ORIGINA SERVICES

PROTECT

lock icon

PRODUCT HARDENING GUIDES

SECURITY EXPERTS AGREE THAT THERE IS NEVER A SINGLE MAGIC BULLET WHEN IT COMES TO PROTECTING AGAINST CYBERSECURITY THREATS.

People often assume that software vulnerabilities are solely a result of defects within the software code. However, poor configuration and implementation of software is often exploited. The growing complexity of software and rapid change or product lifecycle combined with operational and budget pressures can result in the poor compliance to security baselines.

Some examples of security risk due to poor adherence to security best practice include:

Sensitive information on the server read by unauthorized individuals or changed in an unauthorized manner due to poor Identity and Access Management (IAM).
Denial of Service (DoS) attacks that are directed at the server or its supporting infrastructure, denying or hindering users from using its services.
Sensitive information is transmitted in an unencrypted format which increases the risk of interception between the server and the client.
Malicious entities can exploit weak configurations or non-critical services in the application to gain unauthorized access.

To mitigate common security threats requires a multi-layered approach to security that focuses on people. Good security practice must be a mandatory component of system and application commissioning plans and must include the adoption of a continuous monitoring process.

Sidew view information

ORIGINA'S LAYERED APPROACH TO SECURITY

Origina Software Security Layered Approach
Origina's hardening guides are a collaboration between our independent Global IBM Experts and our security team. The hardening guides have a single purpose: Enhance the security posture of your IBM software products to proactively reduce the likelihood of affecting the confidentiality, integrity or availability of your IBM investments and hosted, or processed, data.
Origina logo optimized

Origina adopts a risk-based, multi-layered approach to helping you to proactively protect your IBM® software investments against cybersecurity threats. This approach ensures that appropriate mitigating actions are implemented that prevent the exploitation of vulnerabilities and misconfigurations and that accidental actions that affect the Confidentiality, Integrity or Availability (CIA) of your IBM investments are hosted or processed.

Origina’s hardening guides are a key component of our multi-layered approach to helping you to proactively secure your IBM software products. The practice of hardening goes beyond just using the recommended security settings and is the practice of addressing the risk of attack by undertaking actions to tackle vulnerabilities, disable unnecessary services, remove unnecessary software, close open network ports, and review configuration settings.

1.  SERVICE TRANSITION REVIEW

Risk-based review of your environment during the onboarding process. Focused on identifying assets and identifying potential operational risks and then presenting remedial recommendations.

2.  PRODUCT HARDENING GUIDES

Product-focused hardening guides that aim to reduce security risk by eliminating potential attack vectors and reducing the attack surface.

3.  VULNERABILITY ADVISORIES

Proactive identification of new vulnerabilities for IBM products and guidance from our independent Global IBM Experts and our security team to mitigate exposure.

4.  IBM ENTITLEMENT REPOSITORY

Repository of entitled IBM software versions and fixes which are commercially available until your S&S expiry date and are downloaded as part of the onboarding process.

5.  ORIGINA INDEPENDENT SOLUTIONS

Solutions that are developed by Origina to address is identified weakness in the software product. These solutions can include configuration workarounds, disabling unused features, modifications to peripheral environments, vulnerability shielding, and independent code-based patches.

IT IS IMPORTANT TO UNDERSTAND THE ATTACK SURFACE THAT NEEDS PROTECTION.

The National Institute of Standards and Technology (NIST) defines the attack surface of an application as the set of points on the boundary of a system, a system element, or an environment where an attacker can try to enter, cause an effect on, or extract data from, that system, system element, or environment.

Reducing the attack surface is not just about applying software patches but also requires a risk-based approach in the context of your business and operational environment.

Your approach can include:

  • Correcting unsafe configurations to ensure adherence to security policies and best practice including, but not limited to the Principle of Least Functionality (PoLF)
  • Encrypting data when at rest and in transit
  • Securing access to applications to adhere to the Princple of Least Privilege (PoLP)
  • Protecting stored data
  • All while maximizing system availability

The following areas are covered in detail by our IBM product hardening guides:

Physical security

Setting environment controls for secure and controlled locations

Network and Services

Replacing services such as telnet and ftp with secure protocols, such as ssh and sftp

System backup

Ensuring backups are properly configured and maintained

Operating Systems

Ensuring entitled patches are deployed and access to firmware is locked

Patching and updates

Ensuring entitled patches and updates are deployed successfully

System auditing and monitoring
Enabling traceability and monitoring of events
   
Applications

Establishing rules on installing software and default configurations

Access Control

Renaming or disabling default accounts and changing passwords

Data encryption

Using encryption ciphers, such as SHA-256

Previous
Next

IMPLEMENTING CONSISTENT, SECURE CONFIGURATIONS ACROSS ALL SYSTEMS IN AN ENTERPRISE MINIMIZES RISK.

Hardening is not just about good practice. In some industries, product hardening is required to maintain compliance with frameworks such as the Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standard (PCI DSS), and the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity (NIST CSF). Reliance on software patches alone is not sufficient to protect software applications or to be compliant with these frameworks. Hardening can also contribute to the improvement of overall system performance by shedding unnecessary services while making systems more resilient to future threats.

Hardening is a continuous process and is not something that you implement once and then forget. The cybersecurity landscape is constantly shifting and so, too, are system changes. Once a security baseline is established, it is essential that you update it regularly to ensure it is effective in its defense of applications and stored data. As new threats are identified, and as systems change, retest the systems against the baseline to ensure that applications remain secure. To maximize the effectiveness of our hardening guides in providing protection against new and emerging threats, we continuously update them. Our Vulnerability Advisory service provides you with information about newly identified vulnerabilities in your IBM software products. We update product hardening guides with these new recommendations to ensure that you always have the latest advice to proactively secure your IBM products.

get better software support for your business

See how much you could save by switching to Origina

upgrade your support
Work With us