XYGATE products chosen for distribution by HP
Transcript of XYGATE products chosen for distribution by HP
XYGATE products chosen for distribution by HP
Presenter: Ian Pearce
1 XYPRO Confidential
• Proven Performers & Business Partners – Founded in 1983 – HP NonStop server security since 1990
• Fast Response Team – 24 x 7 Support service – Support offices around the world
• HP / XYPRO Relationship – Long-term relationship between XYPRO and HP
(Tandem/Compaq) – HP helped publish XYPRO security handbooks – Used to secure HP internal systems (20+ nodes)
2 XYPRO Confidential
About XYPRO
3 XYPRO Confidential
The XYGATE Suite
XYPRO solutions through HP
XYPRO Confidential 4
Compliance Authentication
Access Control Audit
Can I pass a compliance audit? Does my system meet all internal security policies and rules?
Who is allowed onto my system? When can they logon on?
What’s been happening on my system?
Who can do what on my system?
What commands can they execute?
• Analyze current relevant security settings
• Flag settings that may cause compliance issues
• Authenticate against LDAP, RSA SecurID and RADIUS.
• Granular logon controls.
• All NonStop Security Events • Filter to only show
events of interest. • Feed data to off
board SIEM devices.
• Eliminate Shared
userIDs • Control of
commands and subcommands in all system utilities
• Full keystroke logging
6 XYPRO Confidential
7 XYPRO Confidential
XYPRO Confidential 8
XYGATE Event Monitor (XEM)
Compliance PRO (XSW)
9
XSW – Easy to understand results
10 XYPRO Confidential
Green ruler = passed
Broken red ruler = failed
XYPRO Confidential
Tab Options
11
• Pre populated standards specific tabs
• Tabs can be customized to your own requirements
XSW – Security Compliance
12 XYPRO Confidential
Features: • Easy to interpret, graphic display of results • Automated data collection and analysis
against security policies, regulations (PCI, HIPAA, SOX), Best Practices
• Extensive default reporting on results • Easy report customization • Audit and tracking of security policy adherence • Access mapping by subject or object • Integrity checking • Compliance visibility to a single system or an entire NonStop
Enterprise
Customer Benefits: • Meet compliance requirements - prove it, and maintain it • Achieve immediate results - and rapid ROI
In Summary XSW – Security Compliance
13 XYPRO Confidential
XYGATE User Authentication, allows customers to implement logon controls at a granular level and integrate their NonStop server into larger LDAP environments • Logon Controls at a granular level, including time based. • Rules for User group logons and controls for group manager capabilities • Audit reporting on logon events • IP, Requestor and Ancestor controls • LDAP interface for NonStop • Support for RSA SecurID tokens and RADIUS authentication
XYPRO Confidential
XYGATE User Authentication (XUA)
14
• Control logons based on: • Ancestor program • Requestor program • Port/IP Address • Time of day/day of week • Current logged-on user
• Supports user impersonation – logon using SUPER.SUPER but your own password.
• Apply global-level authentication controls to the user/group-level (e.g. Apply Authenticate_Fail_Freeze to a user or group, not global)
XYPRO Confidential
XYGATE User Authentication (XUA)
15
• Includes EXPLAIN/WHATIF functionality for testing of rules
• Authentication decisions are audited, and audit data can be integrated/sent to a SIEM device with Merged Audit
• NonStop userids can be frozen/have passwords expired – all authentication must come from LDAP/AD/RSA
• Allows customers to meet corporate standards for authentication
XYPRO Confidential
XYGATE User Authentication (XUA)
16
Audit Data (Audits can be captured in up to 9 locations simultaneously)
User Authentication
Configuration Settings and
Authentication Rules
SAFEGUARD
USERID Information
OPEN LDAP
RADIUS
Active Directory
XYGATE User Authentication (XUA) XUA provides an extension to Safeguard to authenticate users based on pre-set rules that are applied on top of NonStop security settings
Users can now access NonStop servers through an industry SSO solution. The Authentication layer will trace the user to the associated NonStop userID for authentication
User activities can be monitored and audited
100% of NonStop’s Authentication Requests are handled through the User Authentication layer
NonStop Programs – TACL, OSS, FTP, ODBC, DSM/SCM, SSH, OSM and all others
• Each user gets single, unique logon with all & only those privileges needed to do their job
• Eliminates use of SUPER.SUPER (Master Logon) • Eliminates use of shared logons
• You have auditability for all users • for all actions (KEYSTROKE!) • for all process management • for logons, logoffs and program runs • for user location • for IP addresses
XYGATE Access Control (XAC)
18 XYPRO Confidential
• You have individual accountability • for actions performed from the keyboard • showing such items as user ID, terminal, date, time,
IP address, command input, command output
• Re-authentication of users for sensitive actions • inactivity time-outs • keyboard locking
XYGATE Process Control (XPC) • Grants process privileges • Ability to stop, suspend, altpri, activate and debug are
granted to the user ID
XYGATE Access Control (XAC)
19 XYPRO Confidential
Audit Data (Audits can be captured in up
to 9 locations simultaneously)
Configuration Settings and Access Rules
ACCESS CONTROL
PC/Terminal
Access controls are set up and stored on the system
As users attempt to access system resources, their rights are queried and allowed or denied by the Access Control layer
User activities are monitored and audited including key strokes as desired.
NonStop Utility Programs
-TACL - OSS Shell - FUP - All Others
XYGATE Access Control (XAC)