ITUG 2010 (also called The Connect NonStop Symposium and Expo) opened with an amazing dinner hosted by XYPRO at Scotts seafood restaurant in San Jose. Among the 130+ attendees was a real cross-section of the HP NonStop community. Aussies, South Africans, South Americans, Asians, and Europeans joined the North Americans for a most amazing 3-course meal with dessert and entertainment.
For those who managed to get out of bed on Tuesday, 499 other show attendees joined them at the San Jose convention center-and the mood was incredible. Everyone was happy to be back in San Jose at a NonStop show instead of in Las Vegas in the middle of Summer!
It was really heartwarming to some and interesting to others that even with HPTF (the heretofore-described show in Las Vegas), people came to this event. I personally know of several NonStop customers who never intended to come to San Jose but went to Las Vegas. They determined the NonStop symposium was the place to be and are here with bells on and very happy they came.
The San Francisco bay area is in the middle of a heatwave, so people can close their eyes and pretend that they're in Vegas, then open them up to see dozens of NonStop product managers, developers, and execs who find it a lot more pleasant to drive the 5 miles down highway 280 from Cupertino than to take a 90-minute flight to Vegas after waiting an hour in the security line.
What happens in Vegas stays in Vegas, but what happens in San Jose has a big influence in Cupertino, helping build better products for the best computer system in the world. And isn't that a grand thing?
Lisa Partridge
XYPRO
Tuesday, September 28, 2010
Friday, September 17, 2010
XYGATE Software Exceeds Regulatory Auditing Requirements for HP NonStop Systems
State of the art auditing & compliance solution to ship with latest HP Integrity NonStop operating system
(September 14, 2010) Simi Valley, CA – XYPRO Technology Corporation, a leading provider of security software and services for HP NonStop server environments, today announced its audit and reporting solution, XYGATE Merged Audit (XMA) software, will be included in the HP NonStop Operating System Mission-Critical Edition software package.
This XMA software addition will allow customers to better monitor the state of their mission-critical systems. XMA collects, filters, normalizes, and writes audit data from a variety of sources across dozens of systems in an HP NonStop system network. The software then writes data to a consolidated NonStop SQL database. These advances will allow security administrators to efficiently produce reports based on audit data from one or multiple sources, create real-time alerts for specific events, and feed many off-box central audit logging devices or SIEMs (Security Incident Event Monitor), such as the HP Compliance Log Warehouse (CLW), facilitating Integrity NonStop server participation in an Enterprise Security Program.
“Security has changed drastically over the last five years,” said Sheila Johnson, XYPRO’s CEO. “Starting in September, customers who purchase new HP NonStop servers running on the J Series or H Series platform will receive XMA on their system.”
HP NonStop customers who wish to upgrade their existing systems can purchase an OS upgrade package that includes XMA software and entitles them to new versions of the product going forward. XMA software also continues to be available for individual purchase and direct support from XYPRO.
“In the current climate, many businesses are under increasing pressure to comply with regulatory audit standards – all while protecting their mission-critical data and resources,” said Randy Meyer, Director of NonStop Product Management, Strategy and Technology at HP. “HP is working with XYPRO to provide clients with solutions that simplify risk management and increase effectiveness of system monitoring in complex information security environments.”
“Bundling XMA software as part of the OS distribution provides customers with greater consistency, significant savings, comprehensive audit consolidation, and reporting,” said Lisa Partridge, XYPRO’s Vice President of Sales & Marketing. “We are excited to work with HP to bring best-of-class security to the HP NonStop user community.”
(September 14, 2010) Simi Valley, CA – XYPRO Technology Corporation, a leading provider of security software and services for HP NonStop server environments, today announced its audit and reporting solution, XYGATE Merged Audit (XMA) software, will be included in the HP NonStop Operating System Mission-Critical Edition software package.
