Neverfail Security Policy Regarding Neverfail Continuity Engine

Neverfail Security Policy Regarding Neverfail Continuity Engine

Summary

This Knowledge Base article provides information on Neverfail's policy regarding cyber security. UPDATED: 4/1/2022

More Information

Neverfail takes security very seriously. In light of many of the news worthily incidents (and the thousands more we don’t hear about) surrounding trojan horse hacks and ransomware, Neverfail continues to tighten its security posture with its software.

Neverfail Continuity Engine provides users with the highest level of protection that enables IT administrators to recover from continuity events very quickly. Neverfail's approach is two fold:

Recovery from Malware and Ransomware 

Neverfail Continuity Engine establishes a process to ensure IT administrators can recover from malware and ransomware attacks due to its cluster architecture. Continuity Engine firewalls each node in the cluster. This means the Neverfail Channel connection is restricted to only Continuity Engine communications like replication, application and system monitoring. It also provides robust data rollback module on each node in the cluster to ensure corrupted data is protected and recoverable on each firewalled node. This is a core value proportion of Continuity Engine where it protects the most critical applications.

Third Party Software 

Neverfail Continuity Engine uses 3rd party software resources such as Apache Tomcat web services. Neverfail periodically upgrades Tomcat services in its production releases. This ensures we have the latest security patches available. Although our product releases do not coincide with Apache Tomcat, every effort is made to update Continuity Engine to reflect the latest security fixes.

In addition, Neverfail using OpenJDK in its core. Java is the primary automation tool Continuity Engine uses for orchestration of failover tasks. Achieving our acceptable/targeted/minimal baseline security standards includes periodic upgrades its distribution of OpenJDK. Each upgrade includes patches for security vulnerabilities.

Neverfail Continuity Engine also uses Apache Log4j which has been recently upgraded to remediate (CVE-2021-44228).

Due to the fact that 80% of Continuity Engine core functions are centered around OpenJDK and that Continuity Engine limits storage of credentials, penetration testing is limited to once per year or at a major version release. We do not disclose the results of those test for security reasons.  As mentioned, security vulnerabilities are remediated via periodic upgrades from OpenJDK and Apache Tomcat and Log4j.

Two Factor Authentication

In the near future, Continuity Engine will integrate two factor authentication and eventually MFA into the Engine Management Service (EMS). This will add industry wide best practices for securing user level authentication to Continuity Engine.

Code Access

Neverfail strive to secure our product while in development. We limit who as access to source code and build repositories. Strict security protocols are enforced. We also support stringent log management policies in our engineering department to properly audit access and provide accountability.

Additional Information 

For more information on what is supported, please view the Continuity Engine Release Notes. You will find the security information in the section “OpenJDK and Apache Tomcat versions”. If you have questions, please feel free to open a ticket with Neverfail Support at support@neverfail.com.

Applies To

Neverfail Engine


    • Related Articles

    • Neverfail Continuity Engine v8.5 - Release Notes

      Summary This Knowledge base article provides information about the 8.5 release of Neverfail Continuity Engine and all subsequent updates to this release. Neverfail Continuity Engine v8.5 Update 7 The following information applies to ...
    • Neverfail IT Continuity Engine v8.0 - Release Notes

      Summary This Knowledge base article provides information about this specific release of Neverfail IT Continuity Engine v8.0 More Information Supporting Documentation A listing of technical documents supporting this version of Neverfail IT Continuity ...
    • Continuity Engine Product Architecture

      Learning objectives At the completion of this session, you should be able to: Identify major components of the Neverfail Continuity Engine product architecture. Describe major component configuration. Identify advantages of the Neverfail Continuity ...
    • Neverfail Continuity Engine v8.1 - Release Notes

      Summary This Knowledge base article provides information about this specific release of Neverfail Continuity Engine v8.1 More Information Supporting Documentation A listing of technical documents supporting this version of Neverfail Continuity ...
    • Continuity Engine Troubleshooting - Synchronization Failures

      Neverfail Continuity Engine provides protection to your applications by replicating data to a passive server. Continuity Engine attempts to synchronize protected data on all servers and continually replicates changes to that data. This article ...