Select Page

Refuel your enterprise audit and SIEM solutions with the most comprehensive and complete z/OS audit data

Plug & play SIEM connector for your z/OS mainframes (e.g. Splunk, ArcSight, QRadar, etc.)

N
Ultimate hardening, streamlining and consolidation of your audit & security trails.

N
Log –  Block – Modify.

N
Allows for the replacement of password and security exits

Target your true auditing & security enemies!

Systems and processes never tell you the whole story. But complete and authentic logs are a prerequisite for both proper IT operation and complete auditing & compliance – including effective detection of fraud and abuse. You may not believe this, but much of the essential and highly critical activity on your recognized z/OS mainframe simply does not come to your attention since it is not logged or properly protected.

The triad of smart and smooth z/OS command and system service verification includes logging, blocking and modifying.
SF-NoEvasion for z/OS allows for the ultimate hardening and transparency of your audit trails with regards to the suppression of information, bypassing, fraud and abuse. It also improves and enhances critical security controls to allow for highly precise and flexible decisions about how they are to be used! Become the boss by finally knowing the complete story on what’s happening on your z platform!

The plug & play Real-Time Sniffer, Spool Monitor, File Watcher, Universal Log Scanner and Event Forwarder finally lets you feed all your security and compliance monitoring applications with event data – with utmost completeness and speed. The included PC-based system for Security Information and Event Management (SIEM) provides a high-performance audit workflow. As an option, it lets you also include events of non-mainframe platforms, such as Windows, UNIX, Linux, etc.

Highest security and compliance levels for the z/OS mainframe platform are requestedAll security and compliance standards, like SOX, PCI, ISO, FERC, DOD, HiPAA, etc., claim full (100%) transparency and the ability to audit completely all processes in your company’s IT. Missing audit information represents a top-level risk, implying the impossibility of effectively detecting fraud, abuse and non-compliant behavior.

But how can incomplete logs be possible on platforms that have received the highest levels of [security] certifications? Your fear is reasonable! Various processes may be involved, such as invalid system configurations, critical system services supporting “no logging” features, tricky log suppression, bypassed security mechanisms, and much more. High-value compliance certifications may easily become invalidated in cases of incomplete audit data. Skilled software vendors, staff, or parties with malicious intent may easily dupe you by hiding the “actual truth”, and, furthermore, putting into question your company’s compliance and the legal protections of your auditing.

SF-NoEvasion profits from the experience of having penetrated and assessed mainframes for over a decade to achieve extremely secure environments.

 

It provides comprehensive and smart command and system service verification to completely audit and protect all critical z/OS components, including Security Server (RACF), user authentication, user password change, console commands, FTP, and much more. At last, you no longer have to put up with any potential weaknesses in your audit trails, and you can finally achieve the highest level of automated controls and completeness in your compliance strategy!

Finally, you know all of what’s involved in becoming really compliant and secure!

Compliance

Over the past several years, compliance has become more and more an important issue, but also a tedious task. Our SF solutions assist you in automating the resulting workload to the max by also covering the entire mainframe platform - thanks to a 360-degree approach.

Protection

With SF-Sherlock, you can also protect your mainframe platform against attacks and combat high-level risks. Thanks to our max approach this also includes malicious code and exploits. Yes, both of these are real risks on the mainframe platform!

Are you expecting a governmental audit of your mainframe platform soon, as
by the BaFin, ECB, or one of
the “Big Four”?

Let us help you prepare your mainframe security and compliance.

+800 - 37 333 853 or simply dial: +800 - DRFEDTKE

Call our world-wide toll-free number now!

(+ represents the prefix for international calls; in most countries it is 00, and you have to dial 00800-37333853; in the U.S. it corresponds to 011)

News & IT Security Forum

“Forensic Swiss Knife for z/OS” – become DORA- and FINMA-ready

DORA and FINMA sustainably increase the demands on IT security and resilience. One aspect of the proactive regulations concerns the more negative situations and aspects of an incident and how to deal with them, known as incident management. Such an incident necessitates a short-term, in-depth forensic analysis. The results of this analysis must be profound. Why? Since the decision on the restore point may be based on them. And don’t forget the stress level in such a situation. In the case of the mainframe, the logs and events kept online in the SIEM are often not 100% and potentially insufficient for the required deep-level analysis. Why? Because the total volume of data would often be too large for a truly complete SIEM delivery. What consequences does this have for DORA-related incident management? Your IT must always be able to provide the forensics team with the complete inventory of forensic data at short notice for selective periods of time, in an environment that is familiar to them and therefore performs well in terms of analysis. This is usually the SIEM, such as Splunk, ArcSight or QRadar, and not the TSO ISPF environment.

To support your mainframe environment with regard to this DORA aspect, SF-Sherlock’s PTF Level 095 also includes a “Forensic Swiss Knife for z/OS.” This allows you to prepare for this situation in accordance with DORA and FINMA. It works ON REQUEST to provide the SIEM with 100% of the necessary forensic data for a selected date and time range. It’s desgined to work even if top specialists are unavailable. The only step you need to take is to create the corresponding documentation in the operating manual. Such incident-related SIEM 100% filling should also always be part of the emergency drills required by DORA and FINMA.

Further DORA and NIS-2 focused PTF level 095 for SF-Sherlock

SF-Sherlock’s new integration with z/OS System Automation further strengthens the DORA objective of maximum resilience. The new SF-Sherlock 2 System Automation integration kit makes linking event monitoring to the Z System Automation solution a simple process. This also makes the automation team an integral part of the line of defense around the mainframe. Please contact our support if you have not yet received the download link.

Worldwide toll-free phone number

+800 - 37 333 853
or simply dial:
+800 - DRFEDTKE

Alternatively:
+41 (0)41 710 7444

(+ represents the prefix for international calls; in most countries it is 00, and you have to dial 00800-37333853; in the U.S. it corresponds to 011, and you have to dial 011-800-37333853)

Find Us

Headquarters

Seestrasse 3a, 6300 Zug, Switzerland

Visitors & Training

Dammstrasse 19, 6301 Zug, Switzerland

Social Media

Xing → Linkedin →

Write Us

Marketing
marketing@enterprise-it-security.com
copy the address

Technical support and hotline
hotline@enterprise-it-security.com
copy the address

Legal and compliance
legal@enterprise-it-security.com
copy the address