This XMA software addition will allow customers to better monitor the state of their mission-critical systems. XMA collects, filters, normalizes, and writes audit data from a variety of sources across dozens of systems in an HP NonStop system network. The software then writes data to a consolidated NonStop SQL database. These advances will allow security administrators to efficiently produce reports based on audit data from one or multiple sources, create real-time alerts for specific events, and feed many off-box central audit logging devices or SIEMs (Security Incident Event Monitor), such as the HP Compliance Log Warehouse (CLW), facilitating Integrity NonStop server participation in an Enterprise Security Program.
“Security has changed drastically over the last five years,” said Sheila Johnson, XYPRO’s CEO. “Starting in September, customers who purchase new HP NonStop servers running on the J Series or H Series platform will receive XMA on their system.”
HP NonStop customers who wish to upgrade their existing systems can purchase an OS upgrade package that includes XMA software and entitles them to new versions of the product going forward. XMA software also continues to be available for individual purchase and direct support from XYPRO.
“In the current climate, many businesses are under increasing pressure to comply with regulatory audit standards – all while protecting their mission-critical data and resources,” said Randy Meyer, Director of NonStop Product Management, Strategy and Technology at HP. “HP is working with XYPRO to provide clients with solutions that simplify risk management and increase effectiveness of system monitoring in complex information security environments.”
“Bundling XMA software as part of the OS distribution provides customers with greater consistency, significant savings, comprehensive audit consolidation, and reporting,” said Lisa Partridge, XYPRO’s Vice President of Sales & Marketing. “We are excited to work with HP to bring best-of-class security to the HP NonStop user community.”
Wednesday, September 8, 2010
From the CEO's Desk
We all know that the sun never sets on the HP NonStop server empire—especially in the financial industry. Worldwide, a large number of credit card and funds transfer transactions are either switched or cleared by NonStop servers. And since the bulk of those mission-critical NonStop servers protect their confidential information with XYPRO software, we felt that it was time that we had a seat at the payments processing table.
But rather than sitting back and listening, we wanted to have an active voice, to ensure that the needs of our users were addressed as new standards were implemented. To get that seat, XYPRO joined the PCI Security Standards Council as a participating member, which allows us to work with the Council to evolve the PCI Data Security Standard (DSS) and other payment card data protection standards.
Anyone who has read the PCI DSS knows that many of the requirements are aimed at so called “industry standard” servers and not big iron like the NonStop server. How many times have you been asked what anti-virus software is running on your server? Wouldn’t it be nice to stop hearing that question from your auditors?
In other news, the traditional NonStop Summit is back. Rather than hopping a plane to Las Vegas in summer, walking what seems like 4 miles from the hotel to the convention center every day, and fighting the crowds of gamblers and tchotchke divers hanging out at the Mandalay Bay, we get to be back among our own circle of friends just minutes from NonStop Central (or Cupertino, as Google Maps calls it). All of your favorite vendors have booths and are just as excited to be back in San Jose as I know all of you are. HP will be sending dozens of NonStop developers and product managers who can spend time with you to understand how to make their products better by meeting your needs.
In my last blog entry, I alluded to a number of exciting activities that I could not talk about—until now. If you’ve attended one or more Security SIGs, you’ll remember that the same requests get made over and over and every time HP recognizes that there are opportunities for improvement. Unfortunately, the development dollars just aren’t there to address every issue and HP needs to prioritize.
A substantial number of security upgrades have been made by HP, including longer passwords, better user management, a more secure password encryption algorithm, and so on. HP has been listening to you and over the past year, they quietly have been working to bundle selected third party products into the base NonStop OS.
At the summit, HP and XYPRO will jointly announce and demonstrate some of the most frequently requested security functionality being added to the NonStop OS at a low cost to customers. Current XYPRO customers don’t need to worry about past decisions or future support, since we have a migration path for you.
Watch for our press release later in September and be sure to drop by our booth at the Summit to see what’s cooking. If you just can’t wait, you can read Scott Uroff’s article in the July/August issue of Connect Magazine for a clue.
Before I close, I wanted to mention “The Most Significant Breach Of U.S. Military Computers Ever.” This has nothing to do with NonStop servers, or even HP. It began when an infected flash drive was inserted into a U.S. military laptop at a base in the Middle East. The flash drive's malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the U.S. Central Command. That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control.
