Search Rocket site

Is Your Mainframe Vulnerability Management Up to Par?

Heidi Losee

September 19, 2018

Mainframes are an indispensable asset for businesses of all kinds. Consider this: Mainframes host critical core IT for 92 of the top 100 banks, 23 of the top 25 airlines, and 71 percent of all Fortune 500 companies. If that’s not enough, mainframes are also estimated to hold 80 percent of the world’s business data and handle 90 percent of all credit card transactions.

That means that you probably interact with mainframes more often than you might expect, whether you’re responsible for managing day-to-day mainframe operations, you’re the CISO at a major organization, or you’re simply withdrawing money from an ATM.

Yet, as crucial and as useful as mainframes are to these businesses, there’s one major problem. Mainframe security is vastly overlooked.

There’s a misconception that mainframes are immune to the types of headline-grabbing external hacks and breaches that other platforms face. That’s not necessarily true, and this misconception leads to serious business risk.

Any computing system comes with weaknesses, and the mainframe is no exception. The reality is, we need to be applying the same kinds of security standards to the mainframe as we do to any other computing platform.

And, on top of the widely-known security threats, there’s also one common mainframe threat that most businesses aren’t adequately guarding against code-based vulnerabilities. These areas of flawed code present a serious risk, since exploiting one code-based vulnerability could present a hacker with access to the entire mainframe environment. But, code-based vulnerabilities are notoriously overlooked.

How can organizations overcome this vulnerability blind spot and perform effective vulnerability management? What are the essential security strategies that keep the mainframe secure?

Those are the questions we’ll be answering in our upcoming webinar, “Under the Hood: A Mainframe Vulnerability Management Playbook,” October 30 at 1 p.m. Along with guest speaker Amy DeMartine, we’ll discuss the ways organizations can incorporate mainframe security strategies into their current security practices.

We’ll also cover:

  • Why vulnerability management is now a board-level issue.
  • The risks of not including the mainframe in your organization’s risk management system.
  • How mainframe integrity breaches can undermine your security systems.
  • The differences between penetration testing and vulnerability management.
  • Why you should approach mainframe vulnerability scanning as a compulsory requirement versus a compliance requirement.

Related posts


Mainframe Vulnerability Management: Navigating the Demands of DORA and PCI 4.0

Managing the Risks of Open-Source Software

Understanding PCI DSS 4.0 and DORA: A Roadmap for Scalable Risk Management