Monitoring: A Crucial Part of ZERO Trust Strategy

Monitoring: A Crucial Part of ZERO Trust Strategy

ZERO Trust is a straightforward concept – trust nothing, verify everything. Successful implementation can be difficult though, because retrofitting legacy systems may not be an option, and all-in-one ZERO Trust products do not exist. Configuring your network and systems for ZERO Trust to the best of your ability is the beginning, not the end of the journey. 

Integrity Monitoring  

Systems, user roles, and technical resources change. Continuous verification and real-time monitoring are necessary to confirm controls remain effective when changes occur.

XYPRO Technology and HPE provide security solutions for end-to-end security of NonStop systems. This includes tools for three of the highest-value monitoring you can implement.

  1. Continuous Integrity Monitoring for awareness of changes, expected or otherwise, on your NonStop systems.
  2. Real-Time Monitoring and Alerting for high-risk or suspicious activities, for example, the logon of newly created users with elevated permissions.
  3. Monitoring of NonStop appliances, such as CLIMs and NonStop consoles.

XYGATE SecurityOne (XS1) Integrity Monitoring provides change detection for frequently used object types for HPE NonStop systems.  XS1 Security Intelligence Suite delivers real-time, continuous monitoring for a diverse set of high-risk activities (for example, suspicious logins, changes to ProgID or License status, or use of a frozen account to name a few).  XS1 Appliance Sentry Monitor scans and reports on CLIMs and NonStop consoles.

Below are examples of XS1 Integrity Monitoring and how it supports your ZERO Trust strategy.

For those of you using XYGATE Compliance Pro (XSW) it has been a reliable monitoring tool for many years, and it does a very good job, but XS1 is a big step up from XSW and offers enhanced real-time monitoring along with new, cutting-edge functionality.

XYGATE SecurityOne (XS1) Integrity Monitoring:

Integrity monitoring in XS1 is a simple, three-step process:

  1. Choose the type of monitor you want to create,
  2. Define the objects you want to be monitored and
  3. View the results.

File masks and filters can be used to narrow the focus of your monitoring to the individual Guardian Files if desired.

Step 1: Add Monitor, define the type of monitor (Guardian File for example) and provide a name for the monitor:

Step 2: Define the systems to monitor, define the file masks for files to include or exclude, set the frequency of the monitoring, and save the monitor.

The monitor shown here will collect all Guardian File attributes but will only create an alert when the file security has changed or if the Licensed or ProgID on the file changed.

In the future, when more XYGATE products are added to $SYSTEM they are automatically part of the collection criteria and will be added to the generated report.

Step 3: View the monitoring reports. The results displayed are for all monitored NonStops and include every file in each $SYSTEM.XYGATE volume, excluding any temp files (files starting with ZZ).

The reported results can be sorted, filtered, and customized to display only attributes of interest.  The report below makes it easy to identify how the security differs for the ACACL, ACCONF, UAACL and UACONF files across the three NonStop servers.  R-Click to export the results to share the findings with your operations or security teams.

XYGATE Compliance Pro – Integrity Monitoring:

By contrast, XYGATE Compliance Pro requires several steps before your first report can be viewed.

1. Define your collection criteria (NonStop systems and what disks to monitor).
2. Create a new integrity check for each of the four files (ACACL, ACCONF, UAACL and UACONF).

a. Create a new integrity check using the System Integrity Rule Builder.
b. Build a rule to monitor the XYGATE files of interest.  Using the System Integrity Rule Builder you can select “Guardian Files” as the Entity to check.
c. Filter for the Volume of interest, find the subvolume containing the files of interest

d. Scroll through the list of files to find the files you want to select and monitor.

e. Add selected files to the integrity monitor.

3. Repeat steps a-e for XYGATEUA.
4. Run the collection.
5. Load the collection.
6. View the results.
The results are presented in a table displaying every Guardian File attribute. Columns cannot be removed from the table to optimize the information displayed as was done with XYGATE SecurityOne.

You can see how XYGATE SecurityOne automates, simplifies, and provides intelligent integrity monitor results.

XS1 Increases Staff Productivity

Most organizations cannot allocate enough resources to proactively monitor their environment. Instead, security staff must devote time at the back end, investigating possible incidents – a very manual and time-consuming process of collecting, correlating, and searching through disparate logs. XS1 automates incident identification by correlating and contextualizing data in real-time and highlighting actionable incidents that need immediate attention. This patented XS1 functionality means you’re not wasting time on “Possible” events.  This automation of investigative activities frees up nearly 80% of your staff’s time, allowing them to focus on proactive monitoring.

XS1 Modernizes Security Resources

The sheer processing power of HPE NonStop systems grows to support increasing volumes of work and critical assets being protected. HPE NonStop systems and the functions they perform are integral to the global financial infrastructure. Properly Securing these mission-critical workloads, and having only a few staff members familiar with NonStop security management increases the risk of insider abuse.   The differentiator for such a modern product like XS1 is that security management experience means you’ll find it intuitive to use XS1 to manage HPE NonStop security without needing in-depth NonStop knowledge, greatly reducing the risks from resource attrition and insider abuse.

Learn more about the benefits of XYGATE SecurityOne 

Visit our XYGATE XS1 product page for more information.

For more information and to schedule a demo about Real Time integrity monitoring, contact us at https://xypro.com/contact/

mpx

This May and June, join XYPRO and your HPE NonStop community in Edinburgh, Auckland, Sydney, Toronto, Mexico City & Dallas for informative presentations, demonstrations and networking.

XYPRO Presents – Identify, Protect, Detect – A ZERO Trust Approach to Ransomware Protection

Ransomware encrypts victims’ files and demands payment in exchange for the decryption key. No business is off limits. Learn the basics of ransomware, how it spreads, and what organizations can do to prevent, detect, and respond.

Go over the tactics used by cybercriminals, the impact of ransomware attacks on businesses, costs associated with paying a ransom, restoring data and systems, and reputational damage.  

XYPRO’s best practices for preventing and recovering from ransomware attacks, including implementing zero-trust security measures provided by XYPRO and HPE ensure businesses can quickly and effectively recover from an attack.

PCI-DSS 4.0 is on your mind. The new PCI standard was designed with a zero-trust philosophy at its core.  With new requirements for authentication, behavior analysis, and real-time monitoring, XYPRO’s White Paper on PCI DSS 4.0 takes out the guesswork and shows you step-by-step how to address compliance in an automated way.

Author

  • Steve Tcherchian

    Steve is a visionary cybersecurity executive with over 20 years of experience in the industry. In this role as Chief Product Officer and CISO, Steve leads global sales, technology, product direction, and go-to-market strategy for XYPRO’s cutting-edge cybersecurity solutions that fortify the digital backbone of economies worldwide. Based on his unique leadership, strategic vision, deep cybersecurity experience and penchant for relationship building with customers and partners, Steve has helped transform XYPRO into a top tier cybersecurity provider evidenced by record growth and accelerated adoption of XYPRO’s threat detection and compliance solutions across diverse sectors. As a passionate advocate for cybersecurity, Steve is dedicated to demystifying the complexities of the industry, sharing invaluable insights and experiences across global stages as a sought-after speaker at events and conferences. His contributions extend beyond the podium; as a former member of the ISSA CISO Advisory Council, the X9 Security Standards Committee, the Forbes Tech Council, and a patent holder, he has influenced pivotal cybersecurity standards and innovations.

Be the first to comment

Leave a Reply

Your email address will not be published.


*