Xbridge -- DataSniff: FAQ

Products

DataSniff

	Overview
	FAQs
	Application Examples
	Data Sheet
	White Paper: PCI Compliance on the Mainframe



	DataSniff FAQ - Frequently Asked Questions DataSniff enables clients to finally bring their mainframes into compliance How can DataSniff make my job easier? What problem does DataSniff solve? How can using DataSniff improve the process of meeting and maintaining compliance? How is DataSniff different from the DLP solutions already available to me? We already use compensating controls on our mainframes. What advantages does DataSniff offer? We already have a DLP Software package installed in our enterprise. What advantages does DataSniff offer? We have already implemented a data encryption strategy for all new customer data generated and stored by our mainframe applications. Why should we go through the effort and expense of installing DataSniff? Are there any other software products on the market other than DataSniff that can perform mainframe data discovery? DataSniff has little to no impact on mainframe operations How can I be sure the original mainframe data is never compromised? What prevents unauthorized access to the data? How can DataSniff speed up the PCI compliance process? How will system administration processes need to be changed when running DataSniff? How DataSniff works Explain how DataSniff searches the mainframe for data. If the data is mapped at install, how can it be 'real-time'? Does my desktop need to be connected directly to the mainframe system which stores the data? How many clients can be connected and requesting data simultaneously? DataSniff installs easily and quickly into your environment How long does a typical install take? Once installed, how much training is needed before we can begin to access and discover sensitive data with DataSniff? How long does it take to make a template? What level of programming expertise is required to make a template? Can a business analyst do it? Are there any tools available to build input templates with? No additional software is required for DataSniff to work properly Which analytical tools or environments will we need to adopt to use DataSniff? What desktop tools and applications does DataSniff interface with? Is any special software required on the server and/or the PC in addition to the DataSniff product? If so, how long does it take to install it? Can the user install the software on their PC? With which server operations systems is Xbridge compatible? To What IBM operating systems is this restricted? View the Xbridge White Paper: Achieving PCI Compliance on the Mainframe View the recorded Xbridge/Protegrity webcast from April 12th, 2011: PCI Compliance Without Compensating Controls – How to Take Your Mainframe Out of Scope DataSniff enables clients to finally bring their mainframes into compliance How can DataSniff make my job easier? DataSniff allows your organization to easily and seamlessly access various disparate data sources, discover the exact location of sensitive data within those data sources, provides the capability to categorize and label these findings by level of risk, and can provide a map with data location information to those software systems responsible for performing remediation (Encryption, Tokenization, Obfuscation, Deletion). All of this can be done through the single DataSniff browser User Interface access point. DataSniff enables any enterprise to not only quickly accurately define the scope of an entire PCI compliance and remediation project, but enables the client to address the level of risk associated with all discovered data at the very beginning of the process. By immediately assessing and assigning levels of risk to the data, the scope and exposure of the sensitive data is greatly reduced, placing proper emphasis on only those datasets that are of highest concern, resulting in the quickest possible path to securing the most sensitive data and reaching compliance. What problem does DataSniff solve? DataSniff solves multiple problems regarding the access, discovery, and reporting of the location of sensitive data within large and complex mainframe database environments, and does this in a secure and real-time environment. First, DataSniff has solved the problem of accessing data stored in mainframes -- DB2, VSAM, QSAM, IMS DB, IDMS, and BDAM -- DataSniff has also automated the access process. Data access from other systems -- ORACLE, SQL, ODBC, etc. is also supported by DataSniff, and is integrated into the single data access and discovery UI dashboard. Second, DataSniff has solved the challenge of discovering, identifying, and mapping the locations of sensitive data within these data stores (and the methods by which that information must be shared with other applications). Third, DataSniff can also discover sensitive data that has been stored as "Hex" or "Packed-Decimal" within these environments, providing an additional level of data discovery that is virtually impossible if using manual data discovery methods. How can using DataSniff improve the process of meeting and maintaining compliance? There are several ways that using DataSniff will improve the process of meeting and maintaining compliance. First, Version 2 of PCI-DSS (effective 01/01/2011) requires ALL stored cardholder data be identified and protected. DataSniff allows the enterprise to easily and effectively bring the mainframe into the scope of any corporate compliance initiative, assuring compliance, avoiding fines, while protecting customers, the image of the enterprise, and the ability to accept credit cards as a form of payment. Second, DataSniff provides the enterprise with a detailed map of the location of all sensitive data within the mainframe. This map enables the enterprise to deploy a focused remediation approach, allowing clients to concentrate only on remediating the data that is sensitive, and ignoring the vast amounts of data that is not applicable to the compliance process. Third, DataSniff enables clients to deploy an effective monitoring strategy that includes the mainframe. Until DataSniff, the vast amounts of data from the mainframe made it impossible to effectively monitor all (or