The fastest, open, infrastructure-independent, advanced analytics SQL database
Securely access and analyze enterprise (and public) text, audio & video data
An intuitive hunt and investigation solution that decreases security incidents
User and entity behavioral analytics that augments existing security tools and empowers security operations teams to identify and respond to the threats that matter before data is stolen
Autonomous operations through a business lens
Intelligent automation for service desk, configuration, and asset management
SQL analytics solution handling large amounts of data for big data analytics
High-scale protection of sensitive data at rest, in motion, and in use across systems
Agile/DevOps management for continuous quality and delivery
Manage and track requirements from idea to deployment
Plan, track, orchestrate, and release complex applications across any environment
Enable all aspects of SCCM with enterprise grade scalability, security, and compliance
Automate deployments for continuous delivery with drag-and-drop simplicity
Govern application lifecycle activities to achieve higher quality
Unify test management to drive efficiency and reuse
Integrated, component-based test framework that accelerates functional test automation
Accelerate functional test automation across web, mobile, API, and enterprise apps
Discover, design, and simulate services and APIs to remove dependencies and bottlenecks
Shift-left functional testing using the IDE, language, and testing frameworks of choice
Reliable and efficient test automation for functional and regression testing
Centralized, omnipresent lab to develop, debug, test, monitor, and optimize mobile apps
Learn more about the LoadRunner Family of solutions
Cloud-based solution to easily plan, run and scale performance tests
Project-based performance testing to identify performance issues
Easy-to-use performance testing solution for optimizing application performance
Collaborative performance testing platform for globally distributed teams
Discover, design, and simulate services and APIs to remove dependencies and bottlenecks
Identifies security vulnerabilities in software throughout development
Gain valuable insight with a centralized management repository for scan results
Manage your entire application security program from one interface
Provides comprehensive dynamic analysis of complex web applications and services
Builds packages of change artifacts to speed up mainframe application development
Enable faster, efficient parallel development at scale
A development environment that streamlines mainframe COBOL and PL/I activities
Intelligence and analysis technology that provides insight into core processes
Fuel mobile apps, cloud initiatives, process automation, and more
Future-proof core COBOL business applications
Maintain and enhance ACUCOBOL-based applications
Deliver application access—anywhere
Maintain and enhance COBOL systems
Maintain and enhance RM/COBOL applications
Connect COBOL applications to relational database management systems
Derive incremental value with real-time, relational access to COBOL data
Unlock business value with real-time, relational access to ACUCOBOL data
Connect ACUCOBOL applications to relational database management systems
Automatically understand and analyze Micro Focus COBOL applications
Build COBOL applications using Agile and DevOps practices
Deploy COBOL applications across distributed, containerized or cloud platforms
Modernize core business system infrastructure to support future innovation
Manage agile projects using a collaborative, flexible, requirements and delivery platform
Manage requirements with full end-to-end traceability of processes
Automatically understand and analyze IBM mainframe applications
Capture, analyze, and measure the value, cost and risk of application portfolios
Build packages of change artifacts to speed up mainframe application development
Build and manage packages of change artifacts to speed up mainframe application development
Provide multiple change management interfaces to maintain mainframe apps
Build and modernize IBM mainframe COBOL and PL/I applications
Enable faster, efficient parallel development at scale
Fuel mobile apps, cloud initiatives, process automation, and more
Manage mainframe files for fast problem resolution
Easily test mainframe application changes using flexible infrastructure
Compare and manage mainframe data, text, and directory files
Connect Dev and Ops by automating the deployment pipeline and reduce feedback time
Centralize planning and control for the entire software release lifecycle
Orchestrate and integrate processes for faster software development and delivery
Detect changes, synchronizes multiple environments, and restores failed systems
Execute IBM mainframe COBOL and PL/I workload on Windows, Linux and the Cloud
