The OSS Security You’ve Been Waiting For

XYGATE Object Security and the OSS Security Event Exit Process (SEEP)

With the upcoming February RVU of the NonStop OS (H06.26/J06.15), HP will introduce support for a Security Event Exit Process (SEEP) within the OSS subsystem.  This is a capability that has been anticipated for quite some time, as it allows third-party solutions to participate in the authorization decision when file access requests are made.  It works similarly to the Safeguard Authorization SEEP that XYPRO and others take advantage of to enhance and add to Guardian file security.

It is worth noting that the OSS SEEP does not use Safeguard.  It is invoked via the OSS Name Server, and configured via SCF.

This article is intended to highlight some of the benefits of the new XYGATE XOS OSS Add-on module.   Beginning March 2013, (the XYGATE Object Security (XOS) product can now be licensed to provide previously unavailable, flexible exceptionally granular security for NonStop OSS users.  This article was also triggered, in part, by recent discussions on LinkedIn about perceived security limitations on the HP NonStop server, so where appropriate, reference will be made to that discussion.

NonStop users have been taking advantage of the capabilities that XOS provides in Guardian for many years.  In general XOS, through its advanced wildcarding and regular expression support, allows for a hugely increased amount of granularity and flexibility, when compared with standard Safeguard ACLs.  One XOS user (a leading credit card company) was able to reduce their list of Safeguard ACLs from over one million to approximately 300 with XOS, based on this additional flexibility.  Yes, one million to three hundred.

XOS is also simple to use, with a GUI interface assisting with the creation and maintenance of the simple user and object policy rules which govern your security implementation.

With the new OSS SEEP from HP, XOS now has a new OSS module to provide the same levels of usability, granularity and flexibility that has been available to secure the Guardian filesystem for some time.  Although NonStop provides two Authorization SEEPs (one for Guardian and one for OSS), the same XOS configuration will rule on Guardian and OSS access requests, and is configured in the same way that users have come to rely on.

XOS with the OSS SEEP includes the following features:
- Every type of OSS operation against every OSS object can be restricted, allowed, and/or audited.
- OSS SEEP rulings are applied at the fileset level.  Specific filesets can be included or excluded.
- Guardian and OSS object security can be maintained together in a single file.
- OSS rules can be applied by user function.  When users and aliases are grouped by function, manipulation becomes a single operation. This can allow for a significant reduction in the number of ACLs.
- OSS rules can be written for specific users or custom user groups, including Safeguard ALIAS and network users.
- OSS objects do not have to exist for a rule to be set up, allowing for dynamic security rules that apply automatically when object are created.
- OSS objects can be controlled by object name, requesting object, the user or group of users requesting the operation, and/or by OSS operation type.  For example, you can restrict who can create or view certain OSS directories, even if they don't already exist.
- OSS operation restrictions or allowances can be set to warning mode for specific users, groups of users, or rules, allowing access to be granted while auditing what the ruling would have been.
- OSS operation restrictions or allowances can be tested in a "what if" mode to verify the outcome before putting a rule into production.
- OSS ruling processes (Security Event Exit Processes) can be distributed across available NonStop CPUs.
- Auditing is very granular.  Access to objects can be audited for some users, but not for others.

These capabilities should go a long way to addressing the general concerns raised on LinkedIn recently that “OSS security isn’t as robust or as easy to maintain as Guardian” (to paraphrase).

Other issues raised include shortcomings of existing HP NonStop server audits – lack of IP addresses, difficulties in correlating events etc.  These issues are addressed with a combination of XYGATE User Authentication (XUA), which logs IP addresses at logon, XYGATE Access Control (XAC), which captures keystroke audits showing what a user did at any given time, and XYGATE Merged Audit (XMA) which filters all audit data and optionally sends it to a Security Incident Event Manager (SIEM) product like HP ArcSight, for correlation.

XUA can also be used to in an enterprise SSO solution, or with any LDAP server.  This applies to 100% of HP NonStop logons or authentication requests.

XYPRO also provides an extensive range of security configuration services offerings for your entire HP NonStop server environment, to ensure optimum security and compliance.

If you would like any further information about how the XYGATE product suite can help simplify and strengthen your HP NonStop server Guardian and/or OSS security, please contact your local XYPRO representative  https://www.xypro.com/xypro/contact or email me directly at andrew_p@xypro.com.


Andrew Price
Director, Product Management
Andrew_P@xypro.com

XYPRO Technology Corporation

XYPRO Wraps Up Another Fiscal Year With Record Growth!

XYPRO has achieved tremendous new business growth in Asia Pacific, Europe, and Latin America with its expanded presence in these regions, while continuing to maintain a steady growth within North America for an overall increase from both existing and new customers around the globe.

