# XYPRO Technology Corporation > HPE NonStop Security > Contact: pdurugkar@partneronecapital.com ### Posts #### "Everything that happens is ultimately my responsibility.” With Charlie Katz & Lisa Partridge ThriveGloabal, Jul 2020 – "Everything that happens is ultimately my responsibility.” With Charlie Katz & Lisa Partridge Everything that happens is ultimately my responsibility. Period. However, one cannot and should not do it all alone. No one person has all the answers and think of all the perspectives to consider when making decisions. As part of my series about the “How Business Leaders Plan To Rebuild In The Post COVID Economy”, I had the pleasure of interviewing Lisa Partridge. Lisa is CEO of XYPRO Technology Corporation, one of the country’s leading cybersecurity solutions companies. Thank you so much for your time! I know that you are a very busy person. Our readers would love to “get to know you” a bit better. Can you tell us a bit about your ‘backstory’ and how you got started? I started out on the sales side of the organization here at XYPRO, a software development and consulting services firm in Southern California. In small companies, everyone pitches in to help in every area and so I learned a lot about what’s involved in running a software company, supporting customers, coming up with product ideas, networking, etc. The market for our solutions was a relatively niche group that uses a particular “big iron” server for very high volume online transaction processing called an HPE NonStop server. Our customers are B2B, Fortune 500 companies that are part of the global financial & telecommunications infrastructure. Thanks to the vision of XYPRO’s founders, we pivoted our specialty focus to Cybersecurity in the early 1990s and were early players in the space. Other than a small blip in 1994, Our business grew slowly but steadily. I was given quite a bit of autonomy in how I built up the sales organization and distributor network, learning as I went, moving into an officer level role as VP of Sales and later promoted to company President. When the founders realized they wanted to retire, I was approached to gauge my interest in a management buy-out. In 2014 I became the CEO. Click here to read the full article. #### 10 Cyber Security Problems Nearly Every Organization Struggles With You don’t have to look far to find news of a major data breach these days. It seems as though cyber security is a term sitting front and center on many minds while malicious attacks continue to damage companies and corporations. But the consequences of cyber attacks don’t only affect corporate bottom lines. Lax cyber security affects all of us. The Colonial Pipeline breach in May 2021 resulted in higher gasoline prices, panic buying and local shortages after the company’s pipelines were shut down by payment-seeking hackers. You can spend all the money you want on antivirus, intrusion detection, next-generation filters and other technologies, but all this technology will be nearly useless if you don't focus on educating your staff first... Steve Tcherchian CISO, Chief Product Officer XYPRO Technology Despite the potential for disastrous results, some organizations are still struggling to treat cyber security like a business-ending, bottom-line financial threat. And the companies who do want to ante up still find it hard to keep up with the speed of cybercrime. So, what keeps information security pros and business leaders up at night? To get a better picture of the threats in the cyber landscape, we asked professionals in cyber security to share some of the most common cyber security problems they see. Read the Article #### 10 Reasons for Optimism in Cybersecurity Another data breach, a new virulent variant of ransomware, burnt-out employees, too little money, and too many threats -- the world of cybersecurity can seem grim. While there is no denying the prevalence of these challenges, there is reason to be hopeful. “When I think about optimism in cybersecurity, I really focus on people, process, and technology,” says Meg Anderson, CISO of Principal Financial Group. People are putting in the work to push cybersecurity forward. Processes are evolving to combat threats. With new technology comes the possibility of better defenses. Anderson and five other cybersecurity leaders share what fuels their belief in a bright future for their field. 1. Leadership buy-in Cybersecurity hasn’t always been recognized as an important business investment. It has a history of being sidelined and siloed as an IT-only issue. Leadership has become increasingly aware that cybersecurity needs to be integral to their organizations’ strategies. Buy-in across the entire leadership team means more awareness of and resources for cybersecurity. “C-suites and boards across industries are asking the right questions and acknowledging cybersecurity as a critical component of their business,” says Phil Venables, CISO of Google Cloud. 