Execute modernized IBM mainframe workloads under Microsoft .NET and Azure
Modernize IBM, HP, and Unix application access across desktop and mobile devices
Web-enable IBM and VT application desktop access, Java free
Modernize Unisys mainframe application desktop access
Modernize IBM, HP, and Unix application desktop access
Automate IBM, HP, and Unix application desktop access
Create new applications and workflows with Web services and APIs for IBM, HP, and UNIX applications
Fuel analytics platforms and BI applications with Unisys MCP DMSII data in real time
Centralize host access management with identity-powered access control and data security
Modernize file transfer with security, encryption and automation, within and across the firewall
Learn how Advanced Authentication Connector for z/OS is a multi-factor authentication for all your IBM z/OS end points
Measure and manage terminal-based software deployment and usage
Centralize host access management with identity-powered access control and data security
Develop and deploy applications with a comprehensive suite of CORBA products
Build distributed applications at enterprise scale
Develop, deploy, and support CORBA 2.6 compliant middleware in C++ or Java
Connect applications on diverse operating environments
Email, IM, chat-based teamwork, anti-virus, anti-spam, disaster recovery, and more
Provides secure file access and sharing from any device
Provides secure email, calendaring, and task management for today's mobile world
Backup and disaster recovery solution that ensures critical email is always available
Seven essential tools to build IT infrastructures, including secure file sharing
Provides secure team collaboration with document management and workflow features
Provides single sign-on for enterprises and federation for cloud applications
Protect your sensitive information more securely with multi-factor authentication
File Reporter and Storage Manager solution suite bundle
File Reporter for OES examines OES network file systems and delivers intelligent file insights so you can make the most intelligent business decisions.
Provides secure file access and sharing from any device
Protects your key business systems against downtime and disaster
Simplifies resource management on a Storage Area Network and increases availability
File, print, and storage services perfect for mixed IT environments
Cloud-based endpoint backup solution with file sync and share, and analytics
Package, test, and deploy containerized Windows apps quickly and easily
Seven integrated products to help track, manage and protect endpoint devices
Provides reports that integrate licensing, installation and usage data
Provides automated endpoint management, software distribution, support, and more
Delivers identity-based protection for devices and features total protection
Proactive laptop and desktop data protection to automatically lock out threats
Automates patch assessment and monitors patch compliance for security vulnerabilities
Streamlines and automates the way you provide IT services to your business
Cloud-based, scalable archiving for regulatory, legal, and investigative needs
Archive all business communication for case assessment, search, and eDiscovery
Automate employee data and communication monitoring to meet regulatory compliance and internal initiatives
Mitigate risk across social media channels to meet regulatory compliance obligations
Helping organizations meet data privacy regulatory guidelines through the management & disposition of data.
Address the ever-changing needs of network data management
File analysis to discover, classify and automate policy on unstructured data
Discover what is being stored and who has access
Structured data archiving to retire outdated applications and reduce data footprint
Identity-driven governance of data & access
SaaS-based file analysis on all of your unstructured data
Respond to litigation and investigations quickly, accurately, & cost-effectively
SaaS-based file analysis on all of your unstructured data
Identify, analyze, and manage your data; then establish policies to protect your data properly and efficiently, in use and throughout its lifecycle, and ensure data preservation.
File analysis to discover, classify and automate policy on unstructured data
Discover what is being stored and who has access
Address the ever-changing needs of network data management
Structured data archiving to retire outdated applications and reduce data footprint
Helping organizations meet data privacy regulatory guidelines through the management & disposition of data.
Securely access and analyze enterprise (and public) text, audio & video data
Backup and disaster recovery for diverse, dynamic, and distributed enterprise
Automate provisioning, patching, and compliance across the data center
Discover and manage configuration items (CIs) in Hybrid IT environments.
