- "I have evaluated/used many security products throughout my over 30 year career and Xygate is my favorite."
A Journey through Space & Security
May 08 2015
What a great conference GTUG turned out to be! Apart from the 200+ delegates taking part we were treated to a mesmerising presentation from the European Space Agency (ESA). There’s something very engaging about mankind’s journey into space; and especially when the story is about landing on a comet. No-one has ever done that before, except Bruce Willis in some crazy movie. Manfred Warhaut, ESA’s Head of Mission Operations recounted the 12 year mission of Rosetta to reach the comet 67P; its many revolutions around the sun to gain increasing speed and direction towards 67P, and then its road-runner style braking to almost walking speed so it could go into orbit around what they thought was going to be a potato-shaped comet. In the end it turned out to be more of a peanut. Not that this was disappointing in any way. The comet was chosen because it was pristine; it hadn’t been worn down by countless orbits of the sun; it represented life as it was at the very start of our solar system some 4.7billion years ago. The very triumph of the mission has to be the devices they planned for attaching the Philae lander vehicle to the surface of this peanut, where the gravity was so small they’d need all the help they could get. A mixture of screws in its feet, a harpoon under its belly, and a thruster rocket were all designed to help it stick to the surface. In the end bizarrely none of these worked, but the more important fact was that they landed; they actually landed. Soil samples showed complex compounds that we find on earth; it shows where we came from.
Which in a strange way brings me philosophically to the fact that we the delegates at the conference had so much in common; apart from all being made of stardust, there was a lot of common interests in the topics of the moment on HP NonStop. The press is increasingly talking about the hacking of information, whether it’s a Facebook account or some other personal items of interest that those unsuspecting souls would rather stay private. This is driving increasing interest in securing the increasing amounts of data that we store around the world, and how we can make it safe.
XYPRO was delighted to see so many delegates take an interest in our XYGATE Data Protection solution (XDP). Presenting our joint solution, Andrew Price, XYPRO’s VP of Technology and Anna Russell of HP Security Voltage educated and entertained the audience with their stories and examples of how NonStop Users can secure their system data against the hackers. The facts themselves are astounding; almost 80,000 reported security incidents worldwide last year; estimated losses to businesses of some $400million; 700 million records compromised; over 2000 confirmed data breaches. Not that data breaches will end any time soon. Andrew pointed out that they will continue; we have to accept this and instead focus on making the data itself of little value to the hackers.
I was pleased to speak with a large number of conference delegates about their plans and issues for nonstop in 2015, and where data protection fits in this picture.
Fortunately XYGATE Data Protection is helping business today to avoid these painful and costly scenarios. I think we are likely to keep seeing all the unfortunate stories in the press about data being stolen; the good news is that XYPRO can help.
For more information on XYGATE Data Protection and how we optimize the HP Security Voltage solution for NonStop servers, visit: XYGATE Data Protection (XDP)
XYPRO Technology Corporation
CISO Executive Forum – Free Coffee and Lemon Cake Included
May 08 2015
Top level security executives and CISOs gathered last month in San Francisco for the International Systems Security Association (ISSA) CISO Executive Forum. The quarterly forum, which was chaired by XYPRO’s Head of Security, Steve Tcherchian and UPS Director of Security and Risk Management Wayne Proctor, focused on “New Strategy and Technology Approaches for the CISO” and there was plenty to discuss on the topic.
The guest speakers for the exclusive event were a who’s who of Silicon Valley (and Seattle) industry big hitters including HP Chief Information Security Officer Brett Wahlin, the United States FBI, the always entertaining and controversial CSO of Cisco Systems – John Stewart and Starbucks CISO, Dave Estlick – free coffee and lemon cake tasting included.
Cyber-terrorism, insider threats, regulatory compliance, cloud, the internet of (every)thing and security intelligence were at the forefront of the dialogue.
In their respective sessions, HP’s Brett Wahlin and Cisco’s John Stewart discussed how intelligence plays a vital new role in how security is assessed in the enterprise. It’s estimated by the end of 2015, the planet will have generated more data in 1 year than it has in the past 5000 years combined. That includes all of last year. Think about that exponential growth.
