Pre-Con Ed: Real-Time Data Audit and Security: Find, Classify and Protect Sensitive Data on the Mainframe

World®’16

Real-TimeDataAuditandSecurity:Find,ClassifyandProtectSensitiveDataontheMainframe

ChipMason,SeniorPrincipalProductManager,CATechnologiesSaiGujja,Manager,SoftwareEngineering,CATechnologies

MFX40E

MAINFRAMEANDWORKLOADAUTOMATION

2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

ForInformationalPurposesOnlyTermsofthisPresentation

©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespectivecompanies.Thepresentationprovided atCAWorld2016isintendedforinformationpurposesonlyanddoesnotformanytypeofwarranty.Someofthespecificslideswith customerreferencesrelatetocustomer'sspecificuseandexperienceofCAproductsandsolutionssoactualresultsmayvary.

CertaininformationinthispresentationmayoutlineCA’sgeneralproductdirection.Thispresentationshallnotserveto(i)affecttherightsand/orobligationsofCAoritslicenseesunderanyexistingorfuturelicenseagreementorservicesagreementrelatingtoanyCAsoftwareproduct;or(ii)amendanyproductdocumentationorspecificationsforanyCAsoftwareproduct.Thispresentationisbasedon currentinformationandresourceallocationsasofNovember1,2016,andissubjecttochangeorwithdrawalbyCAatanytimewithout notice.Thedevelopment,releaseandtimingofanyfeaturesorfunctionalitydescribedinthispresentationremainatCA’ssolediscretion.

Notwithstandinganythinginthispresentationtothecontrary,uponthegeneralavailabilityofanyfutureCAproductrelease referencedinthispresentation,CAmaymakesuchreleaseavailabletonewlicenseesintheformofaregularlyscheduledmajorproductrelease.SuchreleasemaybemadeavailabletolicenseesoftheproductwhoareactivesubscriberstoCAmaintenanceandsupport,onawhen andif-availablebasis.Theinformationinthispresentationisnotdeemedtobeincorporatedintoanycontract.


Abstract

Datausageismorerapidthaneverintoday'sapplicationeconomy.Areyouabletotellwhoisaccessingyourdata,whenitsbeingaccessed,andwherethedataislocatedevenifitisalreadyprotected?WhilemostITdepartmentshavetoolstomanageandprotectdataonenterprisesystems,theMainframeisoftenmissingthisawarenessandprotection.ThissessionwillshowyouhowCAcaneasilyhelpcoverthisgapwithaneasy-to-usesolutionthatfinds,classifiesandprotectssensitivepersonallyidentifyinginformation(PII)andmeetsregulateddatarequirementsinPCIDSS,HIPAA,andothercompliancesituations.CADataContentDiscoveryandCAComplianceEventManagerreal-timedataauditandsecuritysolutioncanhelpyoutrackprivilegeduseractivity,findmissingorunknowndata,andperformDLPfunctionsandalertsforthemainframe.

ChipMasonCATechnologiesDirector,ProductManagement

SaiGujjaCATechnologiesManager,SoftwareEngineering


Agenda

CADATACONTENTDISCOVERYBUSINESSVALUE

CACOMPLIANCEEVENTMANAGERBUSINESSVALUE

ROADMAP

CADATACONTENTDISCOVERYARCHITECTURE

CACOMPLIANCEEVENTMANAGERARCHITECTURE

LIVEDEMO

1

2

3

4

5

6


CADataContentDiscoveryBusinessValue

Stayconnectedatcommunities.ca.com


Reducingthelikelihoodofcatastrophicdatabreachesinthedatacenter– ComplementingIAMwithdata-centric

Situation

Risk

What’sBroken

TheSolution

Mainframestilltransacts~70%ofmissionessentialdataSensitiveandRegulateddataisstoredonthemainframe

AccidentalorphaneddatadisclosurebyanemployeeIntentionaldataleakageviaabreach

“Wetakedataoffthemainframeforclassificationandauditreporting– risky,expensive…”

“Wehavehome-grown,timeconsumingprocesses–veryexpensive…”

Improvingcompliancebylocatingtheorphanedorhidden&unprotectedregulateddata

Scanningandclassificationremainonthemainframe

“Withbreachesinthenewseveryday,beingabletofindwhere

regulateddataresides-orrulingoutthe

existenceofsensitivedata- isacriticalfirststepinprotectingyour

business.”


