XYPRO Recent Events: Mobility, Passion, Sir Paul, NFC

HP Discover '11

HP Discover opened with a bang – over 12,000 attendees together in the first general session.  We heard Leo Apothekar’s views on mobility, WebOS, and the cloud – a recurring topic for the week.  Those of us coming to the show from a NonStop background were wondering how much airplay the NonStop would get in the general sessions, and with at least four mentions in the keynotes, along with almost forty NonStop-specific sessions, most of us left feeling pretty good about the platform and its future.  From my perspective, coming back to the NonStop after a few years away, I was impressed at the continuing passion and enthusiasm within the group, and levels of NonStop representation at the show from HP, ISVs and users.  Of course, it’s easy to feel good about participating in such a large show when one of the side benefits is a concert by Paul McCartney, just for conference attendees!

XYPRO had an extremely positive conference, with many good meetings with our customers and our partners at HP.  A number of the NonStop-focussed sessions spent time on the importance of security, auditing and compliance, and the role that the XYGATE product suite can help in these critical areas.  Our VP of Sales and Marketing, Barry Forbes, is now officially famous, having been video interviewed by one of the bloggers at the show – see http://bit.ly/jgJ91L for more.

The show finished in an even bigger way than it started, with that incredible show from Sir Paul.  There was hardly a single person in the MGM Grand Garden Arena remaining in their seats for the two encores that Paul and his band played.  Simply awesome.

Andrew Price

Director, Product Management

ACE 2011

XYPRO Technology attended ACE, the ACI User Groups Conference at the Del Coronado Hotel (The Del) in San Diego in June.  The conference boasted more than 200 attendees representing more than 70 companies.   Exhibitors represented 22 companies.

The conference began with introductory presentations by the product managers of the various ACI products, followed by a Q&A session.   ACI confirmed that BASE24 will be sunset in November,  however only 80 customers out of approximately 300 BASE24 users have migrated or are transitioning to BASE24-eps.   An interesting statistic is that out of 2,185 employees, ACI has 700 developers & 600 people dedicated to services.

The keynote speaker, Brett King, gave a very interesting presentation affirming the notion that the future of banking is mobile.  He stressed that banks need to change their approach regarding checking accounts, advertising, and local branches due to younger generations' expectations of mobile transactions. Mr King also stressed the importance of social media for banks.  No amount of advertising can overcome bad experiences recorded on Facebook, Twitter, and other social media sites.

There is a new trend to use NFC (Near Field Communication) devices in the industry.   These devices are contactless and passive as their function is triggered by an Initiator sending a RF signal that powers the Target device, which does not require batteries.   The Initiator can read the contents of the Target and in some cases write to it.

Nick Puetz from Fishnet Security and Gregory Rosenberg from Trustware gave an valuable presentation covering PCI Best Practices & Securing Sensitive Data, two topics of the utmost importance for the financial industry. Greg Brett from Opera Solutions explained the statistical techniques used to detect credit/debit card fraud on-line prior to a transaction’s approval.   These techniques, which are used with BASE24 and BASE24-eps, are helping reduce the amount of fraud experienced by financial institutions running those solutions.

Barry Forbes

Vice President, Sales & Marketing

XYGATE Compliance Pro Now Available from HP

XYGATE Compliance PRO simplifies compliance of HP Integrity NonStop server environments

Simi Valley, Calif. – May 26, 2011 – XYPRO Technology Corporation, a leading provider of security software and services for HP NonStop server environments, today announced its security and policy compliance solution, XYGATE Compliance PRO, is now available directly from HP on HP Integrity NonStop servers – including the recently released, HP Integrity NonStop BladeSystem NB54000c.

With Compliance PRO, HP NonStop customers can effectively manage aspects of security compliance on their HP NonStop server systems. XYGATE Compliance PRO is a powerful and sophisticated software solution specifically designed for the NonStop platform to better monitor the state of mission-critical systems.  It enables enterprises to:

·       Analyze system security settings and configurations;

·       Gather extensive system data to compare changes in the system from different points in time;

·       Track and audit security settings to address risks and protect valuable mission-critical data and intellectual property; 

·       Build an efficient governance, risk and compliance program that can address regulations, such as PCI, SOX, and HIPAA, across NonStop systems.

