Security has no boundaries

In today’s complex cybersecurity landscape, staying current with software updates is just one piece of the puzzle. To truly protect your organization, it’s essential to prioritize comprehensive security measures beyond routine patching. 

How CrowdStrike Changed Awareness

Let’s follow the trail of events:

July 19, 2024
The CrowdStrike incident is widely considered one of the largest IT outages in history. The outage caused massive disruptions after thousands of commercial flights were canceled globally, hospitals had to cancel surgeries, and 911 systems were temporarily knocked offline in multiple U.S. cities.

July 24, 2024
According to data from Parametrix (a cloud insurance provider), the global IT outage linked to CrowdStrike will likely have caused at least $5.50 billion in direct financial losses for Fortune 500 companies, excluding Microsoft. Cyber insurance is expected to cover only 10% to 20% of these losses. 

September 24, 2024
Two months after the rogue software update by CrowdStrike crippled up to 8.5 million computers using Microsoft systems around the world, the full impact is only now becoming apparent.

The CrowdStrike event has created a “top-of-mind” presence across the user community for all system types that typically need new releases, patches, and periodic maintenance. To protect organizational systems, consider the following recommendations. 

Complete an Audit of the Process with Recommendations

Companies should proactively review the root causes and remediation steps implemented by CrowdStrike and Microsoft after the outage, as this information can be valuable for improving their security practices.

These processes and controls include third-party risk management, incident response and communication, a diverse security stack, vigorous testing and validation, disaster recovery planning, and, most importantly, employee training. 

Implement Analysis and Testing 

Include code vulnerability analysis in your planning, since the impact of a correct workflow and “patch management” functioning correctly can still cause unintended consequences for the operations. Also remember that not all changes are equal. Companies should implement a level of testing with approval and validation of the risk level and impact of the change. 

Keep in mind that testing is only part of the answer. More testing is not the only answer. Certainly, it may reduce risk, but even with 100% test coverage, you could have risks with performance, security, deployment, etc.

Create a Patch Management Process

A successful patch management process requires an organization to stay current on available software patches, properly test them to ensure proper installation, and document the process. This capability facilitates the delivery of software updates, changes, and new applications to RACF, ACF2, and Top Secret (TSS) environments. A tool like Vanguard Mainframe Software Delivery System (MSDS) offers this.

Additionally, this delivers an efficient and reliable software delivery system — while maintaining the stability and integrity of the mainframe system and meeting software patch management requirements.

Automate Change Analysis
Automate change analysis. Enforce peer review and separation of duties. Ensure more than one person is involved in the approval/deployment of changes. With any change, having as much visibility as possible from the outset minimizes the risk of fault and ensures business and operational continuity by implementing hardened technology. 

Key Points for the Change Process 

1. Ensure comprehensive change approval, including thorough planning, impact assessment, scoping, and design. 
2. Simplify the operations approval process while automating and enforcing thorough code quality analysis. 
3. Prevent the release of subpar code by leveraging vulnerability analysis programs.

Deploy SAMM
Software Application Monitoring and Malware Detection (SAMM) Technology (SAMM) offers a range of features, including:

• system software monitoring
• file integrity 
• malware detection
• system and application monitoring across LPARs and libraries
• validation of maintenance levels across all LPARs and systems
• web-enabled and customizable interfaces
• real-time alerting
• compliance with specific requirements such as PCI DSS 4.0, DORA, SOX, GLBA, and others 

These features collectively provide organizations with a robust and compliant solution for managing and securing their z/OS environments.

Implement Regression Testing

Implement a comprehensive regression testing process to ensure the appropriate level of testing, identify critical areas to focus on, involve the necessary individuals, address security and interface considerations, and anticipate potential differences. Establish a dedicated regression environment to facilitate system comparison and validate the representativeness of regression tests.

Beyond Patch Management  

Effective cybersecurity requires a multifaceted approach that extends beyond patch management. Patches have limits but security has no boundaries. Organizations can safeguard their sensitive data and maintain a strong security posture by prioritizing assessments, audits, and comprehensive security solutions.

Companies should identify the areas that need the most attention and complete a well-organized audit of the environment; this includes the operational process and validating a system’s integrity.  Looking ahead, every organization must comprehensively remediate identified areas, implement hardened technologies to close gaps, and work to meet and exceed the demands of governance, risk, and compliance, with the outcome of improved security.

If you’re looking for a reliable partner to enhance your mainframe security, connect with Vanguard Integrity Professionals.