Tuesday, December 24, 2013

DBIR 2013 Blog Part III – What does this all mean to me?

In this blog series, we've been discussing the 2013 Verizon DBIR, which includes the following facts:

621 confirmed data breaches studied in detail
19 contributors, including government agencies, private security organizations and consulting companies
44 million records compromised
The largest and most comprehensive data breach study performed each year
75% of attacks were opportunistic - not targeted at a specific individual or company - with the majority of those financially motivated
37% of breaches affected financial institutions

In the most recent blog entry of this series we covered some key observations from the report. In this blog we'll look at what those observations mean to HP NonStop server users, and draw some final conclusions. Note that the full report is available here: http://www.verizonenterprise.com/DBIR/2013/

Key observations from the last blog, with their relevance for NonStop users:

Most Attacks Still Use Basic Techniques

The vast majority of attacks exploited weak or stolen credentials, and were considered "low" or "very low" in difficulty (on the VERIS scale which Verizon uses to categorize breaches).

NonStop relevance: Protect "the basics" - implement strong user authentication; implement (and enforce) password management processes; enforce a policy of minimum required access; ensure no shared accounts (especially SUPER) and keep track of all privileged user activity with keystroke logging. These relatively simple steps will ensure that the types of attacks that Verizon observed in over 70% of cases will fail.

14% of breaches were insider attacks

The majority of insiders committing sabotage were former employees using old accounts or backdoors not disabled, and the vast majority of IP theft cases committed by internal people took place within 30 days of announcing their resignation.

NonStop relevance: Ensure your NonStop user provisioning is integrated with your Enterprise Identity Management system, if you have one - that way as users are decommissioned at the enterprise level, they're also decommissioned on the NonStop. Integrate your NonStop with a Security Incident Event Management (SIEM) solution. That way any suspicious activity can be viewed at an enterprise level, and may be clearer as a result. The "basic" protections above also apply here.

Data at rest is most at risk

66% of breaches involved data at rest in databases and file servers (the rest was data being processed when it was accessed)

NonStop relevance: Protect your data at rest, with encryption or tokenization. Note that Volume Level Encryption (VLE) doesn't really provide the requisite level of protection, as once a user is signed on to the NonStop, their access is based on standard Guardian/Safeguard rules - the "encryption" becomes transparent to them. VLE is really best used to protect entire disks from theft.

Types of attack vary depending on industry and region

37% of breaches affected financial institutions, banks are often subjected to ATM skimming

NonStop relevance: As many NonStop users are banks or other financial institutions, the findings in this report are particularly relevant. The recommendations should be carefully studied and applied where it makes sense in customers' environments.

Spotting a breach isn't always easy, or quick

66% of breaches in the report took months, or even years, to discover. 69% of breaches were spotted by an external party, with 9% being spotted by customers!

NonStop relevance: This is where using a SIEM gives some real benefits. By aggregating all security events across the enterprise and presenting them in a normalized fashion, it can be a lot easier to notice anomalies. It's critical for NonStop users to gather and forward all NonStop-based security events and forward them to the enterprise SIEM, if one is present, to ensure that any clues from the NonStop regarding a possible breach are included in the analysis.

As you can see, and as we've mentioned in earlier blogs, looking after the security fundamentals is probably the best "bang for your buck" in terms of securing your critical, NonStop-based applications and their data. To further underscore this, the PCI DSS v3.0 standard has just been published, and it includes an increased focus on the basics, as hinted at in earlier PCI announcements.

XYPRO has been developing products, and providing solutions, to assist our customers to meet their many and varied security requirements for over 30 years. We have solutions to address all the points summarized in this blog, and more - if you'd like more information on anything you've read here, or anything else that comes from the Verizon DBIR, please contact your sales representative https://www.xypro.com/xypro/contact, or email me at andrew.price@xypro.com.

Monday, December 2, 2013

Back In Training – NonStop Technical Bootcamp 2013

XYPRO has just returned from a very exciting few days in San Jose, attending the second annual NonStop Technical Bootcamp. The event was held at the San Jose Doubletree hotel, as it was last year, although this year the venue was bursting at the seams! It turns out that, whilst the number of vendors and HP representatives was roughly the same as last year, user attendance was up over 200% from last year – a sure sign that the event is going from strength to strength. The majority of new user attendees this year came from the Asia-Pacific/Japan region, but there were attendees from Russia, Japan, Taiwan, Israel, UAE, South Africa, Brazil and more.