It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary. There is only one protection against rogue software or a rogue user in the enterprise and that is encryption at a very granular level. It will take an attacker a lot longer to steal your information if they need to do it one small piece at a time as it is displayed on someone’s screen than if they can just download an entire unencrypted file in one shot.
Scott Uroff wrote an article in the January/February issue of The Connection magazine that can help you understand the importance of selecting the right encryption algorithm and how to properly implement it. If you have questions, Scott will be at the XYPRO booth and the Summit to answer them.
Don’t pick up an unknown flash drive and connect it to your network, but do come to the NonStop Summit. See you there!
Sheila Johnson
XYPRO, CEO
But rather than sitting back and listening, we wanted to have an active voice, to ensure that the needs of our users were addressed as new standards were implemented. To get that seat, XYPRO joined the PCI Security Standards Council as a participating member, which allows us to work with the Council to evolve the PCI Data Security Standard (DSS) and other payment card data protection standards.
Anyone who has read the PCI DSS knows that many of the requirements are aimed at so called “industry standard” servers and not big iron like the NonStop server. How many times have you been asked what anti-virus software is running on your server? Wouldn’t it be nice to stop hearing that question from your auditors?
In other news, the traditional NonStop Summit is back. Rather than hopping a plane to Las Vegas in summer, walking what seems like 4 miles from the hotel to the convention center every day, and fighting the crowds of gamblers and tchotchke divers hanging out at the Mandalay Bay, we get to be back among our own circle of friends just minutes from NonStop Central (or Cupertino, as Google Maps calls it). All of your favorite vendors have booths and are just as excited to be back in San Jose as I know all of you are. HP will be sending dozens of NonStop developers and product managers who can spend time with you to understand how to make their products better by meeting your needs.
In my last blog entry, I alluded to a number of exciting activities that I could not talk about—until now. If you’ve attended one or more Security SIGs, you’ll remember that the same requests get made over and over and every time HP recognizes that there are opportunities for improvement. Unfortunately, the development dollars just aren’t there to address every issue and HP needs to prioritize.
A substantial number of security upgrades have been made by HP, including longer passwords, better user management, a more secure password encryption algorithm, and so on. HP has been listening to you and over the past year, they quietly have been working to bundle selected third party products into the base NonStop OS.
At the summit, HP and XYPRO will jointly announce and demonstrate some of the most frequently requested security functionality being added to the NonStop OS at a low cost to customers. Current XYPRO customers don’t need to worry about past decisions or future support, since we have a migration path for you.
Watch for our press release later in September and be sure to drop by our booth at the Summit to see what’s cooking. If you just can’t wait, you can read Scott Uroff’s article in the July/August issue of Connect Magazine for a clue.
Before I close, I wanted to mention “The Most Significant Breach Of U.S. Military Computers Ever.” This has nothing to do with NonStop servers, or even HP. It began when an infected flash drive was inserted into a U.S. military laptop at a base in the Middle East. The flash drive's malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the U.S. Central Command. That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control.
It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary. There is only one protection against rogue software or a rogue user in the enterprise and that is encryption at a very granular level. It will take an attacker a lot longer to steal your information if they need to do it one small piece at a time as it is displayed on someone’s screen than if they can just download an entire unencrypted file in one shot.
Scott Uroff wrote an article in the January/February issue of The Connection magazine that can help you understand the importance of selecting the right encryption algorithm and how to properly implement it. If you have questions, Scott will be at the XYPRO booth and the Summit to answer them.
Don’t pick up an unknown flash drive and connect it to your network, but do come to the NonStop Summit. See you there!
Sheila Johnson
XYPRO, CEO
Friday, August 27, 2010
Product Spotlight: Safeguard PRO
SAFECOM is the original user interface to Safeguard, the native HP NonStop™ server security program. Both were developed at a time when highly trained HP NonStop technical staff managed HP NonStop security exclusively. However, today’s security requirements are not only more complex and scrutinized, but security is often managed by an information security department whose staff rarely consists of single-platform experts. Instead they are information security specialists with responsibilities across many different computer platforms.
