2020 was another troubling year in the cybersecurity world. We saw a repeat of 2019’s data breaches on a larger scale. Instagram, TikTok, YouTube, Nintendo, WaWa and many more fell victim to some sort of compromise. Hardly a week went by where we weren’t reading about a new mega-breach or ransomware attack. One unidentified agency even exposed an 800-gigabyte database of over 200 million personal user records. No one was off-limits. It’s to the point where we’ve become numb to the news of security breaches; we shrug it off and move on. But as consumers, we should be concerned with the lackluster cybersecurity practices these companies have in place. It’s clearly not protecting our data.
According to IBM, the average time to detect and respond to a data breach in 2020 is 280 days. This year’s global pandemic has made every industry a huge target with healthcare and the public sector leading the pack. On average, these industries spent over 320 days to detect and contain a cyberattack and cost tens of millions of dollars in some cases.
Billions are spent on security each year, so why is this still an issue?
How Passwords Will Change Your Business Strategy
One of the most critical security risks to any organization are passwords, especially default passwords and passwords to privileged accounts, which have elevated access to perform administrative functions. These can be administrator accounts, service accounts, database connection accounts, application accounts and others. Most of these accounts were set up ages ago when an application or system was initially deployed. They have multiple integration points and because of the risk of “breaking something,” the passwords for these accounts are rarely rotated, likely shared and often improperly stored.
Privileged account abuse is the most common way for hackers to compromise a system. Proper credential storage and accountability is paramount to risk mitigation. Relying on manual methods is resource-intensive, error-prone and leaves gaps.
According to a Varonis report, nearly 40% of all users sampled have passwords that have never been rotated! These passwords have a higher likelihood of showing up in online password dumps and being used to infiltrate networks. Simply put – they’re a cyber criminal’s best friend. This is how hackers walk in right through the front door. Not because they’re clever, rather because we make it too easy for them.
Proper password management can be overwhelming to manage, but it doesn’t have to be. To solve these challenges, XYPRO has partnered with SailPoint and CyberArk, two of the cybersecurity industry’s premiere security providers and leaders in their respective Gartner magic quadrants. XYGATE Identity Connector (XIC), is the first and only CyberArk and SailPoint certified integration for HPE NonStop servers. Integrate HPE NonStop with your existing enterprise investments in CyberArk and SailPoint to secure, manage, automate and log all activities associated with privileged access. This seamless integration means visibility, traceability, automation and ensuring passwords are not the Achilles’ heel that sinks your organization.
XYPRO and SPLUNK:
The Data to Everything Platform
2020 saw an upward trend in breach detection and containment. Data volumes, velocity and variety are increasing beyond human capabilities. We simply cannot keep up.
To address this need, HPE delivers XYGATE Merged Audit (XMA) with every HPE NonStop server. A widely deployed and proven solution, XMA is the HPE supported method of integrating your HPE NonStop data with SPLUNK and other SIEMs. XMA collects data from application, system and audit logs into a single, normalized SQL database to generate reports and forward data to the log management or analytics solution of your choice.
Without having to purchase any additional software, XMA communicates directly with enterprise solutions like Splunk “…to modernize your security operations and strengthen your cyber defenses”.
This data is aggregated, filtered, formatted and forwarded in real-time. Did I mention you don’t have to buy any additional software? XMA is on your NonStop servers already! You own it!
Getting HPE NonStop server data to Splunk is easy. Whether your data is in native XMA/NonStop format, Common Event Format (CEF), or a custom format, it can be sent to multiple targets. The only thing to decide is which data you want to send.
Installed and set up within minutes, configuring XMA to talk to Splunk takes even less time. Pop the settings into the provided template and off you go.
Now you can leverage all the capabilities of SPLUNK to generate reports, alerts, dashboards and more for your NonStop system and application data. Again, there is nothing additional to purchase.
Proactive Threat Hunting and Security Analytics
In testimony given before the Senate Subcommittee on Science, Technology and Space, famed cryptographer and cyber security specialist Bruce Schneier said:
“Prevention systems are never perfect. No bank ever says: “Our safe is so good, we don’t need an alarm system.” No museum ever says: “Our door and window locks are so good, we don’t need night watchmen.” Detection and response are how we get security in the real world…”
Schneier gave this testimony back in July of 2001, yet nearly 20 years later, organizations are still getting hit by incidents they didn’t detect, proving this premise is still valid and more critical than ever. I’m surprised by the number of conversations I have with IT and Security professionals who still carry the “set it and forget it” approach to security. No matter what type of protection a system has, given enough time, an attacker will find a way through. The faster you can detect, the faster you can respond, limiting the damage of a security breach.
Detection is not a simple task. Traditional (read: old fashioned) methods are the setting up of distinct rules or thresholds. For example, if a user fails 3 logons in a span of 5 minutes, send an alert. If the failed logon events spanned 20 minutes, or worse, 10 days, it likely would not be detected. The limitation of relying on these fixed rules is they can’t alert on what they aren’t specifically looking for (i.e. what they don’t know).
Low and slow incidents and unknown unknowns – activity not normal on a given system – will fly under the radar and no one would be the wiser until it’s too late.
The damage is done, the data is taken, the system has been compromised and customer confidence is lost.
Correlating events from multiple data sources is a real challenge. The traditional method is to scour through event records, try to put the pieces together and then create a rule to detect that pattern in the future. The weakness is that it can only be accomplished after an incident has already occurred, on the off chance the same combination of events will happen again.
For data to be meaningful and actionable, it requires context. Contextualization allows the system itself to determine what is actionable and what is just noise. XYPRO’s XYGATE SecurityOne evaluates each potential alert and, based on activity that happened previously for that user, IP, system etc…, determine whether the reported activity is business as usual or a serious issue to which you need to pay attention.
Context is Key. And Patented.
In 2018, XYPRO was granted US Patent 9,948,678 by the United States Patent and Trademark Office. XYPRO’s patent titled Method and System for Gathering and Contextualizing Multiple Security Events, covers the aggregating, correlating and contextualizing of disparate and unrelated security and system events. This proprietary technology provides faster detection of suspicious activity by intelligently combining security and non-security-related data while applying a layer of context which makes the newly enriched data much more insightful and actionable.
HPE NonStop servers are a staple of many modern, mission critical organizations. NonStop is central to activities that affect our lives on a daily basis; how we shop, pay, bank and communicate. As technology evolves around us, the NonStop server continues to modernize and XYPRO is thrilled to be a part of this evolution. XYPRO’s innovation efforts don’t stop there. We unflinchingly look forward, to identify where research and development investments should be made, always looking for ways to best serve our customers. This commitment has led us to new areas that provide even greater value and security to NonStop server users, integrating the NonStop with the rest of the enterprise and beyond. At XYPRO, we protect your data like it’s our own. Because it is.
Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. Steve is on Forbes Technology Council, the NonStop Under 40 executive board, and part of the ANSI X9 Security Standards Committee.
With over 20 years in the cybersecurity field, Steve is responsible for the strategy and innovation of XYPRO’s security product line as well as overseeing XYPRO’s risk, compliance, and security to ensure the best experience for customers in the Mission-Critical computing marketplace.
Steve is an engaging and dynamic speaker who regularly presents on cybersecurity topics at conferences around the world.