2. Individual awareness Executives and boards are more aware of cybersecurity, and so are individual employees and consumers. “We've definitely shifted the thinking that somebody else is going to fix this for us to knowing that we all play a part in keeping our information and our money safe,” Anderson observes. Human error remains a leading cause of breaches, making individual awareness and education an important part of basic cyber hygiene. Neil Jones, director of cybersecurity evangelism at Egnyte, has seen companies finding ways to incentivize employee participation in cybersecurity, such as gift card promotions for spotting phishing emails. “This has rapidly diminished the ‘us versus them’ mentality that many users previously experienced with IT security teams,” he says. Our industry will need to continue to invest in training programs, certifications, and educational initiatives to develop a skilled workforce capable of tackling evolving cyber threats, Steve Tcherchian CISO and Chief Product Officer XYPRO Technology 3. Cybersecurity education Cybersecurity awareness has grown in part due to the available paths in education. “When I first earned my designation in 2008, almost no one outside of the cybersecurity industry knew what my certification was, but today broad awareness of cybersecurity certifications is commonplace,” Jones shares. Anderson has also seen higher education introduce more options for cybersecurity degrees and training during the 15 years she has been in her current role. This continued trend gives hope that more people will be prepared to fill the much-needed jobs in cybersecurity. “Our industry will need to continue to invest in training programs, certifications, and educational initiatives to develop a skilled workforce capable of tackling evolving cyber threats,” says Steve Tcherchian, CISO, and chief product officer at XYPRO. Read the full article here #### 11 Cybersecurity Threats for 2020 (Plus 5 Solutions) i-Sight, April 23, 2020-- 11 Cybersecurity Threats for 2020 (Plus 5 Solutions) According to the 2018 Varonis Global Data Risk Report, 65 [percent] of companies use over 500 passwords that never expire. “These accounts have a higher risk of showing up in online password dumps with valid passwords. Privileged and service accounts with non-expiring passwords are a cyber criminal’s best friend,” says Steve Tcherchian, CISSP and Chief Information Security Officer for XYPRO. While “ensuring these passwords are stored properly, changed regularly, meet complexity and compliance requirements and are audited can be overwhelming to implement and manage,” companies can’t afford the potentially devastating data breaches poor passwords could cause. To mitigate risk, Tcherchian suggests using two-factor authentication. This simple change makes it much harder for cybercriminals to breach your systems. Employees might be hesitant to use it at first, but “until we shift our mindset and sacrifice a little bit of convenience for a massive amount of security, attacks on privileged credentials will continue and increase in 2020.” Click here to read the full article. #### 11 Cybersecurity Threats for 2020 Plus 5 Solutions I-Sight, April 23, 2020--11 Cybersecurity Threats for 2020 (Plus 5 Solutions) Password Attacks According to the 2018 Varonis Global Data Risk Report, 65 per cent of companies use over 500 passwords that never expire. “These accounts have a higher risk of showing up in online password dumps with valid passwords. Privileged and service accounts with non-expiring passwords are a cyber criminal’s best friend,” says Steve Tcherchian, CISSP and Chief Information Security Officer for XYPRO. While “ensuring these passwords are stored properly, changed regularly, meet complexity and compliance requirements and are audited can be overwhelming to implement and manage,” companies can’t afford the potentially devastating data breaches poor passwords could cause. To mitigate risk, Tcherchian suggests using two-factor authentication. This simple change makes it much harder for cybercriminals to breach your systems. Employees might be hesitant to use it at first, but “until we shift our mindset and sacrifice a little bit of convenience for a massive amount of security, attacks on privileged credentials will continue and increase in 2020.” ... Cybersecurity Solutions in 2020 1. Machine Learning for Prevention Machine learning (ML) and artificial intelligence (AI) are being used to streamline processes in nearly every industry these days. These technologies increase efficiency and reduce the risk of human error. For cybersecurity, ML and AI can help keep you ahead of ever-evolving schemes and scams. “The amount of data being generated is increasing exponentially,” says Tcherchian. “And the only way to keep up and identify threats is to allow machines to churn through data and trust they will detect the right concerns—then take appropriate action to combat the threat.” In 2020, Tcherchian explains, ML and AI will be the focus of cybersecurity research and innovation. Teams will use these technologies in tandem with human analysts to spot patterns and anomalies, boosting detection and prevention efforts. Click here to read more. #### 15 Questions You Need to Ask in Employee Satisfaction Surveys As many employees continue to work remotely and the modern workplace transitions to