XYPRO Announces Global Distribution Agreement with IdentityForge

XYPRO to exclusively distribute the IdentityForge Advanced Adapter for HP NonStop servers

SIMI VALLEY, Calif.--XYPRO® Technology Corporation, specialists in HP NonStop server software since 1983, have announced their agreement to become the exclusive worldwide distributors of the IdentityForge (IdF) Advanced Adapter for the HP NonStop server.

Centralized User Provisioning is becoming an important solution to enterprise security, and helps to reduce the risk of data breaches. Identity Management solutions are widely deployed in many enterprise environments, but prior to the IdF Advanced Adaptor for HP NonStop, NonStop, users could not be managed by those Enterprise Identity Management systems. The IdF Advanced Adapter provides an industry standard, enterprise LDAPv3 interface for User and Alias provisioning and reconciliation and native real-time, bi-directional identity synchronization between the HP NonStop server and your enterprise identity management infrastructure or external application.

“Becoming a worldwide distributor for the IdF Advanced Adapter is another step XYPRO has taken to further our global footprint and reinforce our position as a worldwide leader of HP NonStop server security software and solutions,” said Lisa Partridge, President at XYPRO.

Using the IdF Advanced Adapter, the Oracle Identity Manager for User Provisioning and Identity Management can fully participate with the HP NonStop server software. The same is true for RACF, ACF2, TOP Secret, RED HAT, Oracle Solaris, Salesforce CRM, or HP /UX – the IdF Advanced Adapter for NonStop is compatible with them all.

“IdentityForge is excited to be working with XYPRO Technology, the acknowledged leader in HP NonStop security. This partnership was a natural fit for us as we look to expand our footprint in the NonStop market, and other mission critical environments,” said Chad Cromwell, Chief Technology Officer at IdentityForge.

This release of the HP NonStop (Tandem) Advanced Adapter includes certified, “out-of-the-box”, integrated solutions for Oracle Identity Manager (OIM), Microsoft Forefront Identity Manager (FIM 2010), IBM Tivoli (ITIM), SAP Netweaver, CA Identity Manager, VOICETRUST Biometrics, the Dot NET Factory EmpowerID, and any other standard LDAPv3 Client or LDAP Adapter. Businesses worldwide are already benefiting from the HP NonStop Advanced Adapter by utilizing the Oracle Identity Manager (OIM) NonStop solution to automatically incorporate NonStop accounts into their existing Identity Management infrastructure.

Read more news at: https://www.xypro.com/xypro/resources/news

Barry Forbes

VP of Sales & Marketing

XYPRO Technology Corporation

www.xypro.com

From the CEO's Desk

It’s been a while since I’ve had the time to write this column because of how busy we have been at XYPRO over the last year.  In part, this was fueled by the HP decision to bundle our XYGATE Merged Audit (XMA) software with the HP NonStop Operating System Mission-Critical Edition software package.

While we cannot speak for HP or the NonStop product group, I can tell you that we have seen tremendous growth in the market for our products.  So much so, that we outgrew our website, our staff, and even our building.

After 26 years in the same building, taking over more and more space as other tenants moved out, we finally took over the last bit of space that was available to us.  We had another challenge; because of the great range of NonStop servers we support, we were about to exceed the maximum weight that our second floor computer room could support.

So this past November, over the long American Thanksgiving weekend, we packed up our bags and our systems and moved to a 15,000 square foot ground floor suite with a larger datacenter capable of supporting our accelerated growth.  This office is twice the size of the old one, positioning us for the future.

Some old-timers may remember that Jimmy Treybig tried for years to get the city of Cupertino to rename Tantau Avenue to Tandem Avenue.  Well Jimmy, we hope we made you proud because our new office is located on Guardian Street.  Even better, our new datacenter is non-stop, with redundant power, dedicated climate control and connectivity.  Now how cool is that?

