COVID-19: Now is the time for Multi-Factor Authentication

During this time of unprecedented uncertainty, we at XYPRO are concerned about the safety and health of our employees, their families, our customers and everyone who makes up our global community.

XYPRO is about problem-solving and we have been since the company’s founding in 1983. Like us, many of you have been in the process of keeping your business running and adapting to this new way of working. XYPRO started preparations in late January and you can review our process as documented by Dr. Melodie Bond-Hillman, XYPRO’s head of Human Resources.

The safety of your workforce, including their digital safety, is of paramount concern. We’ve seen a sharp uptick in the amount of cybercrime targeting the new “work from home” situation and there is no shortage of criminals looking to take advantage of chaos and fear–two things in abundance right now. It’s never been more important to continue being “security-aware” and staying vigilant.

It’s a good time to reach out to our partners and customers in the HPE NonStop space to remind you about the solutions readily available on your HPE NonStop servers to assist with the current challenges. You don’t have to order anything, or even leave your house.

 

Multi-Factor Authentication

According to Microsoft, 81% of data breaches occur due to weak, default or stolen credentials and 99% of these attacks can be blocked by implementing Multi-Factor Authentication (MFA).

MFA is an authentication method where a user is granted access only after successfully presenting two or more of the following pieces of information:

  • Something you know (password)
  • Something you have (security token)
  • Something you are (biometrics)

All it takes is one compromised account to one legacy application to cause a data breach. With the unfortunate increase in COVID-19 phishing scams targeting remote workers isolated from their day-to-day environments, there is no better time to implement multi-factor authentication across your critical applications, servers and services.

XYGATE User Authentication (XUA) is already included on your HPE NonStop servers and ready to turn on with no additional software or infrastructure investment. XUA provides strong, multi-factor authentication based on industry standards and extends NonStop security capabilities by integrating with enterprise authentication providers such as Microsoft Active Directory, RSA, Google Authenticator, and many others. This simplifies the protection of your NonStop servers using regulatory compliant, multi-factor authentication.

In addition to MFA, XYGATE User Authentication integrates your NonStop and application user IDs with Microsoft Active Directory, providing enterprise, global password policy enforcement. This ensures the same password policies within Active Directory apply to your NonStop servers and applications, removing the risk from weak or default passwords.

 

Detecting Authentication Threats

There are nearly a billion fraudulent sign-in attempts per day across the internet. Detecting and alerting when fraudulent attempts occur is a necessary weapon in combating these threats. XYGATE User Authentication (XUA) event logs can be forwarded to your enterprise Security Event Information Manager (SIEM) or other analytics solutions through XYGATE Merged Audit (XMA), which is also packaged with every HPE NonStop server. XMA is used for alerting, threat detection and analysis of authentication data. With XMA, you’ll know if someone or something is attempting to gain unauthorized access to your systems.

PCI DSS Requirement 10 mandates tracking and monitoring all access to network resources. XYGATE Merged Audit assists with compliance of this critical requirement for all NonStop authentication events.

While no single solution can protect your NonStop environment alone, the combination of XUA and XMA will provide key defences to make sure passwords, as an attack vector, is one less thing to worry about.

 

Hands-On Help

XYPRO is also here to assist with everything from deployment of XYGATE Merged Audit and XYGATE User Authentication, to helping you ensure your employees can securely and effectively meet their responsibilities while working remotely.  Our Solutions Delivery & Support Teams are ready to work with you. Remotely, of course 🙂

If you would like us to more formally evaluate your environment or you’d just like to chat and bounce some ideas off us, please reach out and let me know.

As your trusted cybersecurity partner, we are watching the developing situations very closely, evaluating new threats that may pose a danger to our customers and the greater NonStop community. The following article contains tips on how to securely set up your remote employees and raise the security profile of your workforce. Some things may seem quite obvious and simple, but it’s easy to overlook the obvious in stressful times like these.

We will continue providing updates through www.xypro.com and our social media communication channels. If you have tips and tricks you think might be useful to others, please let me know and I will try to include them in future updates.

We’re all in this together. Even if it seems like it isn’t something we do, reach out to us. We have a large network of partners, vendors, friends, and colleagues that we can leverage–all willing to help.

Please stay safe and healthy.

All the best.
Steve Tcherchian, CISSP
Chief Product Officer
@XYPROTechnology @SteveTcherchian

Author


  • Steve Tcherchian, CISSP, PCI-ISA, PCI-P is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. Steve is a member of the Forbes Technology Council, the NonStop Under 40 executive board and part of the ANSI X9 Security Standards Committee. With over 20 years in the cybersecurity field, Steve is responsible for global strategy and innovation of XYPRO’s security product line as well as overseeing XYPRO’s risk, compliance and security to ensure the best experience for customers in the Mission-Critical computing marketplace.   Steve is a security leader with a record of superior results in a variety of challenging and multicultural environments, as well as an engaging and dynamic speaker who regularly presents on cybersecurity topics at conferences around the world.