Big Iron to Big Data: How Your Mainframe Data Completes the Puzzle
Pre-Con Ed: Real-Time Data Audit and Security: Find, Classify and Protect Sensitive Data on the...
-
Upload
ca-technologies -
Category
Technology
-
view
78 -
download
0
Transcript of Pre-Con Ed: Real-Time Data Audit and Security: Find, Classify and Protect Sensitive Data on the...
World®’16
Real-TimeDataAuditandSecurity:Find,ClassifyandProtectSensitiveDataontheMainframe
ChipMason,SeniorPrincipalProductManager,CATechnologiesSaiGujja,Manager,SoftwareEngineering,CATechnologies
MFX40E
MAINFRAMEANDWORKLOADAUTOMATION
2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ForInformationalPurposesOnlyTermsofthisPresentation
©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespectivecompanies.Thepresentationprovided atCAWorld2016isintendedforinformationpurposesonlyanddoesnotformanytypeofwarranty.Someofthespecificslideswith customerreferencesrelatetocustomer'sspecificuseandexperienceofCAproductsandsolutionssoactualresultsmayvary.
CertaininformationinthispresentationmayoutlineCA’sgeneralproductdirection.Thispresentationshallnotserveto(i)affecttherightsand/orobligationsofCAoritslicenseesunderanyexistingorfuturelicenseagreementorservicesagreementrelatingtoanyCAsoftwareproduct;or(ii)amendanyproductdocumentationorspecificationsforanyCAsoftwareproduct.Thispresentationisbasedon currentinformationandresourceallocationsasofNovember1,2016,andissubjecttochangeorwithdrawalbyCAatanytimewithout notice.Thedevelopment,releaseandtimingofanyfeaturesorfunctionalitydescribedinthispresentationremainatCA’ssolediscretion.
Notwithstandinganythinginthispresentationtothecontrary,uponthegeneralavailabilityofanyfutureCAproductrelease referencedinthispresentation,CAmaymakesuchreleaseavailabletonewlicenseesintheformofaregularlyscheduledmajorproductrelease.SuchreleasemaybemadeavailabletolicenseesoftheproductwhoareactivesubscriberstoCAmaintenanceandsupport,onawhen andif-availablebasis.Theinformationinthispresentationisnotdeemedtobeincorporatedintoanycontract.
3 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Abstract
Datausageismorerapidthaneverintoday'sapplicationeconomy.Areyouabletotellwhoisaccessingyourdata,whenitsbeingaccessed,andwherethedataislocatedevenifitisalreadyprotected?WhilemostITdepartmentshavetoolstomanageandprotectdataonenterprisesystems,theMainframeisoftenmissingthisawarenessandprotection.ThissessionwillshowyouhowCAcaneasilyhelpcoverthisgapwithaneasy-to-usesolutionthatfinds,classifiesandprotectssensitivepersonallyidentifyinginformation(PII)andmeetsregulateddatarequirementsinPCIDSS,HIPAA,andothercompliancesituations.CADataContentDiscoveryandCAComplianceEventManagerreal-timedataauditandsecuritysolutioncanhelpyoutrackprivilegeduseractivity,findmissingorunknowndata,andperformDLPfunctionsandalertsforthemainframe.
ChipMasonCATechnologiesDirector,ProductManagement
SaiGujjaCATechnologiesManager,SoftwareEngineering
4 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Agenda
CADATACONTENTDISCOVERYBUSINESSVALUE
CACOMPLIANCEEVENTMANAGERBUSINESSVALUE
ROADMAP
CADATACONTENTDISCOVERYARCHITECTURE
CACOMPLIANCEEVENTMANAGERARCHITECTURE
LIVEDEMO
1
2
3
4
5
6
5 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CADataContentDiscoveryBusinessValue
Stayconnectedatcommunities.ca.com
6 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Reducingthelikelihoodofcatastrophicdatabreachesinthedatacenter– ComplementingIAMwithdata-centric
Situation
Risk
What’sBroken
TheSolution
Mainframestilltransacts~70%ofmissionessentialdataSensitiveandRegulateddataisstoredonthemainframe
AccidentalorphaneddatadisclosurebyanemployeeIntentionaldataleakageviaabreach
“Wetakedataoffthemainframeforclassificationandauditreporting– risky,expensive…”
“Wehavehome-grown,timeconsumingprocesses–veryexpensive…”
Improvingcompliancebylocatingtheorphanedorhidden&unprotectedregulateddata
Scanningandclassificationremainonthemainframe
“Withbreachesinthenewseveryday,beingabletofindwhere
regulateddataresides-orrulingoutthe
existenceofsensitivedata- isacriticalfirststepinprotectingyour
business.”
