COVID-19 and its security ramifications continue in 2021 and well beyond. All of the threats brought to the fore when we were sent to work from home got added to the already-growing set of risks we were already trying to mitigate.
Even though we’ve been dealt these additional challenges for the past year, we cannot allow ourselves to be distracted from our primary objective – keeping our customers’ data safe.
XYPRO’s 2021 product roadmap includes updates to meet your enterprise data protection goals and cybersecurity objectives.
New features and functionality maximize your HPE NonStop investment via XYPRO’s latest security advances in (PCI-DSS required) Multi-Factor Authentication (MFA), Compliance and Anomaly Detection, HPE NonStop integrations with Splunk, SailPoint, CyberArk, Servicenow and more.
Our 2021 product direction is simple. Continuing to provide innovative security solutions to address real-world business challenges. We partner with our customers and HPE to ensure the functionality not only maximizes your HPE NonStop investment, but addresses your security and integration needs.
Servicenow Integration for HPE NonStop Servers
Enforcing proper change management in an expanding IT ecosystem can be a daunting task. Inadequate change control leaves you exposed to cybersecurity risk and compliance issues. In many environments, Servicenow IT Service Management (ITSM) is the primary solution for IT change management. ServiceNow ensures that all activity has an approved change ticket for tracking and visibility. Integrating your mission critical systems and applications with ServiceNow is literally “critical”.
ServiceNow and XYPRO
The Servicenow add-on for XYGATE Access Control (XAC) integrates your HPE NonStop servers with Servicenow ITSM. Using the XYGATE Web Service Connector (XWS) framework, XAC sessions validate privileged commands against Problem, Change and Incident Tickets, granting or denying execution based on the response from ServiceNow. This integration eliminates the complex, after-the-fact, manual effort otherwise required to match NonStop-executed commands with individual ServiceNow tickets.
Flexible Ticket Validation
The ServiceNow add-on for XAC validates privileged commands with ServiceNow based on any combination of the following factors:
- Ticket Number
- User
- System
- Date/Time Window
- Command Syntax
- And more…
If the appropriate values cannot be validated with ServiceNow, privileged command execution is denied, even if the user has the proper permissions on the system. This enforces tighter security controls for privileged sessions and prevents user error.
Lightweight and Secure
The ServiceNow module is a lightweight service that attaches to your existing XAC environment and sets up in minutes. Requests for ticket validation/verification are sent to predefined web service endpoints through secure REST API calls using a secure transport framework (SSL/TLS enabled). A TACL user interface prompts the user for ServiceNow ticket information and prepares the REST API request. The module includes a request template that you can easily extend to support new APIs or update to remove deprecated APIs as your requirements change. The module’s user interface processes the response from the ServiceNow and either grants or denies access to the requested resource.
XYGATE CyberArk Integration
Extend the Power of CyberArk to Your HPE NonStop Workloads
XYGATE for CyberArk integrates your HPE NonStop servers with your existing CyberArk environment. This integration closes the gap with privileged account management, session visibility and security in the privileged access management process while using NonStop emulators, such as OutsideView and others. The HPE NonStop server seamlessly takes advantage of the same security capabilities that have always been available on other enterprise platforms.
A typical CyberArk integration requires a remote desktop connection (RDC) or “Jump” server that privileged sessions channel through. Unfortunately, your HPE NonStop server loses visibility into critical attributes of the underlying user, such as the source IP address and Active Directory accountID. In addition, NonStop-specific functionality such as block mode application audits and function key interactions do not work. Your audit logs will show the “Jump” server IP for all privileged sessions. Other critical pieces of data will also be unavailable. This creates a compliance challenge since you cannot identify to whom a privileged session or activity belonged.
With XYGATE for CyberArk, monitor and control your HPE NonStop privileged sessions using the entire power of CyberArk and XYGATE.
- Capture real source IP – (not JUMP server)
- Capture Windows Username (sAMAccountName)
- Passwordless Login using CyberArk’s Password Vault – Password is never revealed to the user
- Audit blockmode and function keys
- Compliance with multiple PCI DSS Requirements
- CyberArk Certified Integration
All the CyberArk benefits available to your other enterprise platforms are now fully available for your HPE NonStop servers in a CyberArk certified, fully supported solution.
SPLUNK Integration – Included with every NonStop server
XYGATE Merged Audit (XMA), already included with every HPE NonStop server, is an easy-to-use and integral security component of the HPE NonStop operating system. XMA is the HPE supported method for integrating your NonStop data with log management or analytics solutions, like Splunk.
Without having to purchase any additional software, XMA communicates directly with Splunk “…to modernize your security operations and strengthen your cyber defenses”.