“Around the world there are more than 20,000 security and compliance regulations that businesses must meet and more are emerging every year,” said Barry Forbes, vice president, Sales and Marketing at XYPRO. “Organizations today are looking for solutions that simplify risk management and increase the effectiveness of system monitoring in complex information security environments. Compliance PRO does just that, and with this solution now available we have made it even easier to implement security solutions that meet mandated compliance requirements such as PCI.”

“For enterprises, complying with government and commercial regulations while protecting valuable mission-critical data is imperative,” said Bob Kossler, director, strategy and planning, NonStop Business Division, Business Critical Systems at HP. “XYGATE Compliance PRO on NonStop environments help clients adhere to these regulations and safeguard the data that keeps their businesses up and running.”

Customers who purchase XYGATE Compliance PRO license and support contracts through HP will receive product support from HP.  In addition, XYGATE Compliance PRO is available for individual purchase and direct support from XYPRO.

About XYPRO
XYPRO Technology offers more than 27 years of knowledge, experience and success in providing HP NonStop information systems tools and services.  Businesses that manage and transport business-critical data turn to XYPRO for a variety of solutions. XYPRO helps businesses to better manage security risks, protect assets and gain a competitive edge through compliance while improving efficiency.  www.xypro.com

XYPRO Technology’s XYGATE/ESDK Achieves NIST Validation for FIPS 140-2 Government Standard

Simi Valley, California, USA – May 18, 2011 - XYPRO Technology Corporation, a leading provider of security software and services for HP NonStop server environments, today announced the XYGATE Encryption Library (XEL)  module XYGATE/ESDK achieved Federal Information Processing Standards Publications (FIPS) 140-2 Validation: Security Requirements for Cryptographic Modules.

FIPS 140-2 validation is mandatory for any cryptographic product that is used in a U.S. government agency network.  The standard is a joint effort by the National Institute of Standards and Technology (NIST) in the United States, and the Communications Security Establishment Canada (CSEC), under the Canadian government. The Cryptographic Module Validation Program (CMVP), headed by NIST, provides module and algorithm testing for FIPS 140-2, which applies to Federal agencies using validated cryptographic modules to protect sensitive government data in computer and telecommunication systems. FIPS 140-2 provides stringent third-party assurance of security claims on any product containing cryptography that may be purchased by a government agency. 

To expedite the FIPS 140-2 validation process, XYPRO partnered with Corsec Security, Inc., a consulting firm with over 13 years of validation experience.  "Corsec is delighted to work with XYPRO on their latest FIPS 140-2 validation," said Matthew Appler, CEO of Corsec. "The FIPS 140-2 process is very detailed and time consuming and only well designed products can make it through validation.  This clearly demonstrates XYPRO’s devotion to provide its customers with a higher level of security assurance."

“Over the past several years, XYPRO has expanded the number of platforms on which we received FIPS validation for our encryption library,” said Lisa Partridge, XYPRO President.  “This most recent validation is a testament to our unwavering commitment to security and compliance. FIPS 140-2 validation of the XEL  XYGATE/ ESDK demonstrates XYPRO’s determination to continue providing customers with a secure and dependable solution.”

The FIPS standard, which is mandated by law in the U.S. and strictly enforced in Canada, is also being reviewed by ISO to become an international standard. FIPS 140-2 is gaining worldwide recognition as an important benchmark for third party validations of encryption products of all kinds. 

About XYPRO

XYPRO Technology offers more than 27 years of knowledge, experience and success in providing HP NonStop information systems tools and services. Businesses that manage and transport business-critical data turn to XYPRO for a variety of solutions. XYPRO helps businesses to better manage security risks, protect assets and gain a competitive edge through compliance while improving efficiency. www.xypro.com

ABOUT CORSEC SECURITY, INC.

Corsec Security, Inc. specializes in helping companies navigate through the complex process of receiving FIPS 140 and Common Criteria (CC) certifications.  Corsec’s consulting, document creation, and laboratory services deliver unmatched expertise in achieving government validation efforts at a firm, fixed price.  Corsec partners with companies around the world to achieve local and international certification and to add security functionality to a wide range of products. Corsec minimizes the time, effort and money a vendor needs to invest in validation while ultimately maximizing the return on that investment. For further information, please visit www.corsec.com.  

