Tuesday, December 13, 2011

XYPRO Opens New Headquarters

XYPRO Technology Corporation proudly announces the grand opening of its new, larger Headquarters located at 4100 Guardian Street, Suite 100, Simi Valley, California, 93063 USA.


XYPRO Technology has experienced tremendous growth over the past few years and is forecasting a continued positive growth rate for the next 5 years and beyond. We had been at our original Cochran Street location since 1986.

After expanding as much as we could there, we are excited to work every day in our new home. It was more than a great street name that prompted us to choose this particular new location, XYPRO employees enjoy the benefit of a modern, 15,000 sq. ft, ground floor suite, a larger datacenter capable of supporting accelerated growth with redundant power and connectivity. Our new digs also offer enhanced telecommunications and wireless infrastructure, expanded training/education and conference room facilities and room to grow……

The property at 4100 Guardian St. is a beautifully maintained, two-story, 136,000-square-foot office building built in 1999, on 10.3 acres in the foothills of Simi Valley, California.








Tuesday, November 29, 2011

XYPRO Presents: A Witham Laboratories Presentation:

PCI DSS - Lessons from the Field

If you were unable to attend our webinar on November 1st, please visit our website to view the recorded presentation featuring Dr. Sajal Islam, a Qualified Security Assessor (QSA) from Witham Laboratories, that focuses on what QSAs look for in a  when assessing PCI DSS compliance in a NonStop environment.  Witham Laboratories is a leading independent provider of information security evaluations, offering specialist consultancy and advice in payment industry security.

This Webinar provides specific scenarios from the field and covers the following:
•           Views and experiences gathered by Witham Laboratories from numerous PCI DSS assessments for NonStop clients.
•           A detailed breakdown of the PCI DSS with specific focus on how the PCI DSS requirements apply to the NonStop.
•           What issues and areas QSAs typically look for when performing PCI DSS assessments on NonStop.

Achieving PCI Data Security Standard (PCI DSS) compliance is critical for every organization that stores, processes, or transmits card holder data, from the smallest merchants to the largest card issuers.  In short, this Webinar will give you valuable information to help you with your next PCI DSS assessment.

View our recorded webinars here: https://www.xypro.com/xypro/webinars

Representatives from XYPRO are available after your viewing to help explain how XYPRO’s XYGATE suite of security solutions assist you in meeting your PCI DSS obligations.
                                                                                                                                                                                          
Barry Forbes

Monday, October 17, 2011

Verizon 2011 Data Breach Investigation Report – breaches down, or are they?

The 2011 Data Breach Investigation Report (DBIR) from Verizon (http://bit.ly/pt5xV9 ) now incorporates data from the United States Secret Service and the Dutch National High Tech Crime Unit as well as Verizon’s own data.  It is a comprehensive report, extensively covering data breach activity in 2010, and it draws some interesting, and sometimes almost contradictory, conclusions.

2008 saw a record number of 361 million records compromised, 2009 saw a reduction to 144 million, and in 2010 that number dropped to 4 million.  Hang on, 144 million -> 4 million?  As the report says, that’s almost a rounding error!  Not to say that 4 million records compromised is good, that’s still 4 million more than we’d ideally have to deal with, but it’s a pretty radical reduction.  So, one question might be “Why?”.  As it turns out, the main reason is that, for some reason, 2010 had virtually no “mega” attacks, which typically bump the numbers up by a million or more.  But let’s continue to look…

In actual fact, now that we are more than 9 months through this year, we know enough to determine whether 2010 was part of a long term trend of data breach reduction, or an anomaly.  And with Sony, Espilon, RSA and Citi breaches already behind us in 2011, the unfortunate news is that the numbers this year are likely to be back up.  In fact, numerous industry observers are now saying that 2011 is likely to be the worst year on record, in terms of number of records compromised.

So perhaps a better idea is to look at the trends indicated by the Verizon report, along with the knowledge of the 2011 breaches, to identify what we could and should be doing better.

One of the interesting facts from the Verizon report is that, even though total number of records compromised was (WAY) down, the actual number of breaches was up (761 in 2010, versus a total from 2004-2009 of 900).  This is partly due to the inclusion of the Dutch data, but it also shows that cybercriminals are now willing to perform their exploits for smaller returns, which itself is a little worrying.

