Raymond James Selects a Clear Standout for its Mission Critical Security Needs

Raymond James is a diversified financial services holding company with subsidiaries engaged in investment and financial planning, in addition to investment banking and asset management. As with any company that stores private, sensitive data, they required industry-leading security and audit solutions that would seamlessly integrate with their HP NonStop environment. “We had multiple challenges from multiple sources,” said John Anderson, Manager of the NonStop Engineering department at Raymond James.  “We wanted to enhance our overall security control on the NonStop, continue to meet specific privacy requirements from our internal and external auditors, and increase logging of user activity: All of these had to fall within our standard enterprise security model.”

After reviewing several security-related products, XYGATE emerged as the stand-out solution that could address Raymond James' comprehensive security and audit needs.

A Clear Standout

Raymond James turned to XYGATE Merged Audit to fulfill its requirements to increase its logging, monitoring and reporting of activity on the HP NonStop. In addition to being an industry leader with an excellent reputation and outstanding customer support, Raymond James selected XYGATE for its comprehensive security features and ease of use. The company also favored the solution’s simple integration.

Moreover, in Raymond James’ specific HP NonStop environment, the ability to send in SYSLOG format to its security data collection device is critical. “Each of the SIEM (Security Information and Event Management) solutions are fully supported by XYGATE Merged Audit with its ability to send all audit in SYSLOG format,” said Anderson. “We were able to confidently move forward with the XYGATE Merged Audit product knowing whatever choice we made for the SIEM, XYGATE Merged Audit would integrate with it.”

Benefits Across the Board 

 “Rule Based Security with the XYGATE Object Security has saved us an enormous amount of time and effort. A straightforward requirement from our auditors was going to require the implementation of hundreds, and maybe thousands, of complex Safeguard ACLs to meet this requirement,” said Anderson. “With XYGATE, we met the same requirement with a single rule. XYGATE Object Security makes it easier to design, implement, and maintain security for our NonStop servers.”

Anderson also notes that the overall security enhancement project using XYGATE has provided further management of the security environment on the NonStop. “The added control and oversight provided by XYGATE allows for requirements to be met and has afforded us peace-of-mind not previously enjoyed.”

 Looking Ahead

As with any change and especially the implementation of added security measures and controls, Raymond James is still learning XYGATE’s countless features and functionalities. “After meeting our initial requirements, we continue to find that new needs are also easily met with XYGATE,” said Anderson.

Moving forward, the company is reviewing additional XYGATE solutions. For their administrative needs, Raymond James is looking at the sophisticated capabilities of Safeguard Manager and for its compliance and integrity checking requirements; they are looking at Compliance Pro.

About Raymond James

Founded in 1962 and a public company since 1983, Raymond James is a diversified financial services holding company with subsidiaries engaged primarily in investment and financial planning, in addition to investment banking and asset management. Its stock is traded on the New York Stock Exchange (RJF).

Through its three broker/dealer subsidiaries, Raymond James Financial has more than 5,300 financial advisors serving 1.9 million accounts in 2,300 locations throughout the United States, Canada and overseas. In addition, total client assets are approximately $262 billion, of which approximately $33 billion are managed by the firm’s asset management subsidiaries.

Raymond James has been recognized nationally for its community support and corporate philanthropy. The company has been ranked as one of the best in the country in customer service, as a great place to work and as a national leader in support of the arts. 

www.xypro.com

XYPRO Announces HP CI-Ready Certification

XYPRO is pleased to announce its recent HP CI-Ready verification.  XYGATE Merged Audit (XMA) and XYGATE Compliance PRO have been validated in the HP Converged Infrastructure environment.

What Is HP CI?
The HP Converged Infrastructure helps businesses overcome the inflexibility and high costs created by IT sprawl to shift more resources to innovation and strategic initiatives – creating the ideal foundation for an instant-on enterprise. This is achieved through an architectural blueprint that eliminates silos and integrates technologies (e.g. servers, storage and network) into shared pools of interoperable resources – all managed through a common management platform and all based on standards and customer choice.

The result is a data center of the future, today, that delivers a whole new level of simplicity, integration, and automation whereby the IT environment is synergistically aligned to the needs of the business: Faster time to revenue; lower costs of acquisition and implementation; more quickly and flexibly respond to business changes; and, lower risks. And as your business grows, a Converged Infrastructure will accelerate your move to an Instant-On Enterprise. This type of organization shortens the time needed to provision infrastructure for new and existing enterprise services to drive competitive and service advantage.

What is Merged Audit & Compliance PRO?
XYPRO's Merged Audit and Event Monitoring module (XMA) collects data from multiple sources of Audit and intelligently merges them together to form a single NonStop SQL audit database. XMA will also deliver all collected audit data vis SYSLOG to remote logging devices or SIEMs.
XYGATE Compliance PRO enables you to easily research the state of security on your HP NonStop server, report on the information found, build policies that monitor the state of the security rules in your environment, compare your existing security against Best Practice and custom Policy recommendations, and verify the integrity of your system objects.

