TrademarksArcSight is a trademark of ArcSight Inc.

CA-ACF2 and CA-TSS are trademarks of CA Technologies Inc.

SF-Sherlock, SF-DumpAnonym are trademarks of Dr. Stephen Fedtke,System Software

Splunk is a trademark of Splunk, Inc.

DB2, IPCS, RACF, QRadar, zIIP, z/OS are trademarks of IBM, Inc.

Agenda „Dump Anonymization“

Why it‘s totally necessary to combat these risks?

How SF-DumpAnonym successfully releases youfrom this new security and compliance requirement?

New internal organization around „dumps and log“

No impact when cooperating with software vendors

What‘s the problem with system dumps and logs?

Enterprise-IT-Security.com - and the Integrity 2.0 initiative

Enterprise-IT-Security.com

Your partner when it comes to critical infrastructure.

Some Facts About Our CompanyHeadquarted in Switzerland (Zug) - operating worldwide.

Clients belong to the Fortune-500, governments as well asthe military.

Completely independent – inhouse-development of allsolutions, not „just“ a reseller. We target all risks!

Offering plug and play solutions including both high-performance solutions as well as excellent services.

Focus on IT security, compliance and quality automation -coming from, but not limited to mainframes.

Of high reputation - exists for more than 20 years.

Where does our company‘s and product‘s „spirit“ come from?

Switzerland is a uniquely demanding and

challenging market – no comment.

These markets claim solutions

going far beyond industry’s

standard.

Welcome to

Integrity 2.0 for System z

Our “Integrity 2.0 for System z”

solutions initiative stands for

today’s required new level of

securing and protecting

critical infrastructure Of course we support the triple: RACF, CA-ACF2 and CA-TSS

„Negative intentions“ targeted by Integrity 2.0

national interest

personalgain

personalreputation

curiosity

„script kiddie" „hacker" specialist on„top gun“ level

SPY / WAR

INTRUDER

THIEF / REVENGE high rate of growth

VANDAL

Today‘s Integrity –„1.0“

Integrity 2.0

For achieving that goal

our “Integrity 2.0” solutions go

beyond the industry’s standard

by combining great engineering, high efficiency and real effectiveness WITH „easy to install and use“.

Integrity 2.0 Results From “Professional Paranoia”Paranoia is man’s elementary source, stimulation and motivation for progress, and thus very helpful as long it’s reasonable, focused and measurable - let’s call it professional paranoia

Samples of our professional paranoia targeting on a high-level protection of your critical infrastructure:• Can the security system or audit controls be bypassed?• Where and how will attackers get access to my system?• Where and how could my audit trails be broken?• Which top-level risks result from my outsourcer?• Which risks result from my software vendors? From their APF

libraries, developers’ location, subcontractors, from any exchanged service documents, …

• and much more

Integrity 2.0 Initiative For System zSolution #1: SF-Sherlocknext-generation z/OS SIEM Connector providing real-time main-frame integration for ArcSight, QRadar, Splunk, and more; extraordinarily powerful and cost-effective by including both a z/OS vulnerability scanner as well as pro-active integrity protectors against professional fraud, …

Solution #2: SF-DumpAnonymautomated dump and log anonymization for z/OS, …

Service #1: Trouble-free z/OS penetration test

Service #2: Technological mediation within your Outsourcing Relationship Management (ORM)

BUT we already use …, and are

not yet ready to replace!

Well, that’s fine. Just know that it also makes

sense putting integrity 2.0’s unique

performances on top of your current standard

solutions for closing the gaps. It simply

depends on how professional your paranoia is.

Now you understand why it’s

our company that invites you

today to talk about the

top-level risk given

with system dump and log files

It’s a great honor for us

to share our professional paranoia

with you today for making

your company’s and country’s

critical infrastructure

more safe.

So let’s start and talk about the

risks resulting from forwarding

system dumps and logs

to third parties (software vendors)

Don’t worry! Nobody really knows why we all ignored that risk for so long!

1 picture tells more than 1000 words

What‘s a dump? When & why created?Dumps result from application or system abends(„crashes“), and become created automatically by the OS

Dumps capture the system status including the entire memory, registers, etc. to support the debug process

System dumps potentially become huge (x GBs)

System dumps are highly critical and sensitive

z/OS creates dumps in different formats, some are direc-tly readable (SYSABEND, SYSUDUMP), others are binary coded and require IPCS (SYSMDUMP, SVC-Dump, etc.)

The risk resulting from dumps becomes realized in the mo-ment of handing them over to any third party (e.g. vendor).

Risk given with „handing over dumps“

sensitive company, account and client datacertificates, e-mail addresses, IP addresses, etc.user IDs, passwords, etc.

(own) system and security exits, potential weaknesses, etc.information of „sysplex neighbors“ (when sharing a plex)

security controls und settings

Dumps appear as „pure technical, plain and so innocent“,but „pack a punch“ for “pros” with negative intentions:

database content, print & spool data

and much more

In total, system dumps and logs

include such a wide spectrum and

high volume of sensitive information

that you actually won‘t share them -

even not among „best friends“.

Sounds horrible! What are my options?

It‘s simple! Dumps and logs need to pass strong anonymization before

handing them over - “just take them to the cleaner”.

By the way, system logs will also be anonymized, such as

EREP, syslog, …

SF-DumpAnonym is the innovative, patented and

high-performance solution to anonymize system dumps & logs

Very important: it‘s easy to install

and use - and it learns.It’s almost as simple as copying – just takes a little bit longer than IEBGENER.

Other platforms than z/OS?

Yes, development started already,and we look forward keeping

you updated.

SF-DumpAnonym meets all best practice requirements and puts your

cooperation with software vendors on a completely new level of trust.

Thanks for attending this presentation!

Please do not hesitate contacting us:

Phone: +41 41 710 4005E-Mail: integrity20@enterprise-it-security.com

or visit us at

www.enterprise-it-security.com

Further questions?