• zDetect is a SIEM compatible z/OS mainframe security monitoring tool that detects actual and potential security related issues. It monitors, records and uses advanced security algorithms to apply intelligent analysis to detect suspicious events that can pose a threat to an organisations security situation.

  • Business Objective

    In a complex world and faced with an ever-changing threat landscape, organisations everywhere are looking to improve security management on the mainframe. Organisations worldwide want to better understand mainframe threats and vulnerabilities to:

    Protect the organisation, systems and confidential data more effectively

    Identify security threats as soon as they occur

    Reduce the risk of security breaches occurring in the first place

    However, most mainframe security monitors simply collect security data and send it to a SIEM. Collecting data is the easy part: the real value lies in transforming that data into useable insight.

    In response, RSM Partners security consultants have developed zDetect software using knowledge and experience gained working for leading organisations on mainframe security management.

     

  • RSM Solution

    zDetect is a powerful z/OS mainframe security monitoring tool that detects actual and potential security issues in real time. Unlike other security monitors, it doesnt just collect security related information to send to an SIEM: zDetect monitors, records and uses sophisticated internal security algorithms to apply intelligent analysis to detect suspicious events.

    Events captured by zDetect can be sent to a SIEM or visualised through its easy to use yet comprehensive dashboard interface, running on a standard web browser.

  • Real time threat detection

    Intelligent security analysis

    Drill down capability to provide detailed threat analysis

    Dashboard displaying relevant security information

    Interfaces to SIEMs

    Complements the IBM zSecure security suite

    Identifies RACF threats and vulnerabilities including:

    Poorly defined user controls

    Poorly defined resource controls

    Privilege elevation

    Continual login failures

  • Identifies RACF weaknesses including:

    Missing or weakly defined classes

    Poorly defined sensitive resource controls

    Identifies z/OS threats and vulnerabilities to:

    Sensitive resources

    Sensitive commands

    System console

    Identifies if known system vulnerabilities to z/OS are exploitable

    Identifies z/OS subsystem threats and vulnerabilities

    Detailed reporting capabilities

  • FAQs VIDEO DOWNLOAD/QUESTIONS

    All communication with the browser and cross LPARs is secured with SSL/TLS.

    There is no support for ACF2 or TSS today, but it will exist in future releases.

    All communication with the browser and cross LPARs is secured with SSL/TLS.

    Yes.

    Yes.

    Alerts and events can be delivered to any SIEM that supports SyslogD format. This includes Splunk, Alien Vault, QRadar, Correlog.

    No.

    Yes.

    No.

    Yes.

    Users must have specific RACF authority to view the zDetect dashboard.

    No.

    Yes.

    In an SQL database.

    Users must have specific RACF authority to view or download the Audit Log.

    zDetect intercepts SMF records and analyses them appropriately.

    The CPU consumption of zDetect is minimal.

    No, not today.

    Coming shortly.

    To request a download of this software or to raise a question, please complete the following details:

  • Want to find out more?

    To discover how RSM Penetration Testing can help your business

    Call: +44 (0)1527 837767

    Email our team and request our latest technology discussion paper

    ASK US A QUESTION

  • Download the zDetect overview datasheet

    DOWNLOAD

  • Download our Digital Transformation & Cybersecurity Paper

    DOWNLOAD

  • RSM Security Software Suite

    LEARN MORE

×