Key Resources Inc. Expands Threat Coverage for z/Assure® VAP, Offering Improved Security Protection for Corporate Mainframes

Interactive Solution for Mainframe Vulnerability Scanning Now Covers Expanded Range of Potential Attack Surfaces, Offers Automated Tool to Address Sunsetting of User Key Common Storage

LAKE VILLA, Ill.--()--Key Resources Inc., the leader in mainframe vulnerability scanning solutions and consultancy, today announced expanded threat coverage for its z/Assure® Vulnerability Analysis Product (VAP). An interactive solution to scan for code vulnerabilities on z/OS mainframes, z/Assure VAP now covers a broader range of attack surfaces, including widely used CICS transaction servers. The updated product also offers an automated way for users to find data in User Key Common Storage, a type of virtual storage that will be eliminated by IBM in an upcoming release.

Up to 70 percent of the world’s corporate data resides on z/OS mainframes, which power billions of mission-critical financial, medical and government transactions each day. But, due to its reputation for robust security, many CIOs, CISOs and mainframe programmers take z/OS security for granted, overlooking a crucial weakness: bad operating system code. A single code-based vulnerability could compromise the integrity of an entire mainframe, opening the door to devastating breaches that expose highly sensitive data.

While popular mainframe security managers like RACF, ACF2 and Top Secret are essential for establishing permissions and access control, z/Assure VAP is the only product on the market that can identify vulnerabilities in mainframe operating system code and automatically scan for compromises to mainframe integrity.

Mainframes are the most important IT system for most large organizations, but they might also be among the least-secured systems, simply because their security is taken for granted,” said Ray Overby, president and co-founder of Key Resources Inc. “We developed z/Assure VAP to offer an easy and automated way to discover deep-seated mainframe security vulnerabilities; and, in our new release, we’ve expanded the range of potential attack surfaces that can be scanned to offer even better coverage and security.”

The latest enhancements include:

  • Added coverage for CICS transaction servers, which power up to 30 billion ATM, credit card, ticketing and electronic transactions per day, valued at $1 trillion each week.
  • Increased scanning coverage of the middle layer between the mainframe operating system and user programs, a target-rich environment that hackers can exploit to gain unauthorized access to a mainframe’s most sensitive processes and user data.
  • An automated way to scan for User Key Common Storage. IBM has announced it will discontinue support for this type of virtual storage in its next release to improve security, meaning programs that allocate this storage may no longer function. To avoid this risk, businesses must manually find data stored in key common storage areas, a time-consuming process that’s now been made faster and easier with z/Assure VAP.

“We use z/Assure with some of our customer engagements, which has often revealed some high-risk audit concerns that have never been detected,” said Mark Wilson, Technical Director at RSM Partners. “Vulnerability assessment is an area that is often overlooked by customers, yet some of the industry security standards and regulations stipulate that you must do it regularly. We therefore recommend that all customers include a vulnerability assessment to complement existing practices of improving the security and integrity of their systems.”

For more information about z/Assure VAP, please visit

About Key Resources Inc.
Key Resources Inc. is the leading expert on mainframe security vulnerabilities, empowering some of the world’s largest corporations in finance, insurance, healthcare and beyond to keep their most important IT systems secure. Since 1988, Key Resources Inc. has provided software, services and consulting to enterprises running critical apps on IBM® z/OS. We help CIOs, CISOs and programmers take control of mainframe security so they can protect their data, avoid costly breaches and maintain regulatory compliance. To learn more, visit


March Communications
Brandon Reid, +1 617-992-9262

Release Summary

Solution for Mainframe Vulnerability Scanning Now Covers Expanded Range of Potential Attack Surfaces


March Communications
Brandon Reid, +1 617-992-9262