As I said earlier, we also outgrew our staff, allowing us to hire from the outside and promote from the inside.  Lisa Partridge has assumed day-to-day responsibilities for XYPRO and was named President. Barry Forbes was promoted to VP, Sales and Jim Hinsch to architect.  We hired Andrew Price as our Director of Product Management, Rob Lesan as our Manager of Professional Services, Dave Teal joined as a pre-sales support and education specialist, Gabe Alvarez joined our Sales Team in Latin America and we even welcomed our summer intern, Rayna Burgess on as a full time member of our QA staff.  Most recently, we extended a heartfelt welcome to Mr Feng Lin to represent XYPRO in Asia Pacific.

Scott Uroff is still part of the management team as our Chief Architect, and several of our employees passed the new PCI SSC Internal Security Assessor Program (ISA).  At our upcoming internal Kick-Off event, one employee will receive a plaque in recognition of 5 years of service at XYPRO and three employees will receive their 10 year plaques.  Add those milestones to the 4 of us who already have our 20 year plaques and everyone in between!  All the better to serve our rapidly enlarging number of customers.

Our website is completely new too, with easier navigation to the information that you want to see, including access to our datasheets, whitepapers, and on-demand webinars.

I would like to move to our products for a moment.  HP understood for a long time that separation of duties is important to help prevent insider attacks.  This was the main driver for the multiple levels of security administration within the Safeguard security software.  But HP couldn’t fund every possible feature that customers wanted or needed, so XYPRO stepped up our game to help keep NonStop servers secure from hacking, even by insiders.

We like to say that we wrote the book on NonStop security (twice!), because it is true.  But we could only write the books after we spent a lot of time determining the current and future product functionality required for NonStop customers to be successful in their industries. At the time we didn’t think of it as predicting the future, but of course HP is now bundling some of our products within the NonStop OS to help protect our customers from the rise in cybercrime, so I guess we were.

And the insider threat has only gotten stronger, which is why XYPRO took separation of duties to its logical conclusion within XYGATE Access Pro.  Our peerless auditing capabilities within each XYGATE module, and collectively within our Merged Audit module, allow all NonStop server audit information to be sent to off-board and Enterprise audit logging solutions, such as those from ArcSight® an HP Company and  RSA® enVision.  XYPRO’s ability to work with virtually any of the SIEM devices and enterprise audit consolidators allows companies that use these systems to manage audit records generated by their NonStop servers, and preventing the audit from being changed after the fact.

We hope that you will visit with XYPRO staff either by attending a class or by coming by our booth at the dozens of HP NonStop server and security-related events that we attend all over the world.  We love meeting our customers so that we can better understand and serve your security needs. Remember to visit our blog, and follow us on our many social media channels, such as Facebook, Twitter, and LinkedIn.

Finally, while I cannot tell you who these companies are, or what the arrangements will entail, I am happy to announce that we are in the process of forging partnering agreements with several other vendors in the NonStop space. While Larry Ellison is trying to take out HP by dropping support for Oracle on Itanium, we know that HP has a secret weapon called NonStop SQL and we have the tools to properly secure this advanced database.  It’s certainly one of many reasons we are excited to be part of the NonStop community and intend to take full advantage of this evolving market.

No matter how you measure it, 2011 was our best year ever.  Revenue, customers, professional services, partners, products, head count - all grew at rates greater than previous years.  Important to our customers is that our expansion this year is based on executing long term growth plans.  So, as the economy continues to recover, we will have more solutions to protect your precious business information and reputation that will help grow the NonStop community beyond anything that has been seen before.

I hope that all NonStop community members join us and have as good a year as we have planned for ourselves.

Sheila Johnson
CEO, XYPRO Technology Corporation

XYPRO Opens New Headquarters

XYPRO Technology Corporation proudly announces the grand opening of its new, larger Headquarters located at 4100 Guardian Street, Suite 100, Simi Valley, California, 93063 USA.

XYPRO Technology has experienced tremendous growth over the past few years and is forecasting a continued positive growth rate for the next 5 years and beyond. We had been at our original Cochran Street location since 1986.