Another interesting statistic - 83% of all attacks were opportunistic, meaning the victim was identified because they exhibited a weakness or vulnerability that the attacker could exploit.  Often these were due to POS and other systems being installed with default user information, which became known within the criminal community.  Put another way, closing down these relatively simple (and obvious) loopholes could drastically reduce the occurrence of data breaches.

The other 17% of attacks were targeted, meaning that the victim was first chosen as the target, then a method of exploitation was determined.  Unfortunately, but not surprisingly, the financial industry was most represented in the ranks of the targeted attack victims.

Following on from the targeted attack point, 96% of all records compromised were card numbers and/or card data, a truly worrying figure.

So, what can we learn from this?

We know from the number of attacks in the first half of this year that cybercrime is not decreasing.  Both the number of attacks, and the cost of those attacks, continues to rise.  Cybercriminals utilise opportunistic attacks for relatively small gains in many cases, and targeted attacks on financial institutions.  Card numbers continue to be stolen, in large volumes.

It remains critical to protect sensitive data, both at rest, and in transit.
Use SSL and file encryption solutions when possible.
Ensure that the platforms/applications receiving the sensitive data also protect it.
Get to know the security administrators on those platforms and ask them to do the same with the applications/platforms they share data with.


Remove as many areas of opportunistic attack as possible:
Don’t use default userids and passwords.
Put granular access control and auditing in place.
Feed your audit data (from all platforms and applications) into a SIEM device to get an enterprise-wide view of your security events.

XYPRO’s XYGATE security suite can address all these areas, and more.  For more information on how XYGATE can help secure your HP NonStop platform, applications and data, please see our website www.xypro.com, or email me at andrew_p@xypro.com

Andrew Price
XYPRO Technology Corporation

Wednesday, September 7, 2011

EDB Card Services AB Brings its HP NonStop™ Audit Into The Enterprise

SIMI VALLEY, California – XYPRO® today announced that, as part of its PCI-DSS project, EDB Card Services AB has successfully implemented its XYGATE Merged Audit (XMA) tool to integrate EBD’s HP NonStop servers with its RSA® enVision SIEM (Security Information and Event Management) system.

EDB Card Services AB, part of EDB ErgoGroup, is one of the leading payments services companies in Scandinavia. It provides a wide range of card-related services including issuing, acquiring, processing, switching, national card blocking etc. for banks and payment operators in Sweden, as well as greater Scandinavia and Europe.

XYGATE Merged Audit (XMA) gathers security audit data from various sources on HP NonStop systems (such as EMS, Safeguard, ODBC, BASE24, XYGATE tools, custom programs etc.) and intelligently merges the security audit data together to form a single SQL database. Log Adapters then export that data to almost any SIEM or central compliance repository. XMA provides extensive reporting capabilities as well as customisable real-time alerts.

“As part of our PCI-DSS (Payment Card Industry Data Security Standard) compliance project, we had to bring our HP NonStop security audit data into the enterprise” said Sissel Johnsen Head of Production & Operation at EDB Cards Services AB. “Our previous log tool wasn’t suitable, so we selected XYGATE Merged Audit, which has a far more user-friendly interface and gave us exactly what we needed in terms of collecting the necessary data from our NonStop systems.  XYPRO’s RSA Log Adapter  ensures all NonStop audit data feeds seamlessly to our RSA enVision SIEM.”

Barry Forbes, XYPRO’s VP of Sales and Marketing said, “We are very happy that EDB Card Services selected XMA as its PCI-DSS NonStop audit solution.  Since HP selected XMA in 2010 , as  the NonStop operating system recommended Audit Solution, we’ve seen a large expansion in our XMA customer base.  As our most recent European customer, we know that EDB Card Services will continue to enjoy the same security benefits and efficiencies XYGATE customers around the globe are accustomed to.”

About XYPRO
Founded in 1983, XYPRO Technology Corporation is the market leader in HP NonStop server security, FIPS-validated, cross-platform encryption, audit and compliance solutions.