Why Safeguard PRO?
Safeguard PRO brings together all the capabilities of the XYGATE Safeguard enhancement modules to offer you a single source for achieving your Safeguard-related security requirements. A friendly and intuitive user interface adds to the ease of use and allows the Security Administrator, whose responsibilities can span several computer platforms, to take care of the HP NonStop platform with ease.
What Do I Get with Safeguard Pro?
The XYGATE Safeguard PRO package consists of 5 integrated modules, each addressing specific Safeguard security requirements. Every aspect of Safeguard Administration, Audit, Authorization, and Authentication (including interfacing to LDAP) is enhanced and made efficient with XYGATE Safeguard PRO.
XYPRO’s Safeguard PRO is an enhanced Safeguard manage¬ment, configuration and reporting package that extends the capabilities of Safeguard with unrivaled user authentication, password quality and object security power.
How Do I Learn More about Safeguard PRO?
Click here to learn more. You can download free product information and view a product demo.
Why Safeguard PRO?
Safeguard PRO brings together all the capabilities of the XYGATE Safeguard enhancement modules to offer you a single source for achieving your Safeguard-related security requirements. A friendly and intuitive user interface adds to the ease of use and allows the Security Administrator, whose responsibilities can span several computer platforms, to take care of the HP NonStop platform with ease.
What Do I Get with Safeguard Pro?
The XYGATE Safeguard PRO package consists of 5 integrated modules, each addressing specific Safeguard security requirements. Every aspect of Safeguard Administration, Audit, Authorization, and Authentication (including interfacing to LDAP) is enhanced and made efficient with XYGATE Safeguard PRO.
XYPRO’s Safeguard PRO is an enhanced Safeguard manage¬ment, configuration and reporting package that extends the capabilities of Safeguard with unrivaled user authentication, password quality and object security power.
How Do I Learn More about Safeguard PRO?
Click here to learn more. You can download free product information and view a product demo.
Thursday, August 12, 2010
Donkey Rodeo SIG, London.
At the start of the recent BITUG (British Isles Tandem User Group) DR SIG in London, NTI’s Dave Ross asked the attendees to think about what the letters D.R. stood for, with prizes for the most creative suggestions. More on the results of that at the end.
As you’d expect from a DR SIG, the day was focused on Disaster Recovery or Data Replication as is becoming more commonly used, because of the multi-purpose uses for modern DR set-ups. The list of attendees was a little longer than usual, which I’m thinking is down to two possible reasons. The first could be that DR is a fairly hot topic and people want to keep up to speed. The second might have been NTI’s exclusive booking of a London Eye (huge Ferris wheel on the Thames) capsule for a post SIG hurrah. Either way, it was great to see a good turn-out.
By the end of the day, it was time for the D.R. Suggestions to be aired. Around ten made the final cut with Digital Renaissance being one, Demand Ransom was possibly another, but Deny Responsibility was deemed the winner! I can’t remember if the prize was a crisp £20 note or a Tandem T-Shirt, as there were a few mini competitions during the day. Either way, everyone went home happy, especially those with extra cash/clothing and those who got an invite to the post SIG London Eye trip.
The next BITUG SIG covers Migration and Solutions, 13th October.
www.bitug.com
Dan Lewis
XYPRO, Europe
As you’d expect from a DR SIG, the day was focused on Disaster Recovery or Data Replication as is becoming more commonly used, because of the multi-purpose uses for modern DR set-ups. The list of attendees was a little longer than usual, which I’m thinking is down to two possible reasons. The first could be that DR is a fairly hot topic and people want to keep up to speed. The second might have been NTI’s exclusive booking of a London Eye (huge Ferris wheel on the Thames) capsule for a post SIG hurrah. Either way, it was great to see a good turn-out.
By the end of the day, it was time for the D.R. Suggestions to be aired. Around ten made the final cut with Digital Renaissance being one, Demand Ransom was possibly another, but Deny Responsibility was deemed the winner! I can’t remember if the prize was a crisp £20 note or a Tandem T-Shirt, as there were a few mini competitions during the day. Either way, everyone went home happy, especially those with extra cash/clothing and those who got an invite to the post SIG London Eye trip.