any) of it while in transit. By pinpointing the exact location of the data that NEEDS to be protected, DataSniff provides clients with the capability to deploy a data protection approach that is focused specifically on those data records that have been identified as sensitive, bringing the mainframe into the scope of the protection provided by today's most powerful DLP (Data Loss Prevention) solutions. Fourth, DataSniff enables clients to become self-suffient in maintaining compliance. By deploying DataSniff as a yearly licensed software product, clients can schedule automatic re-scans of their database environments quarterly (or at any time) to assure that no new sensitive data has been propogated within any database environment since the last data discovery scan process was performed. This process can greatly reduce the time and cost of the next internal or external audit, and greatly enhance the accuracy and effectiveness of all data security initiatives. How is DataSniff different from the DLP solutions already available to me? DataSniff differs from DLP solutions already available on the market today in that it DOES NOT perform data protection, data monitoring, or data remediation. DataSniff is the tool that enables these other DLP products to provide protection for the most critical data within any large enterprise -- the mainframe data. DataSniff doesn't compete with other DLP tools, It enhances all of them by providing them a bridge into the mainframe, making all of them more universally effective at protecting ALL of the sensitive data within the enterprise. We already use compensating controls on our mainframes. What advantages does DataSniff offer? Due to the inherent complexity and scope of the mainframe, "Compensating Controls" have been used since 2006 as a way of "exempting" the mainframe from the required data discovery processes defined by PCI and other compliance initiatives. A "Compensating Control" could be something as complex as ad-hoc user-based access controls tied to large blocks of mainframe data as an attempt to show some method of control over the data storage environment, but this provides virtually no protection for the data in question. "Compensating Controls" could also be defined as a specific process like the manual monitoring of mainframe data access log files (the mainframe generates logs in the millions each day). This is an unmanageable practice that has clearly been implemented only for the excercise of passing an auditing process. Most surprisingly, a "Compensating Control" could be something as rediculous as a single blanket statement in a document stating that the company has no knowledge of the content of its mainframe databases or the location of any sensitive data that may reside within them. With this statement, it is also implied that there is no method by which the company can discover, identify, confirm, or deny the existence and/or location of sensitive data, and thus the client cannot perform any analysis of whether it is protected or not - In other words: the company ultimately states that due to the above factors, the entire mainframe environment is considered "Exempt" from the PCI compliance process. NOTE: "Compensating Controls" are valid for a period of only 1 year, and once used for any environment, cannot be used again without causing the enterprise to fall out of compliance. DataSniff enables clients to move their most critical business assets beyond the band-aid that is "compensating controls," and bring them into the scope of a true and complete compliance initiative. We already have a DLP Software package installed in our enterprise. What advantages does DataSniff offer? DataSniff is the tool that enables these other DLP products to provide protection for the most critical data within any large enterprise -- the mainframe data. DataSniff doesn't compete with other DLP tools, It enhances all of them by providing them a bridge into the mainframe, making all of them more universally effective at protecting ALL of the sensitive data within the enterprise. We have already implemented a data encryption strategy for all new customer data generated and stored by our mainframe applications. Why should we go through the effort and expense of installing DataSniff? DataSniff supports the discovery, identification, and mapping of ALL data within the enterprise, this includes historical data, migrated data, data on phyisical and/or virtual tape systems, and any data that may have been unknowingly duplicated or placed in notes fields outside of the control of the automated encryption service. DataSniff can also discover any data that may have been placed in unauthorized locations with maliscious intent. Are there any other software products on the market other than DataSniff that can perform mainframe data discovery? To our knowledge, DataSniff is the ONLY available AUTOMATED mainframe data discovery tool, providing an automated process for discovering and identifying sensitive data on the mainframe, regardless of its location, or whether it is in structured or unstructured format. The bottom line... If it resides in the system catalog, DataSniff can find it. DataSniff has little to no impact on mainframe operations How can I be sure the original mainframe data is never compromised? DataSniff is a "read-only" system, so databases cannot be updated or changed through DataSniff. In addition, DataSniff operates as a fully supported subsystem under z/OS, and/or OS/390, and as such complies with all mainframe security and data integrity rules and subsystems. What prevents unauthorized access to the data? The DataSniff security architecture allows the z/OS or OS/390 security administrator to control access to the mainframe data at the field level. Agents operate through the System Authorization Facility (SAF) interfacing with RACF, ACF2 or Top Secret. The z/OS or OS/390 host controls exactly which users are permitted access to specific files. How can DataSniff speed up the PCI compliance process? DataSniff provides rapid and direct access to all mainframe data in the system catalog. DataSniff's powerful, patent-pending scan manager utility enables clients to manage