LATEST NEWS


Events

We’ll be presenting and exhibiting at the following NonStop events:


BITUG Little SIG 2023

7th December
Office Space in Town, 20 St Dunstan's Hill, London EC3R 8HL
www.BITUG.com


GTUG 2024 EUROPEAN NONSTOP Hotspot

8th-10th April
Steigenberger am Kanzleramt Hotel, Berlin, Germany
www.GTUG.de


SunTUG Sunshine Summit 2024

26th-27th April
Embassy Suites by Hilton, Tampa Airport Westshore, Tampa, Florida, USA
www.eventbright.com


Connect NonStop Technical Boot Camp 2024

23rd-26th September
Hyatt Regency Monterey, Monterey, California, USA
www.nonstoptbc.com

 
 
PR_TP_SILV_RGB_DIGITAL.png
 

March 2023

Cybersecurity blog post by our CTO, Greg Swedosh

From Compliance to Resilience: Strengthening Cybersecurity in a Changing Threat Landscape

In today’s fast-paced digital world, cyber threats are increasing at an alarming rate. From data theft to ransomware attacks and disruption of service, the changing cybersecurity landscape is posing challenges for organizations worldwide. The days of NonStop security by obscurity are gone as organizations look to establish an enterprise-wide approach to cybersecurity. The traditional approach of ticking boxes for compliance is no longer enough to protect sensitive data and ensure the continuity of business operations. Instead, a more proactive and comprehensive approach towards cybersecurity is required, one that emphasizes cyber resilience. This article aims to provide insights into cyber resilience for the HPE NonStop server environment and the need to move beyond mere compliance to establish a strong cybersecurity setup that can withstand cyber-attacks. Cyber resilience can be defined as the ability of an organization to maintain essential business operations, quickly recover from cyber-attacks, and adapt to changes in the cybersecurity landscape. It is a holistic approach that goes beyond compliance and focuses on identifying vulnerabilities, mitigating risks, and enhancing the overall security posture. Cyber resilience requires a combination of technical controls, policies, procedures, and human resources that work together to reduce the likelihood and impact of cyber incidents.

Identifying Sensitive Data:

The first step in setting up any kind of model for robust cyber resilience is the need for the organization to identify and locate where their sensitive data resides on the system. If asked, most organizations will tell you that they know where their data resides and point to the confines of their application environment. It is important, however, to determine that your data has not leaked out to other parts of the system, or even to other systems. For example, are you certain that production data has not been taken across to a non-production system for testing or troubleshooting? While procedures forbidding this are typical within most organizations, it is unfortunately still common practice. The plan to clean it up later is also often overlooked. It is only therefore by using an automated data discovery tool that you can really be sure that you know all locations where your sensitive data resides and then do something about it. It is not possible to protect something if you don’t know where it is.

PCI DSS version 4.0 has also added another angle to data discovery and defining the scope of where your sensitive data resides. Not only do you need to ‘prove’ where your sensitive data does reside, you now need to have automated measures in place to prove where it ‘does not’ reside.

Read the full article here.


November 2022

INTRODUCING TOKENATOR™

All new format-preserving Tokenisation solution for the HPE NonStop Platform

HPE Tokenator uses proprietary data-intercept technology. Application data is intercepted before it is written to disk and is converted into format-preserved tokens – desensitizing it and rendering it worthless to hackers who might gain access to your application and/or database. By removing sensitive data from your system, you reduce your risk and make it far easier to meet security compliance standards such as PCI DSS.

By using data-intercept and by creating tokens in the same format as the data it’s replacing, your application and database require no changes, making deployment fast and relatively simple.

While we anticipate most users would deploy HPE Tokenator to desensitize payment card data, users can define what type of sensitive data they would like to protect with format-preserved tokens. Other typical examples could include: social security numbers, telephone numbers, passport numbers, healthcare records etc.

HPE Tokenator is 100% NonStop based (no additional external hardware required) and has been developed with a keen eye on optimizing the performance of the solution at every stage. This ensures minimal latency.

HPE Tokenator key features include:

  • Strong, industry standard, cryptographic algorithm support: AES-256, SHA-256

  • Flexible and customisable cryptographic key management

  • Format-preserving encryption including support for custom/specialised tokenisation patterns

  • Rapid deployment with no application or database changes: Intercept technology eases implementation and reduces complexity

  • HPE NonStop based solution: no external systems required

HPE Tokenator is now released under controlled availability. If you’d like further information, please contact sean.bicknell@4techsoftware.com and we will connect you with the relevant team at HPE.


August 2022

PCI DSS V4.0 ADDS NEW PAN DATA DISCOVERY REQUIREMENT

With the introduction of the new Requirement 12.5.2, PCI has effectively mandated the use of PAN data discovery – necessary for defining and verifying your PCI DSS Scope and Cardholder Data Environment.