Simplify fulfillment automation and enforce governance
Automate and manage traditional, virtual, and software-defined networks
The first containerized, autonomous monitoring solution for hybrid IT
Automate IT processes end-to-end
Build, secure, and scale automated business processes across the enterprise
Engaging end-user experience and efficient service desk based on machine learning
A comprehensive threat detection, analysis, and compliance management SIEM solution
An intelligent log management solution that eases compliance burdens and accelerates forensic investigation for security professionals
A comprehensive log management solution for easier compliance, efficient log search, and secure cost-effective storage.
Download and deploy pre-packaged content to dramatically save time and management
A future-ready data platform that transforms data chaos into security insight.
User and entity behavioral analytics that augments existing security tools and empowers security operations teams to identify and respond to the threats that matter before data is stolen
A fully-featured, adaptable solution that simplifies the day-to-day use of SIEM
A comprehensive Security Orchestration Automation Response platform with cognitive automation, investigation service desk, process orchestration and SOC analytics.
Persistent file encryption, complete control, and visibility to simplify unstructured data security
Format-preserving encryption, tokenization, data masking, and key management
Omni-channel PCI compliance and data protection for end-to-end payments security
Email, file, and Office 365 protection for PII, PHI, and Intellectual Property
Saas cloud email encryption to protect information on Office 365
The full solution for secure automated file transfer management inside and across perimeters
Identifies security vulnerabilities in source code early in software development
Provides comprehensive dynamic analysis of complex web applications and services
Gain valuable insight with a centralized management repository for scan results
Manage your entire application security program from one interface
Gain visibility into application abuse while protecting software from exploits
Provisions and governs access to unstructured data
Provides an LDAP directory with incredible scalability and an agile platform
Provides automated user access review and recertification to remain compliant
Delivers an intelligent identity management framework to service your enterprise
Provides single sign-on for enterprises and federation for cloud applications
Move beyond username and passwords and securely protect data and applications
Multi-factor Authentication for all your IBM z/OS end points
Integrate the host with your modern security framework
Adapt the authentication and access experience to the risk at hand.
Enables users to reset their passwords without the help of IT
Streamlines authentication for enterprise apps with a single login experience
Protect and manage access to your APIs.
Enables IT administrators to work on systems without exposing credentials
Limits administrative privileges and restricts directory views to specific users
Edit, test and review Group Policy Object changes before implementation
Protect critical data, reduce risk and manage change with Change Guardian
Extend the power of Active Directory to Linux resources
Unify and centrally manage policies across multiple platforms.
Protect critical data, reduce risk and manage change with Change Guardian
Finds and repairs configuration errors that lead to security breaches or downtime
Provides easy compliance auditing and real-time protection for IBM iSeries systems
Protect your network and messaging system from malware, viruses, and harmful content
Scalable, end-to-end encrypted email solution for desktop, cloud, and mobile
Cloud-based endpoint backup solution with file sync and share, and analytics
Package, test, and deploy containerized Windows apps quickly and easily
Provides reports that integrate licensing, installation and usage data
Provides automated endpoint management, software distribution, support, and more
Delivers identity-based protection for devices and features total protection
Proactive laptop and desktop data protection to automatically lock out threats
Automates patch assessment and monitors patch compliance for security vulnerabilities
Streamlines and automates the way you provide IT services to your business
Seven integrated products to help track, manage and protect endpoint devices
Help you embed security throughout the IT value chain and drive collaboration between IT operations, applications, and security teams.
Help you to react faster and gain a competitive advantage with enterprise agility.
Accelerate your hybrid cloud outcomes with advisory, transformation and implementation services.
Application management services that let you out-task solution management to experts who understand your environment.
Strategic consulting services to guide your digital transformation agenda.
Fully functional use-case modeling, with pre-built integrations across the Micro Focus Software portfolio, showcasing real-life use-case
Expert security intelligence services to help you quickly architect, deploy, and validate your Micro Focus security technology implementation.
A service integration and management service that optimizes delivery, assurance, and governance in multi-supplier settings.
