Protecting Clouds, IBM Mainframes, and more with Identity-based Network Security

By Mike Miracle, SVP Marketing and Strategy

You already know about BlackRidge and our ability to provide identity-based network security that stops cyber-attacks and protects against insider threats at the earliest possible time… on the first packet before network sessions are established. This is what we have been referring to as “secure caller-id for networks” since it allows only identified and authorized users or devices to access enterprise and cloud systems. This is nothing new as we have provided this capability for several years now. What is new is that we’ve moved our solution to the cloud (hasn’t everyone?) and to IBM z Systems™ mainframes. It has been a pretty exciting journey working with the z Systems team and with Marist College faculty, students, and production staff on this new product release.

At the IBM PartnerWorld Leadership Conference 2016, BlackRidge announced our security partnership with IBM Systems and significant new product capabilities including:

  • BlackRidge Gateway for IBM z Systems added to the family of platforms that BlackRidge supports to further protect critical business data on mainframes from cyber-attacks and insider threats
  • Cloud deployment support for public and private cloud infrastructure along with additional enterprise deployment flexibility via a Layer 3 routed mode.
  • BlackRidge AD Agent that integrates with Microsoft Active Directory® to dynamically learn user identities and automate security policy.  Allows security policy to be implemented using existing identity associations, vs. using network topology and addresses that are hard to maintain and not secure.
  • New intuitive GUI interface to make it easier to configure, manage, and monitor single or multiple BlackRidge gateways.

On the security partnership front, IBM announced embedded cloud security capabilities and that BlackRidge is one of the first partners in the new IBM z Systems security partner program, where we achieved the Ready for IBM Security Intelligence for z Systems validation.

BlackRidge adds another layer of protection to IBM z Systems being used for cloud applications by preventing scanning and reconnaissance due to “cloaking” network ports so that they cannot be found.  This helps minimize the attack surface – you can’t attack what you can’t see- and thus allows only identified and authorized users and/or devices access to protected servers and applications.

Some of the key use cases on IBM z Systems take advantage of this additional level of security that we provide before network sessions are established. One such use case is the protection of z System assets from insider threats by segmenting and isolating the different operating systems (e.g., z/OS and z/Linux) workloads to reduce risk and meet compliance objectives. Another is to protect distributed web and application server to database connections to stop scanning and allow only authorized access by remote users or devices.  And there is real-time attribution with identity of unauthorized access sent to SIEM and analytics systems too.

Further, the BlackRidge AD Agent and other identity management systems integrations help to automate the provisioning of both the “identity” and “policy” constructs of the BlackRidge solution as follows:

  • Simplifies adding and managing identity in a BlackRidge deployment
  • Provides a practical and additive (not redundant) way to monitor and enforce access policies and address and accommodate exceptions
  • Gives credible proof to investigators, auditors and regulators that segregation and protection of critical environments is in place

Altogether, our new product release adds a new layer of security to cloud infrastructures as well as the IBM z Systems, protecting them from advanced cyber threats and insider threats, and it is easier to deploy and manage.

For more information about this announcement, please read the associated product updates under our product tab at www.BlackRidge.us and on the related press releases accessible under our “news” tab. Check it out now!