One of the most significant updates to V4.0 of the Payment Card Industry Data Security Standard (PCI DSS) compared to the out-going V3.2.1 is the new emphasis being placed on the importance of Scoping – or defining and confirming your Cardholder Data Environment (CDE). It’s your CDE which needs to meet PCI’s increasingly stringent requirements, as that’s where your customer card data lives and is processed.

PCI DSS V3.2.1 devoted three pages of the introduction to information on the Scope of PCI DSS Requirements and defined the CDE as “…people, processes and technologies that store, process, or transmit cardholder data or sensitive authentication data.”

PCI DSS V4 goes much further, providing a far more detailed introduction on the subject of Scoping (now running to ten pages) and now also includes a brand-new specific requirement within the Standard: ‘12.5 - PCI DSS scope is documented and validated’. That validation requirement will be covered later in this article.

V4.0 is also far broader when it comes to defining the CDE, which is now described as “System components, people, and processes that store, process, and transmit cardholder data and/or sensitive authentication data, and, System components that may not store, process, or transmit CHD/SAD* but have unrestricted connectivity to system components that store, process, or transmit CHD/SAD. And system components, people, and processes that could impact the security of the CDE.”

Read our new White Paper for full details.

 

April 2022

We’re Hiring!

Experienced HPE NonStop (Tandem) developer required for our growing software development company.

NonStop Developer Job Spec

Job Role:

  • Programming software products for the HPE NonStop market as per specs provided

  • Participating in application architecture design and review

  • Producing automated test tools and assisting in testing of products

  • Providing second level support for customers and HPE support personnel as required

  • Potential for onsite customer implementation work

  • Some on-call support

Required skills and experience:

  • Programming, debugging and unit testing software in C

  • Programming, debugging and unit testing software in TAL

  • Strong working knowledge of Guardian OS environment and utilities

  • Strong professional verbal and written communication skills

  • Excellent technical support, problem-solving skills, customer service, and interpersonal skills

  • Excellent documentation skills

  • Highly motivated person who is comfortable working independently with minimal supervision

Additional preferred skills and experience:

  • Experience with BASE24-eps and/or BASE24-classic

  • SQL/MP

  • SQL/MX

  • Programming experience in the OSS environment

  • TACL programming

  • HSM interfaces

  • Visual Basic/.NET

Working Conditions:

  • Permanent part time position (20-25 hours per week) – suit somebody who is looking to scale down their working hours from full-time but still be intimately involved in a dynamic NonStop team

  • Remote working with periodic meetings with other team members over web conference

  • Highly flexible working hours to fit in with your home life

  • We’re flexible on working/employment terms

  • Would ideally be UK (or Europe) based, but once again, we’re flexible

  • Possibility for international travel

  • Competitive pay

About 4tech Software:

4tech Software Ltd. is a UK based software company specialising in security and compliance products for the HPE NonStop server platform. We were founded in 2010, we have offices in both the UK and Australia and are partnered with HPE which distributes our software products globally.

Next step:

To apply or if you have any questions please email hr [at] 4techsoftware.com


October 2021

4tech and HPE Partnership

London, 27th October 2021. For over a decade 4tech Software Limited (4tech) has been a Business, Alliance and Technology partner with Hewlett Packard Enterprise (HPE). Today we’re pleased to share news of a strengthening of that partnership by announcing HPE as our primary global sales, distribution and support partner.

4tech’s existing security/compliance solutions; PANfinder and Integrity Detective will be available via your HPE NonStop representative with immediate effect, with support via HPE’s excellent GNSC service as you would expect.

PANfinder (PF) is the cornerstone of any PCI-DSS compliance project. PF has consistently located sensitive payment card data being inadvertently stored outside of defined cardholder data environments. After its initial reports and remedial actions being carried out, PF continually searches HPE NonStop servers for readable sensitive payment card data, highlighting problems as they occur and providing valuable proof of ongoing compliance.

Integrity Detective (ID) is the most comprehensive file and subsystem configuration integrity monitor available for the HPE NonStop today. ID provides continuous (real-time) monitoring and reporting of your HPE NonStop files, objects and subsystem configurations. So if something changes and your system security is compromised, an alert will be generated and you’ll be able to take immediate action.

“I don’t want people to think HPE is simply offering alternatives to existing solutions with this partnership” said Sean Bicknell, Sales Director, 4tech, “with HPE offering 4tech’s solutions, they’re adding products with functionality never previously available via HPE. NonStop users will now find it even easier to improve security on their NonStops with 4tech’s best of breed products”.

“4tech’s solutions have been developed with the end user and their specific job function in mind” added Greg Swedosh, Technical Support Director and CISO at 4tech, “our solutions are quick and easy to install and configure, with exactly the right level of functionality to allow you to effectively do your job, while quickly achieving regulatory compliance”.


