NonStop Insider

job types


Site navigation


Recent articles


Editions


Subscribe


For monthly updates and news.
Subscribe here
NonStop Insider

Security: It’s All About the Fundamentals

CSP

DanDan

CSP Logo -Final - imprenta (2)

csp feb 2021

Last month, we wrote about the sophisticated and long-running cyber-espionage campaign distributed through the widely-used network management software, SolarWinds.

New information has recently come to light. We now know that the threat group behind the supply chain attack that targeted SolarWinds leveraged a piece of malware for lateral movement and deploying additional payloads.

The SolarWinds attack involved the delivery of trojan-ized updates to as many as 18,000 of the company’s customers through Orion, an IT monitoring product. These malicious updates delivered a piece of malware named Sunburst, which the attackers inserted into the Orion product using another piece of malware known as Sunspot.

While Sunburst Backdoor is a sophisticated attack vector, it is still just a trojan on a network with lateral movement. A company can deploy many of the typical network defense and incident response techniques immediately.

The SolarWinds attack is interesting because you can’t really stop it from happening. However, you can detect and stop lateral movement and data exfiltration from your network by focusing on certain security fundamentals. We define these fundamentals as follows:

But how can you protect your critical data and effectively implement these security fundamentals on NonStop systems? CSP has perfected many security and compliance tools to help you achieve these security fundamentals, such as File Integrity Monitoring, User Management, Command Control, Multi-factor Authentication, Audit, and Compliance Reporting.

Today’s fancy new defense tools are no replacement for asset management controls. Threat intel won’t do you much good if you lack contextual asset data. AI benchmarking will only learn and continue to allow bad habits if your environment was already out of compliance when the tools were initially implemented.

The most effective security tools focus on these fundamental security practices by establishing secure baselines and building workflows around them to make it easier for analysts to focus on the real problems.

Securing NonStop Systems Effectively With CSP PassPort

csp feb 2021 - 2

CSP provides several comprehensive security solutions that will protect your NonStop systems and ensure that you meet all of your compliance requirements. Organizations are relying on CSP’s trusted security solutions more than ever to ensure the integrity of their applications.

CSP PassPort provides comprehensive user and command control, password quality enforcement and auditing. It controls and filters user access to systems, programs and commands according to customized user profiles. It offers superior user authentication, command control, session control, accountability, and auditing capabilities not available with Guardian or Safeguard security.

All user terminal input/output operations (including OSS) can be monitored via an easy-to-use GUI interface, while an audit process records all user activities.

csp feb 2021 - 3

User Account Update Screen

Major Benefits:

Key Features:

 

Learn more about CSP PassPort here.

CSP – Compliance at your Fingertips™

For complimentary access to CSP-Wiki®, an extensive repository of NonStop security knowledge and best practices, please visit wiki.cspsecurity.com

We Built the Wiki for NonStop Security ®

The CSP Team

+1(905) 568 –8900

csp feb 19 - 3