After expanding as much as we could there, we are excited to work every day in our new home. It was more than a great street name that prompted us to choose this particular new location, XYPRO employees enjoy the benefit of a modern, 15,000 sq. ft, ground floor suite, a larger datacenter capable of supporting accelerated growth with redundant power and connectivity. Our new digs also offer enhanced telecommunications and wireless infrastructure, expanded training/education and conference room facilities and room to grow……

The property at 4100 Guardian St. is a beautifully maintained, two-story, 136,000-square-foot office building built in 1999, on 10.3 acres in the foothills of Simi Valley, California.

XYPRO Presents: A Witham Laboratories Presentation:

PCI DSS - Lessons from the Field

If you were unable to attend our webinar on November 1st, please visit our website to view the recorded presentation featuring Dr. Sajal Islam, a Qualified Security Assessor (QSA) from Witham Laboratories, that focuses on what QSAs look for in a  when assessing PCI DSS compliance in a NonStop environment.  Witham Laboratories is a leading independent provider of information security evaluations, offering specialist consultancy and advice in payment industry security.

This Webinar provides specific scenarios from the field and covers the following:

•           Views and experiences gathered by Witham Laboratories from numerous PCI DSS assessments for NonStop clients.

•           A detailed breakdown of the PCI DSS with specific focus on how the PCI DSS requirements apply to the NonStop.

•           What issues and areas QSAs typically look for when performing PCI DSS assessments on NonStop.

Achieving PCI Data Security Standard (PCI DSS) compliance is critical for every organization that stores, processes, or transmits card holder data, from the smallest merchants to the largest card issuers.  In short, this Webinar will give you valuable information to help you with your next PCI DSS assessment.

View our recorded webinars here: https://www.xypro.com/xypro/webinars

Representatives from XYPRO are available after your viewing to help explain how XYPRO’s XYGATE suite of security solutions assist you in meeting your PCI DSS obligations.

                                                                                                                                                                                          

Barry Forbes

Verizon 2011 Data Breach Investigation Report – breaches down, or are they?

The 2011 Data Breach Investigation Report (DBIR) from Verizon (http://bit.ly/pt5xV9 ) now incorporates data from the United States Secret Service and the Dutch National High Tech Crime Unit as well as Verizon’s own data.  It is a comprehensive report, extensively covering data breach activity in 2010, and it draws some interesting, and sometimes almost contradictory, conclusions.

2008 saw a record number of 361 million records compromised, 2009 saw a reduction to 144 million, and in 2010 that number dropped to 4 million.  Hang on, 144 million -> 4 million?  As the report says, that’s almost a rounding error!  Not to say that 4 million records compromised is good, that’s still 4 million more than we’d ideally have to deal with, but it’s a pretty radical reduction.  So, one question might be “Why?”.  As it turns out, the main reason is that, for some reason, 2010 had virtually no “mega” attacks, which typically bump the numbers up by a million or more.  But let’s continue to look…

In actual fact, now that we are more than 9 months through this year, we know enough to determine whether 2010 was part of a long term trend of data breach reduction, or an anomaly.  And with Sony, Espilon, RSA and Citi breaches already behind us in 2011, the unfortunate news is that the numbers this year are likely to be back up.  In fact, numerous industry observers are now saying that 2011 is likely to be the worst year on record, in terms of number of records compromised.

So perhaps a better idea is to look at the trends indicated by the Verizon report, along with the knowledge of the 2011 breaches, to identify what we could and should be doing better.

One of the interesting facts from the Verizon report is that, even though total number of records compromised was (WAY) down, the actual number of breaches was up (761 in 2010, versus a total from 2004-2009 of 900).  This is partly due to the inclusion of the Dutch data, but it also shows that cybercriminals are now willing to perform their exploits for smaller returns, which itself is a little worrying.

