Insane in the Mainframe: Securing against modern threats

Mainframes and their use at modern enterprises are seen by many as outdated legacy IT systems that are becoming more and more obsolete as businesses are becoming increasingly reliant on the   cloud. However, these notions are not entirely accurate. In reality, mainframe computing remains alive and well within many infrastructure-critical industries, including some of the largest organisations in the world. It is estimated that 71 per cent of Fortune 500 companies still rely on mainframes to run much of their core business functions. This is especially true within the financial services sector, where it is estimated that 92 per cent of the top 100 banks still utilise mainframe computing.

So, why do Financial Services firms still rely on legacy IT

The main reason why financial enterprises are still so reliant on mainframe computing is due to the considerable processing power it permits. According to Syncsort’s 2017 State of the Mainframe report, 74 per cent of IT professionals say the use of mainframe computing is very important for large-scale transaction processing on mission-critical applications. This allows banks to be able to process high volumes of transactions quickly and accurately in order to track and report on the movement of often highly volatile financial accounts. What’s more, mainframes are able to perform analytics on marketplace and user trends, provide mobile and cloud support, as well as monitor for signs of fraudulent activity.

As more and more consumers perform financial transactions such as deposits, and transfers from their mobile devices and banking applications, the processing power, terabytes of RAM, and limited downtime provided by mainframes are necessary to properly and efficiently complete and store the high volume of requests and data received.

As always within the financial services sector, security and compliance are also key contributing factors to the continued use of mainframes. Mainframes have long been considered impenetrable data storage centres because of they can be isolated from outside threats, as historically they were not exposed to external traffic. The silo’d approach is also beneficial for compliance – especially when it comes to PCI compliance – as data has been stored in one isolated location within the protected network.

However, with an influx of mobile web applications and IoT functionality becoming increasingly necessary to competitive consumer offerings from banks, this is starting to change.  Digital transformation, mobile device use, and the IoT have given way to the connected mainframe. This includes mainframes which are now integrated with mobile applications, APIs, and other modifiers to give consumers increased access to their data. Looking ahead, as applications continue to gain increased access to mainframes and their data, financial services firms will have to ramp up further security measures at the application layer. In doing so, this will ensure that vulnerabilities exploited by internet and application-based attacks are mitigated as effectively and swiftly as possible. 

Threats in the mainframe

In today’s threat landscape, there are a number of core cyber threats that use applications as their attack vector to gain network and data centre access.

• Application DDoS attacks: Distributed denial of service attacks have traditionally occurred at the network layer. These attacks pose as legitimate application traffic, but can leverage a few megabits of packets to do as much harm as an attack requiring hundreds of gigabytes. DDoS attacks are also easily scaled using compromised IoT devices formed into botnets. One of the most significant DDoS attacks of late was the DYN attack in late 2016, which was able to prevented users from access to popular sites such as Twitter, Spotify and Airbnb.
• Vulnerable applications: Unfortunately, it is impossible to write perfectly secure code; which therefore means it’s impossible to know whether all applications operating within your system are in fact secure. Vulnerable code and the zero-day exploits that exploit them are some of the most popular attack vectors for cybercriminals. Exploiting application vulnerabilities with common attacks such as cross-site scripting and SQL injections provide cybercriminals with easy access to data stored on mainframes or elsewhere in the data centre.

Ensure Data Centre Security

Financial services firms are required to implement security controls that go beyond the signature-based detection of firewalls in order to protect themselves from advanced persistent threats at the application layer. These measures also allow them to secure confidential business and consumer information which is stored on mainframes. Some of these security controls include web application firewalls, DDoS attack mitigation appliances, and encryption with advanced application delivery controllers (ADCs). In short, a Financial Services organisations need to ensure data centre and mainframe protection from internet-based attacks at the application layer as well as from advanced threats that utilise multi-vector attacks and advanced detection evasion techniques.

Protect from the Application Layer

• Web application firewalls go beyond traditional signature detection to deeply inspect every application in your data centre to determine what normal application behaviour looks like. From this baseline, the WAF is able to identify unusual application behaviours, such as DDoS attacks, cross-site scripting, SQL injection, and more to determine when an attack is occurring and what steps need to be taken to stop it.
• DDos mitigation appliances protect against bulk volumetric attacks, as well as smaller, more difficult to detect layer seven application attacks. Application layer attacks can use small traffic volumes to appear completely normal to most traditional DDoS detection methods, making them much harder to detect than other types of DDoS attacks.
• Today’s users and consumers demand a highly responsive mobile experience, and are not patient when applications do not respond immediately. However, with the bulk of mobile traffic now encrypted using SSL, which requires additional processing power, many network devices struggle to keep up with demand. Application delivery controllers absorb SSL traffic from the servers, resulting in reduced response rates for end users, allowing organisations to scale secure applications up to 100 times. 

Mainframes have proven themselves to be a critical technology for financial services organisations due to their unparalleled processing power, and for the time being, they are here to stay. However, as networks continue to evolve though their digital transformation efforts, these platforms are becoming increasingly connected, meaning they are no longer isolated from internet-based attacks. As a result, threats that were once common only for traditional web applications are now becoming common for mainframes and data centres as well. In order to continue to evolve technology to meet consumer demands while also maintaining data security and compliance, financial services firms need to adopt robust application security in order to protect valuable data stored on their connected mainframes.