The next BITUG SIG covers Migration and Solutions, 13th October.
www.bitug.com
Dan Lewis
XYPRO, Europe
Friday, August 6, 2010
XYPRO TECHNOLOGY CORPORATION joins PCI Security Standards Council as newest Participating Organization
XYPRO to participate in key standards setting body protecting payment cardholder data
FOR IMMEDIATE RELEASE
Simi Valley, CA/USA, August 6, 2010 —XYPRO Technology Corporation, a leading provider of data security software and services for HP NonStop Server environments, announced today that it has joined the PCI Security Standards Council as a new participating organization. As a Participating Organization, XYPRO will work with the Council to evolve the PCI Data Security Standard (DSS) and other payment card data protection standards.
The PCI DSS, endorsed by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc., requires merchants and service providers that store, process or transmit customer payment card data to adhere to information security controls and processes that ensure data integrity. More information on the council and the standard can be found at www.pcisecuritystandards.org.
As a Participating Organization, XYPRO will now have access to the latest payment card security standards from the Council, be able to provide feedback on the standards and become part of a growing community that now includes more than 500 organizations. In an era of increasingly sophisticated attacks on systems, adhering to the PCI DSS represents an entity’s best protection against data criminals. By joining as a Participating Organization, XYPRO is adding its voice to the process.”
“The PCI Security Standards Council is committed to helping everyone involved in the payment chain protect consumer payment data,” said Bob Russo, General Manager of the PCI Security Standards Council. “By participating in the standards setting process, XYPRO demonstrates they are playing an active part in this important end goal.”
“XYPRO is dedicated to helping businesses achieve unified security and compliance within their HP NonStop server environments,” said Sheila Johnson, CEO at XYPRO. “We are extremely excited to participate in the PCI Security Standards Council, as it further demonstrates our mission and commitment to closing the security gap.”
About PCI Security Standards Council
The mission of the PCI Security Standards Council is to enhance payment account security by driving education and awareness of PCI security standards. For more information, please visit www.pcisecuritystandards.org
About XYPRO
XYPRO Technology offers more than 27 years of knowledge, experience and success in providing HP NonStop information systems tools and services. Businesses that manage and transport business-critical data turn to XYPRO for a variety of solutions. XYPRO helps businesses to better manage security risks, protect assets and gain a competitive edge through compliance while improving efficiency. www.xypro.com
# # #
Media contacts
XYPRO Technology PCI Security Standards Council
Lisa Partridge Ella Nevill
805-583-2874 781-876-6248
Lisa_P@xypro.com enevill@pcisecuritystandards.org
FOR IMMEDIATE RELEASE
Simi Valley, CA/USA, August 6, 2010 —XYPRO Technology Corporation, a leading provider of data security software and services for HP NonStop Server environments, announced today that it has joined the PCI Security Standards Council as a new participating organization. As a Participating Organization, XYPRO will work with the Council to evolve the PCI Data Security Standard (DSS) and other payment card data protection standards.
The PCI DSS, endorsed by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc., requires merchants and service providers that store, process or transmit customer payment card data to adhere to information security controls and processes that ensure data integrity. More information on the council and the standard can be found at www.pcisecuritystandards.org.
As a Participating Organization, XYPRO will now have access to the latest payment card security standards from the Council, be able to provide feedback on the standards and become part of a growing community that now includes more than 500 organizations. In an era of increasingly sophisticated attacks on systems, adhering to the PCI DSS represents an entity’s best protection against data criminals. By joining as a Participating Organization, XYPRO is adding its voice to the process.”
“The PCI Security Standards Council is committed to helping everyone involved in the payment chain protect consumer payment data,” said Bob Russo, General Manager of the PCI Security Standards Council. “By participating in the standards setting process, XYPRO demonstrates they are playing an active part in this important end goal.”