Despite many industry and economic challenges, XYPRO’s valued customers and partners have helped us keep the trend of year over year growth alive in 2012.  The trust and support of our customers in choosing XYGATE and XYPRO partner solutions for the security and management of their mission critical information assets reinforces that XYPRO is meeting and exceeding business and customer relationship objectives.

Much of our success has come from the efforts of XYPRO’s highly skilled and dedicated sales and technical teams and also from the hard work of HP and our unique & valued partnership with them. Many thanks go to all the individual and team determination and creativity of those involved.

2013 is promising to be another challenging yet rewarding year for XYPRO and we will continue to lead the way with new and improved innovative solutions for all your mission critical security needs.

Barry Forbes
VP of Sales & Marketing
XYPRO Technology Corporation
www.xypro.com

San Jose, CA: NonStop Technical Boot Camp – Oct 14 – 16 2012

XYPRO recently returned from the NonStop Technical Bootcamp, held at the Doubletree Hotel in San Jose, and it turned out to be a great event.  There were almost 200 attendees, of which approximately 60% were customers, with the remainder being HP staff and vendor partners like ourselves.  The San Jose location proved to be a major positive, with HP being willing and able to send a large number of technical resources to present, given we were “just down the road”.

As a result, the agenda was fairly well packed with strong technical content.  XYPRO sent some of our own internal resources for training/general knowledge purposes, and all came away feeling like it was time well spent.

The customer attendees were there to learn, and it was a great opportunity for us to provide information.  Our co-presentation with HP on XYGATE Merged Audit (XMA) explained how a large number of customers now have XMA as a result of its inclusion on the SUT, and how those customers can start to use it to help with compliance, integrate with HP Arcsight or other SIEM devices, and increase their system security in general.

The show opened with a bang, with a traditional Tandem “Beer Bust” in the Doubletree’s restaurant/bar, sponsored by XYPRO and Tributary Systems.  Jimmy Treybig, the CEO and one of the founders of Tandem Computers, joined in and many took the opportunity for a photo.  The following morning, Jimmy gave the keynote speech, which he terms a “love note” speech, given that it was mainly focused on the User community, and the value of groups like ITUG over the years.  An excellent, inspiring presentation, most of which was recorded and can be viewed here… (http://www.connect-community.org/blogpost/550209/153083/Jimmy-Treybig-s-Love-Note ).

The majority of the conference consisted of session tracks, focussed on various technical areas, and all were well attended.  The breaks were an opportunity for networking, and for users to consult with the large group of vendors that showed their support for the event by exhibiting and sponsoring.  An important point – the food was generally excellent, and received many positive comments!

At this stage it sounds like a similar event is in the pipeline for next year, at the same venue, so look out for that, and see you there! http://www.connect-community.org/?TBC2013

Strong Authentication. The Device Is The Key™

NetAuthority irrefutably identifies and authenticates connected devices.

In today’s world of mobility, cloud computing, virtual workforces, social networks, and online businesses, stronger authentication for identity and access management is more critical than ever. Security vulnerabilities are skyrocketing and malicious attacks are being unleashed in unprecedented numbers with increasing sophistication, resulting in massive information and economic losses.

Identity and Access Management has historically focused on the attributes of a person’s identity. User ID and passwords are still often the only form of authentication used by organizations.   Traditional forms of multi-factor authentication are not designed to address the explosive growth in internet-connected devices and online activity and are unable to meet the needs of scalability, ease of use, affordability, and mass-deployment that the online-connected world requires.

Today’s organizations are faced with the following challenges:

•  Knowing the devices that are connected to applications and networks without owning them
•  Knowing that the devices accessing the network are actually in the hands of authorized users
•  Implementing access authentication solutions that are secure, cost-effective, easy-to-use, and highly scalable
•  Implementing access authentication solutions that provide flexibility and multi-dimensional security that complements existing systems and infrastructure
•  Ensuring that regulatory compliance requirements and security best practices are addressed

NetAuthority’s Device Authentication Services addresses these issues and more through:

•  Irrefutable identification of the device via its Dynamic Device Key and links the user with the identified device, for strong authentication security.
•  Notifications and alerts providing organizations with immediate visibility to unauthorized users attempting to gain access, unauthorized devices, and more.  Organizations are now empowered to quarantine or even blacklist devices for greater security.
•  Flexible, mass-deployable, user transparent, and cost-effective strong authentication solution, unlike other “something I have” authentication methods.
•  Secure service API to interface with existing user management systems,monitoring systems,and log management solutions to leverage prior investment
•  SaaS-based service, so strong authentication can easily be implemented based on an organization’s assessment of risk and information assets.
•  Satisfying regulatory and best practices requirements for strong authentication and compliance.