a hybrid environment, measuring employee job satisfaction becomes increasingly difficult. Previously, the physical proximity of working in an office brought teams closer together and allowed employees to feel connected to the company mission, while better understanding their role’s impact on overall company success. Now, with a distributed or hybrid workforce, it’s harder to recreate that sense of community and mission, which can leave a lasting negative impact on employee satisfaction. A year characterized by so much loss and change — 2020 — has reminded us that not every employee can be engaged at work 100% of the time. But, while your company probably conducts regular or annual surveys on employee engagement, you might not be measuring employee satisfaction as often or as accurately as you should. This important HR metric can help you identify when employee morale is slipping, so you can create meaningful initiatives to improve the employee experience and drive engagement. The key to creating an effective employee satisfaction survey lies in asking the right questions. To give you the tools you need to build a survey that helps you reach your HR and People goals, we’ve outlined what employee satisfaction is and how to measure it, along with some sample questions to help you create the most effective satisfaction survey possible. During [COVID], we geared our questions toward making sure employees had the tools they needed to do their job and added general check-in questions to better understand how our team was managing through the pandemic.   Melodie Bond-Hillman, PhD, Director of HR and Administration at  XYPRO Technology Corp. 15 Employee Satisfaction Survey Questions Ready to launch your own employee satisfaction questionnaire? In order to get the most out of your survey, you’ll want to include a combination of open-ended questions to collect employee feedback, and rating scale or Likert scale questions for quantitative answers. Rating-scale questions ask respondents to select a number from 1 to 10 (or another specified scale) that most accurately represents their response. Similarly, Likert scale questions have employees indicate their agreement or disagreement toward a given statement by selecting a response ranging from “strongly disagree” to “strongly agree.” Below, we’ve included a mix of all three question types, in all three of the aforementioned categories, to help inspire you as you create your own employee satisfaction survey. Role-Based Survey Questions  Do you find your work meaningful? Do you feel your role leverages your skills as much as it could? Do you feel well-compensated for your work? Do you feel you are growing professionally at this company? On a scale of 1 to 10, how would you rate your work-life balance? ‍ Interpersonal Survey Questions How much do you feel your coworkers value your opinions? Does your manager support you when you need it? How often does your manager invest in your professional growth? I feel my work is always recognized. I feel my manager values my opinions. Organizational Survey Questions  How satisfied are you working for our company? Would you recommend our company to friends and family? Why or why not? How open to change are we as an organization? How likely are you to look for another job outside of the company? If you could change one thing at the company, what would it be? To read the full article, please visit lattice.com. #### 2024 Top 5 Cybersecurity Predictions - Part One - Digital Resilience In this short video, XYPRO's Chief Product Officer, Steve Tcherchian introduces the concept of Digital Resilience. To see all of Steve's predictions for 2024 see the full article by clicking here. Prev 1 of 1 Next 2024 Top 5 Cybersecurity Predictions – Part One – Digital Resilience Prev 1 of 1 Next #### 4 Tips for HR to Reduce the Risk of Cyber Attacks Human Resource Executive December 22, 2020 - 4 tips for HR to reduce the risk of cyber attacks Recent cyber hacks on government and private employers should prompt HR leaders to ensure their data security defenses are up to snuff. Earlier this month, news broke of a massive, months-long cyber attack, likely carried out by Russia, that targeted the U.S. federal government and many private businesses, including Microsoft and dozens of its clients. On its face, the news may not seem directly connected to HR, but the dangerous hacks serve as a good motivator for employers to revisit HR data security matters, experts say. Recruiting, for example, presents one very specific vulnerability, according to Steve Tcherchian, chief information security officer at XYPRO, a cybersecurity analytics provider. “An organization’s recruiting functions are typically the entry point for outsiders—both legitimate job seekers and those looking to cause harm,” he says. “HR is on point to collect resumes and fill open positions.” This usually means, and especially now with no shortage of job seekers, that employers are fielding an influx of resumes and cover letters in a variety of formats, Tcherchian says. Attackers know this and can use the volume of job applications to their advantage. Often, he says, it’s easy