There’s too much critical enterprise data on z/OS to take vulnerabilities like user privilege escalation lightly.
Naples, FL (PRWEB)
August 02, 2017
CorreLog, Inc., the leader in multi-platform IT security event log management, today announced new releases of its mainframe SIEM (Security Information and Event Management) products, zDefender™ for z/OS and dbDefender™ for IMS. zDefender™ v. 5.7.3 comes out-of-box with SMF event enhancements for privilege escalation detection, and will be demonstrated in booth #311 at SHARE Providence 2017 throughout expo hall hours.
The new release of dbDefender™ for IMS ships with enhanced real-time monitoring for privileged user logons and logoffs, as well as tracking for users viewing and accessing IMS datasets. The conference will take place August 6-11, at the Rhode Island Convention Center in Providence, Rhode Island.
“There’s too much critical enterprise data on z/OS to take vulnerabilities like user privilege escalation lightly,” said George Faucher, president and CEO of CorreLog. “Malicious users cannot be permitted to run amok with the keys to the mainframe kingdom, and this release of zDefender™ notifies appropriate personnel at the SOC when users escalate their permissions for access to the organization’s most sensitive data.”
Privilege Escalation Detection with zDefender™ for z/OS Ver. 5.7.3
Among the more consequential forms of cyber-attack, a successful privilege escalation attempt can bypass the limitations of assigned user permissions and open entire systems – including financial and personal identity files – to cyber-criminals. zDefender™ for z/OS v. 5.7.3 implements a mechanism for detecting a certain privilege escalation technique on the mainframe in which an attacker maliciously changes the in-memory privilege bits of his/her executing process, thereby granting himself/herself additional z/OS privileges.
z/OS does not natively produce an audit trail for this action, but CorreLog’s zDefender™ for z/OS can detect escalated privileges when initiated by a user and in real time, send the event message to any name-brand SIEM or IT SOC (Security Operations Center) for high-priority alerts and quick remediation. Alerts can also be sent to zDefender™ Visualizer, CorreLog’s…