7 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
TheImpactofDataTheft
HealthInsuranceAnnounced:March2015Recordsstolen:11MCost:Tobedetermined.Facingaclassactionlawsuitaswellaspotentialregulatoryviolationfines.
RetailAnnounced:September2014Recordsstolen:56MCost:$43Mandcounting.Estimatesputthisashighas$10B(includesallremediationcostsbornebythecompanyandconsumers)
HealthSystemsAnnounced:August2014Recordsstolen:4.5MCost:$75M– $150M
eCommerceAnnounced:May2014Recordsstolen:233MCost:$200Mandcounting.
RetailAnnounced:December2013Recordsstolen:70MCost:$162Mandcounting.Recentestimatesputthisatwellover$1B.
GovernmentAnnounced:May2015Recordsstolen:22MCost:Tobedetermined.Likelyfacingaclassactionlawsuitaswellasothers.
8 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Basedonregulationororganizationalsensitivity
Dataremainsonthez/OSplatform
Regulatedandsensitivedatainyourmainframedatastores
Protect
CADataContentDiscoveryReducingthelikelihoodofacatastrophicdatabreach
TheAppEconomycreatesnewrisksofcatastrophicdatacompromise“Withbreachesinthenewseveryday,beingabletofindwhereregulateddataresides- orrulingoutthe
existenceofsensitivedata- isacriticalfirststepinprotectingyourbusiness.”
X 70% oftheworldmissioncriticaldatatransactsonthemainframe.
Find ProtectClassify
9 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
10+Filetypes
CADataContentDiscovery
FINDSetupthescanInitiatethescanProvidediscoveredresultstoSecurityAdministrator
SecurityOperations
110+Classifiersoutofthebox:§ PCI,HIPPA,PII,etc.
Customclassifiers
CLASSIFYReviewcomplianceresultsandlabelsensitivedataProvidecompliancereporttoInternalAuditor
InternalAuditor
§ IdentifyWhoHasAccesstoWhatData
§ IdentifyWhoAccessedData
PROTECTModifyaccessbasedonscanresultsConfirmsuccessfulauditagainstindustryregulations
SecurityAdministrator
10 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
FileTypesAvailable In Development
Physicalsequential(includingaccessmethods: QSAM,BSAM,BDAM)
DatainMotion:Connect:Direct
PDS/PDSeDB2tables
USS(HFS&zFS)VSAM
DatacomIMS
DatainMotion:FTPDatainMotion:SMTP
FindIt:DataTypes
11 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CADataContentDiscoveryandData-in-motion
Paymentsdatabase
Malicioussystemprogrammer– JSCBPASS
EnterprisePerimeter
FileTransferProtocol CADCD
12 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
AccountData
Cardholder Data SensitiveAuthenticationDataPrimaryAccountNumber(PAN) Magneticstripedata
CardholderName CAV2/CVC2/CVV2/CID
Expiration Date PINs/PINblocks
ServiceCode
ClassifyIt:PCIData
13 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ClassifyIt:PIIData
PIIAttributesFullName Dateofbirth
HomeAddress Emailaddress
NationalIdentificationNumber Passportnumber
DriversLicenseNumber Vehicleregistration
Birthplace Geneticinformation
Telephonenumber Loginname,screenname,nickname,handle
Face,fingerprints,handwriting IPAddress
CreditCardNumbers Digitalidentity
FirstName LastName
State Age
Gender Race
Schoolsattended Criminalrecord
Country US ZipCode
C
C
C
C
C
C
C
CustomClassifier
QuickPicks
14 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ClassifyIt:PHIData
PHIAttributesFullName Geographic subdivision
Dataelements Telephonenumber
Faxnumber Electronicmail address
SSN Medicalrecordnumber
HealthPlan beneficiarynumber Accountnumber
Certificate/licensenumber VehicleID/Serial number/licenseplatenumber
Deviceidentifier/serialnumber Biometricidentifier
Full facephotographorimage Otheruniqueidentifyingelement
C
CustomClassifier
QuickPicks
C
C
C
C
C
C
15 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CAComplianceEventManagerBusinessValue
Stayconnectedatcommunities.ca.com
16 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Alert:Bringreal-timeawarenessofcriticalMFsecurityissues§ MonitorSecuritydetailsdirectfromESMandcontrolpointsinz/OS§ Detectionofsecuritysystemchangesandpolicyviolations§ Builtforhighvolumesecurityevents(routersendseventstovariouscomponents,
lighteningloadonsystemandESMs)provenatmillionsofevents.
