Now Available

ZTRUST™ for Networks

ZTRUST™ dramatically reduces the time, effort and costs involved in detecting, monitoring and optionally enforcing network access and provides a valuable tool for adhering to compliance standards and regulations.

While mainframe sites may have a reasonable view on who is using applications at the userid level, many don’t have an accurate picture of the network activity on their systems. Identifying which network devices and segments connect to specific applications, and verifying their encryption status, is a complex and often overlooked task. Most security mechanisms focus on incoming TCP/IP connections, but few look at controlling outbound connections. Often any user can initiate an outbound connection to a remote, possibly insecure system, and hackers use outbound connections as a backdoor to mainframe services.

Differentiating between clear and encrypted network connections is the key. ZTRUST™ software identifies:

  • Applications that are permanently or temporarily accepting inbound non-encrypted and/or inbound encrypted connections
  • Applications that are making outbound non-encrypted and/or outbound encrypted connections
  • Network segments that are accessing specific applications without encryption and/or with encryption

Network Micro-Segmentation

Micro-segmentation is a key mechanism to control network access and can often be a requirement for regulatory compliance such as PCI/DSS. Isolating card payment processing applications to specific network segments can significantly reduce the scope, time and of course the cost of compliance reviews.

 

ZTRUST™ is unique by using the Enterprise Security Manager (ESM) such as RACF, ACF2 or TSS to manage network segmentation, moving the responsibility for compliance and standards to the security team – where it should be!

 

The software uses ESM resource definitions for applications and standard access control commands (such as PERMIT) to isolate access to an application to specific network segments, focusing your security policies and other compliance activity on only the segments required.

 

ZTRUST™ for Networks replaces the complexities required to manually create and maintain policy agent access control lists, by generating these automatically from the access controls defined in the ESM. Further management of micro-segmentation can be performed using standard RACF|ACF2|TSS or fully managed from the browser-based user interface.

Micro-Segmentationcan be quickly achieved with ZTRUST™ in five stages:

 

• Stage 1 — Network Discovery: a unique tool to build your Network Knowledge Base
• Stage 2 — ESM Resource Generation: automatically generate ESM resource definitions and access lists
• Stage 3 — Build Security Profiles: build policy agent profiles from the ESM resources
• Stage 4 — Monitor & Manage Complexity: monitor network activity and alert on policy violations
• Stage 5 — Report for Compliance Audits: provide proof positive, including periodic reports

 

For more details on how ZTRUST™ for Networks can help your business, please contact us at Info@Go2Vanguard.com.

Let’s Talk!

Schedule a meeting today to receive immediate results from a ZTRUST™ installation in your environment.

Call us at (877) 794-0014 or send an email to Info@Go2Vanguard.com.

We look forward to hearing from you!