for an HR recruiter to overlook clues and open an attachment or click on a link (often disguised as a LinkedIn profile) that could unsuspectingly infect a workstation or, worse yet, introduce ransomware or some other potentially damaging payload into the corporate network. With that in mind, Tcherchian says, HR departments should: Be hypervigilant about recruiting: Don’t simply open any and every attachment received from job applicants. Engage your IT and security departments for an additional layer of defense. Revisit policies and procedures: In particular, make sure your “Cybersecurity Incident Response Plan” is up to date and has been rehearsed. Everyone should know their roles. Have security teams review and advise on best practices for tool and application usage. Review and revoke access for employees on a periodic basis: Implement the policy of least privilege. Allow users only enough permission to do their jobs. For hackers, getting through the front door is easy. Don’t make their job even easier by allowing them to roam freely within the enterprise. “With the recent attack on government agencies, HR departments should heighten their vigilance regarding their processes, especially around candidate recruitment,” Tcherchian says. To read the full article visit Human Resource Executive.   #### 5 essential tips for protecting your online passwords   tom's guide November 10, 2020 - 5 essential tips for protecting your online passwords ... Use unique passwords Seriously. More than 80% of people use a single password across multiple websites, but reusing your passwords puts you at higher risk for falling victim to credential stuffing. That compromises your personal data and increases the likelihood of experiencing financial losses and identity theft. "Human nature is to make things easy for ourselves," said Steve Tcherchian, chief information security officer at California data-security firm XYPRO. "We don't like to be inconvenienced. We like fast, we like quick. Therefore, most users use the same or similar username/password combination for nearly all access to websites." Another way to mix up your username and password combos is to use multiple email addresses instead of relying on the same email for every single login. But you don't have to set up multiple email accounts to do this. Gmail and Microsoft Office 365 let you use "plus" email addresses for this purpose. So John Smith can sign up for Amazon with "john.smith+amazon@gmail.com" and sign up for Facebook with "john.smith+facebook@gmail.com", but messages sent to each address will land in the inbox of john.smith@gmail.com. Make your passwords stronger While you're creating unique credentials for each account, make sure your passwords aren't easy to crack. The most secure passwords are long and complex, which makes them more difficult to guess. Easy-to-remember passwords, in contrast, are extremely weak — even if they're unique. Here are a few ways to make your passwords more secure: #### 6 Ways to Recession-proof Your IT Career CIO.com, June 1, 2020--6 ways to recession-proof your IT career Tech leaders are known for planning ahead, and many foresaw a recession looming well before the coronavirus pandemic hit. The same forward-thinking approach that’s served tech companies as they’ve transitioned to remote work can also be applied to your career. Tech leaders say you should start thinking now about how to stay ahead of the curve. There are steps you can take to protect and advance your career in difficult economic times, including developing new skills and changing old habits. Progressive companies invest in their infrastructure in a downturn, and you can do the same by making good use of your time and seeking new opportunities. Here are tech leaders’ top tips for navigating downward turns in the economic outlook ahead. Be proactive Now is the time to make yourself visible and build relationships — before you need them, says Tommy Weir, a CEO consultant, whose firm Enaible uses AI to offer leaders advice on team productivity. “It can be tempting to sit back and be responsive, but this puts the control of interaction in others’ hands,” Weir says. “I urge tech pros to offer examples on the importance of building relationships with bosses and co-workers outside of the office, and how they’ve done this in previous jobs. Be proactive, be seen and get known. After all, organizations are social. And whether you like it or not, people that are liked get attention.” Get uncomfortable During the Great Recession during the late 2000s, Steve Tcherchian, CISO at XYPRO, took time to reinvent his career approach by brushing up on new skills. “I saw a huge opportunity to work on myself,” Tcherchian says. “I worked 20-hour days, stayed up all night studying, researching, experimenting and learning — knowing I might not immediately see a return.” Tcherchian used that time to transform himself into the person others rely on during difficult times. “I got used to bearing the responsibility, and it can be stressful,” he says. “But you’re not going to learn and grow from being comfortable.” Click here to read more. #### 7 Remote Onboarding Tips to Improve the New Hire Experience TechTarget.com September 23, 2020 -- 7 remote onboarding tips to improve the new-hire experience Onboarding new hires is one of the trickier aspects HR teams must face when using a work-from-home model. These seven tips on remote onboarding provide guidance. "Due to [COVID-19], many employees may be starting jobs in a remote environment for the first time, and special consideration must be made to help them adapt to working from home," said Melodie Bond-Hillman, director of HR and administration at XYPRO Technology Corporation, a cybersecurity provider based in Simi Valley, Calif. Even new hires in top managerial roles and with years of experience can find this new work reality challenging. 