Contacts

XYPRO Technology Corporation
Barry Forbes, 705-799-0247
VP-Sales and Marketing
barry_f@xypro.com

Wednesday, August 10, 2011

Cybercrime Costs Continue to Dramatically Rise


The recent HP-sponsored study on cybercrime costs (“The Second Annual Cost of Cybercrime Study”, conducted by the Ponemon Institute http://bit.ly/ql8JXP) produced a wealth of interesting and valuable data on the increasing costs of cybercrime.  Some of the key points of the study, which looked at a sample of 50 US organizations, included:
  •         The average annualised cost of cybercrime to each company was $5.9M, ranging from $1.5M to $36.5M
  •         These figures represent a 56% increase over the inaugural study conducted last year
  •         The number of attacks increased by 45% from last year’s study.  The companies studied were affected by a total of 72 attacks each week – an average of 1.4 attacks per company per week
  •         90% of all cybercrime costs were caused by malicious code, denial of service, stolen devices and web-based attacks
  •         Average time to resolve cyber attacks was 18 days, with an average cost of $416,000 per attack – a 67% increase from 2010
  •         Smaller companies are not immune from cyber attacks, and in fact these attacks cost smaller companies more on a per capita basis
  •         Deploying SIEM solutions can mitigate the impact of cyber attacks.  Organizations with SIEM solutions in place realized a saving of 25% because of the ability to quickly detect and contain cybercrimes.
  •         Companies that deployed a Governance, Risk and Compliance (GRC) program saw significantly reduced costs associated with cyber crime when companies that did not have a GRC program.  Average costs for the GRC group were $6.8M versus $9.4M for the non-GRC group


Perhaps the most interesting fact to come from the study was:
…recovery and detection are the most costly internal activities, highlighting a significant cost-reduction opportunity for organizations that are able to automate detection and recovery through enabling security technologies.

Reading between the lines of this summary, a few things come to light.  A large number of cyber attacks are “inside jobs”.  Malicious code, stolen devices and other forms of attack are only practical when conducted by insiders.  As such, putting controls in place within the enterprise is critical.  As mentioned in my last blog, ensuring that employees have the ability to do the tasks related to their jobs, and nothing more, is of utmost importance.  Tracking commands issued and security events at a granular level to allow for quick identification of cyber attacks is key to reducing the number and duration of attacks, and therefore the cost.  SIEM devices, whilst extremely useful, need to have data fed to them from all systems and applications in the enterprise to ensure early detection of issues. 

Additional methods of detection should also be considered – have critical files had attributes changed?  Have users been given access that they previously did not have? Have privileged programs, that may be malicious, been installed?

In the NonStop environment, only the XYGATE security suite from XYPRO provides all these capabilities, in an integrated, centrally managed solution.  XYGATE Access Control ensures that only the necessary levels of access to system resources are granted.  All commands and subcommands are audited.  XYGATE Merged Audit integrates consolidated audit data on the NonStop, to give a unified view of all security activity.  It optionally feeds that data to SIEM devices, allowing the NonStop to participate in the single view of the enterprise. 

Perhaps most importantly, XYGATE Compliance PRO monitors a wide range of data on your NonStop, and alerts you when aspects of your system configuration fall outside previously defined boundaries, including unauthorised PROGID’ed programs, users with unauthorized access and unauthorized files on system volumes. Compliance PRO can also compare files from one scan to another, alerting the security administrator if the file size changes, or if the security configuration from two systems that previously matched are now different.  

So, as the incidence and costs of cybercrime continue to rise, it becomes even more important to pay attention to your critical data and applications, and the users who are able to access them.  Automating as much of this process as possible is important in reducing the time for detection, and therefore the costs of these incidents.   XYPRO can help with this – please contact me at andrew_p@xypro.com or your local XYPRO representative for more information.


Andrew Price
Director, Product Management
XYPRO Technology Corporation        


*Be sure to complete our updated survey! You’ll be automatically entered for a chance to win a TouchPad. 
Please note that you’re still eligible to win even if you completed the survey last quarter. 
Simply click here : http://www.xypro.com/survey

Monday, July 11, 2011

Hard on the outside, soft and chewy on the inside…

The title refers to a great quote from a recent Tom Kemp article on Forbes.com http://blogs.forbes.com/tomkemp/2011/07/05/as-hacks-proliferate-new-security-technology-emerges-to-monitor-privileged-it-users/, explaining that the old way of securing a computer system (let only trusted people logon, then let them do whatever they want), no longer suffices.  Of course, on NonStop we’ve always had more control over our users than that, but it’s worth considering whether further improvements to security are in order. 

These days, with SOX, HIPAA and PCI regulations insisting that we more closely monitor all actions performed by all users, the “hard on the outside, chewy on the inside” approach is not enough.  Guardian and Safeguard allow some level of control over file access, and utility program execution, but do not give the fine-grained access control, nor the necessary level of auditing, that is required. 

