Simplifying Mainframe Security in 2025, featuring Ravi Patil ▶️

Security can feel mysterious to some in the mainframe space. With threats and regulations constantly evolving, what is Broadcom focusing on to help secure hybrid environments?

We’re focused on helping customers manage regulatory compliance alongside cybersecurity. Security is about being safe; compliance is about proving it. Our tools allow customers to respond to audit requests instantly and detect whether a cyberattacker has penetrated the mainframe using continuous monitoring solutions.

Hybrid environments are becoming the norm. How does that change mainframe security?

It increases the attack surface dramatically. The mainframe is now just an API call away from everything else. This means mainframe, cloud, and distributed teams need to collaborate more closely than ever to stay secure.

What are the most pressing mainframe security challenges right now?

The two biggest challenges are compliance demands and balancing proactive security. Compliance has shifted from annual or semi-annual audits to almost daily requests—driven by regulations like GDPR. Mainframe security teams are constantly responding to these audit inquiries, which consumes significant time and makes it harder to implement new security controls. Essentially, teams are trying to be proactive in a world that forces them to be reactive. At Broadcom, we’re investing in solutions to help alleviate this burden and enable more proactive security.

What steps can organizations take to benefit from continuous monitoring?

Continuous monitoring is critical for mainframe security. At Broadcom, we approached it by asking, “If we were the attackers, what areas of the mainframe would we target?” From that, we identified a dozen critical areas and built out-of-the-box monitors into our Compliance Event Manager (CEM). Think of CEM like a home alarm: it immediately alerts you to suspicious activity. It’s designed for ease of use—within 15 minutes of installation, you can monitor hundreds of LPARs. Our latest release even features a web-based interface, so continuous monitoring can be set up without scripting—just a few clicks and commands.

Can you share a real-world example where Broadcom security capabilities prevented or mitigated a threat?

One of the best examples comes from interactions with customers at events like SHARE. Many corporations now have internal pen-testing teams testing their cloud, distributed, and mainframe environments—often without informing their own security teams.

One customer had implemented Compliance Event Manager (CEM) on their mainframe with out-of-the-box policies. During a pen test, the internal team gained access to APF-authorized libraries, a highly sensitive area where malware could run in an authorized state. CEM immediately triggered an alert. The security administrators were initially surprised but quickly contacted the corporate team, who confirmed the pen test. Thanks to CEM, the test was contained within minutes, and the mainframe passed with flying colors.

What is the biggest misconception about mainframe security in 2025?

From a corporate perspective, CISOs or CIOs often assume the mainframe is inherently secure or “secure enough,” so they prioritize securing endpoints or front-end systems instead. While the mainframe is indeed very secure, it still requires active configuration and security controls to stay resilient in today’s constantly evolving threat landscape. Within mainframe teams themselves, there’s a perception that implementing security is complex or risky. In reality, Broadcom has focused on simplifying the user experience, making it easy to deploy security controls quickly and safely without errors. Security doesn’t have to be daunting—it can be proactive and manageable with the right tools.