There had been rumours of a big announcement coming from HP at this years’ event, and the opening general session was packed, (in spite of the Beer Bust the night before—(which itself is becoming quite a tradition, and a great way to kick off the week). Randy Meyer, in his new role as VP and General Manager of Integrity Servers, jumped pretty quickly to the big news – that HP has committed to bringing the NonStop to x86 (Intel Xeon) processors. This is A BIG DEAL because, as summarised in many other articles, it removes any possible perception of HP’s lack of commitment to the platform, and any FUD (Fear, Uncertainty, Doubt) around the future of the Itanium processor. For the time being, NonStop will be available with both types of processor, and at some point (one presumes) the Xeon-based line will replace the Itanium one.


At XYPRO, we’re very excited about this announcement, for the same reasons that everyone else is. We’re also looking forward to the project to port our software to this new platform,; which, from everything we’ve heard, should be a relatively straightforward exercise.

Both of the main conference days were very busy, with excellent content in the presentations and great traffic past the exhibitor booths – indeed, at times things got pretty crowded in the high traffic areas. There was a rumour going around that next year the event will be in a bigger venue, which will be great.

We took the opportunity to meet one on one with many of our customers – these sessions are always great for getting product feedback, discussing possible enhancements and product direction, and just generally catching up with friendly faces. If for some reason we missed catching up with you, and there’s anything you need to discuss with us, please get in contact with me, or your XYPRO Sales representative, and we’ll line something up.


As the name “Technical Bootcamp” implies, this conference had a major focus on training and on Sunday XYPRO provided 8-hours of pre-conference training on key NonStop security topics. In the first 4-hour session, “Make the Most of your NonStop Security Bundle”, XYPRO’s Dave Teal explained the fundamentals of Audit and Authentication and all the benefits included with the advanced security software included with the OS on HP NonStop servers. Dave described how to easily install, configure, implement and use these valuable solutions and help streamline security audits to meet compliance regulations. In the second 4-hour session, “Everything You Need Know for PCI Compliance on HP NonStop”, XYPRO’s Rob Lesan went through the why's and how's to meet and exceed PCI compliance regulations easily and efficiently while making the whole process simple and non-intrusive. Both sessions were jam-packed with NonStop technical experts looking to increase their security knowledge.

XYPRO presented on both the Monday and the Tuesday. Monday’s presentation, “Industry-standard, enterprise-wide Voltage Encryption and Tokenization – no code changes required!” was done in conjunction with Voltage, and was an overview of XYPRO’s new XYGATE Data Protection (XDP) product and Voltage’s SecureData. XDP utilizes intercept technology to seamlessly allow NonStop applications to encrypt or tokenize sensitive data using Voltage’s SecureData product, without any application code changes. Tuesday’s presentation was with another XYPRO partner, NetAuthority, and covered “Stronger User Security with Advances in Multi-Factor Authentication”. The session discussed the growing threat of cybercrime, the various multi-factor authentication solutions that have been deployed to protect online and mobile users, and new technologies like NetAuthority’s DeviceLink product which provides two-factor authentication without the overhead of hardware tokens, one time passwords, or other intrusive technologies. Both presentations were well attended, and had some great Q&A activity at the end (or in the exhibit area after the session).

Visit the Connect website for additional info on the XYPRO presentations and other Bootcamp sessions. The NonStop Innovations blog also has a lot of the bootcamp presentations along with interviews with a number of vendors, so check that out at http://www.nuwave-tech.com/hp-nonstop-innovations.

On Monday evening XYPRO hosted a dinner celebrating their 30th Anniversary. This event was held at The Table, in San Jose, and saw about 65 of XYPRO’s customers, partners and employees getting together to enjoy some fantastic food, great service, and one or two adult beverages in a casual environment.


Once again, a fantastic event, and we’re looking forward to being “Back in Training” in November, next year – hope to see you there!

XYPRO Technology
info@xypro.com
https://www.xypro.com