1. Maximize preboarding Your HR team can get most of the rote tasks completed during the preboarding process. "Use this time to complete as much of the paperwork as possible, and use an HRIS to allow employees to e-sign documents," Bond-Hillman said. Making the most of preboarding will enable you to focus on higher-value aspects of onboarding on the new employee's first day. "New hire paperwork should be launched the moment the employee signs the offer," she said. "We send offer letters out through our HRIS system which, once e-signed, triggers the onboarding and background check process to launch." 2. Prevent a negative experience ... To read the full article visit TechTarget.com. #### 7 Tips to Securely Work From Home How Not to Put Your Company at Risk By now, we’ve all heard the cliché of this being the “new normal”. Let me emphasize that there is nothing normal about the situation we’re in. The “new normal” is changing by the day, even by the minute. COVID-19 has forced most companies to send their entire workforce into isolation, quarantine, or whatever you want to call it. The fact is, starting this week, almost everyone that can work from home is working from home. This means we have people who have probably never worked from home before being forced to be productive remotely. Some businesses and industries will be able to adapt very quickly. There are others however, whose entire business model is based on face-to-face interactions. These folks will have to navigate operating effectively in the “new normal”. Those who figure it out quickly should not just survive but thrive. One thing is for sure, no business is going to be successful unless the employees become part of the solution. If your business is worried about employees taking advantage of the situation, how to compensate them for their time, or them not being effective remotely, you’re already behind the 8-ball. To navigate this new challenge, you need to rely on and trust your employees. Be employee-centric and customer-focused and your business will have two fewer things to worry about. The Lurking Danger Cybersecurity introduces a layer of complexity. Criminals love panic and chaos, and they’ll use every opportunity to exploit the situation. As we adapt and try to be productive while juggling kids and multiple spouses working from home, security can sometimes be the last thing on our minds. Criminals know that. Criminals love that. The bad guys are preying on security ignorance as much as they are exploiting your fear. We’re going to see more sophisticated attacks on the new mobile workers. They will not be the traditional attacks targeted at data theft, but rather more ransomware, disruption, and financial attacks. Since everyone is at home now, we lose some of the air cover provided by our IT departments and office systems. Now is the time to put everything we’ve learned, during our repeated security awareness sessions, into practice.   What can you do to ensure you and your company remain safe? Best practices still apply - These include all the security awareness training you were forced to take, videos you were made to watch. Those fake phishing emails you were sent were all for a reason. This is the time to apply everything you’ve learned about strong passwords, not clicking on ANY links in those phishing emails and text messages, not being  tricked into purchasing gift cards, or responding to bank wire requests from your “boss.”   Don’t let kids download games and apps onto your computer - If your job hasn’t assigned you a work laptop, you’re likely using a shared personal computer, one that the kids probably use for homework and games. Downloading games and apps, especially free ones, puts your computer at risk for viruses, malware, and ransomware. Nothing on the internet is free. Everything labeled “free” comes with baggage. Either you’re giving away private information, or it’s installing some other program behind the scenes. The safest option during this time is to get the kids their own computer. Or better yet, get yourself a new one. You don’t want a game or app your kids downloaded three months ago to be the reason your company’s network is now compromised.   Use VPN - VPNs (Virtual Private Network) encrypt traffic between devices. This provides a layer of security and anonymity. If it’s a corporate provided VPN, be careful how it’s used. Depending on the VPN setup, this could route all traffic from your computer or network through your company’s network. This includes internet traffic, web browsing, movie, and music streaming, etc...That said, VPNs are still one of the most secure ways to work from home.   