Another interesting statistic - 83% of all attacks were opportunistic, meaning the victim was identified because they exhibited a weakness or vulnerability that the attacker could exploit.  Often these were due to POS and other systems being installed with default user information, which became known within the criminal community.  Put another way, closing down these relatively simple (and obvious) loopholes could drastically reduce the occurrence of data breaches.

The other 17% of attacks were targeted, meaning that the victim was first chosen as the target, then a method of exploitation was determined.  Unfortunately, but not surprisingly, the financial industry was most represented in the ranks of the targeted attack victims.

Following on from the targeted attack point, 96% of all records compromised were card numbers and/or card data, a truly worrying figure.

So, what can we learn from this?

We know from the number of attacks in the first half of this year that cybercrime is not decreasing.  Both the number of attacks, and the cost of those attacks, continues to rise.  Cybercriminals utilise opportunistic attacks for relatively small gains in many cases, and targeted attacks on financial institutions.  Card numbers continue to be stolen, in large volumes.

It remains critical to protect sensitive data, both at rest, and in transit.
• Use SSL and file encryption solutions when possible.
• Ensure that the platforms/applications receiving the sensitive data also protect it.
• Get to know the security administrators on those platforms and ask them to do the same with the applications/platforms they share data with.


Remove as many areas of opportunistic attack as possible:
• Don’t use default userids and passwords.
• Put granular access control and auditing in place.
• Feed your audit data (from all platforms and applications) into a SIEM device to get an enterprise-wide view of your security events.

XYPRO’s XYGATE security suite can address all these areas, and more.  For more information on how XYGATE can help secure your HP NonStop platform, applications and data, please see our website www.xypro.com, or email me at andrew_p@xypro.com

Andrew Price

XYPRO Technology Corporation

www.xypro.com

EDB Card Services AB Brings its HP NonStop™ Audit Into The Enterprise

SIMI VALLEY, California – XYPRO® today announced that, as part of its PCI-DSS project, EDB Card Services AB has successfully implemented its XYGATE Merged Audit (XMA) tool to integrate EBD’s HP NonStop™ servers with its RSA® enVision SIEM (Security Information and Event Management) system.

EDB Card Services AB, part of EDB ErgoGroup, is one of the leading payments services companies in Scandinavia. It provides a wide range of card-related services including issuing, acquiring, processing, switching, national card blocking etc. for banks and payment operators in Sweden, as well as greater Scandinavia and Europe.

XYGATE Merged Audit (XMA) gathers security audit data from various sources on HP NonStop systems (such as EMS, Safeguard, ODBC, BASE24, XYGATE tools, custom programs etc.) and intelligently merges the security audit data together to form a single SQL database. Log Adapters then export that data to almost any SIEM or central compliance repository. XMA provides extensive reporting capabilities as well as customisable real-time alerts.

“As part of our PCI-DSS (Payment Card Industry Data Security Standard) compliance project, we had to bring our HP NonStop security audit data into the enterprise” said Sissel Johnsen Head of Production & Operation at EDB Cards Services AB. “Our previous log tool wasn’t suitable, so we selected XYGATE Merged Audit, which has a far more user-friendly interface and gave us exactly what we needed in terms of collecting the necessary data from our NonStop systems.  XYPRO’s RSA Log Adapter  ensures all NonStop audit data feeds seamlessly to our RSA enVision SIEM.”

Barry Forbes, XYPRO’s VP of Sales and Marketing said, “We are very happy that EDB Card Services selected XMA as its PCI-DSS NonStop audit solution.  Since HP selected XMA in 2010 , as  the NonStop operating system recommended Audit Solution, we’ve seen a large expansion in our XMA customer base.  As our most recent European customer, we know that EDB Card Services will continue to enjoy the same security benefits and efficiencies XYGATE customers around the globe are accustomed to.”