Inspect:WithcomprehensiveAuditingandForensicssupport§ Policy-basefilteringandreal-timerecordingofcriticalsecurityforactions.§ Providesabilityto‘replay’allsecurityevents,supportingforensicanalysisofsecurity
situationswithHigh-volumerawsecuritydatarecording.§ Search,filterandanalyzerecordedhistoricaldata,withautomatictaperetrievalandload
Protect:EnsureMainframeintegrityandbringDataCentricawareness§ DesignedforSecurity:ImmunefromExitsplacedinSMFandconfigurationfiles,meanttohideactivity.Uses‘superset’ofSMFSecuritydata.§ Real-timemonitoringofcriticalz/OSconfigurationfilesdetectpotentiallymaliciouschangesbeforeIPLexecutesthem.§ Analyzeusersaccessingcriticalsensitiveandregulateddatasets,viaintegrationwithDataContentDiscovery
CAComplianceEventManager:MainframeSecurityVulnerabilityPlatform
17 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CAComplianceEventManagerv5:What’sNewCAComplianceEventManagergatherssecurityeventsfromESM,z/OSfunctionsandfiles.Thesolutioncandeterminewhatwaschanged,whomadethechangeandwhen,aswellasmonitorchangesandruncomparesforcompliancechangesandchangestoaccesspermissions.
Differentiators:RunsexclusivelyonMainframe,noneedtomovemainframedata,PDSmonitor
CAComplianceEventManagerv5brings:§ ImprovedTimetoValue withnewinstallation,deploymentandconfiguration
architecture
§ SimplifiedUserExperiencewithnewWebUserInterfaceandanintuitivepolicyadministrationUI
§ ReducedfootprintwithlighterweightalternativetopreviousCAChorusforSecurityandComplianceManagement
§ ImprovedperformancewithRealTimeAlertingandMonitoringforidentifyingpotentialbreachesorviolationsofpolicy
§ HighAvailabilitywithsupportforSysplex
§ Integration withDCDforDatacentricsecurity
18 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CAComplianceEventManager:AlertAlertsandMonitoring
CAComplianceEventManagerCapability Business BenefitMonitorssecuritydetailsdirectfromESMandcontrolpointsinz/OS
ImmunefromExitsplacedinSMFandconfigurationfiles,meanttohideactivity.Uses‘superset’ofSMFSecuritydata.
MonitorcriticalsecuritysystemPDSchangesforsecurityissues
DiscoverchangestofilesusedwhenIPLing themainframethatmightloadunwantedroutines
Builtforhighvolumesecurityevents(routersendseventstovariouscomponents,lighteningloadonsystemandESMs)provenatmillionsofevents
Scalesforourlargestcustomers
Outofboxpoliciesforcriticalvulnerabilitiesandconfigurations:ex:JSCBPASS,sys1.parmlib
DeployingCEMimprovesbasesecurityposture
19 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ComplianceEventManager:InspectAudit
CAComplianceEventManagerCapability Business BenefitDetectionofsecuritysystemchangesandpolicyviolations
Alertsinnearreal-time(5minutes)tochangestoconfigurationfiles,preventingerrorsorworse
Datawarehouseforreal-timeeventmanagement,andauditing
Storespolicyfilteredeventsindatabaseforqueries,forwarding,analysisandauditingpurposes.
Advancedreporting Buildreportsaroundsecuritypoliciesandcompliancerules
20 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ComplianceEventManager:InspectForensics
CAComplianceEventManagerCapability Business BenefitCACEMhasahigh-volumerecordingofrawsecuritydata,creatingahistoricalrecordofallsecuritydataoverlongperiodsoftimeforfutureinvestigation.Thisprovidestheabilitytoautomaticallyarchivetotape.
Providesabilityto‘replay’allsecurityevents,supportingforensicanalysisofsecuritysituations.
Datamartutility allowsforsearch,filteringandanalysisofrecordedhistoricaldata,withautomatictaperetrievalandload
Help identifyissuesquicklybyqueryingtime-framesandTargetingspecificsecurityevents,creatingasubsetofthefulldatastreamfordetailedanalysis.