Secure your Smart Devices - Install updates. Check your device app and install any available updates. Change default passwords. Most smart devices ship with an embedded default username and password to allow for quick configuration. Change these right away. Use 2-factor authentication. A second factor adds complexity to the authentication process and provides immense value in terms of addressing the risk. We’ve heard for years that 2-factor authentication should be turned on for everything, yet it’s rarely implemented. Turn it on for everything now, including your NEST thermostat, your iCloud account, your email. Turn it on everywhere possible.   Ensure you have Antivirus/Antimalware - This is another obvious safety measure but often overlooked. Ensure your antivirus subscription is current and your virus definitions are up to date. Having antivirus software installed with a subscription that expired 7 months ago doesn’t do you any good.   Don’t open emails from unknown senders - This applies more than ever. There is a rapidly growing number of fake Coronavirus-themed emails going around from criminals looking to capitalize on the crisis. The bad guys are preying on your fear and sending all sorts of scams related to the Coronavirus. The top spoofed organizations are the CDC  (Centers for Disease Control), the WHO (World Health Organization), HR Departments and emails from voicemail systems. Criminals are targeting voicemail systems because they know everyone is working from home. Remain vigilant and be 100% certain that the email is legitimate before opening it.   Follow these tips on how to spot fake emails: Examine the sender’s email address. Even though the sender’s name may appear legitimate, the sender’s email address may be completely different. Typos and poor grammar in the email are usually dead giveaways. Hovering over a link in the message shows a nonlegitimate website or one that contains typos - for example instead of www.disney.com you would see www.dlsney.com (i replaced with L). Demanding urgent action - this could be an email from your boss or someone else from management asking you to perform a quick action. Update and Secure your Router - This is something most people rarely think about or know how to do. Now that you’re home, this is more critical than ever. Follow these tips. Update your router’s firmware. Change your default password. Change your default WiFi network name. User a secure WiFi password. Use WPA2 encryption to secure your network.Don’t use WEP. Use a firewall if available. There are numerous other configurations and best practices to secure your home network, but this is a good start. We’re all trying to figure out how to effectively and securely operate for the next few weeks (if not longer). It’s inevitable that we will get enveloped in all the dire economic predictions, the chaos of trying to keep ourselves physically safe, while at the same time trying to run our business. BUT it’s critical to keep security at the forefront of our minds as well because there are people out there trying to exploit this situation. Focus on best practices, remain calm and collected. Following the recommendations above should at least provide a formidable barrier that will cause these criminals to look elsewhere. Steve's best practices remain calm and collected. Following the recommendations above should at least provide a formidable barrier that will cause these criminals to look elsewhere. #### 9 ways CSOs lose their jobs For top IT security execs, losing your job is remarkably easy. All it takes is a stupid decision, a simple oversight, or poor communication. CSOs work hard to protect their enterprises and careers. Yet all that hard work can disappear in an instant. All that’s necessary is a little inattention, a false assumption, or perhaps following some misguided advice. Are you planning to keep your job? Then learn the following nine danger areas to avoid. 1. Overconfidence Hubris can result in early career destruction, particularly when unproven yet popular security solutions are deployed. “This type of approach creates gaps in security, increases the risk of human error, and leads to a false sense of security among stakeholders — until something major happens, resulting in a catastrophic cybersecurity event,” Steve Tcherchian Chief Information Security Office XYPRO Technology Overconfidence can also lead to security complacency. “When individuals or organizations assume that their current security processes are sufficient, they fail to remain vigilant and can become vulnerable to new threats,” Tcherchian observes. As a result, security gaps go unnoticed and defenses become outdated. Read the Article #### A Day in the Life of a Chief Information Security Officer A chief information security officer (CISO) oversees organization-wide information technology (IT) security issues. These advanced professionals create data management and security