Illusive Blog October 18, 2017

Why Do Financial Companies Want Mainframe Cybersecurity?

By Matan Kubovsky

As Illusive’s R&D leader, it’s part of my job to be out front understanding the needs of our customers and the broader market. We’re always polling the market to understand what additional pain points deception technology can address. Conversations with our financial services customers this past year turned over a need we hadn’t expected: Can you protect my mainframes?

Mainframes, really?

Mainframes?!  Perhaps your reaction is like mine was. Isn’t everyone much more concerned these days with securing the new stuff— mobile apps and IoT, for example? IT people all know mainframes are still out there, but most of us think of them as the dinosaurs of the infrastructure— big giants on their way toward extinction that still need care and feeding in some dusty corner of the datacenter. Does anyone really need an early detection solution to protect them?

Yes, apparently, and here’s why. It’s not just that it’s difficult to migrate off legacy mainframes— though that is true in many cases; some applications are too sensitive and too business-critical to risk the disruption that major changes could cause (for example, ATM general transaction data is usually stored on mainframe systems). A second reason threat detection for mainframes is important is that traditional security solutions for them have been labor-intensive to build and mainframe talent is increasingly rare.

They aren’t going anywhere

But early threat detection is especially important because of the processing power of mainframes, and what they’re processing. According to IBM, their mainframes are currently used by 92 of the top 100 banks and provide processing power for 87% of all credit card transactions and 29 billion ATM transactions daily. Mainframes— whether old ones, or IBM’s newer encryption-enabled models— aren’t going away.

When I started to scratch the surface on how mainframes are actually used, I quickly realized that they’re supporting much more than lumbering old enterprise applications. Mainframe data processing and storage enables all sorts of service chains. In financial organizations— and large organizations in any industry— anything from a legacy ERP application to an account settlement process to a shiny new customer-facing mobile app may rely on the backend data and processing power of a mainframe. In fact, they are often “nerve centers” of a business, central information exchanges, if you will.

Mainframes are still a target

So from that perspective, it’s scary that mainframes tend to be overlooked in many security programs. They can be targets for massive data theft, but also for espionage and business disruption. So yes, Illusive has just announced Mainframe Guard, an enhancement to our core solution, which leverages our automated, distributed deception approach in a completely non-intrusive manner. It contains purpose-built console views for monitoring and incident tracking and—most important—deceptions designed with knowledge of how attacks on mainframes have been carried out in the real world, which at the end of the day, are the critical mechanism for detecting these kinds of threats.

Please contact us if you’re interested in sharing perspectives on how mainframes are covered in your security program, or if you’d like more detail on Mainframe Guard. We’d love to talk.