Skip to main content
MainTegrity Cyber Security Framework (CSF)
MainTegrity Cyber Security Framework (CSF)
End-to-End Cyber Security for IBM z/OS

CSF Suite Overview

The Only Cybersecurity Platform Purpose-Built for IBM z/OS

MainTegrity CSF cyber security suite for z/OS CSF FoundationFIM+EarlyWarningNetWatchSupplyChain
Suite Overview ›

The CSF Suite closes critical security gaps that have led to devastating cyberattacks and significant data loss on mainframe systems. Detect. Stop. Recover. In seconds. Not hours. Not days.

Built on CSF Foundation, the suite includes four selectable modules — each addressing a distinct threat vector. All modules ship with your install. Activate what you need now. Expand as your threat coverage requirements grow.

A Complete Cybersecurity Framework for z/OS

Milliseconds Matter. Minutes Murder.

Cyberattacks don't slow down while your team figures out what's happening. Every uncontested second compounds.


CSF was built to close that window — and keep it closed. Real-time detection. Automated containment. Behavioral monitoring that knows normal from malicious. File integrity you can prove. Network activity you can see. Recovery you can execute with confidence. Compliance you can demonstrate on demand.


One suite. No blind spots.

Together, the suite addresses:

  1. Real-time threat detection
  2. Automated response and containment
  3. Behavioral monitoring

4. File integrity protection

5. Network vigilance

6. Guided system recovery

7. Compliance reporting

    Why CSF?

    Modern Cyber Attacks Target the Mainframe

    Mainframes process the world's highest-value transactions across banking, healthcare, government, and financial markets, yet most environments still rely on security tools designed decades ago.


    Today's threats move faster, hit harder, and increasingly target the mainframe through vectors that legacy tools were never designed to see. 

    Intelligence Without Noise

    Traditional mainframe monitoring generates a 90%+ false positive rate. Analysts burn out chasing ghosts. Real threats get buried.


    CSF's whitelisting engine learns your approved workload — per job, per user, per program — and flags only genuine anomalies. Less than 5% false positive rate. 


    When CSF raises an alert, it means something.

    Trusted Connections Gone Hostile

    The Windows servers, Linux hosts, VPNs, and APIs your mainframe has trusted for years are increasingly compromised — and attackers riding those connections carry legitimate credentials that bypass your perimeter security entirely.


    CSF monitors what those trusted connections and authenticated users are actually doing, and freezes them when behavior turns malicious.

    Surgical Recovery

    Traditional recovery means rolling back entire systems, extending outages from hours into days or weeks while teams guess at what was actually compromised.


    CSF identifies exactly which components were affected, restores only what's needed, and verifies the trusted state. 


    For organizations facing DORA's 2-hour recovery mandate, that precision isn't optional.

    More Why

    Compliance Built In, Not Bolted On

    DORA demands two-hour recovery. NIST requires continuous monitoring. PCI DSS mandates file integrity. CSF maps directly to the frameworks that govern your industry — so compliance is a built-in outcome, not a separate project.

    Identify

    Security visibility, SIEM/SOC integration, embedded recovery planning, compliance reporting.

    Protect

    24/7 endpoint monitoring, file integrity baselines, intelligent whitelisting, behavioral change detection.

    Detect

    Encryption detection in milliseconds. Data exfiltration detection via behavioral baselines. Privilege escalation blocked proactively. Less than 5% false positive rate.

    Respond

    Offending tasks frozen at machine speed. Real-time alerts to Splunk, QRadar, ServiceNow, and BMC Remedy. Browser-based forensics for faster investigation.

    Recover

    Surgical component-level recovery. Immutable backup support including IBM SafeGuarded Copy, Dell SnapVx, and Hitachi. Post-recovery verification to trusted state.

    CSF supports NIST CSF, PCI DSS, DORA, HIPAA, FISMA, SOX, GDPR, ISO 27001, SOC 2, and Zero Trust principles.

    See how CSF maps to your compliance requirements

    The CSF Suite Modules

    FIM+ 
    (File Integrity Monitoring)

    "Has anyone tampered with my critical files?"

    Monitors critical system datasets for unauthorized changes. Detects malware and ransomware insertion. Alerts on unapproved updates. Enables surgical recovery of only affected components.
      More on FIM+

      Early Warning

      "Is someone probing my system?"

      Detects reconnaissance activity, privilege escalation attempts, and malicious encryption — plus 40 other z/OS exposure points. Blocks exploits before they take effect.
      More on Early Warning

      NetWatch

      "Is my data being stolen?"

      Monitors network connections to detect and stop unauthorized data transfers. Discovers your z/OS network topology, learns behavioral baselines, and halts suspicious activity at threshold. Once data is stolen, no amount of backup brings it back.
      More on NetWatch

      Supply Chain

      "Can I trust this software update?"

      Validates vendor software releases against cryptographic signatures before installation. Blocks compromised code before it enters your environment. Improves approval process and monitors external code changes.
      More on Supply Chain

      CSF Foundation

      The engine underneath it all.  Provides millisecond task suspension, browser-based forensic investigation, intelligent workload whitelisting, and guided recovery assistance. Every module depends on Foundation — it's what actually freezes the attack.

      More CSF Foundation

      Example Scenarios

      File Tampering Caught, Surgical Recovery Completed

      An insider modifies critical system datasets overnight, altering APF-authorized libraries to create a persistent backdoor. FIM+ detects the unauthorized changes during its next integrity scan by comparing cryptographic hashes against the CSF vault. No matching change request exists in ServiceNow. The forensics browser shows exactly what changed, when, and which user ID made the modification. Recovery Assistant generates JCL to restore only the affected components — not the entire system.

      Ransomware Stopped In Its Tracks

      Ransomware begins encrypting over two thousand production datasets. CSF Foundation suspends the offending task in milliseconds. FIM+ identifies exactly which files were affected. Recovery Assistant generates targeted recovery JCL using the last clean backup. A post-recovery scan verifies integrity. 

      Data Theft Stopped at the Threshold

      An administrator with legitimate credentials begins transferring customer records to an external FTP. NetWatch flags data volume at ten times the behavioral baseline, halts the transfer, and revokes the user ID. The forensics browser shows exactly which datasets were accessed and where they were headed. Once data leaves, no backup brings it back.

      Compromised Vendor Update Rejected

      A trusted vendor's build system has been compromised and the PTF contains a hidden backdoor. Supply Chain validates cryptographic signatures against known-good baselines before installation begins. Signatures don't match, installation is blocked, and an alert fires with deviation details. Zero exposure.

      See a Demo

      Watch CSF detect & stop an encryption attack

      Book a meeting

      Speak directly with MainTegrity experts

      Talk to our AI Agent

      24/7 in multiple languages