The XYGATE Access PRO suite, and the Access Control module it includes, greatly extend the basic access control capabilities providing by the native NonStop security subsystem.  NonStop security administrators can control the specific commands and subcommands that each user can issue from any NonStop utility program.  Users can also be granted access to specific commands that would normally be outside their capabilities, meaning that shared access to Super and Manager IDs is no longer required for those users to be able to do their job.  All commands are audited, and full keystroke logging is also supported.

Once you have implemented more granular access control, the next step in securing your system is to put a good level of auditing in place.  The PCI Data Security Standard (DSS) requirement 10, for example, states “Track and monitor all access to network resources and cardholder data”.  What this means will be specific to your application and environment, but again, it will require more than the standard Guardian/Safeguard levels of security to achieve compliance. 

XYGATE Access PRO supports all this functionality, and has done so since 1990, back when PCI was just a glimmer in someone’s eye.  Whilst the NonStop has always had an enviable security record, my new colleagues at XYPRO have constantly been thinking of ways to ensure that our customers reduce their risk of finding themselves on the front page due to a security incident.  For more information on XYGATE Access PRO, see https://www.xypro.com/index.php?id=24 or contact me at andrew_p@xypro.com.

Andrew Price
Director, Product Management
XYPRO Technology Corporation

Thursday, July 7, 2011

Large European Payment Processor Selects XYPRO to Meet its HP NonStop Server Security and PCI-DSS Requirements.

(July 6, 2011) Simi Valley, CA – XYPRO today announced that Equens SE has successfully implemented its XYGATE suite of security and compliance solutions. Equens will leverage XYGATE to improve its HP NonStop security and achieve PCI-DSS (Payment Card Industry Data Security Standard) compliance.

Equens is one of the largest pan-European payment processors, leading the market for future-proof payments and card processing solutions. With clients and partnerships in multiple European countries and an annual processing volume of 9.7 billion payments and 3.9 billion POS and ATM transactions, Equens SE has a European market share of more than 12.5%.

“When our security team started its PCI-DSS compliance project, we faced the same dilemma as many other large firms,” said, Stefan Dusée, Equens’ Security and Control Manager.  “We needed a solution that would allow us to meet PCI-DSS as cost-effectively as possible, but also went well above the minimum standards set out by PCI-DSS, thus potentially future-proofing our security standards.”

Equens created a detailed list of requirements, prioritised from “essential” to “desired” and developed a comprehensive RFP. Equens determined that XYPRO’s XYGATE security, compliance and auditing suite offered the best solution to meet their existing and future security and audit needs.

The XYGATE security suite includes role-based access control (RBAC), keystroke audit, user management, real-time alerts, user authentication and the most comprehensive audit and compliance software available for the NonStop server. Equens is using XYGATE security software not only to make its systems as secure as possible, but also for essential, time/labor-saving functionality.

 “We’re confident we made the right choice in selecting XYPRO for our HP NonStop security and compliance enhancements,” said Dusée. “Configuring such an extensive range of products presented quite a challenge, but XYPRO has provided excellent support and training services and the new tools are proving to be worthy investments.”

Barry Forbes, XYPRO’s VP of Sales and Marketing said “We are thrilled to announce Equens’ selection of XYGATE for its PCI-DSS security requirements.  As a valued customer, we know that Equens will continue to enjoy the same security benefits and efficiencies all XYGATE customers are accustomed to.”

About XYPRO
Founded in 1983, XYPRO Technology Corporation is the market leader in HP NonStop server security, encryption, audit and compliance solutions.

www.equens.com


Barry Forbes, XYPRO VP of Sales and Marketing 

Wednesday, June 22, 2011

XYPRO Recent Events: Mobility, Passion, Sir Paul, NFC

HP Discover '11
HP Discover opened with a bang – over 12,000 attendees together in the first general session.  We heard Leo Apothekar’s views on mobility, WebOS, and the cloud – a recurring topic for the week.  Those of us coming to the show from a NonStop background were wondering how much airplay the NonStop would get in the general sessions, and with at least four mentions in the keynotes, along with almost forty NonStop-specific sessions, most of us left feeling pretty good about the platform and its future.  From my perspective, coming back to the NonStop after a few years away, I was impressed at the continuing passion and enthusiasm within the group, and levels of NonStop representation at the show from HP, ISVs and users.  Of course, it’s easy to feel good about participating in such a large show when one of the side benefits is a concert by Paul McCartney, just for conference attendees!

