IBM® Threat Detection for z/OS® (IBM TDz) is an AI software product that identifies anomalies in data access that might indicate a potential cyberattack.

Designed to bolster an enterprise's overall security posture, IBM TDz is a tool that may assist clients in meeting emerging regulations such as the Digital Operational Resilience Act (DORA). It supports Chief Information Security Officers and other decision-makers in better safeguarding their IBM Z® systems with an added aspect for their defense-in-depth strategy.

Features

• **AI-driven anomaly detection: **IBM TDz detects and reports anomalous and potentially malicious data access across z/OS systems by using artificial intelligence. The system includes policy and exclusion lists to minimize false positives and provides tangible artifacts for diagnosis and remediation. The z/OS data access information is collected by DFSMS and the IBM z/OS Workload Interaction Correlator in the form of SMF type 98 subtypes 5–8 records.
• **Anomaly reporting: **When IBM TDz identifies an anomalous data access event, a notification alert is sent through a console message. The event is also recorded in an SMF record (Type 83, new subtype 8) with relevant details about the anomaly event. More notifications can be readily automated from these outputs.
• **z/OSMF plug-in: **Use the IBM z/OSMF plug-in to get AI-driven insights into anomalous data access events across the sysplex. View data access activities of significance with details like user IDs, job details, timelines and observed data sets.