“XYPRO is dedicated to helping businesses achieve unified security and compliance within their HP NonStop server environments,” said Sheila Johnson, CEO at XYPRO. “We are extremely excited to participate in the PCI Security Standards Council, as it further demonstrates our mission and commitment to closing the security gap.”
About PCI Security Standards Council
The mission of the PCI Security Standards Council is to enhance payment account security by driving education and awareness of PCI security standards. For more information, please visit www.pcisecuritystandards.org
About XYPRO
XYPRO Technology offers more than 27 years of knowledge, experience and success in providing HP NonStop information systems tools and services. Businesses that manage and transport business-critical data turn to XYPRO for a variety of solutions. XYPRO helps businesses to better manage security risks, protect assets and gain a competitive edge through compliance while improving efficiency. www.xypro.com
# # #
Media contacts
XYPRO Technology PCI Security Standards Council
Lisa Partridge Ella Nevill
805-583-2874 781-876-6248
Lisa_P@xypro.com enevill@pcisecuritystandards.org
Thursday, July 29, 2010
Security Breaches: Do Companies Need to See It Get Worse Before It Gets Better?
One would think that with all of today’s security standards and compliance requirements that data leaks and security breaches would be few and far between. Of course, one would be wrong to think that. Indeed, in the healthcare sector alone the numbers are staggering. In a recent report published by Healthcare Info Security the official federal list of major healthcare information breaches dating back to last September included 119 incidents affecting almost 5 million Americans. About 20 incidents were added to the list in the last 30 days.
The total of those affected by major breaches grew by approximately 1.5 million in the past month, primarily as a result of two large cases.
In one case, South Shore Hospital in South Weymouth, Mass. reported that unencrypted backup computer files containing personal, health and financial information on about 800,000 people may have been lost by a company that a Massachusetts Hospital hired to destroy the files. On the breach list, the business partner involved is identified as Iron Mountain Data Products Inc.
In the other case, WellPoint Inc., which owns Blue Cross and Blue Shield plans in 14 states, announced in late June that it was notifying 470,000 people who applied for individual health insurance coverage that their information may have been breached on a website.
Don’t Make the List
Organizations that suffer from security breaches can’t hide and pretend it didn’t happen. Under the Health Information Technology for Economic and Clinical Health Act's breach notification rule, which went into effect last September, breaches affecting more than 500 individuals must be reported to the Department of Health and Human Services' Office for Civil Rights and the news media as well as the individuals affected within 60 days. It’s definitely a list you don’t want to be on.
Get Informed & Get Secure with XYPRO
For more than 25 years, XYPRO has been helping businesses, including healthcare organizations secure their mission-critical systems and information. We help ensure that our customers never make lists like the ones mentioned above. You can learn more about how we do it from our webinar archive at www.xypro.com/webinars.
The total of those affected by major breaches grew by approximately 1.5 million in the past month, primarily as a result of two large cases.
In one case, South Shore Hospital in South Weymouth, Mass. reported that unencrypted backup computer files containing personal, health and financial information on about 800,000 people may have been lost by a company that a Massachusetts Hospital hired to destroy the files. On the breach list, the business partner involved is identified as Iron Mountain Data Products Inc.
In the other case, WellPoint Inc., which owns Blue Cross and Blue Shield plans in 14 states, announced in late June that it was notifying 470,000 people who applied for individual health insurance coverage that their information may have been breached on a website.
Don’t Make the List
Organizations that suffer from security breaches can’t hide and pretend it didn’t happen. Under the Health Information Technology for Economic and Clinical Health Act's breach notification rule, which went into effect last September, breaches affecting more than 500 individuals must be reported to the Department of Health and Human Services' Office for Civil Rights and the news media as well as the individuals affected within 60 days. It’s definitely a list you don’t want to be on.
Get Informed & Get Secure with XYPRO
For more than 25 years, XYPRO has been helping businesses, including healthcare organizations secure their mission-critical systems and information. We help ensure that our customers never make lists like the ones mentioned above. You can learn more about how we do it from our webinar archive at www.xypro.com/webinars.
Subscribe to:
Comments (Atom)
Posts