XYPRO had an extremely positive conference, with many good meetings with our customers and our partners at HP.  A number of the NonStop-focussed sessions spent time on the importance of security, auditing and compliance, and the role that the XYGATE product suite can help in these critical areas.  Our VP of Sales and Marketing, Barry Forbes, is now officially famous, having been video interviewed by one of the bloggers at the show – see http://bit.ly/jgJ91L for more.

The show finished in an even bigger way than it started, with that incredible show from Sir Paul.  There was hardly a single person in the MGM Grand Garden Arena remaining in their seats for the two encores that Paul and his band played.  Simply awesome.

Andrew Price
Director, Product Management


ACE 2011
XYPRO Technology attended ACE, the ACI User Groups Conference at the Del Coronado Hotel (The Del) in San Diego in June.  The conference boasted more than 200 attendees representing more than 70 companies.   Exhibitors represented 22 companies.

The conference began with introductory presentations by the product managers of the various ACI products, followed by a Q&A session.   ACI confirmed that BASE24 will be sunset in November,  however only 80 customers out of approximately 300 BASE24 users have migrated or are transitioning to BASE24-eps.   An interesting statistic is that out of 2,185 employees, ACI has 700 developers & 600 people dedicated to services.

The keynote speaker, Brett King, gave a very interesting presentation affirming the notion that the future of banking is mobile.  He stressed that banks need to change their approach regarding checking accounts, advertising, and local branches due to younger generations' expectations of mobile transactions. Mr King also stressed the importance of social media for banks.  No amount of advertising can overcome bad experiences recorded on Facebook, Twitter, and other social media sites.

There is a new trend to use NFC (Near Field Communication) devices in the industry.   These devices are contactless and passive as their function is triggered by an Initiator sending a RF signal that powers the Target device, which does not require batteries.   The Initiator can read the contents of the Target and in some cases write to it.

Nick Puetz from Fishnet Security and Gregory Rosenberg from Trustware gave an valuable presentation covering PCI Best Practices & Securing Sensitive Data, two topics of the utmost importance for the financial industry. Greg Brett from Opera Solutions explained the statistical techniques used to detect credit/debit card fraud on-line prior to a transaction’s approval.   These techniques, which are used with BASE24 and BASE24-eps, are helping reduce the amount of fraud experienced by financial institutions running those solutions.

Barry Forbes
Vice President, Sales & Marketing

Tuesday, May 31, 2011

XYGATE Compliance Pro Now Available from HP

XYGATE Compliance PRO simplifies compliance of HP Integrity NonStop server environments
Simi Valley, Calif. – May 26, 2011 – XYPRO Technology Corporation, a leading provider of security software and services for HP NonStop server environments, today announced its security and policy compliance solution, XYGATE Compliance PRO, is now available directly from HP on HP Integrity NonStop servers – including the recently released, HP Integrity NonStop BladeSystem NB54000c.
With Compliance PRO, HP NonStop customers can effectively manage aspects of security compliance on their HP NonStop server systems. XYGATE Compliance PRO is a powerful and sophisticated software solution specifically designed for the NonStop platform to better monitor the state of mission-critical systems.  It enables enterprises to:
·       Analyze system security settings and configurations;
·       Gather extensive system data to compare changes in the system from different points in time;
·       Track and audit security settings to address risks and protect valuable mission-critical data and intellectual property; 
·       Build an efficient governance, risk and compliance program that can address regulations, such as PCI, SOX, and HIPAA, across NonStop systems.
“Around the world there are more than 20,000 security and compliance regulations that businesses must meet and more are emerging every year,” said Barry Forbes, vice president, Sales and Marketing at XYPRO. “Organizations today are looking for solutions that simplify risk management and increase the effectiveness of system monitoring in complex information security environments. Compliance PRO does just that, and with this solution now available we have made it even easier to implement security solutions that meet mandated compliance requirements such as PCI.”
“For enterprises, complying with government and commercial regulations while protecting valuable mission-critical data is imperative,” said Bob Kossler, director, strategy and planning, NonStop Business Division, Business Critical Systems at HP. “XYGATE Compliance PRO on NonStop environments help clients adhere to these regulations and safeguard the data that keeps their businesses up and running.”
About XYPRO
XYPRO Technology offers more than 27 years of knowledge, experience and success in providing HP NonStop information systems tools and services.  Businesses that manage and transport business-critical data turn to XYPRO for a variety of solutions. XYPRO helps businesses to better manage security risks, protect assets and gain a competitive edge through compliance while improving efficiency.  www.xypro.com

