NetSPI’s mainframe testing reduces risk and improves overall security

The Challenge

Your mainframe may be susceptible to attacks from internal threats or APTs. Due to their complicated nature and organic growth over decades vulnerabilities may exist in your mainframe environment. NetSPI’s penetration testing can offer valuable insight into your LPAR security, providing actionable guidance on how to improve your mainframe security, and help meet compliance requirements.



LPAR Security

NetSPI’s penetration testing simulates adversarial attacks to emulate threats that exist today against your mainframe environment producing real world results on actual vulnerabilities.

During our assessments NetSPI evaluates your mainframe for security vulnerabilities in RACF, ACF2 or TopSecret. We look at dataset and USS file permission security, network security, JES2 & TSO configuration, DB2 & CICS regions. Testing can be conducted on a per LPAR basis or against entire sysplexes providing actionable recommendations for remediation and improving your mainframe security.

"Our testers have deep experience evaluating and testing mainframe security controls with over 20 years of industry expertise. "

Phil Young

Director of Mainframe Security - NetSPI

NetSPI tests your in scope mainframes and systems. We follow manual and automated pentesting processes that use commercial, open source, and proprietary software to evaluate your infrastructure from the perspective of an anonymous (non-credentialed) user. However, testing can also be conducted starting from an authenticated perspective. Our standard testing approach is based on NIST 800-53 special publication, PCI DSS, IBM recommendations, the MITRE ATT&CK framework, and other industry best practices. We offer three types of testing depending on scope and client needs.

NetSPI Wins First Place at SHARE Mainframe Capture the Flag Event

  • IBMi Mainframe
  • Region & Application
  • Blackbox
  • Presumed Breach