Frequently Asked Questions

Type80 Security Software Applications & Consulting

Will I be required to purchase additional hardware?

No, Type80’s SYSLOG and SMA_RT are software-only solutions.

Are there any product dependencies?

Both products do not depend on any other software products, other than those delivered to the customer from IBM.

Are there documented procedures on how to use the SMA_RT application?

Yes, a copy of the Installation guide and a User’s Guide is packaged along with the product for licensed customers.

How long does it take to install and set up the SMA_RT application?

All program executables are shipped in Binary format and uploaded to z/OS along with supporting z/OS JCL and installation manuals. It can be uploaded and dynamically installed in just a few hours.

What experience / skills are required to create / maintain filters and rules?

A Security Administrator with an intermediate z/OS skill set and a basic knowledge of SMF records.

Is the Type80 software dynamically installed?

Yes, and template rules/filters are supplied for the initial installation. We suggest the dynamically installed parameters be made permanent within z/OS once the initial configuration has been completed and tested.

What information is available from SMA_RT alerts?

Information passed from the SMA_RT application includes data items that should be familiar to Security Administrators. However, some of the data will require a general understanding of z/OS and how it operates in order for the data to be truly meaningful.

Every alert sent provides data relevant to the resource and policy that triggered the alert. The data items listed below are some of the information that appears within the alert and in the meta-tags.

  • User Name
  • User ID
  • Filename accessed
  • Sensor name/Source Hostname (z/OS LPAR name and IP address)
  • DDName
  • Job name
  • Step name
  • Program Name
  • Device ID
  • Device Name
  • SAF Group
  • Various RACF, ACF2 & TSS Auditor Events
  • Special, Operations, Trusted and Other Authorities
  • Detailed descriptive information on security records.

Does the SMA_RT application encrypt network traffic?

No, the exchange of encryption keys between all of our SIM/SIEM and Log Collection vendors, in addition to Export Restrictions, makes it nearly impossible for Type80 to be the supplier of encryption keys.  Type80 SYSLOG Alerts may be optionally secured through using a VPN.

Security Software Questions & Answers

Where does the application receive its information?

The Type80 software receives its information from many areas. The two primary data feeds for the SMA_RT product are the SMF Exit and an Operating System Interface. A third and optional data feed from application programs running in Batch, CICS, IMS and DB2 can be obtained by using the TYPE80 Application Program Interfaces (API).

Does SMA_RT support Unix Systems running on the z/OS operating system?

Yes, SMA_RT supports Unix System Services (USS). USS generates SMF records on specific events that are passed as type 92 records to the SMF Exit. SMA_RT is capable of capturing these records when generated on a particular LPAR.

Is it possible to route alerts to multiple locations?

Yes, Type80 products can deliver alerts simultaneously to more than one location. Any log consolidation or SIEM software accepting alerts in standard SYSLOG format is able to receive alerts from Type80’s software products. Some customers may have active log collection and SIEM products within the same environment. Other customers may want to send alerts to production and disaster recovery environments simultaneously. Type80’s products are capable of satisfying these requirements.

What is the performance impact on the Mainframe?

Type80 has made performance improvements to their software in almost every new release of SMA_RT. The performance of the Type80 SMA_RT software will vary from customer to customer depending on CPU model, memory and SMA_RT’s configuration.

Our Sample Testing Results:
Testing was performed using 242,267 input records. 231,708 were SMF records and 10,967 were message records used to drive the Type80 SMA_RT software. After Type80’s SMA_RT filtering process based on a typical customer configuration, 72,427 of the input records resulted in Alerts leaving the mainframe and being sent across the network. The number of SMF Alerts delivered was 72,069 and the number of message Alerts delivered was 476. All 242,627 records were processed in 4.83 minutes, using 5.08 CPU seconds. This averages 0.00007 CPU seconds per Alert, and a rate of 14,995 Alerts per minute (250/second).

Copyright Type80 Security Software, Inc. - All rights reserved.
Software Diversified Services has acquired SMA_RT product - Press Release