PRODUCT HARDENING GUIDES
SECURITY EXPERTS AGREE THAT THERE IS NEVER A SINGLE MAGIC BULLET WHEN IT COMES TO PROTECTING AGAINST CYBERSECURITY THREATS.
People often assume that software vulnerabilities are solely a result of defects within the software code. However, poor configuration and implementation of software is often exploited. The growing complexity of software and rapid change or product lifecycle combined with operational and budget pressures can result in the poor compliance to security baselines.
Some examples of security risk due to poor adherence to security best practice include:
To mitigate common security threats requires a multi-layered approach to security that focuses on people. Good security practice must be a mandatory component of system and application commissioning plans and must include the adoption of a continuous monitoring process.
ORIGINA'S LAYERED APPROACH TO SECURITY
Origina's hardening guides are a collaboration between our independent Global IBM Experts and our security team. The hardening guides have a single purpose: Enhance the security posture of your IBM software products to proactively reduce the likelihood of affecting the confidentiality, integrity or availability of your IBM investments and hosted, or processed, data.
Origina adopts a risk-based, multi-layered approach to helping you to proactively protect your IBM® software investments against cybersecurity threats. This approach ensures that appropriate mitigating actions are implemented that prevent the exploitation of vulnerabilities and misconfigurations and that accidental actions that affect the Confidentiality, Integrity or Availability (CIA) of your IBM investments are hosted or processed.
Origina’s hardening guides are a key component of our multi-layered approach to helping you to proactively secure your IBM software products. The practice of hardening goes beyond just using the recommended security settings and is the practice of addressing the risk of attack by undertaking actions to tackle vulnerabilities, disable unnecessary services, remove unnecessary software, close open network ports, and review configuration settings.
1. SERVICE TRANSITION REVIEW
Risk-based review of your environment during the onboarding process. Focused on identifying assets and identifying potential operational risks and then presenting remedial recommendations.
2. PRODUCT HARDENING GUIDES
Product-focused hardening guides that aim to reduce security risk by eliminating potential attack vectors and reducing the attack surface.
3. VULNERABILITY ADVISORIES
Proactive identification of new vulnerabilities for IBM products and guidance from our independent Global IBM Experts and our security team to mitigate exposure.
4. IBM ENTITLEMENT REPOSITORY
Repository of entitled IBM software versions and fixes which are commercially available until your S&S expiry date and are downloaded as part of the onboarding process.
5. ORIGINA INDEPENDENT SOLUTIONS
Solutions that are developed by Origina to address is identified weakness in the software product. These solutions can include configuration workarounds, disabling unused features, modifications to peripheral environments, vulnerability shielding, and independent code-based patches.
IT IS IMPORTANT TO UNDERSTAND THE ATTACK SURFACE THAT NEEDS PROTECTION.
The National Institute of Standards and Technology (NIST) defines the attack surface of an application as the set of points on the boundary of a system, a system element, or an environment where an attacker can try to enter, cause an effect on, or extract data from, that system, system element, or environment.
Reducing the attack surface is not just about applying software patches but also requires a risk-based approach in the context of your business and operational environment.
Your approach can include:
The following areas are covered in detail by our IBM product hardening guides:
Setting environment controls for secure and controlled locations
Network and Services
Replacing services such as telnet and ftp with secure protocols, such as ssh and sftp
Ensuring backups are properly configured and maintained
Ensuring patches are deployed and access to firmware is locked
Patching and updates
Ensuring patches and updates are deployed successfully
System auditing and monitoringEnabling traceability and monitoring of events
Establishing rules on installing software and default configurations
Renaming or disabling default accounts and changing passwords
Using encryption ciphers, such as SHA-256
IMPLEMENTING CONSISTENT, SECURE CONFIGURATIONS ACROSS ALL SYSTEMS IN AN ENTERPRISE MINIMIZES RISK.
Hardening is not just about good practice. In some industries, product hardening is required to maintain compliance with frameworks such as the Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standard (PCI DSS), and the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity (NIST CSF). Reliance on software patches alone is not sufficient to protect software applications or to be compliant with these frameworks. Hardening can also contribute to the improvement of overall system performance by shedding unnecessary services while making systems more resilient to future threats.
Hardening is a continuous process and is not something that you implement once and then forget. The cybersecurity landscape is constantly shifting and so, too, are system changes. Once a security baseline is established, it is essential that you update it regularly to ensure it is effective in its defense of applications and stored data. As new threats are identified, and as systems change, retest the systems against the baseline to ensure that applications remain secure. To maximize the effectiveness of our hardening guides in providing protection against new and emerging threats, we continuously update them. Our Vulnerability Advisory service provides you with information about newly identified vulnerabilities in your IBM software products. We update product hardening guides with these new recommendations to ensure that you always have the latest advice to proactively secure your IBM products.
get better software support for your business
See how much you could save by switching to Origina