Raymond James Selects a Clear Standout for its Mission Critical Security Needs

Raymond James is a diversified financial services holding company with subsidiaries engaged in investment and financial planning, in addition to investment banking and asset management. As with any company that stores private, sensitive data, they required industry-leading security and audit solutions that would seamlessly integrate with their HP NonStop environment. “We had multiple challenges from multiple sources,” said John Anderson, Manager of the NonStop Engineering department at Raymond James.  “We wanted to enhance our overall security control on the NonStop, continue to meet specific privacy requirements from our internal and external auditors, and increase logging of user activity: All of these had to fall within our standard enterprise security model.”

After reviewing several security-related products, XYGATE emerged as the stand-out solution that could address Raymond James' comprehensive security and audit needs.

A Clear Standout

Raymond James turned to XYGATE Merged Audit to fulfill its requirements to increase its logging, monitoring and reporting of activity on the HP NonStop. In addition to being an industry leader with an excellent reputation and outstanding customer support, Raymond James selected XYGATE for its comprehensive security features and ease of use. The company also favored the solution’s simple integration.

Moreover, in Raymond James’ specific HP NonStop environment, the ability to send in SYSLOG format to its security data collection device is critical. “Each of the SIEM (Security Information and Event Management) solutions are fully supported by XYGATE Merged Audit with its ability to send all audit in SYSLOG format,” said Anderson. “We were able to confidently move forward with the XYGATE Merged Audit product knowing whatever choice we made for the SIEM, XYGATE Merged Audit would integrate with it.”

Benefits Across the Board 

 “Rule Based Security with the XYGATE Object Security has saved us an enormous amount of time and effort. A straightforward requirement from our auditors was going to require the implementation of hundreds, and maybe thousands, of complex Safeguard ACLs to meet this requirement,” said Anderson. “With XYGATE, we met the same requirement with a single rule. XYGATE Object Security makes it easier to design, implement, and maintain security for our NonStop servers.”

Anderson also notes that the overall security enhancement project using XYGATE has provided further management of the security environment on the NonStop. “The added control and oversight provided by XYGATE allows for requirements to be met and has afforded us peace-of-mind not previously enjoyed.”

 Looking Ahead

As with any change and especially the implementation of added security measures and controls, Raymond James is still learning XYGATE’s countless features and functionalities. “After meeting our initial requirements, we continue to find that new needs are also easily met with XYGATE,” said Anderson.

Moving forward, the company is reviewing additional XYGATE solutions. For their administrative needs, Raymond James is looking at the sophisticated capabilities of Safeguard Manager and for its compliance and integrity checking requirements; they are looking at Compliance Pro.

About Raymond James

Founded in 1962 and a public company since 1983, Raymond James is a diversified financial services holding company with subsidiaries engaged primarily in investment and financial planning, in addition to investment banking and asset management. Its stock is traded on the New York Stock Exchange (RJF).

Through its three broker/dealer subsidiaries, Raymond James Financial has more than 5,300 financial advisors serving 1.9 million accounts in 2,300 locations throughout the United States, Canada and overseas. In addition, total client assets are approximately $262 billion, of which approximately $33 billion are managed by the firm’s asset management subsidiaries.

Raymond James has been recognized nationally for its community support and corporate philanthropy. The company has been ranked as one of the best in the country in customer service, as a great place to work and as a national leader in support of the arts. 

www.xypro.com

XYPRO Announces HP CI-Ready Certification

XYPRO is pleased to announce its recent HP CI-Ready verification.  XYGATE Merged Audit (XMA) and XYGATE Compliance PRO have been validated in the HP Converged Infrastructure environment.

What Is HP CI?
The HP Converged Infrastructure helps businesses overcome the inflexibility and high costs created by IT sprawl to shift more resources to innovation and strategic initiatives – creating the ideal foundation for an instant-on enterprise. This is achieved through an architectural blueprint that eliminates silos and integrates technologies (e.g. servers, storage and network) into shared pools of interoperable resources – all managed through a common management platform and all based on standards and customer choice.

The result is a data center of the future, today, that delivers a whole new level of simplicity, integration, and automation whereby the IT environment is synergistically aligned to the needs of the business: Faster time to revenue; lower costs of acquisition and implementation; more quickly and flexibly respond to business changes; and, lower risks. And as your business grows, a Converged Infrastructure will accelerate your move to an Instant-On Enterprise. This type of organization shortens the time needed to provision infrastructure for new and existing enterprise services to drive competitive and service advantage.