Get insights from big data with real-time analytics, and search unstructured data.
Get insights from big data with real-time analytics, and search unstructured data.
Get insights from big data with real-time analytics, and search unstructured data.
Mobile services that ensure performance and expedite time-to-market without compromising quality.
Get insights from big data with real-time analytics, and search unstructured data.
Comprehensive Big Data services to propel your enterprise forward.
All Micro Focus learning in one place
Trusted Internet Connection (TIC) is a federal initiative launched in 2007 to improve the internet points of presence and external network connections for the government. TIC 3.0 is the latest iteration of this initiative, which modernizes federal IT and allows government agencies to access cloud services and work remotely with security.
So, what is a trusted internet connection? Simply put, a trusted internet connection is part of the mandate from the Office of Management and Budget that was meant to limit the number of gateways on the government network. TIC requires that all federal internet traffic be routed through an agency that is TIC-approved.
Traditionally, agencies have relied on perimeter-based security solutions. These methods worked (to some extent) when most employees were working within the perimeter and accessing applications and data through the data center. Microsoft recently wrote that traditional perimeter-based network defense is obsolete, because today’s digital estates typically consist of services and endpoints managed by public cloud providers, devices owned by employees, partners, and citizens, and web-enabled smart devices that the traditional perimeter-based model was never built to protect.
Expectations are high that TIC 3.0 will significantly improve security in today’s cloud-based IT environment. But in order to achieve the full benefits, agencies are recognizing they must also adopt a Zero Trust security model to ensure the data within the networked applications are protected.
Zero Trust has been a goal for organizations increasingly since it’s introduction in 2010; TIC 3.0 is a Federal mandate. TIC 1.0 and TIC 2.0 were almost exclusively focused on network access security. TIC 3.0 is primarily focused data and user behavior, reflecting both the evolution of modern threats, as well as the weaknesses inherent in network-only security.
According to the latest NIST guidance published in August 2020 (Zero Trust Architecture - nist.gov), zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources such as data.
Specifically, zero trust assumes there is no implicit trust granted to assets (like data) or user accounts based only on their physical or network location (i.e., local area networks versus the internet) or based on asset ownership (enterprise or personally owned). Authentication and authorization (both subject and device) are discrete functions performed before a session to an enterprise resource is established. Zero trust is a response to enterprise network trends that include remote users, bring your own device (BYOD), and cloud-based assets that are not located within an enterprise owned network boundary.
Zero trust focuses on protecting resources (assets, services, workflows, network accounts, etc.), not network elements, as the network is now no longer sufficient to ensure security posture of the resource. Below we outline zero trust dimensions, and give general deployment models and use cases where zero trust could improve an enterprise’s overall information technology security posture.
Sara Mosley, strategic architect at the Department of State, said in a recent article that TIC 3.0 and zero trust are dimensions of a new security philosophy accelerated and highlighted by the pandemic.
We know that the federal government updated its trusted internet connection policy, but why was a change necessary and what improvements were made over version 2.0?
An unfortunate legacy of perimeter security, the sole focus of TIC 1.0 and TIC 2.0, is a pervasive false sense of security. By hyper-focusing on keeping intruders outside the wall of protection, enterprises were vulnerable to inside threats. Breaches of security often went undetected for many months.
According to the Cybersecurity and Infrastructure Security Agency (CISA), in TIC 2.0, TIC security secured the perimeter of an agency by funneling all incoming and outgoing data to one access point. In 3.0, agencies are granted more flexibility to choose security plans that best fit their own network and specific needs.
The latest generation of the Trusted Internet Connection (TIC 3.0) will make it easier for agencies to modernize as they upgrade their network and data center infrastructures. "TIC 3.0 provides the agility that we need to move forward," said Allen Hill, director of the Office of Telecommunications Services in GSA's Federal Acquisition Services, during mid-November public meeting on the agency's $50 billion, 15-year Enterprise Infrastructure Solutions (EIS) contract.