TheImpactofDataTheft

HealthInsuranceAnnounced:March2015Recordsstolen:11MCost:Tobedetermined.Facingaclassactionlawsuitaswellaspotentialregulatoryviolationfines.

RetailAnnounced:September2014Recordsstolen:56MCost:$43Mandcounting.Estimatesputthisashighas$10B(includesallremediationcostsbornebythecompanyandconsumers)

HealthSystemsAnnounced:August2014Recordsstolen:4.5MCost:$75M– $150M

eCommerceAnnounced:May2014Recordsstolen:233MCost:$200Mandcounting.

RetailAnnounced:December2013Recordsstolen:70MCost:$162Mandcounting.Recentestimatesputthisatwellover$1B.

GovernmentAnnounced:May2015Recordsstolen:22MCost:Tobedetermined.Likelyfacingaclassactionlawsuitaswellasothers.


Basedonregulationororganizationalsensitivity

Dataremainsonthez/OSplatform

Regulatedandsensitivedatainyourmainframedatastores

Protect

CADataContentDiscoveryReducingthelikelihoodofacatastrophicdatabreach

TheAppEconomycreatesnewrisksofcatastrophicdatacompromise“Withbreachesinthenewseveryday,beingabletofindwhereregulateddataresides- orrulingoutthe

existenceofsensitivedata- isacriticalfirststepinprotectingyourbusiness.”

X 70% oftheworldmissioncriticaldatatransactsonthemainframe.

Find ProtectClassify


10+Filetypes

CADataContentDiscovery

FINDSetupthescanInitiatethescanProvidediscoveredresultstoSecurityAdministrator

SecurityOperations

110+Classifiersoutofthebox:§ PCI,HIPPA,PII,etc.

Customclassifiers

CLASSIFYReviewcomplianceresultsandlabelsensitivedataProvidecompliancereporttoInternalAuditor

InternalAuditor

§ IdentifyWhoHasAccesstoWhatData

§ IdentifyWhoAccessedData

PROTECTModifyaccessbasedonscanresultsConfirmsuccessfulauditagainstindustryregulations

SecurityAdministrator


FileTypesAvailable In Development

Physicalsequential(includingaccessmethods: QSAM,BSAM,BDAM)

DatainMotion:Connect:Direct

PDS/PDSeDB2tables

USS(HFS&zFS)VSAM

DatacomIMS

DatainMotion:FTPDatainMotion:SMTP

FindIt:DataTypes


CADataContentDiscoveryandData-in-motion

Paymentsdatabase

Malicioussystemprogrammer– JSCBPASS

EnterprisePerimeter

FileTransferProtocol CADCD


AccountData

Cardholder Data SensitiveAuthenticationDataPrimaryAccountNumber(PAN) Magneticstripedata

CardholderName CAV2/CVC2/CVV2/CID

Expiration Date PINs/PINblocks

ServiceCode

ClassifyIt:PCIData


ClassifyIt:PIIData

PIIAttributesFullName Dateofbirth

HomeAddress Emailaddress

NationalIdentificationNumber Passportnumber

DriversLicenseNumber Vehicleregistration

Birthplace Geneticinformation

Telephonenumber Loginname,screenname,nickname,handle

Face,fingerprints,handwriting IPAddress

CreditCardNumbers Digitalidentity

FirstName LastName

State Age

Gender Race

Schoolsattended Criminalrecord

Country US ZipCode

C

C

C

C

C

C

C

CustomClassifier

QuickPicks


ClassifyIt:PHIData

PHIAttributesFullName Geographic subdivision

Dataelements Telephonenumber

Faxnumber Electronicmail address

SSN Medicalrecordnumber

HealthPlan beneficiarynumber Accountnumber

Certificate/licensenumber VehicleID/Serial number/licenseplatenumber

Deviceidentifier/serialnumber Biometricidentifier

Full facephotographorimage Otheruniqueidentifyingelement

C

CustomClassifier

QuickPicks

C

C

C

C

C

C


CAComplianceEventManagerBusinessValue



Alert:Bringreal-timeawarenessofcriticalMFsecurityissues§ MonitorSecuritydetailsdirectfromESMandcontrolpointsinz/OS§ Detectionofsecuritysystemchangesandpolicyviolations§ Builtforhighvolumesecurityevents(routersendseventstovariouscomponents,

lighteningloadonsystemandESMs)provenatmillionsofevents.