NetAuthority’s Device Authentication Service provides strong authentication security with unprecedented control and visibility to both the Who and What is accessing online applications, accounts and information.

To learn more about our Device Authentication Service for strong authentication and compliance, please contact us at netauthority@xypro.com


Barry Forbes
VP of Sales & Marketing
XYPRO Technology Corporation

www.xypro.com

HP Discover 2012 – Whatever’s happening in Vegas, it’s NonStop!

I’ve just returned from HP’s biggest user event for the year, Discover 2012.  As we from the NonStop crowd have come to expect, this years’ conference was large and impressive – similar to what we’ve seen in previous years.  I for one was pleasantly surprised with the conference layout this year.  There’s no getting around the fact that, as a conference hosting towards 15,000 people, there’s going to be some significant distances (and crowds!) involved, but this year it seemed easier to find what you were looking for, with other things like registration and meals handled better than previously.  One standout improvement was the location of the NonStop partners – we had our own signposted area, co-located with the HP NonStop group, which meant much less traipsing back and forth to engage with our HP colleagues.

In terms of content, we saw some excellent keynote sessions.  Meg Whitman took the stage on Tuesday morning to outline her three-pronged corporate strategy, focussed on cloud, security and information optimisation (or big data management).  This in turn was layered over the 4 main areas of offering that HP provides – infrastructure, software, services and solutions.  All good stuff.  Meg went on to discuss a number of HP customer case studies, which (by my count) were all NonStop customers, perhaps bar one.  State Bank of India, a massive NonStop user in the card payments space, was one example, and as we all know, they’ve been happy NonStop users for many years.  It was great to see NonStop getting such prominence, even if it was implied – and this fact was referred to by other HP NED/BCS execs over the coming days.  Meg then introduced Jeffrey Katzenberg, from Dreamworks, who gave a very entertaining presentation, including live animals (!), and a sneak-peak of the upcoming Madagascar movie – some of the stats around production of a Dreamworks animated presentation are quite astounding.  The 2 ½ minute Madagascar promo that we saw took an amazing 6TB of storage.  Three seconds of animation can take a skilled animator a week to complete.  Each movie takes an average of 5 years to produce, and 3D is complicating things even further.  Of course, HP provides the infrastructure that underpins everything Dreamworks does, and this was refreshing to hear from such a creative environment where hardware components are often assumed to be of a different flavour.

Other notable sessions included the HP NonStop: The Platform for Continuous Business, presented by Ric Lewis and Randy Myer, which for most of us was our first chance to see Ric presenting on NonStop.  He came across as very aware of the value that NonStop brings to HP, and very understanding of the considerable legacy that a lot of us bring to the NonStop environment.  Everyone at the show seemed extremely upbeat about the enthusiastic way Ric has jumped into his role.  If you want to hear more from Ric and Randy, I would recommend this interview that they gave at the show: http://t.co/XGTj3Fq2 

Closer to home, Karen Copeland, NonStop Security Product Manager, presented a couple of times on NonStop security.  It’s always great to see what’s coming up in this critical area, and it’s even nicer when you see a few of your products forming an important part of the HP product roadmap.  As usual, Karen did an excellent job.

Another interview I’ve come across since the show completed is Rafal Los (Twitter: @Wh1t3Rabbit), Chief Security Evangelist at HP, interviewing HP NED Master Technologist Justin Simmonds – Raf is well known in security circles and Justin does a great job of bringing him up to speed on NonStop.  Take a listen at http://bit.ly/Ks8Cez.

Wednesday evening saw the hosting of the NonStop Community Reception, which was held thanks to the generosity of twenty-one NonStop vendors, at the Grand Lux Café.  This turned out to be a fantastic event, not just for catching up with old friends, but for making new ones as well, with many different vendors and NonStop users represented.  Indeed, we estimated there to be over 200 people there at the peak of the gathering – it got quite cozy in that relatively small room!  Still, a great night – thank you again to all the vendors who helped make it possible.

Things started winding down on Thursday, with many having just enough energy to checkout the entertainment for the week – Sheryl Crow and Don Henley.  Excellent food and cocktails were a welcome accompaniment to some fantastic music.

All in all, another excellent conference.  We look forward to the NonStop Technical Boot Camp that was just announced for San Jose Oct 14-16, and to doing it all again in Vegas next year!

Andrew Price

XYPRO Technology Corporation
HP NonStop Server Security
and Encryption Solutions

XYPRO Technology to Distribute Voltage SecureData Encryption Solution

Voltage’s FPE, Tokenization, and Masking solutions added to XYPRO’s comprehensive security offerings

XYPRO Technology Corporation, the market leader in HP NonStop server security, audit, compliance, and FIPS-validated encryption solutions, today announced that it would begin reselling the Voltage SecureData solution suite, to complement its existing NonStop security products.