The TIC effort, which aims to keep federal web traffic secure, began more than a decade ago, when agencies secured traffic with its scores of dedicated data centers, security devices and virtual private networks. Since then, federal agencies have pivoted to cloud technology with its more efficient, scalable and remote data transmission methods that render those older protections obsolete.
EIS incorporates software-defined network services that dramatically expand network parameters as well. TIC 2.0 diverse routing around network bottlenecks that Software Defined Networks (SDN), and it constrains routes that can be used, he said.
"As cloud became key to modernization efforts," TIC 2.0 "became a limitation," said John Simms, deputy branch chief of the Cybersecurity Assurance Branch in CISA's Federal Network Resilience Division. Simms said his agency is looking to see how TIC 3.0 can secure cloud environments. "We don't only have to think about the network perimeter, or the network traffic, but about the applications themselves and how we can be smart about employing technologies to secure those application stacks and data and monitoring."
CISA, GSA and the Chief Information Security Officer Council are developing TIC 3.0 pilot programs and use cases for specific applications, said Shawn Connelly, TIC program manager and senior cybersecurity architect at CISA. The current use cases cover infrastructure-as-a-service (IaaS), software-as-a-service (SaaS), email-as-a-service (EaaS) and platform-as-a-service as well as branch office applications, but, according to Connelly, agencies can suggest more.
"TIC 3.0 gives agencies room to get on pilots for new interpretations" for use cases, he said. CISA will work with the agency during the pilot period to develop best practices, make the application interpretation more vendor-agnostic and see how it might be used across the federal government,” Connelly said.
CISA, said Connelly, is currently talking to agencies about a zero-trust use case and a partner-collaboration use case.
In TIC 3.0, agencies can implement security measures closer to their data and establish trust zones and use cases rather than rerouting data to access points for inspection. Such flexibility is especially useful when dealing with Software as a Service (SaaS) technology and when employees are working remotely.
TIC 3.0 recognizes perimeter-based security is no longer sufficient. This is due in part to so many users or systems working outside the perimeter; further, malicious actors have become far more proficient at stealing credentials and getting inside the perimeter.
TIC 3.0 includes five security objectives that allow federal agencies to make the transition to the zero trust model:
Traffic Management within TIC 3.0 will, “observe, validate and filter data connections to align with authorized activities, least privilege and default deny.”
The challenge of effectively managing traffic is knowing where data is and who or what should have access to it at all times – at rest and in transit. In order to gain that knowledge, agencies need tools that develop a consistent, overarching view of identities inside and outside organizations. An effective tool collects and curates identity governance data, providing insight into who has access, why access was granted and whether that access is still needed. Continuous monitoring and updates provide a single source of truth for identity and access.
Agencies can begin by assessing where they are in the security matrix relative to identity and access management (IAM). IAM is a multi-tiered model in which each level of security provides a foundation for successive levels.
TIC 3.0 requires that only authorized parties can discern the contents of data in transit, sender and receiver identification, and enforcement.
The challenge of protecting traffic confidentiality centers on encrypting data in transit, including unstructured data, and confirming the identities of senders and receivers. One solution is technology that embeds kernel drivers into the file system stack of Windows and non-Microsoft systems, operating transparently to the end user. A driver intercepts files, encrypting and decrypting data on the fly, and works with all applications and file types.
Organizations can use policy rules to ensure the automatic encryption of data in real time, without slowing workflow. These solutions also enable monitoring of data at runtime, including the capture and analysis of such information as when and where a file was opened and how it was used.
Protecting traffic confidentiality involves format- preserving encryption, and level two of identity access management spans a half-dozen or so capabilities.