Wednesday, May 18, 2011

XYPRO Technology’s XYGATE/ESDK Achieves NIST Validation for FIPS 140-2 Government Standard

Simi Valley, California, USA – May 18, 2011 - XYPRO Technology Corporation, a leading provider of security software and services for HP NonStop server environments, today announced the XYGATE Encryption Library (XEL)  module XYGATE/ESDK achieved Federal Information Processing Standards Publications (FIPS) 140-2 Validation: Security Requirements for Cryptographic Modules.

FIPS 140-2 validation is mandatory for any cryptographic product that is used in a U.S. government agency network.  The standard is a joint effort by the National Institute of Standards and Technology (NIST) in the United States, and the Communications Security Establishment Canada (CSEC), under the Canadian government. The Cryptographic Module Validation Program (CMVP), headed by NIST, provides module and algorithm testing for FIPS 140-2, which applies to Federal agencies using validated cryptographic modules to protect sensitive government data in computer and telecommunication systems. FIPS 140-2 provides stringent third-party assurance of security claims on any product containing cryptography that may be purchased by a government agency. 

To expedite the FIPS 140-2 validation process, XYPRO partnered with Corsec Security, Inc., a consulting firm with over 13 years of validation experience.  "Corsec is delighted to work with XYPRO on their latest FIPS 140-2 validation," said Matthew Appler, CEO of Corsec. "The FIPS 140-2 process is very detailed and time consuming and only well designed products can make it through validation.  This clearly demonstrates XYPRO’s devotion to provide its customers with a higher level of security assurance."

“Over the past several years, XYPRO has expanded the number of platforms on which we received FIPS validation for our encryption library,” said Lisa Partridge, XYPRO President.  “This most recent validation is a testament to our unwavering commitment to security and compliance. FIPS 140-2 validation of the XEL  XYGATE/ ESDK demonstrates XYPRO’s determination to continue providing customers with a secure and dependable solution.”


The FIPS standard, which is mandated by law in the U.S. and strictly enforced in Canada, is also being reviewed by ISO to become an international standard. FIPS 140-2 is gaining worldwide recognition as an important benchmark for third party validations of encryption products of all kinds. 


About XYPRO
XYPRO Technology offers more than 27 years of knowledge, experience and success in providing HP NonStop information systems tools and services. Businesses that manage and transport business-critical data turn to XYPRO for a variety of solutions. XYPRO helps businesses to better manage security risks, protect assets and gain a competitive edge through compliance while improving efficiency. www.xypro.com

ABOUT CORSEC SECURITY, INC.
Corsec Security, Inc. specializes in helping companies navigate through the complex process of receiving FIPS 140 and Common Criteria (CC) certifications.  Corsec’s consulting, document creation, and laboratory services deliver unmatched expertise in achieving government validation efforts at a firm, fixed price.  Corsec partners with companies around the world to achieve local and international certification and to add security functionality to a wide range of products. Corsec minimizes the time, effort and money a vendor needs to invest in validation while ultimately maximizing the return on that investment. For further information, please visit www.corsec.com.  

Monday, March 14, 2011

Raymond James Selects a Clear Standout for its Mission Critical Security Needs


Raymond James is a diversified financial services holding company with subsidiaries engaged in investment and financial planning, in addition to investment banking and asset management. As with any company that stores private, sensitive data, they required industry-leading security and audit solutions that would seamlessly integrate with their HP NonStop environment. “We had multiple challenges from multiple sources,” said John Anderson, Manager of the NonStop Engineering department at Raymond James.  “We wanted to enhance our overall security control on the NonStop, continue to meet specific privacy requirements from our internal and external auditors, and increase logging of user activity: All of these had to fall within our standard enterprise security model.”

After reviewing several security-related products, XYGATE emerged as the stand-out solution that could address Raymond James' comprehensive security and audit needs.
A Clear Standout
Raymond James turned to XYGATE Merged Audit to fulfill its requirements to increase its logging, monitoring and reporting of activity on the HP NonStop. In addition to being an industry leader with an excellent reputation and outstanding customer support, Raymond James selected XYGATE for its comprehensive security features and ease of use. The company also favored the solution’s simple integration.