About XYPRO

Founded in 1983, XYPRO Technology Corporation is the market leader in HP NonStop server security, FIPS-validated, cross-platform encryption, audit and compliance solutions.

www.xypro.com

Contacts

XYPRO Technology Corporation
Barry Forbes, 705-799-0247
VP-Sales and Marketing
barry_f@xypro.com

Cybercrime Costs Continue to Dramatically Rise

The recent HP-sponsored study on cybercrime costs (“The Second Annual Cost of Cybercrime Study”, conducted by the Ponemon Institute http://bit.ly/ql8JXP) produced a wealth of interesting and valuable data on the increasing costs of cybercrime.  Some of the key points of the study, which looked at a sample of 50 US organizations, included:

•         The average annualised cost of cybercrime to each company was $5.9M, ranging from $1.5M to $36.5M
•         These figures represent a 56% increase over the inaugural study conducted last year
•         The number of attacks increased by 45% from last year’s study.  The companies studied were affected by a total of 72 attacks each week – an average of 1.4 attacks per company per week
•         90% of all cybercrime costs were caused by malicious code, denial of service, stolen devices and web-based attacks
•         Average time to resolve cyber attacks was 18 days, with an average cost of $416,000 per attack – a 67% increase from 2010
•         Smaller companies are not immune from cyber attacks, and in fact these attacks cost smaller companies more on a per capita basis
•         Deploying SIEM solutions can mitigate the impact of cyber attacks.  Organizations with SIEM solutions in place realized a saving of 25% because of the ability to quickly detect and contain cybercrimes.
•         Companies that deployed a Governance, Risk and Compliance (GRC) program saw significantly reduced costs associated with cyber crime when companies that did not have a GRC program.  Average costs for the GRC group were $6.8M versus $9.4M for the non-GRC group

Perhaps the most interesting fact to come from the study was:

…recovery and detection are the most costly internal activities, highlighting a significant cost-reduction opportunity for organizations that are able to automate detection and recovery through enabling security technologies.

Reading between the lines of this summary, a few things come to light.  A large number of cyber attacks are “inside jobs”.  Malicious code, stolen devices and other forms of attack are only practical when conducted by insiders.  As such, putting controls in place within the enterprise is critical.  As mentioned in my last blog, ensuring that employees have the ability to do the tasks related to their jobs, and nothing more, is of utmost importance.  Tracking commands issued and security events at a granular level to allow for quick identification of cyber attacks is key to reducing the number and duration of attacks, and therefore the cost.  SIEM devices, whilst extremely useful, need to have data fed to them from all systems and applications in the enterprise to ensure early detection of issues. 

Additional methods of detection should also be considered – have critical files had attributes changed?  Have users been given access that they previously did not have? Have privileged programs, that may be malicious, been installed?

In the NonStop environment, only the XYGATE security suite from XYPRO provides all these capabilities, in an integrated, centrally managed solution.  XYGATE Access Control ensures that only the necessary levels of access to system resources are granted.  All commands and subcommands are audited.  XYGATE Merged Audit integrates consolidated audit data on the NonStop, to give a unified view of all security activity.  It optionally feeds that data to SIEM devices, allowing the NonStop to participate in the single view of the enterprise. 

Perhaps most importantly, XYGATE Compliance PRO monitors a wide range of data on your NonStop, and alerts you when aspects of your system configuration fall outside previously defined boundaries, including unauthorised PROGID’ed programs, users with unauthorized access and unauthorized files on system volumes. Compliance PRO can also compare files from one scan to another, alerting the security administrator if the file size changes, or if the security configuration from two systems that previously matched are now different.  

So, as the incidence and costs of cybercrime continue to rise, it becomes even more important to pay attention to your critical data and applications, and the users who are able to access them.  Automating as much of this process as possible is important in reducing the time for detection, and therefore the costs of these incidents.   XYPRO can help with this – please contact me at andrew_p@xypro.com or your local XYPRO representative for more information.

Andrew Price

Director, Product Management

XYPRO Technology Corporation        

www.xypro.com

*Be sure to complete our updated survey! You’ll be automatically entered for a chance to win a TouchPad. 

Please note that you’re still eligible to win even if you completed the survey last quarter. 

Simply click here : http://www.xypro.com/survey