¡A unique, world-wide service that provides continuous improvement in Compliance, Audit and security in z/OS environments to comply with the new European Union directives DORA and NIS2!

What can you expect from our Bsecure DataPASS service?

It helps to demonstrate that the Board of Directors has carried out DUE DILIGENCE in case of any possible incident affecting third parties, reducing the directors' liability, fines, and potential financial and criminal damages.

We implemented the service with operational data in less than four weeks for all LPARs in the environment.

More than three hundred technological controls based on the Best Practices of Security and auditing in the industry. CALCULATED OUTSIDE THE MAINFRAME ENVIRONMENTE.

Proceso de mejora continua de evaluación de riesgos, auditoría de controles de seguridad y nivel de cumplimiento con las principales Normativas internacionales.

Weekly Dashboard generation to follow the evolution of fundamental risk and security parameters for security managers (CISO, CIO, CTO, Compliance Manater, Data Privacy Manager...).

Checking and correlation of millions of information entities (Files, DB2 Tables and USS) applying all the access rules defined in RACF.

Detection of "excessive" authorized access to critical and confidential data (White Lists).

Service data NEVER leaves the customer's IT environment. Everything is done through remote connections to your infrastructure.

Mapping of user roles vs. real access to information (PROFILING).

Detection and alarm of ransomware installation, open doors and unauthorized modifications to system components (FIM).

Detection and alarm of hacking actions in VTAM/SNA environments through the generation of connection activity information..

Detection and alarm of anomalous user behavior.

Integrity control of critical files of the system architecture through our FIM (File Integration Management) functionality .

Framework for continuous security improvement and early detection of security incidents

No need to license any software product, just services.

Compatible with any level of outsourcing in systems, physical machines and operations.

Focused on the protection and access rules for each data protected by the systems and subsystems of each LPAR.

Regardless of the number of third-party software products dedicated to auditing and security that may be licensed.

Evaluate the security and auditing posture of your mainframe environment at a glance.

Generates up to 700MB of security information for each execution cycle and LPAR, indicating which entities comply with each control AND WHICH DO NOT COMPLY

The internal controls description document is the best auditing guide in the mainframe security industry.

The service is Fully integrated with your SIEM and SOC.

We have a version of the service called DataPASS HUB to train your trusted MSSPs.

A single weekly control calculation cycle is equivalent to the work of six security professionals in mainframe environments with more than 15 years of experience for six months.

The output data of each cycle is sufficient to cover the most demanding regulatory audits: DORA, NIS2, NIST, PCI, SOX, GPDR, BASEL, SOLVENCY, ISO27001...

Dozens of large companies whose critical data is protected by mainframes use this service to assess their risk, continuously improve their security and support any internal or external audit.

Bsecure DataPass Service -

Version 2024

Security, Hardening, Risk and Audit Framework, which includes tens of years of experience in security, hacking and auditing in systems on z/OS .

Compatible up to z/OS 3.1.

Is such a high-value service like this really necessary? Below we will illustrate the real situation of security, risk, audit and regulatory compliance aspects in mainframe infrastructures..

We advise you to watch the three videos to understand the challenges that we cover with our service in the largest corporations in the world.

ESPECIALLY THE THIRD, A REAL CASE USING INFORMATION FROM THE INTERNET.

Is mainframe security different from other IT platforms?

Most companies that use mainframe infrastructure to run their critical business processes believe that these terms do not apply to their zSeries mainframe systems:

- Ransomware

- Hacking

- Denial of Services

- Logic Bombs

- Trojans

- Backdoors

...

Do you still believe that you are safe from any serious incident? We invite you to review the main security incidents published in the last 25 years in this video

Incidents in Mainframe infrastructures for Managers and Auditors (subtitled in English)

Knowledge is Security!

Do you treat your mainframe environment with the importance that it deserves to manage 70% of your business data, in your regulatory compliance assessments?

How to get past regulatory compliance audits in Mainframe environments?.

In the previous video we have seen serious security incidents that could have been avoided by implementing Security Best Practices and auditing processes of the implemented controls

This video answers questions like

- Where is the audit information in these environments?

- Do the companies have sufficient capacity to perform their work with due diligence?

- What are the main regulations that require auditing in mainframe environments?

- Is there a concept of continuous auditing, or do we just settle for a sporadic audit every two or three years?

- How does a continuous audit framework in these systems help to reduce the corporate responsibility of the Board of Directors?

- .....

This is a necessary video to understand the challenges posed by mainframes in the face of regulatory compliance (NIS 2, PCI, SOLVENCY, BASEL, SOX, GDPR...) aimed at Management Personnel, Auditors and Regulatory Compliance Departments (subtitled in English soon).

Knowledge is Security!

Do you want to see a real case of data theft and denial of service lasting more than a week?

Real case of hacking of a mainframe of 12 million euros and billions in data.

In the previous video we have seen serious security incidents that could have been avoided by implementing Security Best Practices and auditing processes of the implemented controls.

This video answers questions like:

- How to take advantage of the hacking information that exists on the Internet?

- How to set up a 400 euro laboratory to carry out the attack?

- Are your security controls as imaginative as the malicious users?

- What configuration errors do they take advantage of?

- How can you disable all the LPARs in the real data center and the alternate data center at the same time for days?

- And what is more important: How we can avoid it before they get it with our DataPASS service.

This video shows enough knowledge taken from the Internet and shows its application on a real environment (subtitled in English).

Seeing is believing!

Knowledge is security!

If you have any of these responsibilities in your Corporation

you are part of the management leadership personally responsible for Cybersecurity in his Company according to the new European Union Directive NIS 2, recently approved.

You are responsible for security in a mainframe IT infrastructure. And your company or customer may be the target of an incident causing huge economic losses (reputation, assets, customer information...) and therefore you are responsible for protecting your company and yourself.

You are responsible for auditing or securing a z/OS mainframe environment, assessing risks and suggesting mitigation plans.

You are responsible for the cybersecurity of your facility and need to determine the technological measures and controls to mitigate the assessed risks.

You are Director of Security (CISO, CIO, CSO...) and among your functions is the security of the mainframe environment.

You belong to the Management Committee of your company, and you have to be accountable to the partners and to current regulations, as the person in charge of cybersecurity, of the consequences caused by security incidents that may occur.

We are at your disposal to present our solution, unique in the security and audit industry in mainframe environments.