FNTS transforms mainframe security against a new level of risk with BMC AMI Security

The Challenge

Open access shouldn’t mean open season

Historically, mainframes were a segregated system of record—technological citadels whose data was siloed from outside threat. But now, in the name of integration and innovation, these fortresses must leave their drawbridges down, their gates open.

Web- and mobile-based apps constantly access and interact with mainframe data stores, and many security teams remain unaware and unfamiliar with the unique vulnerabilities created by this broadened access.

FNTS, the fastest growing mainframe managed services provider in the US, proactively hunts for potential security gaps among its customer base.

“We provide hybrid cloud solutions for our clients, working with them to optimize and modernize their environments,” explains Kim Whittaker, President of FNTS. “But what really differentiates us is our mainframe expertise alongside our heritage of being owned by a financial institution. We’ve always needed a strong security posture because we’re subject to frequent audits by being connected to a heavily regulated industry. That positions us well, since security is one of our clients’ top mainframe priorities.”

“They’re expecting us to protect their most critical workloads and data,” adds Don Pecha, Chief Information Security Officer (CISO) at FNTS. “We need to detect and remediate their security gaps before anyone else can find them. But from the hundreds of conversations about mainframe security that I’ve had with clients, many organizations are so focused on operational performance and stability that they’re not even aware of the risks they’re creating.”

FNTS began looking for a security solution that could more effectively highlight and address the downstream vulnerabilities created by exposing the mainframe to modern workloads. Ideally, with this tool in place, the business could better coordinate with clients to shore up their defenses without hampering the free flow of data.

The solution

Standardized tools, personalized insight

FNTS now sets up new mainframe clients with BMC AMI Security software by default, delivering rich insight into threats and vulnerabilities from day one: 

• BMC AMI Command Center for Security serves as the mainframe-specific security information and event management (SIEM) console for these environments, with the option to send security alerts to a client’s Security Operations Center
• BMC AMI Security Policy Manager provides real-time vulnerability scanning, flagging weakly-defined permissions and configurations that leave mainframes vulnerable 

“We have customers coming to us and outright saying they want BMC AMI Security Policy Manager because they’re having problems with RACF administration,” adds Pecha. “They know they have issues with permissions, and their hope is that this will help them isolate their risks and correct them throughout the enterprise.”

At the same time, as existing FNTS clients renew their support, these tools will be added to their environments as well.

Teamwork makes the SIEM work

“We’re taking everything from BMC AMI Command Center for Security—logs, firewall alerts, abnormal behavior—and bringing it into our SIEM in real time,” explains Pecha. “We can see if there is anything in our enterprise environment that we need to be aware of. And what I really love is that we can send what’s in our SIEM directly to the client’s SIEM, so their security team knows what we know.”

This shared insight, in turn, helps create opportunities for communication and education that had been previously rather difficult. “We can fine tune with them what needs to be looked at in terms of overall threats,” continues Pecha. “Previously, these SOC teams were getting constant alerts from the mainframe without any context. These messages were just noise—noise they tuned out.”

The Result

Proactive mainframe protection

“When I look around the world at the current state of mainframe security, it’s almost all compliance-driven,” notes Pecha. “’Is this setting enabled? Do I have this hardening active?’ It’s a list of checkboxes, but it doesn’t tell you whether your configuration is vulnerable. I’ve repeatedly seen firms that just passed a security audit be breached because they didn’t have operational security.”

Rather than simply meeting general standards, operational security instead focuses on using proactive risk management and analysis to help protect systems and data. Security staff are encouraged to routinely consider their architecture from the perspective of an attacker to identify previously overlooked vulnerabilities.

“That’s one of the strengths of BMC AMI Security,” adds Pecha. “It includes deception—false flags, honeypot data sets that kick out the attacker when they touch it. And if they come back, we end up with two or three events that tell us somebody is persistently connecting. We know that we need to look closer and shut that down. We move beyond compliance and prevention and start having conversations about cyber resilience.”

Built for today, ready for tomorrow

As part of that movement forward, FNTS stands confident that the BMC software will continue to play a crucial role.

“If you think about the role of quantum and AI in the next three to five years, our concerns are going to be very different,” explains Pecha. “What other environment is going to be quantum-ready more than the mainframe? And tools like what we have from BMC are going to help us with that preparation. They’ll help us scan around quantum encryption to know who has access to AI workloads—where that data is, where it’s moving, and who is touching it.”