Because high-availability and fault-tolerant systems need strong security
Finally, we’ve made it to the #1 spot on our Top 10 list! Before we get to that, though, just a reminder that the first nine HPE NonStop server security fundamentals cover some incredibly important aspects of NonStop server security and are vital for protecting your mission critical systems and applications—you can review the full list of Top 10 NonStop Security Fundamentals on XYPRO’s website.
So what is THE MOST important fundamental? It’s simple really:
#1: Audit all security-related activity and events
Of course, auditing all NonStop security-related activity and events may seem easier said than done—especially when you have hundreds of thousands (maybe millions) of events occurring daily throughout your NonStop server environment. What you need is a really powerful software solution that allows you to track, filter, manage and report on all NonStop security-related activity.
Good news: You already have the solution you need
Fortunately, HPE has partnered with XYPRO to provide just such a solution to all HPE NonStop server users. Since August 2010, HPE has bundled XYGATE Merged Audit (XMA) with all new J-series and H-series HPE NonStop servers. So, if you’ve received new NonStop systems since August 2010, you already have the XMA software and licenses!
Let’s focus on five key aspects of logging and auditing and the capabilities that XMA provides for HPE NonStop servers:
- Consolidate NonStop security event data.
Security event data is created and stored in many places on a NonStop server which can make it difficult to monitor and report on security activity. To resolve that challenge, XMA merges multiple sources of NonStop audit data (for example, Safeguard, XYGATE, EMS, Measure, ACI BASE24® and/or HP’s HLR Telco solution) into a single NonStop SQL/MP database. This merged (and normalized) data can be used for security analyses, alerting, audit reporting and integration with enterprise Security Information and Event Management (SIEM) solutions, like HPE ArcSight. Note: an HPE NonStop SQL/MP license is not required for the XMA database.
- Create alerts on important events.
Given the high volume of security events, users need some way to filter out routine activity so they can focus on highly important, unusual or suspicious activity. XMA has advanced filtering capabilities that use pre-defined rules and custom user-defined rules to identify important events. A GUI security event monitor is included with XMA, allowing users to monitor and be notified of events right on the desktop in graphical, acoustical and action-oriented formats. Users can also receive automatic alerts by e-mail or SMS.
- Run audit reports.
Let’s face it, audit reporting can be a difficult and time-consuming process—yet it is extremely important. XMA enables easy creation of consolidated audit reports to comply with company policies and regulations such as the Sarbanes Oxley Act (SOX), Payment Card Industry Data Security Standard (PCI DSS), and the Health Insurance Portability and Accountability Act (HIPPA). Users can choose from a wide selection of report templates, use preformatted samples or design new reports for specific needs. Whether generating reports to the NonStop spooler or to a Windows PC, XMA allows the right information to get to the right people at the right time!
- Integrate with enterprise SIEMs.
In today’s complex security environment, companies need a comprehensive view of security events and information—SIEM solutions, like HPE ArcSight, collect security information from many sources in the enterprise and use advanced analytics to identify threats and manage risks. XMA integrates with HPE ArcSight and other SIEMs , such as RSA envision and IBM QRadar, enabling the HPE NonStop environment to be part of an enterprise security management solution.
- Learn more about XMA at NonStop Technical Bootcamp.
Please, join us at Bootcamp for the HPE sponsored breakout session, “Getting the Most out of XMA and XUA from the new Security Bundle”, presented by XYPRO’s Andrew Price and Rob Lesan. (Okay, this session isn’t really an aspect of auditing per se but it’s a great way to learn more about XMA, and, as a bonus, you’ll learn about XYGATE User Authentication (XUA) which was added to the NonStop Security Bundle last year).
So that’s our #1 NonStop Fundamental—it can be summarized as “audit everything” to ensure complete visibility of security-related events on the NonStop. This is such an important aspect of security that HPE bundles XYPRO’s logging and auditing solution, XMA, with every new HPE NonStop server. Please make sure to take full advantage XMA’s power capabilities.
For more information or help: More in-depth information and guidance on these security subjects are available in XYPRO’s NonStop security handbooks: HPE NonStop Server Security: A Practical Handbook and Securing HPE NonStop Servers in an Open Systems World: TCP/IP, OSS and SQL.
You may also contact XYPRO for assistance. For over 30 years, XYPRO has provided NonStop security solutions and services that help companies protect their NonStop systems and comply with industry regulations (such as PCI DSS, HIPAA, and SOX).