NonStop Security Intelligence
XYGATE SecurityOne® provides real time Security Intelligence and Analytics for the HPE Integrity NonStop Server. XYGATE SecurityOne is designed to actively detect NonStop specific Indicators of Compromise and alert on suspicious activity.
Using patent pending technology, XYGATE SecurityOne gathers data from multiple disparate NonStop server sources including application and system data, subsystems, user behavior, file operations, network data, command input and other sources and uses specialized security intelligence algorithms to correlate, contextualize and analyze events to paint a detailed security incident picture in real time for the NonStop. This enables security operators to hone in on and detect security events before they culminate into an incident or breach.
Reduce Mean Time to Detection
Ponemon Institute Global Cost of Data Breach Study points out the continual rise in cyber attack frequency and the high costs associated with resolving these incidents. Security teams need greater visibility and proactive analysis of their data to enable faster detection and increase response times to avoid a high impact cyber incident.
The Ponemon study also points out that the mean time to detection of a cyber security incident is currently over 200 days. This is mostly due to manual detection and discovery methods used to investigate security incidents. This tends to be a very time consuming and expensive process, often sending security teams down rabbit holes. Attackers have learned that blending their activities in as innocuous user behavior hides their actions as they move around the system. This is the concept of “low and slow”.
Detecting the Low and Slow
Low & Slow attacks typically utilize low volumes of user and system activity that appear legitimate in terms of the commands and events being generated. By not violating system security policies, they pass undetected, flying below the radar of traditional detection strategies and solutions.
XYGATE SecurityOne detects NonStop specific event patterns and evaluates their context in real time to identify suspicious activity that current solutions are not geared to detect. By identifying anomalous behavior, XYGATE SecurityOne is able to profile and alert on compromised accounts or those being used by malicious insiders. Acceptable user behavior can be determined based on roles or measured by profiling activity. For example, if one system administrator’s behavior is significantly different to all other administrators, it may be because that person is performing malicious activity or their account is compromised.
This meaningful reduction in Mean Time To Detection allows security analysts or operators to work more efficiently knowing they have a full picture of their NonStop environment.