extremely large amounts of data (many Terabytes) without any significant CPU load increase, and no significant increase in network loads. This is possible due to DataSniff's ability to perform limited scans of all datasets (for example, scanning only the first 1,000 to 10,000 records of all datasets). The vast majority of mainframe datasets will either have a regular appearance of sensitive data in structured dataset locations, or will have very little senstive data sporatically located in a few records or in unstructured files, or the scanned segments of the datasets will exhibit no sensitive data at all. If no sensitive data shows up in the first 10,000 records of a particular dataset scan, an enterprise can immediately categorize and define a preliminary level of risk for this and other large amounts of data that have been scanned and have reported a similar result. A quick preliminary categorization and risk assessment of an entire mainframe database not only defines the scope of an entire data remediation project, but also creates a solid understanding of the entire mainframe database environment as it relates to prioritizing areas for further discovery and eventual remediation. How will system administration processes need to be changed when running DataSniff? DataSniff does not affect storage administration, security and performance management, and capacity planning procedures and methodologies. How DataSniff works Explain how DataSniff searches the mainframe for data. The data required is identified and is mapped into meta data templates. This is normally done during installation. Once the universe of available data has been defined, users then create scans of groups of datasets to search for sensitive information that may reside within any record that is part of that group of datasets being scanned. The results of these scans are then displayed in a simple, easy to view, browser-based user interface dashboard. Results are shown multi-dataset scans, and can be expaned to show individual dataset scan results, as well as individual record results. All of these results can be dispositioned and tagged as preparation for exemption, remediation, or deletion. If the data is mapped at install, how can it be 'real-time'? The data and the locations of the data are defined in the template building process. Data is not actually retrieved until the moment of the request by the end user. Does my desktop need to be connected directly to the mainframe system which stores the data? No. DataSniff enables access to the required data from any Windows application or browser, worldwide. DataSniff is scalable from a single user, single system, to full enterprise-wide support for multiple mainframes and large numbers of users. How many clients can be connected and requesting data simultaneously? Multiple servers may be configured for redundancy. DataSniff installs easily and quickly into your environment How long does a typical install take? Most customers are up and running in a day. Once installed, how much training is needed before we can begin to access our data with DataSniff? Users can be operational and independent within a couple of hours after installation is complete. How long does it take to make a template? Initial data definition templates are usually created during the install process. User-defined output templates can be built in minutes by end users. What level of programming expertise is required to make a template? Can an internal auditor or QSA do it? Yes, an internal auditor or QSA or department systems support person can build the data definition templates during the install process. End users can build their own output templates for report generation with just a few hours of familiarization training. DataSniff includes a data mapper which reads COBOL copy book definitions and generates both input and output templates automatically. Are there any tools available to build input templates with? Yes, the DataSniff Data Mapper, provided with DataSniff Data Access Administration tools, will read COBOL copy books, extract the data definitions, and build input templates. No additional software is required for DataSniff to work properly Which analytical tools or environments will we need to adopt to use DataSniff? No special analytical tools are required. Users take advantage of powerful and familiar desktop tools such as Excel, Word, Internet Explorer, etc. to create reports and analyses. Once the data has been accessed, there is no learning curve or delay in your ability to use it. In addition, DataSniff can deliver the data into business critical software applications by delivering discovery results as a SQL database, or perform API Calls to access other applications for further data scrubbing, manipulation, and/or reporting. What desktop tools and applications does DataSniff interface with? DataSniff can deliver data in any format or to any application which is Windows compatible. For example: Microsoft's Host Integration Server, BizTalk Server,.net, Visual Studio, SQL, and MS Office. DataSniff integrates with both Java and Microsoft models for the development of new web-based applications. DataSniff supports C, C++, Visual Basic, VB Script, VB.NET, and Java. Also, DataSniff works with other software environments supported on Windows platforms including C, C++, Java, XML, .NET, Visual Basic, VB.NET, and VB Script. Is any special software required on the server and/or the PC in addition to the DataSniff product? If so, how long does it take to install it? Can the user install the software on their PC? No additional software is required. DataSniff delivers data directly to your existing analytical tools. With which server operations systems is Xbridge compatible? Xbridge DataSniff server supports Windows NT 4.0 with Service Pack 3, Windows 2000, 2003, Windows XP, or Windows 7. To What IBM operating systems is this restricted? Xbridge's DataSniff product works with any z/OS system, or with older OS/390 Versions 2.5 or greater. Xbridge conducts a review of your software and APAR levels prior to install to ensure that your systems are at the proper levels for a smooth and fast installation.

Privacy Policy | Contact Us