Data is collected from EMS, Safeguard, ACI Base24, iTP Webserver, the XYGATE suite and much more. This data is aggregated, filtered, formatted, and forwarded in real-time. Whether your data is in native XMA/NonStop format, Common Event Format (CEF) or a custom format, it can be sent to multiple targets via TCP or UDP. The only thing to decide is which data you want to send.
XMA is set up within minutes. Configuring XMA to forward data to Splunk takes even less time. All you need is the IP address, port and transport method (TCP or UDP). Once setup, the following benefits are immediately available:
- Single repository for security, audit and application data
- Integrate NonStop data with SIEMs, SOARs and analytics
- Collect, parse, normalize and enrich your NonStop data
- Required for compliance and auditing
- Extensible to custom applications
- Powerful real-time alerting and reporting
Our 2021 roadmap will focus on capturing additional NonStop data sources as well as modern integrations between XMA and SIEMs, SOARs and analytics solutions like Splunk, Elasticsearch (ELK), IBM QRadar, Logrhythm and more.
XMA’s support for the HTTP Event Collector (HEC) allows NonStop users to send data and application events to Splunk using Secure HTTP (HTTPS). HEC uses a token-based authentication model. Generate a token and configure a logging library, or HTTP client with the token to send data to HEC in a specific format. This process eliminates the need for costly, custom technology to send application events to Splunk.
Multi-Factor Authentication
According to Microsoft, 81% of data breaches occur due to weak, default or stolen credentials and 99% of these attacks can be blocked by implementing Multi-Factor Authentication (MFA).
MFA is an authentication method where a user is granted access only after successfully presenting two or more of the following pieces of information:
- Something you know (password)
- Something you have (security token)
- Something you are (biometrics)
All it takes is one compromised account to one legacy application to cause a data breach. With the unfortunate increase in COVID-19 phishing scams targeting remote workers separated from their day-to-day environments, now is the time to implement multi-factor authentication across your critical applications, servers, and services.
XYGATE User Authentication (XUA) is already included on your HPE NonStop servers and ready to turn on with no additional software or infrastructure investment. XUA delivers multi-factor authentication based on industry standards. It also extends NonStop security capabilities by integrating with enterprise authentication providers such as Microsoft Active Directory, RSA, Google Authenticator, and many others.
In addition to MFA, XYGATE User Authentication integrates your NonStop and application user IDs with Microsoft Active Directory, providing enterprise, global password policy enforcement. This ensures the same password policies within Active Directory apply to your NonStop servers and applications, removing the risk from weak or default passwords.
Our newest enhancement to XUA enables MFA for your NonStop applications.
Legacy and custom applications typically do not have native support for modern authentication technologies for MFA, yet still need to comply with security requirements. XYGATE Application MFA is an add-on to your XYGATE User Authentication (XUA) environment that strengthens the security of existing HPE NonStop applications through the addition of industry leading multi-factor authentication. Protect almost any application, Pathway-based or not, with MFA. XYGATE Application MFA offers multiple implementation options, including support for Screen Cobol Applications and ACI’s BASE-24. It sets up in minutes and integrates with your existing XUA environment.
Integrate XYGATE Application MFA into existing Screen COBOL applications with minimal effort. There are versions of the MFA screen for both 6520/6530 and 3270 applications.
2021 XUA enhancements add support for additional authentication providers and newer authentication technologies. This is a list of functionality you will see in XUA later this year:
- Support for JSON Web Tokens, OAUTH2 and SAML
- Integration with Cloud MFA Providers
- Okta
- Centrify
- PING
- Thycotic and more…
XYPRO and HPE – A Powerful Combination
If you missed our Roadmap Webinar back in February, you can access it here anytime https://xypro.com/webinars/
According to IBM, the average time to detect and respond to a data breach in 2020 is 280 days. The yearlong global pandemic has made every industry a huge target with healthcare, financial services and the public sector leading the pack. On average, these industries spent over 320 days detecting and containing a cyberattack that cost tens of millions of dollars in some cases.
HPE NonStop servers are the core of many mission-critical organizations. NonStop is vital to activities that affect our daily lives; how we shop, pay, bank, and communicate. As technology (and threats) evolve around us, the NonStop server continues to adapt. XYPRO is thrilled to be a part of this evolution. XYPRO’s innovation efforts do not stop there. We look forward to identify where research and development investments should be made, always prioritizing how to best serve our customers. This commitment has led us to new areas that provide even greater value and security to NonStop server users, integrating the NonStop with the rest of the enterprise and beyond.
Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. Steve is on Forbes Technology Council, the NonStop Under 40 executive board, and part of the ANSI X9 Security Standards Committee.
With over 20 years in the cybersecurity field, Steve is responsible for the strategy and innovation of XYPRO’s security product line as well as overseeing XYPRO’s risk, compliance, and security to ensure the best experience for customers in the Mission-Critical computing marketplace.
Steve is an engaging and dynamic speaker who regularly presents on cybersecurity topics at conferences around the world.