IBM Threat Detection for z/OS

Enhance cybersecurity with AI-driven anomaly detection for IBM Z
Product documentation Watch the product webinar
Abstract representation of stacked shapes to demonstrate organization ways

Identify anomolies in data access

Designed to bolster an enterprise's overall security posture, IBM TDz is an AI software tool that may assist clients in meeting emerging regulations such as the Digital Operational Resilience Act (DORA). It supports Chief Information Security Officers and other decision-makers in better safeguarding their IBM Z systems with an added aspect for their defense-in-depth strategy.

 Explore the z/OSMF plug-in for IBM TDz
AI-driven anomaly detection

IBM TDz detects and reports anomalous and potentially malicious data access across z/OS systems by using artificial intelligence. The system includes policy and exclusion lists to minimize false positives and provides tangible artifacts for diagnosis and remediation. 
Data access records

The z/OS data access information is collected by DFSMS and the IBM z/OS Workload Interaction Correlator in the form of SMF type 98 subtypes 5–8 records.
Anomaly reporting

When IBM TDz identifies an anomalous data access event, a notification alert is sent through a console message. The event is also recorded in an SMF record (Type 83, new subtype 8) with relevant details about the anomaly event. 
z/OSMF plug-in

Use the IBM z/OSMF plug-in to get AI-driven insights into anomalous data access events across the sysplex. View data access activities of significance with details like user IDs, job details, timelines and observed data sets.

Entitlements

There are two priced features of z/OS that are entitled with licensing IBM TDz.
Abstract futuristic background Data Transfer. technology concept. Futuristic cyberspace background. Generative AI.
The IBM z/OS Authorized Code Scanner (zACS) is not directly leveraged by IBM TDz, but comes entitled with its licensing. This feature provides powerful dynamic scanning and runtime monitoring designed to find potential vulnerabilities within APF load libraries.

Hi-tech data storage server hallway, cloud computing neon glowing design. Generative AI technology
TDz leverages the IBM z/OS Workload Interaction Correlator functionality to generate an SMF type 98 record for the product's subtype every 5 seconds containing data about the product's activities in a standardized, synchronized, contextualized format.

Technical details

Before you install and run IBM Threat Detection for z/OS, your system must meet the hardware and software requirements.

Hardware requirements
IBM Threat Detection for z/OS is supported on hardware that runs IBM z/OS 2.5 or later. 

Security requirements
Using IBM TDz requires sufficient authority in z/OS. Your security administrator can create the necessary authorizations in your external security manager (ESM), such as z/OS Security Server (RACF).

Software for TDZ
For the z/OS system on which the IBM TDz application is installed, it requires z/OS V2.5 or later. In addition, other software prerequisites consist of IBM Semeru Runtime Certified Edition for z/OS, Version 11 (5655-DGJ) and IBM Open Enterprise SDK for Node.js 18.0 or later.

Software for z/OS
IBM TDz uses SMF98 data that DFSMS and IBM z/OS Workload Interaction Correlator collect on each participating z/OS system in the sysplex to perform analytics and identify anomalies. DFSMS must be enabled to collect the data set access activity data in SMF 98 subtype 5–8 records and the required service applied.
This is a IBM® Threat Detection for z/OS product screenshot.
Take the next step

Discover how to enhance cybersecurity with AI-driven anomaly detection with IBM Threat Detection for z/OS.

 Explore product documentation
More ways to explore Support Product lifecycle Lifecycle services and support Community