Neverfail Security Policy Regarding Continuity Engine

Neverfail Security Policy Regarding Continuity Engine

Summary

This Knowledge Base article provides information on Neverfail's policy regarding cyber security. UPDATED: November 2024

More Information

Neverfail takes security very seriously. In light of many of the news worthily incidents (and the thousands more we don’t hear about) surrounding trojan horse hacks and ransomware, Neverfail continues to tighten its security posture with its software.

Neverfail Continuity Engine provides users with the highest level of protection that enables IT administrators to recover from continuity events very quickly. Neverfail's approach is two fold:

Recovery from Malware and Ransomware 

Neverfail Continuity Engine establishes a process to ensure IT administrators can recover from malware and ransomware attacks due to its cluster architecture. Continuity Engine firewalls each node in the cluster. This means the Neverfail Channel connection is restricted to only Continuity Engine communications like replication, application and system monitoring. It also provides robust snapshots / data rollback module on each node in the cluster to ensure corrupted data is protected and recoverable on each firewalled node. This is a core value proportion of Continuity Engine where it protects the most critical applications.

Harden Continuity Engine

Continuity Engine provides the tools you need for almost immediate recovery from ransomware. Just follow the hardening recommendations detailed here: How to Use Continuity Engine For Ransomware Mitigation.

Snapshots / Data Rollback

Neverfail Continuity Engine’s Snapshots (also known as Data Rollback Module) helps avoid problems associated with corrupt data, by enabling data rollback to an earlier snapshot (shadow copy) / point-in-time, if data corruption occur. Snapshots feature configuration is explained in How to Setup Data Snapshots / Rollback for Neverfail Continuity Engine.

Third Party Software 

Neverfail Continuity Engine uses 3rd party software resources such as Apache Tomcat web services. Neverfail periodically upgrades Tomcat services in its production releases. This ensures we have the latest security patches available. Although our product releases do not coincide with Apache Tomcat, every effort is made to update Continuity Engine to reflect the latest security fixes.

In addition, Neverfail using OpenJDK in its core. Java is the primary automation tool Continuity Engine uses for orchestration of failover tasks. Achieving our acceptable/targeted/minimal baseline security standards includes periodic upgrades its distribution of OpenJDK. Each upgrade includes patches for security vulnerabilities.

Neverfail Continuity Engine also uses Apache Log4j which has been upgraded to remediate CVE_2021_44228.

Due to the fact that 80% of Continuity Engine core functions are centered around OpenJDK and that Continuity Engine limits storage of credentials, penetration testing is limited to once per year or at a major version release. We do not disclose the results of those test for security reasons.  As mentioned, security vulnerabilities are remediated via periodic upgrades from OpenJDK and Apache Tomcat and Log4j.

HSTS Enablement

HTTP Strict-Transport-Security (HSTS) is now enabled by default in Continuity Engine Management Service. Supported older versions of Engine may enable it as described in  How to enable HTTP Strict-Transport-Security (HSTS) in Continuity Engine Management Service.

Encryption

Encryption was updated to latest strongest standard commercially available today.

Two Factor Authentication

In the near future, Continuity Engine will integrate two factor authentication and eventually MFA into the Engine Management Service (EMS). This will add industry wide best practices for securing user level authentication to Continuity Engine.

Code Access

Neverfail strive to secure our product while in development. We limit who as access to source code and build repositories. Strict security protocols are enforced. We also support stringent log management policies in our engineering department to properly audit access and provide accountability.

Additional Information 

For more information on what is supported, please view the Continuity Engine Release Notes. You will find the security information in the section “OpenJDK and Apache Tomcat versions”. If you have questions, please feel free to open a ticket with Neverfail Support at support@neverfail.com.

Applies To

Neverfail Continuity Engine


    • Related Articles

    • End of Life Policy for Neverfail Continuity Engine

      EOL Policy - Continuity Engine Each Continuity Engine GA release supersedes the previous release. Thus, new GA release date means End of Life date for previous release. This means only the latest GA release version is available for download at a ...
    • Neverfail IT Continuity Engine v8.0 - Release Notes

      Summary This Knowledge base article provides information about this specific release of Neverfail IT Continuity Engine v8.0 More Information Supporting Documentation A listing of technical documents supporting this version of Neverfail IT Continuity ...
    • Continuity Engine Product Architecture

      Learning objectives At the completion of this session, you should be able to: Identify major components of the Neverfail Continuity Engine product architecture. Describe major component configuration. Identify advantages of the Neverfail Continuity ...
    • Continuity Engine Troubleshooting - Synchronization Failures

      Neverfail Continuity Engine provides protection to your applications by replicating data to a passive server. Continuity Engine attempts to synchronize protected data on all servers and continually replicates changes to that data. This article ...
    • General Advice Regarding Interoperability of Neverfail Engine with AntiVirus Solutions

      Summary This Knowledgebase article provides general information about interoperability with antivirus software. More Information Please consult and implement the Antivirus manufacturer’s advice, as Neverfail guidelines will often follow these ...