With so much data being produced, HP’s Wahlin explained how it’s key to separate noise, which in some cases can be billions of events per day, from the actionable data. This filtering must be done at levels never previously attempted before, with the machines needing to learn behavioral patterns and then present and sometimes act on that data in an intelligent manner. You’re literally looking for a needle in a haystack while more hay is continuously being piled on top. Wahlin also discussed how getting creative with data sources and having the means (technology and staff) to intelligently aggregate and correlate that data allows for detecting anomalies that you may not necessarily be looking for. The evolution of the traditional SIEM in a sense.
As has been the ongoing case for quite some time now, regulatory compliance and protecting customer data was still a hot button issue. Whether its card holder data under PCI regulations or other types of customer data, the strategy of how to protect that valuable data went on throughout the day. This included solutions for endpoint protection and data tokenization to reducing or completely neutralizing the data to which a thief could get access. But with so many different solutions in the enterprise and having to understand and support multiple platforms, the CISO’s job becomes increasingly difficult as we try to identify our sensitive data and prevent gaps. An average enterprise can have upwards of 30 different security tools, most of which aren’t fully implemented (See our blog about Security on the Shelf) or if they are, provide overlapping functionality that the security staff didn’t necessarily understand. At the end of the day, it’s those gaps that can be exploited and that’s what keeps CISOs up at night.
In all, another valuable and successful face-to-face event by ISSA enabling CISOs from all industries to share information about their strategies, threats, and solutions in a candid, beneficial environment.
The next CISO Forum will take place in August in Las Vegas just ahead of the BlackHat Conference. The forum is a highly motivated, highly strategic cybersecurity event tailored for senior level security executives to interact with their peers. If you’re interested in becoming a member, please go to CISO home to review membership criteria and submit an application to join.
XYPRO’s Head of Security joins ISSA CISO Advisory Council
Steve Tcherchian, XYPRO Technology’s Head of Corporate Security, recently joined the ISSA CISO Advisory Council as a board member. Already a member of CISO Executive Forum, Steve now joins the board which is responsible for all aspects of the quarterly event including setting the content and theme about what’s important in cybersecurity, speakers and sponsors and overseeing partnerships for the forum.
The CISO Executive forum provides a venue for C level security executives to share concerns, successes and feedback in a peer only environment. The forum creates a unified voice to influence security industry vendors, standards and legislation.
“Joining a leadership position in ISSA not only shows XYPRO’s commitment to our customers’ security as well as our own security posture, but also allows XYPRO to give back to the community by contributing its 30+ years of experience in the security space” said Steve Tcherchian.
XYPRO Technology Corporation
XYGATE Merged Audit now supports both BASE24 & BASE24-eps!
April 08 2015
The ability to track and review all activity on the HP NonStop server is a requirement that is no small task as businesses must quickly identify suspicious activity. To help their customers meet these security standards, HP bundles XYGATE Merged Audit (XMA) with the NonStop Operating System.
XMA is an easy to use product that collects and filters data from various audit logs into a single, normalized SQL database on the NonStop, from which you can generate reports. It can also send that data via SYSLOG to integrate seamlessly with Security Information and Event Management (SIEM) devices.
As security in payments processing becomes more challenging, businesses must capture every event going on within their system while also trying to accommodate steady streams of new information, transaction, channels and technologies. XYPRO has created plug-ins for XMA that enable event capture for ACI BASE24 and BASE24-eps. With these plug-ins you get all the great features of Merged Audit:
• A single repository for audit data
• Acceptance of audit records from multiple sources
• Single-server or multi-server view
• A customizable reporting tool
• A filtering mechanism to extract selected data
• An event monitor can display any event or item in near real time based on customized filters built by the user
• User-definable alerts
These Plug-ins are available for servers running H–L Series versions of the HP NonStop Operating System.
XMA has been shipping as part of the NonStop security bundle since 2010, so chances are high that you already have XMA on your system. For more information about purchasing the BASE24 & BASE24-eps plug-ins, please contact your XYPRO Sales Representative. https://www.xypro.com/xypro/contact
Learn more about XYGATE Merged Audit at https://www.xypro.com/xypro/products/merged_audit