Inspect:WithcomprehensiveAuditingandForensicssupport§ Policy-basefilteringandreal-timerecordingofcriticalsecurityforactions.§ Providesabilityto‘replay’allsecurityevents,supportingforensicanalysisofsecurity

situationswithHigh-volumerawsecuritydatarecording.§ Search,filterandanalyzerecordedhistoricaldata,withautomatictaperetrievalandload

Protect:EnsureMainframeintegrityandbringDataCentricawareness§ DesignedforSecurity:ImmunefromExitsplacedinSMFandconfigurationfiles,meanttohideactivity.Uses‘superset’ofSMFSecuritydata.§ Real-timemonitoringofcriticalz/OSconfigurationfilesdetectpotentiallymaliciouschangesbeforeIPLexecutesthem.§ Analyzeusersaccessingcriticalsensitiveandregulateddatasets,viaintegrationwithDataContentDiscovery

CAComplianceEventManager:MainframeSecurityVulnerabilityPlatform


CAComplianceEventManagerv5:What’sNewCAComplianceEventManagergatherssecurityeventsfromESM,z/OSfunctionsandfiles.Thesolutioncandeterminewhatwaschanged,whomadethechangeandwhen,aswellasmonitorchangesandruncomparesforcompliancechangesandchangestoaccesspermissions.

Differentiators:RunsexclusivelyonMainframe,noneedtomovemainframedata,PDSmonitor

CAComplianceEventManagerv5brings:§ ImprovedTimetoValue withnewinstallation,deploymentandconfiguration

architecture

§ SimplifiedUserExperiencewithnewWebUserInterfaceandanintuitivepolicyadministrationUI

§ ReducedfootprintwithlighterweightalternativetopreviousCAChorusforSecurityandComplianceManagement

§ ImprovedperformancewithRealTimeAlertingandMonitoringforidentifyingpotentialbreachesorviolationsofpolicy

§ HighAvailabilitywithsupportforSysplex

§ Integration withDCDforDatacentricsecurity


CAComplianceEventManager:AlertAlertsandMonitoring

CAComplianceEventManagerCapability Business BenefitMonitorssecuritydetailsdirectfromESMandcontrolpointsinz/OS

ImmunefromExitsplacedinSMFandconfigurationfiles,meanttohideactivity.Uses‘superset’ofSMFSecuritydata.

MonitorcriticalsecuritysystemPDSchangesforsecurityissues

DiscoverchangestofilesusedwhenIPLing themainframethatmightloadunwantedroutines

Builtforhighvolumesecurityevents(routersendseventstovariouscomponents,lighteningloadonsystemandESMs)provenatmillionsofevents

Scalesforourlargestcustomers

Outofboxpoliciesforcriticalvulnerabilitiesandconfigurations:ex:JSCBPASS,sys1.parmlib

DeployingCEMimprovesbasesecurityposture


ComplianceEventManager:InspectAudit

CAComplianceEventManagerCapability Business BenefitDetectionofsecuritysystemchangesandpolicyviolations

Alertsinnearreal-time(5minutes)tochangestoconfigurationfiles,preventingerrorsorworse

Datawarehouseforreal-timeeventmanagement,andauditing

Storespolicyfilteredeventsindatabaseforqueries,forwarding,analysisandauditingpurposes.

Advancedreporting Buildreportsaroundsecuritypoliciesandcompliancerules


ComplianceEventManager:InspectForensics

CAComplianceEventManagerCapability Business BenefitCACEMhasahigh-volumerecordingofrawsecuritydata,creatingahistoricalrecordofallsecuritydataoverlongperiodsoftimeforfutureinvestigation.Thisprovidestheabilitytoautomaticallyarchivetotape.

Providesabilityto‘replay’allsecurityevents,supportingforensicanalysisofsecuritysituations.

Datamartutility allowsforsearch,filteringandanalysisofrecordedhistoricaldata,withautomatictaperetrievalandload

Help identifyissuesquicklybyqueryingtime-framesandTargetingspecificsecurityevents,creatingasubsetofthefulldatastreamfordetailedanalysis.


ComplianceEventManager:Protect

CAComplianceEventManagerCapability Business BenefitMonitorSecuritydetailsdirectfromESMandcontrolpointsinz/OS

ImmunefromExitsplacedinSMFandconfigurationfiles,meanttohideactivity.Uses‘superset’ofSMFSecuritydata.

MonitorPDSandothercriticalconfigurationfiles Real-timemonitoringofcriticalz/OSconfigurationfilesdetectpotentiallymaliciouschangesbeforeIPLexecutesthem.

UnderstandWhohasaccessedsensitiveandregulateddata,includinglastaccessandhowoften,buildingpoliciestomonitorfurtheraccess.

