Monitor IBM z/OS Encryption Readiness Technology with IntelliMagic Vision
Secure your mainframe performance and encryption with advanced insights and AI-based analysis of z/OS IP traffic encryption.
Proactively find security risks and failures before they impact users.
Identify and Remediate Unencrypted Traffic
IBM’s TCP/IP zERT (z/OS Encryption Readiness Technology) positions TCP/IP as the focal point for monitoring reporting on network traffic, including identifying traffic that is not cryptographically protected.
For traffic utilizing recognized protocols (such as TLS, SSH, and IPSec), visibility is provided into protocol specific data, such as which encryption algorithms are used, the length of the cryptographic keys, and other important attributes of the cryptographic protection. This information is valuable for ensuring adherence to corporate security policies as well as substantiating that adherence through required reporting to auditors and compliance officers.
IntelliMagic Vision allows network security administrators to leverage an intuitive, GUI-based web reporter that provides great visibility into data from zERT SMF 119 summary records. It also provides capabilities to categorize network activity into “traffic classes” based on IP address ranges, reflecting the reality that some classes of traffic (e.g., external) are likely to have more stringent encryption requirements than others (e.g., between mainframes within the data center).
IntelliMagic Vision also enhances analysis by translating all of the more than 600 raw codes from zERT records into readable text for cipher suite, encryption algorithms, and message authentication types.
Easily Identify Unprotected (Cryptographically) Traffic
Top-level views (by sysplex as here or by traffic class) provide immediate visibility into the amount of network traffic utilizing each protocol, and perhaps most importantly, identify traffic that is not cryptographically protected.
From here you can drill down by many criteria, including by user ID or server or client IP address, to quickly focus your analysis and identify the details required to determine the source or target of the traffic.
Categorize “traffic classes” based on IP address ranges
Navigate easily to the subset of network traffic where you want to focus (e.g., by traffic class, IP address, etc.), and have immediate visibility into data specific to the selected protocol.
In this TLS example, that includes encryption algorithms being used, length of the cryptographic keys, and other important attributes of the cryptographic protection.
Average CP Core Usage for Crypto Functions
Since the CPU required for encryption can be significant and can vary widely between various encryption types, visibility into CPU is vital.
Before and after analysis of implementation changes enables correlation between the encryption and the business cost (in terms of CPU).
Intuitive Visibility into SMF Data
In contrast to approaches today that require coding programs or mastering tooling siloed by technology to access various types of SMF data, a common, intuitive user interface eliminates effort spent mining data and instead frees up staff to focus entirely on high-value analysis.
This single interface used across the entire z/OS platform greatly expedites learning, promotes collaboration, and enhances analytical effectiveness.
Context Sensitive Drill Downs
Context sensitive drill downs enable an analyst to identify alternative analytical paths based on the data currently being displayed and quickly investigate each hypothesis with just a few clicks, greatly reducing lost time when exploring what ends up being a “dead-end” path.
When dealing with massive SMF data volumes, this capability to focus analysis on the desired subset of data becomes especially valuable.
Accelerated Root Cause Analysis
Highly flexible drill-down capabilities of IntelliMagic Vision enable data to be viewed at the processor, system, card, or address space level and specific migration activity. Built-in conditional filters can further be a customized for a set of reports on a focused dashboard.
Quickly investigate each hypothesis with just a few clicks and greatly reducing lost time when exploring “dead-end” paths.