August 2021

INTEGRITY DETECTIVE – V3.0 Full Release

We’re very pleased to announce the full availability of Integrity Detective V3.0.

The key updates include:

  • Found Values feature - GUI now displays the “should be” and “actual” values side by side

  • All Safeguard objects can now be monitored

  • New Fingerprint Density param. This allows reduced Safeguard logging & resource usage while maintaining a similar lever of protection and detection

  • Netbatch - Additional job parameters monitored. Waitons also now monitored

  • Reports on FIM files, compatible with legacy integrity monitoring tools, can be produced – either at end-of-checking-cycle or on a schedule

  • Significant performance enhancements. Reduced resource usage. More comparisons done in memory, fewer disc accesses

Found Values

ID now captures a mismatched value and displays it in the GUI. Users can see immediately the should be and actual values side by side

This example of the new Found Values feature shows how ID displays the found difference between axis2/ and axis3/

 

Safeguard Objects

All Safeguard objects can be monitored. This includes all Access Control Lists (ACLs) for discs, files, processes, devices, etc. Also monitors Safeguard Groups, Object Types, SEEPs, and Globals.

 

February 2021

OUR NEW VIRTUALISED NONSTOP IS LIVE

While COVID-19 has been terrible for some businesses and our hearts go out to those seriously affected by it, we’re extremely grateful that its had minimal impact on operations at 4tech. We’re continuing with the plans we made in pre-COVID times to enhance the hardware we use for our software development.

We’re pleased to announce the latest addition to our server room: a new virtualised NonStop system based on HP Proliant hardware.

As with our existing systems, it will be used to help maintain our current NonStop security solutions and is also being used for an exciting new product. More on that later this year.


July 2020

INTEGRITY DETECTIVE – V2.1 NEWS Update

Here we take a closer look at some of the new features included in the latest Integrity Detective V2.1 release. The key updates include:

  • Monitor the output of third party COM programs. Raise a real-time alert if configuration or other changes are detected

  • Watched subvolumes and subdirectories. ID now raises alerts in the event of objects being added to or deleted from watched areas

  • Extensive reporting updates

  • Shortcuts – take you directly the to GUI panel

COM Programs

For third party utilities and for HPE subsystems where there is no programmatic access, the ID COM Programs module allows the user to check an INFO screen. By giving the name of a COM program - one that is normally run from the TACL command line - and supplying an appropriate command, ID can be configured to run the command and to check specific parts of the output to ensure the text has not changed.

 

The COM panel is divided into two smaller panels. The left panel shows all the commands that have been configured. The right-hand panel shows the expected output from the selected command. The highlighted areas in the right panel show the text that is checked.

Example 1)

ID has traditionally monitored native Nonstop subsystems. Now it can monitor 3rd party subsystems or tools it has never seen before – as well as Nonstop tools that do not have a simple programming interface. As long as the application has a COM interface – one that can be used from a TACL prompt – ID can capture the output from the COM program and the user can specify what fields on the screen are to be checked.

A simple example is worth a thousand words, so let’s look at the SPOOLCOM command > SPOOLCOM SPOOLER

Configured in ID

 

ID will run the command SPOOLCOM SPOOLER and load the output to its screen.

Output presented to the user

 

Then the user simply highlights the fields – or entire lines - that need to be checked, saves the selection and sets the Monitor checkbox to start the checking

User selects fields to be checked

 

Example 2)

TMFCOM INFO TMF

This shows the COM programs and the commands configured for them to run. We have used common HPE utilities for our example, but obviously this can be extended into COM programs from third-party suppliers to check that the configuration of their software has not been changed.

 

Checking the Config volume, the audit trail format and other params

 

As you would expect from ID, the frequency of the checks can be adjusted to control resource usage.

 

Watched Folders

As well as checking that files and configurations are not tampered with, the secure system needs to know that additional files are not introduced into ‘powerful’ locations.

ID can ‘watch’ folders – (folders = our shorthand term for both Guardian subvolumes and OSS subdirectories). Watching involves checking that the list of files within a folder does not change – both additions and deletions are detected. Files within a folder can also be monitored with the FIM component.

 

When a “variation” (a file added or removed) is detected an alert is issued and the offending folder is highlighted. Only once the variation has been accepted can the folder return to the normal status.

 

Reporting

Reports are generated on the host and can be sent to:

  • A Spooler location

  • An Edit file

  • Back to the initiating GUI

Each module has its own set of reports and any of them can be run:

  • On a schedule – daily or weekly

  • Immediately – to a spooler or EDIT file

  • Immediately – with output to the GUI

When a report is output to the GUI it can be saved as a .txt file.

Some of the reports available in the FIM

module

 

Reports direct to the GUI

 

Reports create their own panel and the contents can be saved to a text file.