Analyzeusersaccessingcriticalsensitiveandregulateddatasets,viaintegrationwithDataContentDiscovery.


ProductArchitecture



CADataContentDiscoveryArchitecture

WebUI(ControlsScansReporting)

DCDController

DCDControllerAddressSpace

BatchClientUtility

WLMonz/OS

DCDRepository

ClassificationEngine

(DCDServerAddressSpace)

DataSources

Sequential

PDS/E

VSAM

DB2

Datacom

IMS

AnyBrowser

USS(HFS&zFS)


CACompliantEventManagerArchitecture

CEMRepository

CEMAddressSpace(TomcatServer)

CEMUI(Policy,Reporting)

AnyBrowserz/OS

CEMControlPoints

ESM

CEM Router

Alert(optional)

Monitor(optional)

Logger(optional)

Warehouse(optional)

EventPolicy

Logstream

DataMart


Demo!

§ CADataContentDiscovery– productoverview

§ CustomclassifiersinCADCD

§ WhohasAccess/WhoAccessed

§ CAComplianceEventManager– productoverview

§ Policyoverview

§ Splunk Apppreview


Roadmap



CADataContentDiscoveryPromise

FINDIT CLASSIFYIT PROTECTIT

ForCISOsandMainframeSecurityDirectors

ForCISOs,InternalAuditorsandRiskOfficers

ForMainframeSecurityanalystsandMainframeDataanalysts

Thefirstdata-patternscanningcapabilityuniquelynativelyon

mainframeinthemarket

SimpleandModernGUIalongwithFlexibleschedulingdesignedforbothz

andnon-IBMzpersonnel

Eliminateriskyoffloading- withdatasecurityrightonthemainframe.OnlyDatasecurityproductcurrentlyonthemarketformainframetousespecialty

enginestoreduceupgradecosts

Gainquickandcriticalinsightaboutthepotentialandmagnitudeofdata

exposureonthemainframe

Provetoauditorsthatcontrolsarecheckedbydata-typestosatisfy

regulations

Stayincontrol– eliminateriskwhilereducingcostsofdataprotection

processes


CAComplianceEventManagerPromise

ALERT INSPECT PROTECT

CISO,ComplianceOfficerSecurityArchitect,Auditor,IT

OperationsMainframeSecurityAnalysts,MainframeDataAnalyst

CAComplianceEventManagerhelpsmitigatesecurityeventsthroughmoredetailedandreal-timealerting100%

onthemainframe

Real-timealertingtocriticalsecuritysituationscombinedwithdeeperinsightintosecurityandcomplianceissues,leadingtoanimprovedriskposture.

CAenablesdeeperinsightfordatasecurityandcompliance,allowingcustomerstofindwheredatais

located,whenitmovesandwhohasaccesstoit

Gainimmediateandcriticalinsightaboutthepotentialandmagnitudeofdataexposureonthemainframe

Proveittoauditorsthatcontrolsarecheckedbydata-typestosatisfy

regulationsandquicklycommunicatecomplianceposture

Stayincontrolofthemostmissionessentialassetsinthebusinesstoactquickly&eliminateriskwhilereducingcostsofdataprotectionprocesses


Questions?


RecommendedSessions

SESSION# TITLE DATE/TIME

MFT53TIntheVoiceofaMainframeMillennial:HowCanMainframeSecurityBeMadeEasier? 11/16/2016at12:45pm

MFT174SMainframeSecurityStrategyandRoadmap:BestPracticesforProtectingMissionEssentialData 11/17/2016at12:45pm

MFT175S GapsinYourDefense:HackingtheMainframe 11/17/2016at3:00pm


MustSeeDemos

Real-TimeDataSecurity&Compliance

CADataContentDiscoveryMainframeTheatre

MainframeSecuritySmartBar

CATopSecretMainframeTheatre

Real-TimeDataSecurity&Compliance

CAComplianceEventManagerMainframeTheatre

MainframeSecuritySmartBar

CAACF2MainframeTheatre


Thankyou.


@CAWORLD#CAWORLD ©2016CA.AllRIGHTSRESERVED.33 @CAWORLD#CAWORLD

MainframeandWorkloadAutomation

FormoreinformationonMainframeandWorkloadAutomation,pleasevisit:http://cainc.to/9GQ2JI

Technology

Pre-Con Ed: Real-Time Data Audit and Security: Find, Classify and Protect Sensitive Data on the Mainframe