What is Merged Audit & Compliance PRO?
XYPRO's Merged Audit and Event Monitoring module (XMA) collects data from multiple sources of Audit and intelligently merges them together to form a single NonStop SQL audit database. XMA will also deliver all collected audit data vis SYSLOG to remote logging devices or SIEMs.
XYGATE Compliance PRO enables you to easily research the state of security on your HP NonStop server, report on the information found, build policies that monitor the state of the security rules in your environment, compare your existing security against Best Practice and custom Policy recommendations, and verify the integrity of your system objects.

Learn more about HP CI by visiting www.hp.com/solutions/allianceone/ciready

To learn more about XYGATE Merged Audit and Compliance PRO, visit www.xypro.com

Lisa Partridge
XYPRO Technologies
www.xypro.com

Win an iPad!

At XYPRO, we are committed to not only improving our existing product line but also paying close attention to our customers’ requests.  We’ve always enjoyed an open communication with our customers and the market and in 2011 we plan even more dedication to that cause. One of the ways we’re doing that is through our Quarterly Surveys.  They’re short (5 questions) and painless. But what’s in it for you?  Well, besides helping us to continue providing you with the best HP NonStop security, auditing, Fips-validated encryption and compliance products on the market, you get a chance to win a shiny new iPad.  And unlike your odds for appearing on X Factor or American Idol, you have a great chance to win!  Give us your feedback at www.xypro.com/survey.

Hurry, drawing for the first quarter iPad winner is on March 9^th

Lisa Partridge
www.XYPRO.com

From The CEO’s Desk

As we look back on 2010, we see a year that’s had the most amazing changes to the NonStop platform’s security profile in many years.  By now, everyone should know that HP is bundling XYGATE Merged Audit (XMA) software in the HP NonStop Operating System Mission-Critical Edition software package. This means that many HP NonStop customers no longer need to ask for audit waivers due to missing security functionality.

The NonStop server now meets many more compliance requirements, making it easier to justify it as the core of any mission-critical application.  In fact, payment industry specialist and Qualified Security Assessor (QSA), Witham Laboratories, in cooperation with Knightcraft Technology, has created the most comprehensive HP NonStop Payment Card Industry Data Security Standard (PCI DSS) white paper in existence.

This document was created to assist HP NonStop users in their PCI compliance projects by showing how Safeguard and Guardian can be configured to meet PCI DSS and highlighting the requirements where compliance cannot be achieved without the use of third party solutions (solutions mentioned in the paper are from the XYGATE suite). For a copy of this document, visit www.knightcraft.com.

Because of our geographically diverse customer base, XYPRO sales reps and security specialists travel hundreds of thousands of miles a year so that we can support our customers, HP, and the many HP user groups around the world.  Last year, XYPRO had a presence at the HP NonStop Symposium, CTUG (Canada), BITUG (United Kingdom), OZTUG (Australia), SATUG (South Africa), SUNTUG, GTUG, OTUG, and many, many other regional NonStop User Groups around the world.

Additionally, we attended several other industry conferences, such as the PCI Europe Annual Meeting (Netherlands), ACI Customer Events in Asia, Africa, Europe and North America and as new members of PCI Security Standards Council (https://www.pcisecuritystandards.org) we proudly took part in both their European and North American Meetings.

While we also enjoyed success with our new Webinar series in 2010, attending conferences like the (incredibly successful) NonStop Symposium and EXPO in San Jose, is our primary way to meet directly with our customers.  Far more than a marketing opportunity, these conferences provide an in person forum for informal conversation, direct exchange of information with customers about what works, and what needs to be improved, and what new features and solutions they need so that they can ensure the security of the information on their HP NonStop servers.

What We See for 2011

We predict 2011 will bring as much excitement and good things as 2010. There’s a lot of talk and trends occurring, and we’re keeping our finger on the pulse. 

As we kick 2011 into high gear, we certainly plan to address these issues and more. So be sure to follow us on our Blog, Tweets, Facebook, LinkedIn or visit us at any of this year’s NonStop RUGs, HP Discover, ACI User Group Meetings, PCI Security Standards Council gatherings and other industry events.  We’ll keep our events page updated at www.xypro.com so keep checking back!

Also, be sure to fill out our short five question survey and be entered into our quarterly drawing to win an iPad.

Sheila Johnson
CEO, XYPRO Technology Corporation
www.XYPRO.com