XYPRO XYGATE® Identity Connector for HPE NonStop, Certified for CyberArk®

One of the largest security risks to any organization is stale privileged accounts or the misuse, compromise or sharing of those accounts. Privileged accounts have elevated access to perform administrative type functions. They can be administrator accounts, service accounts, firecall or emergency accounts, database connection accounts, application accounts among others. Most of these accounts were set up ages ago when an application or system was deployed. They typically have multiple integration points. Because of the risk of “breaking something”, the passwords for these accounts are rarely rotated, likely shared and improperly stored. According to the Varonis 2018 Global Data Risk Report – 65 percent of companies have over 500 accounts with passwords that are never rotated. These accounts have a higher likelihood of showing up in online password dumps with valid passwords. Privileged and service accounts with non-expiring passwords are a cyber criminal’s best friend. Ensuring these passwords are stored properly, changed regularly, meet complexity and compliance requirements, and are audited can be overwhelming to manage. Current processes for requesting and managing access to privileged accounts are manual, complex, and frequently do not map to the core business initiatives. Governance is often an afterthought, leaving many enterprises vulnerable to increased security risks and potential non-compliance with external regulations or internal corporate mandates.

To address this need, XYPRO has partnered closely with CyberArk and our customer base to deliver the only supported CyberArk integration for the HPE NonStop server. XYPRO’s XYGATE Identity Connector, certified by CyberArk, bridges the gap between identity governance and enterprise privileged credentials management for the HPE NonStop server.

CyberArk’s Enterprise Central Policy Manager (CPM) enables organizations to secure, manage, automate and log all activities associated with privileged accounts. In today’s ecosystem where privileged account abuse is the most common way to compromise a system, proper credential storage and accountability is paramount in risk mitigation. Relying on manual methods is resource intensive, error prone and leaves gaps. A password vault is an ideal solution for automating these activities and addressing compliance needs. Using CyberArk’s CPM, you will gain additional benefits such as:

  • Leveraging existing IT infrastructure
  • Policy enforcement at an enterprise level
  • Automatic password rotation
  • Full auditing of who accessed credentials
  • Integration with SIEMs

CyberArk CPM allows you to take advantage of robust workflows that help enforce and streamline password policies and maintenance.
Using XYGATE Identity Connector (XIC), your HPE NonStop servers can now seamlessly integrate with your CyberArk® Central Policy Manager (CPM), allowing end-to-end password management of NonStop privileged accounts, such as SUPER.SUPER.

Why Integrate your HPE NonStop servers with CyberArk?

An organization typically stores privileged accounts and passwords, including NonStop credentials, within the CyberArk CPM. A user then requests and is given access to a privileged NonStop account for a specified amount of time – for example they are granted SUPER.SUPER access for four hours to complete a certain task. Once approved, CyberArk releases the password to the user. When that four-hour time window expires, CyberArk expires the current password within the vault and assigns a new one. Without XYGATE Identity Connector (XIC) for CyberArk, the new password in CyberArk and the one on the NonStop server fall out of sync. It is then incumbent upon the CyberArk administrator to communicate to the NonStop administrator and ask them to update the password via a manual process to keep it in sync with CyberArk CPM. This manual process is typically via insecure methods such as email, SMS or simply writing it down in a text file stored on someone’s desktop. What is even riskier is that until this manual process is completed, which can be hours or days, the NonStop user originally granted access for only four hours has access to the privileged account the entire time, much longer than was authorized. This time-consuming process is also a huge security risk and compliance issue. Using XYGATE Identity Connector for CyberArk, this process becomes automated, updating the NonStop server as soon as the password is rotated in the CyberArk CPM, ensuring the user who was approved for access to the privileged account for four hours cannot log on to that account after the authorized time window has expired.

XYGATE Identity Connector for CyberArk comes packaged as a lightweight, easy to deploy, executable using a micro service framework that runs on your existing NonStop servers. Simply configure the service XML with the specific HPE NonStop server properties and run the deployer. XYGATE Identity Connector deploys quickly in a JAVA Virtual Machine (JVM) on OSS. No other software is required. Installation is simple, quick and secure. XYGATE Identity Connector for CyberArk supports both HPE NonStop user accounts and aliases.

To learn more about XIC, please contact your XYPRO Account Executive or visit www.xypro.com/identity.