CASE STUDY
Securing a Global Bank with AI-Powered Mainframe Threat Detection
Industry | Banking & Finance
Technology | Mainframe
Location | United States
The client is a global financial institution processing millions of high-value transactions daily across complex hybrid infrastructure. Their current security monitoring was not able to handle the huge volumes of SMF data, which resulted in slow threat detection and slow response to the possible breaches. Unauthorized access attempts and high compliance requirements of PCI DSS posed an unsustainable operational risk.The business requirement was urgent: have real-time, smart security monitoring that can secure core banking systems without performance or compliance impact.
Royal Cyber epartnered with the bank to conduct a comprehensive security architecture assessment, evaluating threat vectors, data flows, and existing control gaps. Our attention was on leveraging the native intelligence of their IBM Z mainframe in order to reshape it to be an active security sensor rather than a monitored one. We focused on deploying AI-based analytics on the data source and setting up automated response measures to significantly decrease the time spent by human factors in case of a security incident.

    By downloading this content, you are agreeing to receive communications from Royal Cyber, including our Insights newsletter.

    [recaptcha]

    Challenges

    Massive Data Processing

    The existing SIEM systems were not able to handle terabytes of daily SMF data fast enough to pose a threat to the security of the bank by introducing serious time lags in detection processes.

    Slow Threat Investigation

    The manual process of correlation between RACF logs, zSecure alerts and Db2 patterns took a longer Mean Time to Know (MTTK) and hence threats continued to persist undetected.

    Regulatory Compliance Pressure

    The ongoing PCI DSS compliance was resource-consuming and manual reporting and audit preparation posed operational burdens.

    Unauthorized Access Proliferation

    The common attacks of attempts at accessing the data with no authorization overwhelmed the security teams with false positives and real threats.

    Poor Correlation in Real Time

    The failure to correlate SYSLOG events and transactional patterns in real-time allowed advanced and multi-stage attacks to go undetected.

    Complex Hybrid Environment Gaps

    Siloed security tools of mainframe, distributed systems and cloud services offered incomplete visibility of lateral threat movement.

    Key Outcomes
    75%
    Faster threat detection, reducing MTTK from hours to minutes for critical anomalies.
    50%
    Reduction in incident resolution time through automated security playbooks.
    50%
    Reduction in false positive alerts, allowing teams to focus on genuine threats.
    100%
    Automation of key PCI DSS compliance controls and reporting.
    Solutions

    AI-Powered SMF Analytics Deployment: The deployment of IBM Z Anomaly Analytics to the mainframe and allowed machine learning analysis of SMF data in real-time to identify threats immediately.

    Automated Correlation Framework: Implemented a single security fabric that linked RACF, zSecure and Db2 patterns and SYSLOG events to give full behavioral context to each alert.

    Intelligent Alert Orchestration: Linked the detection pipeline with Watson AIOps to automatically invoke predefined response playbooks to speed up the process of containment.

    Compliance-by-Design Architecture: Inbuilt automated compliance reporting of access controls and encryption through ICSF to form an always-audit-ready security posture.

    Performance-Optimized Encryption: The performance-optimized ICSF with hardware cryptographic offload was performed to protect sensitive data without causing any latency to the critical transactions.

    Mainframe-as-Security-Hub Strategy: Placement of the IBM Z environment at the center of security command over the whole hybrid infrastructure with single visibility.

    What Customers Say about Royal Cyber

    Executive Summary

    • With AI-based analytics, the volumes of SMF data can now be processed in real-time, and security blind spots can now be removed in periods of peak transactions.
    • Access controls and hybrid infrastructure were improved and secured against critical vulnerabilities before they could be utilized
    • Automated correlation and response reduced the detection and containment times by a significant margin, which formed a more resilient security environment of the bank.
    • Smart filtering of alerts minimized noise in operations and security teams could concentrate on the real threats of high priorities.

    75%

    Quicker Threat Detection for Early Alert System

    Audience

    • Executives, CTOs, Director
    • IT Consultants
    • Business Analysts
    • Project Managers
    • IT Project Coordinators
    • Architects and Specialists
    Related Case Studies
    Migrates Mainframe SCM to GitHub
    Automating IBM Host On-Demand in Google Chrome for Scotiabank
    Driving Modernization Through DevOps