Service resiliency promotes resilient applications and security services for continuous operations as the technology and threat landscape evolve. Mission effectiveness requires system continuity and reliability. Guaranteeing uptime can be a challenge when demands on a system spike or a network is under attack, especially if the IT team is stretched thin. Automating mundane and repetitive tasks, and adding in workflow processes can lighten the load on human workers and keep operations running. Specialized software has the capacity to handle half or more of incident response tasks. Workflow automation and AI can interrogate endpoints, configure firewalls, isolate computers in a network and lock user accounts. These technologies also assist human analysts by gathering data to speed analysis and undertake remediation. In use case studies, integrated AI and machine learning can speed investigation of and response to incidents by a factor of 10. When it comes to threat detection and response, every second counts. A powerful security information and event management (SIEM) platform will detect, analyze and prioritize those threats in real time. Effective platforms also support security operation centers (SOCs) with workflow, response and compliance management. An industry-leading threat correlation engine will promote effective security analytics in an SOC.
TIC 3.0 promotes timely reaction and adapt future responses to discover threats; defines and implements policies; and simplifies adoption of new countermeasures is the key goal of incident response.
The inside threat today exists largely in the form of application code and application security. On average, applications used by government agencies are 80% custom code or open source code. They’re not from a vendor that has enterprise-grade software testing capabilities nor even responsibility. Cyber incidents and breaches are, 85% of the time, the result of custom or open source code. That code is the real opportunity for security problems.
Research conducted by Sonatype found that:
To put this in perspective, on average, developers had access to more than 21,448 new open source component releases every day, since the beginning of 2018.
At present, organizations routinely respond to large volumes of alerts and threat data requiring immediate attention. To manage the unrelenting flow of critical data, agencies in the future will leverage more machine-driven automated activities. Agencies moving toward TIC 3.0 will benefit from technologies that help organizations to have a central place for collecting alerts and threat feeds – and to respond and remediate incidents at machine speed.
Multi-factor authentication (MFA) make it possible to centralize authentication and authorization management. Streamlined management from a single solution cuts costs and bolsters security. Solutions that can leverage open standards allow for quick integration and protect against security breaches and the risk of vendor lock-in. The built-in flexibility of an advanced authentication framework allows for customizing security protocols and methods, plus improvement of the overall user experience.
Format-preserving Encryption (FPE) is a new kind of encryption used to cipher a plain text preserving its original length and formatdescribed by NIST standard (SP 800-38G) is extensively vetted and validated by the cryptographic community, and ensure any exfiltrated data is useless. This type of security solution, such as Voltage, can be implemented easily to existing applications.
Security Orchestration, Automation and Response (SOAR) software can automate three major categories of activities, all traditionally executed manually by analysts:
The power of these type of automation is that you can mix and match all these categories and build end-to-end playbooks with full automation, if you wish.
System resiliency and risk management also both stand to benefit from the implementation of TIC 3.0.
Use cases involving zero trust, Internet of Things (IoT), interagency communication, and SaaS are all expected to be published as TIC continues to evolve. These use cases will provide guidance to agencies as they configure platforms and services to be in accordance with 3.0.
Overlays have also been made to use platforms provided by outside vendors to make sure TIC security capabilities are fully functional across platforms.
Agencies can participate in TIC pilots for scenarios which are not yet covered in use cases. This collaborative process is supported by leadership such as CISA and OMB and could produce new use cases for technology used by the federal government.
Micro Focus is committed to being a partner in the digital transformation of enterprises, businesses, and federal agencies. Our open and flexible software helps companies make the transition to embracing the technology of the future, including providing TIC 3.0 services and solutions. Learn more about Micro Focus Government Solutions which can help you modernize and secure your network and data center infrastructures with TIC 3.0 and Zero Trust.
Despite the considerable interest within federal government IT circles, implementation of the Zero Trust model won’t be a slam dunk. TIC 3.0 can illuminate the way, providing clarity in the form of five security objectives that align with the conceptual framework of Zero Trust. This free report, in collaboration with GovLoop, will act as a playbook, going over the five security objectives and how you can achieve them at your agency.