XYPRO Technology is a certified RSA Ready Technology partner. XYGATE User Authentication (XUA) now supports the RSA Cloud Authentication Service as a second factor of authentication for HPE NonStop servers. RSA is one of the world’s most widely deployed two-factor authentication solutions. Their certification program assures the solution customers are deploying has been verified interoperable based on RSA’s strict guidelines. This ensures quality, achieves faster time to value and lowers overall cost of ownership.
Account compromise due to stolen and/or weak credentials is among the most common methods attackers use to gain unauthorized access to privileged accounts – administrative users that have the power to take action with the highest authority in the most sensitive areas of your HPE NonStop server. To ensure no damage is inflicted (maliciously or inadvertently), PCI DSS Requirement 8.3 and other compliance frameworks require multi-factor authentication (MFA) for all personnel with non-console administrative access and all personnel with remote access to the Card Data Environment.
MFA is an authentication method by which a user is granted access only after successfully presenting two or more pieces of information to an authentication mechanism. This must be:
- Something the user knows (password)
- Something the user has (security token) and/or
- Something the user is (biometrics)
The goal of MFA is to create a layered defense strategy which makes it difficult for an unauthorized user to gain access by using stolen credentials. A second factor is required before granting access.
One of the largest security risks to any organization is the misuse, compromise or sharing of privileged account credentials. Privileged accounts have elevated access to perform administrative type functions. They can be administrator accounts, service accounts, firecall or emergency accounts, among others. Most of these accounts were set up long ago when an application or system was initially deployed and have multiple integration points. Because of the risk or simply fear of “breaking something, ”the passwords for these accounts are rarely rotated, likely shared and improperly stored. According to the Varonis 2018 Global Data Risk Report,65 percent of companies have over 500 accounts with passwords that are never rotated. These accounts have a higher likelihood of showing up in online password dumps with valid passwords. These password dumps are a cyber criminal’s best friend. Ensuring these passwords are stored properly, changed regularly, meet complexity and compliance requirements and audited can not only be overwhelming to manage, it’s also a user experience nightmare. These challenges leave many enterprises vulnerable to increased security risks and potential non-compliance with external regulations and internal corporate mandates.
To address this need for HPE NonStop servers, XYPRO partnered closely with HPE, RSA and our customer base to deliver a certified RSA Cloud Authentication Service integration that comes packaged as part of the HPE NonStop operating system. XYPRO’s XYGATE User Authentication (XUA) simplifies the user experience and reduces time to value while delivering strong, multi-factor authentication based on industry standards.
XYGATE User Authentication comes with every HPE NonStop server, ready to turn on, out of the box. XUA extends NonStop server security capabilities by integrating with authentication providers such as Microsoft Active Directory, RSA SecurID, Google Authenticator and many others, making it easy to protect your NonStop servers with regulatory compliant multi-factor authentication. In addition, XYGATE User Authentication audit logs are forwarded to an enterprise Security Event Information Manager (SIEM) through XYGATE Merged Audit for analysis, threat detection and reporting of authentication events and for compliance with PCI DSS Requirement 10.2.2. XYGATE Merged Audit also comes packaged with every HPE NonStop server.
To learn more about XUA, please contact your XYPRO Account Executive or visit www.xypro.com
Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. Steve is on the ISSA CISO Advisory Board, the NonStop Under 40 executive board and part of the ANSI X9 Security Standards Committee. With over 20 years in the cybersecurity field, Steve is responsible for strategy and innovation of XYPRO’s security product line as well as overseeing XYPRO’s risk, compliance and security to ensure the best experience to customers in the Mission-Critical computing marketplace. Steve is an engaging and dynamic speaker who regularly presents on cybersecurity topics at conferences around the world.