malicious  actors  are  free  to  infiltrate  systems,  discreetly  establish  backdoors  for  future  access,
            compromise backup systems, encrypt data, and potentially issue a ransom demand.

            For numerous  mainframe  operators,  a significant  portion of these nefarious  activities  occur behind the
            scenes, escaping  detection  until it's too late. It’s not only a matter of prudence  but also a fundamental
            aspect of business and security strategy for these sites to mitigate risk and attendant damage with early
            detection.

            To  address  this,  a  method  for  identifying  malicious  encryption  as  soon  as  it  starts  and  providing
            instantaneous  reaction  is  required.  One  approach  involves  having  the  system  compile  a  whitelist  of
            authorized encryption processes.  Whenever a new process emerges, updating the whitelist becomes a
            logical step. However, relying on human intervention for whitelist updates can be risky.

            An emerging  and more efficient approach - one that our team is pioneering  - involves triggering a real-
            time alert when software detects  a rogue process.  Whitelist processing  can be invoked to determine  if
            the  actions  are  malicious  or  desired.  If  it  is  desired  the  process  is  simply  resumed,  eliminating
            unnecessary alerts. Otherwise, it’s understood to be a malicious attack.


            To remove the dependance on human reaction time, the offending process must be suspended, so that
            no further damage occurs, while support staff investigate the situation. As a result, ensuing damage can
            be dramatically mitigated, often by several orders of magnitude.

            Our very way of life is dependent on the smooth and continuous operation of this critical piece of business
            and government  infrastructure.  The lesson for mainframe  operators is clear. What may have worked in
            the past can’t be relied on for the future. Now’s the time to ask hard questions, break out of a culture of
            complacency, and embrace innovative new monitoring technologies





            About the Author

            Al Saurette, the CEO of MainTegrity.  With deep experience in mainframes, hybrid cloud platforms, open
            systems and mobile computing, Al Saurette is recognized as a thought leader in
            cyber  security,  compliance  and  cyber  resilience  solutions  for  banks,  insurers,
            transport  and  government  clients  in  North  America,  Europe  and  around  the
            world. Currently, Al is CEO of mainframe cyber security provider MainTegrity Inc.
            providing  next-generation  threat  detection,  advanced  file  integrity  monitoring,
            automated forensics, and recovery solutions.

            Al  can  be  reached  online  at    [email protected]         and  LinkedIn
            https://www.linkedin.com/in/al-saurette/

            and at our company website https://maintegrity.com/








            Cyber Defense eMagazine – January 2024 Edition                                                                                                                                                                                                          114
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.