21 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ComplianceEventManager:Protect
CAComplianceEventManagerCapability Business BenefitMonitorSecuritydetailsdirectfromESMandcontrolpointsinz/OS
ImmunefromExitsplacedinSMFandconfigurationfiles,meanttohideactivity.Uses‘superset’ofSMFSecuritydata.
MonitorPDSandothercriticalconfigurationfiles Real-timemonitoringofcriticalz/OSconfigurationfilesdetectpotentiallymaliciouschangesbeforeIPLexecutesthem.
UnderstandWhohasaccessedsensitiveandregulateddata,includinglastaccessandhowoften,buildingpoliciestomonitorfurtheraccess.
Analyzeusersaccessingcriticalsensitiveandregulateddatasets,viaintegrationwithDataContentDiscovery.
23 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CADataContentDiscoveryArchitecture
WebUI(ControlsScansReporting)
DCDController
DCDControllerAddressSpace
BatchClientUtility
WLMonz/OS
DCDRepository
ClassificationEngine
(DCDServerAddressSpace)
DataSources
Sequential
PDS/E
VSAM
DB2
Datacom
IMS
AnyBrowser
USS(HFS&zFS)
24 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CACompliantEventManagerArchitecture
CEMRepository
CEMAddressSpace(TomcatServer)
CEMUI(Policy,Reporting)
AnyBrowserz/OS
CEMControlPoints
ESM
CEM Router
Alert(optional)
Monitor(optional)
Logger(optional)
Warehouse(optional)
EventPolicy
Logstream
DataMart
25 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Demo!
§ CADataContentDiscovery– productoverview
§ CustomclassifiersinCADCD
§ WhohasAccess/WhoAccessed
§ CAComplianceEventManager– productoverview
§ Policyoverview
§ Splunk Apppreview
27 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CADataContentDiscoveryPromise
FINDIT CLASSIFYIT PROTECTIT
ForCISOsandMainframeSecurityDirectors
ForCISOs,InternalAuditorsandRiskOfficers
ForMainframeSecurityanalystsandMainframeDataanalysts
Thefirstdata-patternscanningcapabilityuniquelynativelyon
mainframeinthemarket
SimpleandModernGUIalongwithFlexibleschedulingdesignedforbothz
andnon-IBMzpersonnel
Eliminateriskyoffloading- withdatasecurityrightonthemainframe.OnlyDatasecurityproductcurrentlyonthemarketformainframetousespecialty
enginestoreduceupgradecosts
Gainquickandcriticalinsightaboutthepotentialandmagnitudeofdata
exposureonthemainframe
Provetoauditorsthatcontrolsarecheckedbydata-typestosatisfy
regulations
Stayincontrol– eliminateriskwhilereducingcostsofdataprotection
processes
28 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CAComplianceEventManagerPromise
ALERT INSPECT PROTECT
CISO,ComplianceOfficerSecurityArchitect,Auditor,IT
OperationsMainframeSecurityAnalysts,MainframeDataAnalyst
CAComplianceEventManagerhelpsmitigatesecurityeventsthroughmoredetailedandreal-timealerting100%
onthemainframe
Real-timealertingtocriticalsecuritysituationscombinedwithdeeperinsightintosecurityandcomplianceissues,leadingtoanimprovedriskposture.
CAenablesdeeperinsightfordatasecurityandcompliance,allowingcustomerstofindwheredatais
located,whenitmovesandwhohasaccesstoit
Gainimmediateandcriticalinsightaboutthepotentialandmagnitudeofdataexposureonthemainframe
Proveittoauditorsthatcontrolsarecheckedbydata-typestosatisfy
regulationsandquicklycommunicatecomplianceposture
Stayincontrolofthemostmissionessentialassetsinthebusinesstoactquickly&eliminateriskwhilereducingcostsofdataprotectionprocesses
30 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
RecommendedSessions
SESSION# TITLE DATE/TIME
MFT53TIntheVoiceofaMainframeMillennial:HowCanMainframeSecurityBeMadeEasier? 11/16/2016at12:45pm
MFT174SMainframeSecurityStrategyandRoadmap:BestPracticesforProtectingMissionEssentialData 11/17/2016at12:45pm
MFT175S GapsinYourDefense:HackingtheMainframe 11/17/2016at3:00pm
31 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
MustSeeDemos
Real-TimeDataSecurity&Compliance
CADataContentDiscoveryMainframeTheatre
MainframeSecuritySmartBar
CATopSecretMainframeTheatre
Real-TimeDataSecurity&Compliance
CAComplianceEventManagerMainframeTheatre
MainframeSecuritySmartBar
CAACF2MainframeTheatre