SF-DumpAnonym - Presentation at GSE Belgium &...
Transcript of SF-DumpAnonym - Presentation at GSE Belgium &...
TrademarksArcSight is a trademark of ArcSight Inc.
CA-ACF2 and CA-TSS are trademarks of CA Technologies Inc.
SF-Sherlock, SF-DumpAnonym are trademarks of Dr. Stephen Fedtke,System Software
Splunk is a trademark of Splunk, Inc.
DB2, IPCS, RACF, QRadar, zIIP, z/OS are trademarks of IBM, Inc.
Agenda „Dump Anonymization“
Why it‘s totally necessary to combat these risks?
How SF-DumpAnonym successfully releases youfrom this new security and compliance requirement?
New internal organization around „dumps and log“
No impact when cooperating with software vendors
What‘s the problem with system dumps and logs?
Enterprise-IT-Security.com - and the Integrity 2.0 initiative
Enterprise-IT-Security.com
Your partner when it comes to critical infrastructure.
Some Facts About Our CompanyHeadquarted in Switzerland (Zug) - operating worldwide.
Clients belong to the Fortune-500, governments as well asthe military.
Completely independent – inhouse-development of allsolutions, not „just“ a reseller. We target all risks!
Offering plug and play solutions including both high-performance solutions as well as excellent services.
Focus on IT security, compliance and quality automation -coming from, but not limited to mainframes.
Of high reputation - exists for more than 20 years.
Where does our company‘s and product‘s „spirit“ come from?
Switzerland is a uniquely demanding and
challenging market – no comment.
These markets claim solutions
going far beyond industry’s
standard.
Welcome to
Integrity 2.0 for System z
Our “Integrity 2.0 for System z”
solutions initiative stands for
today’s required new level of
securing and protecting
critical infrastructure Of course we support the triple: RACF, CA-ACF2 and CA-TSS
„Negative intentions“ targeted by Integrity 2.0
national interest
personalgain
personalreputation
curiosity
„script kiddie" „hacker" specialist on„top gun“ level
SPY / WAR
INTRUDER
THIEF / REVENGE high rate of growth
VANDAL
Today‘s Integrity –„1.0“
Integrity 2.0
For achieving that goal
our “Integrity 2.0” solutions go
beyond the industry’s standard
by combining great engineering, high efficiency and real effectiveness WITH „easy to install and use“.
Integrity 2.0 Results From “Professional Paranoia”Paranoia is man’s elementary source, stimulation and motivation for progress, and thus very helpful as long it’s reasonable, focused and measurable - let’s call it professional paranoia
Samples of our professional paranoia targeting on a high-level protection of your critical infrastructure:• Can the security system or audit controls be bypassed?• Where and how will attackers get access to my system?• Where and how could my audit trails be broken?• Which top-level risks result from my outsourcer?• Which risks result from my software vendors? From their APF
libraries, developers’ location, subcontractors, from any exchanged service documents, …
• and much more
Integrity 2.0 Initiative For System zSolution #1: SF-Sherlocknext-generation z/OS SIEM Connector providing real-time main-frame integration for ArcSight, QRadar, Splunk, and more; extraordinarily powerful and cost-effective by including both a z/OS vulnerability scanner as well as pro-active integrity protectors against professional fraud, …
Solution #2: SF-DumpAnonymautomated dump and log anonymization for z/OS, …
Service #1: Trouble-free z/OS penetration test
Service #2: Technological mediation within your Outsourcing Relationship Management (ORM)
BUT we already use …, and are
not yet ready to replace!
Well, that’s fine. Just know that it also makes
sense putting integrity 2.0’s unique
performances on top of your current standard
solutions for closing the gaps. It simply
depends on how professional your paranoia is.
Now you understand why it’s
our company that invites you
today to talk about the
top-level risk given
with system dump and log files
It’s a great honor for us
to share our professional paranoia
with you today for making
your company’s and country’s
critical infrastructure
more safe.
So let’s start and talk about the
risks resulting from forwarding
system dumps and logs
to third parties (software vendors)
Don’t worry! Nobody really knows why we all ignored that risk for so long!
1 picture tells more than 1000 words
What‘s a dump? When & why created?Dumps result from application or system abends(„crashes“), and become created automatically by the OS
Dumps capture the system status including the entire memory, registers, etc. to support the debug process
System dumps potentially become huge (x GBs)
System dumps are highly critical and sensitive
z/OS creates dumps in different formats, some are direc-tly readable (SYSABEND, SYSUDUMP), others are binary coded and require IPCS (SYSMDUMP, SVC-Dump, etc.)
The risk resulting from dumps becomes realized in the mo-ment of handing them over to any third party (e.g. vendor).
Risk given with „handing over dumps“
sensitive company, account and client datacertificates, e-mail addresses, IP addresses, etc.user IDs, passwords, etc.
(own) system and security exits, potential weaknesses, etc.information of „sysplex neighbors“ (when sharing a plex)
security controls und settings
Dumps appear as „pure technical, plain and so innocent“,but „pack a punch“ for “pros” with negative intentions:
database content, print & spool data
and much more
In total, system dumps and logs
include such a wide spectrum and
high volume of sensitive information
that you actually won‘t share them -
even not among „best friends“.
Sounds horrible! What are my options?
It‘s simple! Dumps and logs need to pass strong anonymization before
handing them over - “just take them to the cleaner”.
By the way, system logs will also be anonymized, such as
EREP, syslog, …
SF-DumpAnonym is the innovative, patented and
high-performance solution to anonymize system dumps & logs
Very important: it‘s easy to install
and use - and it learns.It’s almost as simple as copying – just takes a little bit longer than IEBGENER.
Other platforms than z/OS?
Yes, development started already,and we look forward keeping
you updated.
SF-DumpAnonym meets all best practice requirements and puts your
cooperation with software vendors on a completely new level of trust.
Thanks for attending this presentation!
Please do not hesitate contacting us:
Phone: +41 41 710 4005E-Mail: [email protected]
or visit us at
www.enterprise-it-security.com
Further questions?