Voltage SecureData is a comprehensive data-centric security solution, uniting end-to-end encryption, tokenization and data masking for the protection -- end-to-end – of sensitive information, including data subject to compliance, such as PCI DSS, and without impacting business process, work flow and applications. Leveraging patented technology and solution innovations, including Voltage Identity-Based Encryption™ (Voltage IBE™) and Voltage Format-Preserving Encryption™ (Voltage FPE™), Voltage SecureData is the most comprehensive data protection platform, securing data as it is captured, processed and stored across the variety of devices, operating systems, databases and applications. It is used by corporate enterprises, financial institutions, healthcare organizations, government agencies, utilities, retailers and service providers.

“XYPRO is extremely pleased to bring the Voltage SecureData solution to our customers,” said Andrew Price, director, Product Management at XYPRO. “As PCI, GLBA, Basel III, OCC, HIPAA, FISMA, FedRAMP, FERC, NERC and other compliance regulations continue to demand protection of sensitive data, our customers need a range of options for that protection. Voltage SecureData, with its support for Format-Preserving Encryption, tokenization and data masking is the most comprehensive enterprise-wide solution for end-to-end data encryption.”

"We are excited to add XYPRO to our list of global distributors. As the technology and market leader in data-centric security for the NonStop platform, this was a logical step for us, and we look forward to helping XYPRO customers meet their data security and compliance requirements,” said Jeremy Stieglitz, vice president of Business Development, Voltage Security.

About XYPRO
Founded in 1983, XYPRO Technology Corporation is the market leader in HP NonStop server security, audit, compliance assessment and FIPS-validated encryption solutions. XYPRO solutions meet the strict requirements of companies who manage, access and transport sensitive data using heterogeneous hardware platforms and multiple communications media. XYPRO helps mission critical businesses manage their security risks, protect assets and gain a competitive edge through compliance, while improving efficiency.
 www.xypro.com

About Voltage
Voltage Security®, Inc. is the world leader in providing data-centric encryption and key management solutions for combating new and emerging security threats. With innovative, powerful and easy-to-use encryption and tokenization solutions for protecting sensitive business data, Voltage customers are able to address privacy regulations and best practices from around the world. Voltage customers adopting data-centric encryption include some of the largest companies in the world across a wide variety of industries including payments, financial, insurance, medical, e-commerce and more. Voltage solutions include three groundbreaking encryption approaches: Identity-Based Encryption™ (IBE), Format-Preserving Encryption™ (FPE), and Page-Integrated Encryption™ (PIE). Voltage solutions have changed how enterprises protect their most valuable assets—their customer data. Offerings include Voltage SecureMail™, Voltage SecureData™, Voltage SecureData Payments™, Voltage SecureFile™, Voltage SecureData Web™ and Voltage Cloud Services™, which provides cloud scale encryption and key management for their businesses, partners and customers. The company has been issued several patents based upon breakthrough research in mathematics and cryptographic systems. To learn more about Voltage customers please visit voltage.com/customers.

###

Voltage Identity-Based Encryption, Voltage Format-Preserving Encryption, Page Integrated Encryption, Voltage SecureMail, Voltage SecureData, Voltage SecureData Payments, Voltage SecureData Web, Voltage SecureFile, and Voltage Cloud Services are trademarks of Voltage Security, Inc. All other trademarks are property of their respective owners.

Join XYPRO for Our Next Two Webinars Covering: Database Management and Security & Compliance Professional Services

Database Management  May 24, 2012 - 8:00 AM Pacific

Register Now


Database Management Solutions for the HP NonStop. XYPRO offers Merlon Software Corporation’s database management software solutions on a global scale. Merlon’s products provide companies who rely on NonStop servers for storing and processing vast amounts of data with the means to efficiently administer even the most complex database environments.  Join Ken Waterson (Merlon Software) and Kevin Boham (XYPRO) for a comprehensive overview of Merlon-The Total NonStop Database Solution.  Register Now.

Security & Compliance Professional Services - May 31, 2012 - 8:00 AM Pacific

Register Now

Security & Compliance Professional Services Webinar: The mission of XYPRO’s Professional Services group is to not only service what we sell, but to make the process as painless, efficient and robust as possible. From project management for our products and services to training and support, our aim is to ensure your operational readiness and security. Partnering with XYPRO Professional Services guarantees the products are effective, efficient and fully implemented.  This webinar will explain the benefits of leverageing the XYPRO PRO Services in detail, with additional emphasis on XYPRO’s PCI XPress Service, a comprehensive offering covering all aspects of PCI compliance as it relates to your NonStop server.  Register Now.

Barry Forbes

VP of Sales & Marketing

XYPRO Technology Corporation

www.xypro.com