the observation period, the greater the informative value of this monitoring becomes. In the end, i.e. after a sufficient length of time, clarity arises regarding each user’s actually required authorizations, which then allows you to reconfigure and optimize the RACF database with minimum risk. Of course, SF-SecuClean’s unique monitoring capabilities also support daily work in your RACF administration, security monitoring, system programming and IT audit departments. Information regarding (real) occurring access requests can be obtained online at any time by following a simple procedure.

SF-SecuClean is, therefore, the ideal solution for all mainframe users across all business sectors or company sizes. It is also the “perfect match” for all pragmatic z/OS users who dismiss any “monitoring and compliance overkill” and just desire a state-of-the-art cleanup and high-performance configuration of their RACF security without investing a lot in CPU time and other costs. Check it out!

Automate your IT Security and Compliance to the max today!

Get Started Now

Solutions to the max.

Cross-Platform Security Solutions

Constant monitoring and auditing of all computer systems is state of the art. For large enterprises it also requires a real-time integration of the mainframe platforms governing event monitoring, vulnerability assessment and compliance checking. With SF-Sherlock and SF-NoEvasion, your security monitoring solution is powerful and can be implemented across your enterprise through the easy integration of the mainframe.

 

SIEM Connectors

Learn More

Mainframe Security and Compliance

Learn More

SOC (Security Operation Center)

Learn More

Compliance

Over the past several years, compliance has become more and more an important issue, but also a tedious task. Our SF solutions assist you in automating the resulting workload to the max by also covering the entire mainframe platform - thanks to a 360-degree approach.

PCI Data Security Standard (PCI DSS)

Learn More

General Data Protection Regulation (GDPR)

Learn More

Cloud Security

Learn More

Protection

With SF-Sherlock, you can also protect your mainframe platform against attacks and combat high-level risks. Thanks to our max approach this also includes malicious code and exploits. Yes, both of these are real risks on the mainframe platform!

Penetration Testing

Learn More

Privileged User Monitoring

Learn More

DB2 Real-Time Monitoring

Learn More

IMS Security Monitoring

Learn More

SF Solutions

All SF solutions are invented and developed in-house. Therefore, you can count on both our unique expertise and our high level of motivation in providing you with solutions and services with maximum performance, effectiveness, and productivity.

Security and compliance monitoring

SF-Sherlock

Real-time audit & compliance data provider, and audit trail protector

SF-NoEvasion

z/OS dump and log anonymization

SF-SafeDump

RACF database cleanup for z/OS

SF-SecuClean

Maximum password and login security for z/OS

SF-LoginHood

Unique utilities as individual solutions

SF-Utilities

Are you expecting a governmental audit of your mainframe platform soon, as by the BaFin or ECB?

Let us help you prepare your mainframe security and compliance.

++800 - 37 333 853 or simply dial: ++800 - DRFEDTKE

Call our world-wide toll-free number now!

(++ represents the prefix for international calls; in most countries it is 00; in the U.S. it corresponds to 011)

News & IT Security Forum

SF-Sherlock filter to detect bypassing mandatory usage of Privileged Account Security solutions, such as CyberArk

by | Aug 2, 2019 | News

Privileged Account Security solutions, such as CyberArk, became almost mandatory for larger data centers – definitely in case of critical infrastructures. They support your compliance by managing the passwords of your privileged users, recording their screen while working on given systems, and by strict policies it’s only allowed for privileged users to work when their sessions are recorded.

In case of mainframes, in order to comply with this regulation, the 3270 emulation session has to be established from specific servers for guaranteeing the required recording; the same is true for any session via PUTTY, FTP, etc. Accordingly it has to be detected, such as via the given SIEM solution, if someone tries to bypass this session recording obligation by connecting from outside the Privileged Account Security solution’s surveillance scope. For properly detecting any bypassing a corresponding monitoring is required on the mainframe.

All SF-Sherlock users may now participate in our latest experience to establish such a bypass detection. A set of specialized filters has been developed to select and forward all required details to your SIEM solution – almost spoon-ready for an easy filter and correlation definition.

SF-SafeDump supports XML and JSON files

by | Aug 2, 2019 | News

SF-SafeDump’s new PTF level 021 supports high-quality anonymization of log files in the XML and JSON formats. This new feature supports mainframe data centers providing XML- and JSON-based diagnostic and debug information to their software vendors or internal development departments. Please ask our support to receive SF-SafeDump’s latest update.

Read All News

Join our newsletter list

Worldwide toll-free phone number

++800 - 37 333 853
or simply dial:
++800 - DRFEDTKE
Alternatively:
+41 41 710 4005

(++ represents the prefix for international calls; in most countries it is 00; in the U.S. it corresponds to 011)

Find Us

Headquarters

Seestrasse 3a, 6300 Zug, Switzerland

Visitors & Training

Dammstrasse 19, 6301 Zug, Switzerland

Social Media

Xing → Linkedin →

Write Us

Marketing
marketing@enterprise-it-security.com
copy the address

Technical support and hotline
hotline@enterprise-it-security.com
copy the address

Legal and compliance
legal@enterprise-it-security.com
copy the address