Learn more about HP CI by visiting www.hp.com/solutions/allianceone/ciready

To learn more about XYGATE Merged Audit and Compliance PRO, visit www.xypro.com

Lisa Partridge
XYPRO Technologies
www.xypro.com

Win an iPad!

At XYPRO, we are committed to not only improving our existing product line but also paying close attention to our customers’ requests.  We’ve always enjoyed an open communication with our customers and the market and in 2011 we plan even more dedication to that cause. One of the ways we’re doing that is through our Quarterly Surveys.  They’re short (5 questions) and painless. But what’s in it for you?  Well, besides helping us to continue providing you with the best HP NonStop security, auditing, Fips-validated encryption and compliance products on the market, you get a chance to win a shiny new iPad.  And unlike your odds for appearing on X Factor or American Idol, you have a great chance to win!  Give us your feedback at www.xypro.com/survey.

Hurry, drawing for the first quarter iPad winner is on March 9^th

Lisa Partridge
www.XYPRO.com

From The CEO’s Desk

As we look back on 2010, we see a year that’s had the most amazing changes to the NonStop platform’s security profile in many years.  By now, everyone should know that HP is bundling XYGATE Merged Audit (XMA) software in the HP NonStop Operating System Mission-Critical Edition software package. This means that many HP NonStop customers no longer need to ask for audit waivers due to missing security functionality.

The NonStop server now meets many more compliance requirements, making it easier to justify it as the core of any mission-critical application.  In fact, payment industry specialist and Qualified Security Assessor (QSA), Witham Laboratories, in cooperation with Knightcraft Technology, has created the most comprehensive HP NonStop Payment Card Industry Data Security Standard (PCI DSS) white paper in existence.

This document was created to assist HP NonStop users in their PCI compliance projects by showing how Safeguard and Guardian can be configured to meet PCI DSS and highlighting the requirements where compliance cannot be achieved without the use of third party solutions (solutions mentioned in the paper are from the XYGATE suite). For a copy of this document, visit www.knightcraft.com.

Because of our geographically diverse customer base, XYPRO sales reps and security specialists travel hundreds of thousands of miles a year so that we can support our customers, HP, and the many HP user groups around the world.  Last year, XYPRO had a presence at the HP NonStop Symposium, CTUG (Canada), BITUG (United Kingdom), OZTUG (Australia), SATUG (South Africa), SUNTUG, GTUG, OTUG, and many, many other regional NonStop User Groups around the world.

Additionally, we attended several other industry conferences, such as the PCI Europe Annual Meeting (Netherlands), ACI Customer Events in Asia, Africa, Europe and North America and as new members of PCI Security Standards Council (https://www.pcisecuritystandards.org) we proudly took part in both their European and North American Meetings.

While we also enjoyed success with our new Webinar series in 2010, attending conferences like the (incredibly successful) NonStop Symposium and EXPO in San Jose, is our primary way to meet directly with our customers.  Far more than a marketing opportunity, these conferences provide an in person forum for informal conversation, direct exchange of information with customers about what works, and what needs to be improved, and what new features and solutions they need so that they can ensure the security of the information on their HP NonStop servers.

What We See for 2011

We predict 2011 will bring as much excitement and good things as 2010. There’s a lot of talk and trends occurring, and we’re keeping our finger on the pulse. 

As we kick 2011 into high gear, we certainly plan to address these issues and more. So be sure to follow us on our Blog, Tweets, Facebook, LinkedIn or visit us at any of this year’s NonStop RUGs, HP Discover, ACI User Group Meetings, PCI Security Standards Council gatherings and other industry events.  We’ll keep our events page updated at www.xypro.com so keep checking back!

Also, be sure to fill out our short five question survey and be entered into our quarterly drawing to win an iPad.

Sheila Johnson
CEO, XYPRO Technology Corporation
www.XYPRO.com

Lessons from Data Breaches of 2010

SecurityWeek recently published “Lessons from the Most Interesting Data Breaches of 2010” and some of the article’s highlights may really surprise you. For example, the article states that there has been a 93.7% drop in the volume of data stolen from 2009 to 2010. An analysis from the Privacy Clearinghouse, a public database which records all breaches of personal and sensitive information belonging to US citizens, shows that about 230 million data records were taken in 2009 and only 13 million so far this year. It’s a positive number, but keep in mind that 2009 saw two major breeches with Heartland and the Veteran’s Administration. Of course, this drop also underscores the security investments companies have made over the past few years. Indeed, such efforts and investments have paid off in greatly enhanced security, helping to make data breaches extremely difficult.

Another interesting and key finding of the article touches on the value of data shifting from lower to higher. We here at XYPRO have seen this trend for quite some time! 

