In the high-stakes environment of financial services, the combination of IBM z/OS and Cyberspatial Teleseer creates a powerful "defense-in-depth" architecture. This partnership bridges the gap between the mainframe’s internal "fortress" security and the external network’s complex, often opaque, traffic patterns.
__________________________________________________________________
1. TELESEER - The Power of the "Inside-Out" and "Outside-In" View
The core of this collaboration lies in how each platform handles data and visibility:
IBM z/OS (The Secure Core): Provides a "zero-trust" environment for financial transactions. With features like Pervasive Encryption and RACF (Resource Access Control Facility), z/OS ensures that even if data is intercepted, it is unreadable, and only authorized users can touch specific records.
Cyberspatial Teleseer (The Network Eye): While z/OS secures the data, Teleseer maps and visualizes the network "terrain" surrounding the mainframe. It uses 100% passive, agentless packet analysis to build a real-time digital twin of the network.
2. How They Work Together: Z and Teleseer-
Financial services users benefit from a unified security posture where the mainframe is no longer a "black box" on the network map.
| Feature | IBM z/OS Contribution | Cyberspatial Teleseer Contribution | Combined Benefit |
| Visibility | Generates detailed logs (SMF records) of internal system activity. | Provides a 3D visual map of all devices communicating with the mainframe. | Eliminates Blind Spots: Admins see exactly who is talking to the mainframe and what they are doing. |
| Threat Detection | Uses AI-powered processors (Telum) to detect fraud at the transaction level. | Uses behavioral analytics to spot unusual network traffic spikes or unauthorized lateral movement. | Rapid Incident Response: Teams can correlate a transaction anomaly on z/OS with a specific network path identified in Teleseer. |
| Data Integrity | Encrypts data at rest and in transit using hardware-accelerated crypto. | Validates that traffic is following expected, secure protocols (e.g., ensuring TLS 1.3 is active). | Regulatory Compliance: Easily prove to auditors that financial data is both encrypted and traveling over validated paths. |
3. Improving Cyber Resilience
For financial institutions, downtime is not an option. This combination enhances Cyber Resilience by:
Mapping Mission-Relevant Terrain: Teleseer identifies "Key Terrain Cyber"—the critical switches and routers that the mainframe relies on.
Validating Segmentation: It ensures that the "Air Gap" or logical separation between development and production financial environments is actually intact.
Passive Monitoring: Because Teleseer is agentless, it adds zero "overhead" or risk of crashing sensitive mainframe applications, while still providing total situational awareness.
Next Steps
Explained - how to integrate z/OS SMF logs into a visual analytics platform like Teleseer for deeper forensic analysis?
__________________________________________________________________________________
Cyberspatial Teleseer solutions present: a powerful way to bridge the gap between mainframe infrastructure and modern security visualization. Integrating z/OS SMF (System Management Facilities) logs into a platform like Teleseer allows you to transform raw, binary mainframe data into interactive network topologies and activity maps—crucial for hunting lateral movement or identifying unauthorized access.
The process generally involves three main phases: Extraction, Transformation, and Ingestion.
1. Extraction: Getting SMF Records off the Mainframe
Mainframe data is stored in a proprietary binary format (EBCDIC).
Real-Time Streaming: Use tools like IBM Z Common Data Provider (CDP) or Syncsort Ironstream.
These tools act as a "log forwarder" for z/OS, streaming SMF records directly to an external subscriber (like a Kafka cluster or a Linux server). Batch Extraction: If you don't need real-time data, you can use the IBM utility
IFASMFDP(orIFASMFDLfor logstreams) to dump specific SMF records into a flat file.
2. Transformation: EBCDIC to JSON/CSV
Teleseer and similar platforms cannot parse raw SMF data. You must convert it into a structured format like JSON or CSV.
Field Mapping: During conversion, ensure you map key forensic fields:
Source/Destination IPs: Found in SMF Type 119 records.
User IDs: Found in SMF Type 80 (RACF) records.
Timestamps: Critical for chronological event correlation.
Tools: If you use IBM CDP, it can automatically transform SMF records into JSON before sending them. Otherwise, you may need a Python or Rexx script to parse the dumped records and convert EBCDIC values to ASCII.
3. Ingestion: Visualizing in Teleseer
Teleseer specializes in taking logs (like Zeek/Bro logs or CSVs) and turning them into a visual network map.
Custom CSV Parser: Teleseer features a Custom CSV Parser.
You can upload your transformed SMF data as a CSV. By mapping your columns to Teleseer’s attributes (like IP addresses and MACs), the platform will "adorn" its existing network map with your mainframe data. Forensic Mapping: Once ingested, you can visualize how a mainframe User ID correlates with specific network traffic, allowing you to see if a compromised account is being used to probe other parts of the network.
Summary Table for Financial Services
| Capability | Technology Component | Financial Use Case |
| Automation | Equitus KGNN + Power 11 | Real-time reconciliation of "Unmatched Transactions." |
| Authorization | KOGEN + TeleSeer + z/OS | Zero-trust access to "Confidential Computing" memory. |
| Augmentation | Equitus 7 + Spyre | Geo-spatial risk modeling for global trade finance. |
| Security | EVS + IBM Cyber Vault | Physical and digital ransomware protection for data centers. |
Next article will provide a sample JCL script for dumping specific SMF record types, or would you prefer a Python snippet to help convert a CSV of those logs into a JSON format Teleseer can more easily process?
Introduction to Teleseer
This video provides an overview of how Teleseer automates network analysis and visualization to help security teams identify risks and protect critical infrastructure.
project network eye
ReplyDeleteAI operating software is the key towards artificial infrastructure and security.
DeleteJust like Steve Jobs, AI will act as a team of professions under your control, ready to
Improve, create and secure your business operations and security. This is how the first OS was created. He always had a team of professionals around him creating and protecting company assets at all times.
All you need is a good director.
This ability is now available and we offer the first demo for free.