Moreover, in Raymond James’ specific HP NonStop environment, the ability to send in SYSLOG format to its security data collection device is critical. “Each of the SIEM (Security Information and Event Management) solutions are fully supported by XYGATE Merged Audit with its ability to send all audit in SYSLOG format,” said Anderson. “We were able to confidently move forward with the XYGATE Merged Audit product knowing whatever choice we made for the SIEM, XYGATE Merged Audit would integrate with it.”

Benefits Across the Board 
 “Rule Based Security with the XYGATE Object Security has saved us an enormous amount of time and effort. A straightforward requirement from our auditors was going to require the implementation of hundreds, and maybe thousands, of complex Safeguard ACLs to meet this requirement,” said Anderson. “With XYGATE, we met the same requirement with a single rule. XYGATE Object Security makes it easier to design, implement, and maintain security for our NonStop servers.

Anderson also notes that the overall security enhancement project using XYGATE has provided further management of the security environment on the NonStop. “The added control and oversight provided by XYGATE allows for requirements to be met and has afforded us peace-of-mind not previously enjoyed.”


 Looking Ahead
As with any change and especially the implementation of added security measures and controls, Raymond James is still learning XYGATE’s countless features and functionalities. “After meeting our initial requirements, we continue to find that new needs are also easily met with XYGATE,” said Anderson.

Moving forward, the company is reviewing additional XYGATE solutions. For their administrative needs, Raymond James is looking at the sophisticated capabilities of Safeguard Manager and for its compliance and integrity checking requirements; they are looking at Compliance Pro.

About Raymond James
Founded in 1962 and a public company since 1983, Raymond James is a diversified financial services holding company with subsidiaries engaged primarily in investment and financial planning, in addition to investment banking and asset management. Its stock is traded on the New York Stock Exchange (RJF).

Through its three broker/dealer subsidiaries, Raymond James Financial has more than 5,300 financial advisors serving 1.9 million accounts in 2,300 locations throughout the United States, Canada and overseas. In addition, total client assets are approximately $262 billion, of which approximately $33 billion are managed by the firm’s asset management subsidiaries.

Raymond James has been recognized nationally for its community support and corporate philanthropy. The company has been ranked as one of the best in the country in customer service, as a great place to work and as a national leader in support of the arts. 

Wednesday, March 9, 2011

XYPRO Announces HP CI-Ready Certification

XYPRO is pleased to announce its recent HP CI-Ready verification.  XYGATE Merged Audit (XMA) and XYGATE Compliance PRO have been validated in the HP Converged Infrastructure environment.

What Is HP CI?
The HP Converged Infrastructure helps businesses overcome the inflexibility and high costs created by IT sprawl to shift more resources to innovation and strategic initiatives – creating the ideal foundation for an instant-on enterprise. This is achieved through an architectural blueprint that eliminates silos and integrates technologies (e.g. servers, storage and network) into shared pools of interoperable resources – all managed through a common management platform and all based on standards and customer choice.

The result is a data center of the future, today, that delivers a whole new level of simplicity, integration, and automation whereby the IT environment is synergistically aligned to the needs of the business: Faster time to revenue; lower costs of acquisition and implementation; more quickly and flexibly respond to business changes; and, lower risks. And as your business grows, a Converged Infrastructure will accelerate your move to an Instant-On Enterprise. This type of organization shortens the time needed to provision infrastructure for new and existing enterprise services to drive competitive and service advantage.

What is Merged Audit & Compliance PRO?
XYPRO's Merged Audit and Event Monitoring module (XMA) collects data from multiple sources of Audit and intelligently merges them together to form a single NonStop SQL audit database. XMA will also deliver all collected audit data vis SYSLOG to remote logging devices or SIEMs.
XYGATE Compliance PRO enables you to easily research the state of security on your HP NonStop server, report on the information found, build policies that monitor the state of the security rules in your environment, compare your existing security against Best Practice and custom Policy recommendations, and verify the integrity of your system objects.

Learn more about HP CI by visiting www.hp.com/solutions/allianceone/ciready

To learn more about XYGATE Merged Audit and Compliance PRO, visit www.xypro.com

Lisa Partridge
XYPRO Technologies
www.xypro.com