2 Key Lessons from the article
So, what can be done to avoid data loss and breaches as we move into 2011?  Below are two key lessons to consider:

1.    Enforce data is accessed only by authorized parties.  At a minimum, they should block access from former staff and from employees attempting to access data beyond their need-to-know level.

XYGATE customers easily achieve this role-based access control goal with the Access PRO software solution.  Access PRO functionality provides the core of a well-secured HP NonStop system. With this software in use, Individual accountability with full keystroke audits is achieved, while restricting each user to a list of authorized actions based on that user's job functions.

2.    Block access from any illegitimate application. Security controls should be able to block an unauthorized process (the malicious code). 

XYGATE customers rely on the ability to restrict all NonStop SUPER and Sensitive user access to “least privilege” based on multiple criteria, including IP address.

Like many of our clients who use XYGATE, you too can implement XYGATE for Role Based Access Control, keystroke auditing, and SSO authentication. FIPS validated encryption and automated compliance analysis completes the solution. Indeed, as we enter a new year, it’s a great time to reflect on where your security measures stand now, and what you need to do to safeguard yourself in the future.

Companies from across the globe have relied on XYGATE to cover all of their HP NonStop security requirements. In fact, XYGATE is used by six of the world’s top 10 bank processors*.

Click here to read the entire SecurityWeek article.
*As reported in the 2010 FinTech 100

The PCI Security Standards Council Updates PCI DSS (V2.0)

Changes are logging-focused & intended to help businesses improve compliance and security

The PCI Security Standards Council (XYPRO is a member) officially unveiled updated versions of compliance with changes meant to clarify the requirements organizations face. The changes are coming as a direct result of the feedback the PCI Security Standards Council has received, and should help your business with its security and compliance efforts.  

The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.

The key revisions cover areas such as log management and scoping the environment to understand where cardholders reside.  In fact, the council is pushing hard for centralized logging, stating that:

“If you don’t use a centralized logging facility your auditors will have to look in more places, and chances are, if they have to look in more than one place...you’ll wind up missing some of this stuff.  It is a "proven fact that every time we find a breach, it’s always found in the log.”

This change also coincides with HP adding XYGATE Merged Audit Software with every new NonStop server order. 

This centralization of NonStop Audit can also be sent Off-box to a centralized logging facility like HP's CLW and Arcsight offerings, meeting the Centralized Logging Facility requirement at the Enterprise Level.

There were also revisions meant to enable organizations to develop a risk-based assessment approach based on their specific business circumstances as well as changes designed to appeal to small merchants to simplify their compliance efforts.

The new versions will become effective Jan. 1. For more information, you can click here. 

For more information about the XYGATE Solution, visit www.xypro.com.

CTUG 2010

The much anticipated CTUG (Canadian Tandem User Group) has come and gone and, as expected, was a great success for all in attendance. Content for this year’s event was excellent with a great update from Randy Meyer on the state of HP NonStop, growth, and technology advancements. It is always great to hear from the proverbial “Horse’s Mouth” and also reassuring that HP NonStop is not only surviving, but thriving!

Naresh Bangia of AJB Software delivered an interesting and informative presentation on the exciting results of their port of .NET to NonStop. With a “Live” demo which included a “drag and drop” example of NonStop code to Windows that executed perfectly on both OS’s! All this with a weak signal on a mobile wireless internet stick that required some comedic and creative physical positioning within the conference room to maintain connectivity.

Jim Johnson of the Standish group also presented on their recent paper “Roadmap to the Megaplex” covering the overall CTUG theme of Modernization and showed just how profitable modernizing applications and utilities can be.

As always, the Q and A session highlighted some interesting facts and brought up many discussion points. Dick Bird, Michelle Bates, and Randy Meyer all provided answers which inevitably lead to more questions. The end to the Q and A session was achieved only by the enticement of the much anticipated CTUG prize draw where all 20 partners who participated in the “Passport to Prizes” program, HP Canada, and CTUG had donated fabulous gifts as appreciation to those attending the event.

XYPRO was among the 9 partner presentations which were held throughout the day and Kevin Boham provided modernizing insight on Security for the NonStop to an attentive and interactive audience.

CTUG and XYPRO were glad to welcome those out of province attendees from Quebec as well as the many faithful and new from Ontario. Their attendance from near and far indicates the continued need for NonStop events such as CTUG. With attendance nearing 140, CTUG had exceeded its capacity and were glad the Fire Marshalls didn’t pay an unexpected visit.

The day’s closing reception also kept the majority of attendees into the evening for some socializing, good food, and drinks to cap off an excellent day.

More indicative of the continued commitment to NonStop was the record attendance for the education day where CTUG had 44 registered students for a one-day class on Java Servlets/NSJSP in the NonStop.

As a CTUG board member as well as a Partner for the event, I now have the short term opportunity to decompress after months of planning and executing. …short term as XYPRO is planning their next attendance at a regional event… NENUG in the Boston area on November 9th.

Barry Forbes

XYPRO Technologies, Director of Sales, Eastern USA and Canada
President, CTUG