Major Global Bank
For several years, a group of mainframe systems programmers had been performing automated mainframe vulnerability assessments at a large multi-national bank. But following a comprehensive PCI audit, the Operations Director of the mainframe team came to the realization that his group could no longer be held responsible for the results from the vulnerability scanning of the mainframe. As a result, the director requested that the corporate penetration testing team take over that responsibility moving forward.
But how would the organization be able to make that happen? Not only did everyone on the penetration testing team only know network and PC penetration testing methodologies, no one understood the issues with building mainframe vulnerability risk rankings and why analytics–driven reporting was necessary to analyze and score the vulnerabilities found on the mainframe. The main challenge here centered around educating the penetration testers on mainframe language and scheduling processes to ensure they were equipped to handle the change.
- Optimized Security: The penetration testing team was able to automate mainframe vulnerability checks, making it easier to identify risks and vulnerabilities.
- Seamless Integration: The penetration testing team was brought up to speed quickly, making transitioning a major security responsibility a seamless process.
- Improved Reporting: Consolidating vulnerability scanning allowed the penetration testing team to generate more complete consolidated risk reporting.
Want to learn more?
We never even thought we could have vulnerabilities on the mainframe, but once we began automated scanning, we found the volume and the severity to be much greater than anticipated.”