AIOps on IBM Z - Group home

Close the vault on cyber criminals

By Diego Bessone posted Tue October 26, 2021 11:03 AM

Close the vault on cyber criminals


Setting the stage

With cyberattacks on the raise, cyber resiliency is more important than ever. We must close the vault on cyber criminals. 

A major challenge for IT operations is the protection of business-critical infrastructure and data from the impact of outages and downtime. With cyber attacks continuing to grab headlines, many enterprises are looking at their resiliency posture which might include deployment of air-gaped solutions to deliver the ability to recover from an event that compromises their data. Determining the scope of the incident and surgically recovering the right data backups can drive up recovery time, potentially impacting the business.  

In this blog, we will discuss how to use key IBM Z technology and operational tools to keep track of and recover your data, particularly data not managed by a database, such as files used in batch workloads. And we will also describe some of the capabilities that aid administrators of a cyber vault solution to simplify their validation and recovery processes.

The IBM Z Cyber Vault is a unique solution to safeguard our customer's data from logical corruption, for example caused by a ransomware attack.


Why does it matter?

Data corruption refers to errors in computer data that occur during writing, reading, storage, transmission, or processing, which introduce unintended changes to the original data.

There are two types of data corruption associated with computer systems: undetected and detected.

Undetected data corruption, also known as silent data corruption, results in the most dangerous errors as there is no indication that the data is incorrect. 


What can IBM do to help?

The first question every customer asks, is if their current high availability and disaster recovery procedures would protect them from data corruption.

Normally customers assume that they can catch data corruption as soon as it happens, and that if it ever happens, they already have the tools and procedures required to recover from such an event.

Unfortunately, this is not the case for 2 reasons:

  1. Data corruption will likely go unnoticed for an extended period of time.
  2. High Availability and Disaster Recovery mechanisms don't provide continuous data validation and are not isolated from the system where data corruption could be introduced.

Now let's think about some proactive actions you could take to protect yourself from data corruption:

  • Can you verify every point-in-time backup?
  • Do you keep all your critical backups isolated and air-gapped so nothing could affect them?
  • Do you know which is the most current, non-corrupted copy of any file in your system?
  • Can you identify all critical tape data sets and ensure their recovery?
  • Do you have the required processing capacity and mechanisms to start a forensic analysis and surgical recovery at a moments notice?

IBM Z Cyber Vault provides a solution that helps you implement all of these proactive actions, as well as everything required to analyze, and recover in case of a cyber attack, or data corruption event.

These capabilities are provided through a combination of Hardware, Disk Storage, Software and IBM Services. Software tools are a key component of this solution as they will guarantee that you are executing all your actions in the most efficient and effective way, leveraging automation as much as possible in order to shorten your data recovery procedures.

One of the key software solutions that provide specific Cyber Vault functionality is IBM Z Batch Resiliency, which provides log and recovery capabilities for non-database managed data, such as libraries, flat files, and VSAM datasets.

  • Cyber Vault health check report for Safeguarded copies
  • TimeLiner reverse cascade report for forensic analysis
  • TimeLiner forward cascade report to create recovery plan
  • Panel driven surgical recovery

We complete the solution with additional z/OS tools and utilities such as Catalog Management, DFSMShsm management and audit, Security auditing capabilities, and Db2 and IMS specific tooling.

Call to action
Here are a few items that you can do to help close the vault on cyber criminals:

Download the IBM Redbook Getting started with IBM Z Cyber Vault:

Register to attend the Cyber resiliency to protect your business-critical infrastructure webinar which is available on demand: 

Summary of the Redbook

This IBM Redbooks publication looks at some common cyber threats and introduces a cyber resiliency solution called IBM Z Cyber Vault. It describes the technology and cyber resiliency capabilities of the solution at various hardware, software, and operational levels, and discusses what to consider when pursuing higher cyber resiliency goals.

Guidance and step-by-step examples for the deployment of IBM Z Cyber Vault are also included, as well as a suggested framework with advice for conducting basic data validation and samples that can be tailored to individual business needs, priorities, and IT configurations.

This publication is intended for IT managers, LOB managers, IT architects, system programmers, storage administrators, security administrators, database administrators, and system operations professionals.