Born Of Frustration – The HPE Integrity Detective Story

HPE Integrity Detective was born as a result of frustration. Frustration with long-winded and laborious installation and configurations. Frustration with software which did 65% of what was needed. Frustration with gaping holes in security/audit. And frustration that the product mentioned above was the somehow the alleged ‘market leader’ in its field – that being security/compliance checking and integrity monitoring.

After years of frustration at using a flawed monitoring product, many users had had enough. “There has to be a better way” they screamed quietly to themselves, so as not to alarm anyone in the adjoining offices… “There has to be product out there which has all the features I’ve been requesting in years of RFE submissions, that has all the functionality my organization needs, while also making my day-to-day job much easier?” But there wasn’t. You pretty much got what you were given, and fundamental architectural flaws were blamed for why many fixes and enhancements were simply not possible.

Fully aware that many users all shared the same frustrations, the developers at 4tech Software set about creating a new integrity monitoring solution which addressed all the key requirements you’d expect of a well thought out and well-engineered NonStop security solution. The 4tech team were joined by one of those frustrated users mentioned above to make sure HPE Integrity Detective (ID) benefitted from unparalleled levels of hands-on experience, ensuring no one else would have to despair at ID like they had with their previous monitoring product, which had promised so much, but delivered so little…

What Are The Fundamental Requirements Of A Top End Integrity Checker?

Having an in-depth knowledge of exactly what users need to make their jobs easier and how their ideal solution would be used on a day-to-day basis has been key to the development of ID from day one. For each and every feature contained within ID, the real world use and the user experience have been given the same priority as other vital considerations like security and functionality.

• All on the NonStop! With the exception of the GUI, ID is 100% NonStop based, so no need to go through the pain of provisioning and securing additional off-platform servers. If someone is trying to sell you a NonStop security solution which requires an external Windows or other platform database, ask yourself who that’s helping; you or them?
• All the features you need and none that you don’t. Is someone trying to convince you that you need a bunch of extra-cost additional modules to help meet their sales target?! There are no optional extras and up-sell with ID, just one comprehensive product which does everything you actually need.
• Quick to set up and easy to configure. Installation is simple. Little things like adding multiple files from a subvol or multiple subvols simultaneously is simple with ID, but not with all solutions. The ability to copy/paste the config (or part thereof) from one system to another rather than setup from scratch – we’ve got that covered too. We could go on.
• User-friendly features that just make your life easier. Context-sensitive help (F1 key) takes you straight to the relevant page of the comprehensive user guide.
  Notes can be used to track changes and activity within ID. Users can tag notes to any object monitored. A history can be built up over time showing what has happened to an object and what remedies were actioned. This can reference change documents or trouble tickets so that auditors can see that the ‘alleged’ (documented) processes actually took place. Relevant screens have a built-in Print function – PDF ‘prints’ provide useful audit evidence.
• Enterprise connectivity. Yes ID is 100% NonStop based, but it is also 100% compatible with all enterprise SIEM solutions, so it brings all of the alerts from your NonStop system to your enterprise monitoring team.

Under The Hood of a Comprehensive Integrity Monitoring Solution

It’s all very well monitoring the heck out of a critical config file, but File Integrity Monitoring (FIM) on an HPE NonStop is useless without the ability to monitor, for example, an object’s corresponding Pathway server – after all, if I introduce a rogue config file and direct the Pathway to my file instead of your FIMmed one, no alert will be triggered. So ID doesn’t just monitor critical files, it also monitors all subsystem configurations too – it’s almost pointless doing one without the other.

So, as well as a top drawer user experience, ID also provides a top drawer set of features – just one set, it won’t cost you extra to monitor CLIMs or other stuff that should be included in the first place! Here’s a look at the comprehensive set of ID features:

• Extensive monitoring of files and subsystems including Guardian and OSS files, Kernel-managed processes (persistent processes) properties, NetBatch jobs and attachment sets, CLIM configurations, Pathway server and Pathmon properties, SSH properties and all Safeguard objects.
• COM program output monitoring: ID can monitor the configuration of any HPE NonStop utility (such as OSS filesets) or third-party subsystems (for example, data replication tools, Spooler, HPE NonStop SSL/TLS, BASE24 NCPCOM, Secure Tape and more) which have a command line interface.
• Malware and rouge object/action detection: ID can watch for and alert on the introduction or deletion of files to/from watched subvolumes or subdirectories.
• Real time alerting: 24×7 monitoring generates real-time alerts. Instantly, it sends alerts to SIEM (via syslog), EMS, or both. Alerts will also be displayed in the GUI – users can see the ‘should-be’ and ‘actual’ values immediately.
• Auditing: Full auditing of actions (baselining of files or subsystems, control parameter changes, state transitions), and EMS alerts
• Security: Inbuilt security defining what each user can see or do within ID. Fully customizable user permissions.
• Change-unchange detection: If a file (or subsystem parameter) is changed and then changed back again to its baselined value, ID raises an amber alert, indicating that something may be amiss and should be checked.
• Reporting: Comprehensive reporting on objects – report output can be directed to a file, a spooler, or back to the GUI. Reports on FIM files can be automatically produced either at the end of a checking cycle or on a schedule. These can be sent to a file server to integrate with legacy enterprise FIM tools.

In Conclusion

ID was designed and built by NonStop Security Admin and Security Management specialists who have decades of experience using all third party security tools and have the same amount of experience working at the coal face in real world end user environments. They built ID to be what real world security teams actually need, not what a big brand, hands-off developers think you might need.

ID is available exclusively from your HPE account team. If you’d like further information or a product demo you’re welcome to contact HPE, or the ID Pre Sales team at 4tech Software would also be happy to give you the tour.  www.4tech.software/integrity-detective

Other Security Solutions by 4tech Software

HPE PANfinder was launched in 2010 to fulfil the requirement for a sensitive payment card data discovery solution on the HPE NonStop Platform. Early adopters knew that identifying readable PAN data in unknown locations was an important part of any proactive cybersecurity policy. With the advent of PCI DSS V4.0, card data discovery is no longer a nice to have but a must have.

HPE Tokenator is our new data Tokenization solution, created specifically and exclusively for the HPE NonStop platform. Utilizing data-intercept technology, Tokenator intercepts sensitive data before it’s written to disk and converts it into format-preserved tokens – desensitizing it and rendering it worthless to hackers who might gain access to your application and/or database.