In today’s complex cybersecurity landscape, staying current with software updates is just one piece of the puzzle. To truly protect your organization, it’s essential to prioritize comprehensive security measures beyond routine patching.
How CrowdStrike Changed Awareness
Let’s follow the trail of events:
July 19, 2024
The CrowdStrike incident is widely considered one of the largest IT outages in history. The outage caused massive disruptions after thousands of commercial flights were canceled globally, hospitals had to cancel surgeries, and 911 systems were temporarily knocked offline in multiple U.S. cities.
July 24, 2024
According to data from Parametrix (a cloud insurance provider), the global IT outage linked to CrowdStrike will likely have caused at least $5.50 billion in direct financial losses for Fortune 500 companies, excluding Microsoft. Cyber insurance is expected to cover only 10% to 20% of these losses.
September 24, 2024
Two months after the rogue software update by CrowdStrike crippled up to 8.5 million computers using Microsoft systems around the world, the full impact is only now becoming apparent.
The CrowdStrike event has created a “top-of-mind” presence across the user community for all system types that typically need new releases, patches, and periodic maintenance. To protect organizational systems, consider the following recommendations.
Complete an Audit of the Process with Recommendations
Companies should proactively review the root causes and remediation steps implemented by CrowdStrike and Microsoft after the outage, as this information can be valuable for improving their security practices.
These processes and controls include third-party risk management, incident response and communication, a diverse security stack, vigorous testing and validation, disaster recovery planning, and, most importantly, employee training.
Implement Analysis and Testing
Include code vulnerability analysis in your planning, since the impact of a correct workflow and “patch management” functioning correctly can still cause unintended consequences for the operations. Also remember that not all changes are equal. Companies should implement a level of testing with approval and validation of the risk level and impact of the change.
Keep in mind that testing is only part of the answer. More testing is not the only answer. Certainly, it may reduce risk, but even with 100% test coverage, you could have risks with performance, security, deployment, etc.
Create a Patch Management Process
A successful patch management process requires an organization to stay current on available software patches, properly test them to ensure proper installation, and document the process. This capability facilitates the delivery of software updates, changes, and new applications to RACF, ACF2, and Top Secret (TSS) environments. A tool like Vanguard Mainframe Software Delivery System (MSDS) offers this.
Additionally, this delivers an efficient and reliable software delivery system — while maintaining the stability and integrity of the mainframe system and meeting software patch management requirements.
Automate Change Analysis
Automate change analysis. Enforce peer review and separation of duties. Ensure more than one person is involved in the approval/deployment of changes. With any change, having as much visibility as possible from the outset minimizes the risk of fault and ensures business and operational continuity by implementing hardened technology.
Key Points for the Change Process
- Ensure comprehensive change approval, including thorough planning, impact assessment, scoping, and design.
- Simplify the operations approval process while automating and enforcing thorough code quality analysis.
- Prevent the release of subpar code by leveraging vulnerability analysis programs.
Deploy SAMM
Software Application Monitoring and Malware Detection (SAMM) Technology (SAMM) offers a range of features, including:
- system software monitoring
- file integrity
- malware detection
- system and application monitoring across LPARs and libraries
- validation of maintenance levels across all LPARs and systems
- web-enabled and customizable interfaces
- real-time alerting
- compliance with specific requirements such as PCI DSS 4.0, DORA, SOX, GLBA, and others
These features collectively provide organizations with a robust and compliant solution for managing and securing their z/OS environments.
Implement Regression Testing
Implement a comprehensive regression testing process to ensure the appropriate level of testing, identify critical areas to focus on, involve the necessary individuals, address security and interface considerations, and anticipate potential differences. Establish a dedicated regression environment to facilitate system comparison and validate the representativeness of regression tests.
Beyond Patch Management
Effective cybersecurity requires a multifaceted approach that extends beyond patch management. Patches have limits but security has no boundaries. Organizations can safeguard their sensitive data and maintain a strong security posture by prioritizing assessments, audits, and comprehensive security solutions.
Companies should identify the areas that need the most attention and complete a well-organized audit of the environment; this includes the operational process and validating a system’s integrity. Looking ahead, every organization must comprehensively remediate identified areas, implement hardened technologies to close gaps, and work to meet and exceed the demands of governance, risk, and compliance, with the outcome of improved security.
If you’re looking for a reliable partner to enhance your mainframe security, connect with Vanguard Integrity Professionals.
Recognizing the global need for cybersecurity education, Vanguard Security & Compliance is a premier gathering of cybersecurity professionals from around the world. VSC offers a comprehensive program that balances educational sessions with interactive workshops and networking opportunities. Attendees learn from leading security experts and connect with their peers, fostering a valuable exchange of knowledge and best practices. Additionally, attendees will gain practical insights on the importance of compliance and regulation standards while discussing important matters such as what’s new, what needs to be protected and how to ensure that your organization is compliant with rules and regulations.
Join industry leaders from Vanguard Integrity Professionals, Broadcom, Rocket, IBM, Vertali, and more for this premier education event.
Register today at www.go2vsc.com.
Protecting your data nowadays is very much important, having a strong security backup will lead to a better data protection. Nowadays hacking someone’s information and data is a piece of cake for some people, to avoid these things we should have a strong security system, strong and different coding method so that no one can break it etc.