policies, manage IT security workers, and introduce new technologies. Someone might become a CISO to earn more money and advance their career after gaining significant IT experience. The role offers high earning potential in an in-demand field. This page describes a day in the life of a chief information security officer. We cover typical duties, responsibilities, employers, and skills. We also briefly describe what it takes to become a chief information security officer. You must be self-motivated. You can't wait for things to come to you in this role. You must be proactive in your search for what lurks around the corner. Get good at networking, meet like-minded people, and put yourself in situations where you can be as strategic as you are technical. Steve Tcherchian CISO and Chief Product Officer XYPRO Technology CISOs work in nearly every part of the economy. Common work environments include the computer systems design, information, finance, and insurance industries. The management and manufacturing sectors also employ many CISOs. The job of a chief information security officer can change depending on company size and scope. With large organizations, a CISO may spend most of their time working with other executives on big-picture information security issues. In smaller businesses, a CISO may perform some of the hands-on technical work to keep their organization protected. Read the full article here #### A Software Engineer’s Guide to Cloud Migration Many organizations have a cloud migration strategy for their mission-critical workloads to offer flexibility, scalability, and business continuity.  There are many reasons for migrating to the cloud.  Modernization, getting with the times, attracting talent, increasing value, disaster recovery, reducing overhead, reducing risks, and saving money.  The list in favor of cloud migration gets longer as you begin to realize tangible benefits. For example, staying productive while your team is dispersed throughout the globe. There are challenges with communication, security and logistics; Zoom/Teams fatigue is a real thing. There are also new challenges in business continuity for companies that traditionally had a central office where everyone would get together, collaborate, and foster team culture. For a variety of reasons,  there can be “execution issues” or only moderate success with your migration. This is a result of scarce resources, outdated technology, financial limitations, and frequently, bad planning. Perseverance and applying lessons learned help with better outcomes the next time around.  At XYPRO we have already embraced the cloud. Years before the pandemic, we began leveraging cloud services across the company. Brush fires, pre-emptive power outages, and earthquakes interrupting various services accelerated the migration of our operations to DR sites for business continuity.    Additionally, XYPRO had already been using cloud solutions for ticket tracking and product documentation, as well as Slack and Teams for collaboration.  Then came the pandemic which compressed schedules and accelerated the adoption of more new technologies. We further migrated to SaaS tools for better collaboration on architecture and whiteboarding. We also replicated our source control management (SCM) systems to offsite, secure environments for flexibility and security. That last part was difficult to embrace because your company’s mission-critical applications and data are not within the four walls of your data center, but the landscape changed and we changed with it. Many cloud providers are diligent in making sure their environments are protected and isolated to avoid potential breaches.  The move to the cloud was not a straight line, but with a bit of thoughtful planning, we accomplished our objectives. We are a Security Software company; not only do we produce software to secure mission-critical environments but we also work with our customers to make sure they understand best practices. Our CISO and Chief Product Officer, Steve Tcherchian, speaks on various security topics and the massive harm of malicious actors. Therefore, it is important that when we migrated to the cloud we made sure that the cloud providers met our high standards for security. That security standard includes Single Sign-On with our Directory provider and most importantly;  Multi-Factor Authentication (MFA). Our providers must maintain their own “better than compliant” internal security practices, and we must be able to trust them for rapid responses to security concerns.  All these requirements factored into our decisions along with making sure we could collaborate from anywhere and in real time.   When the Pandemic struck, our entire company shifted to working from their homes.  Some team members started to migrate out of state and even out of the country as they chose to move closer to their relatives during this tumultuous time. While not all of our services had migrated to the cloud prior to the pandemic, the fact that we were proactive about moving critical systems out of the data center meant that we didn't have to worry about downtime affecting the entire company.  Obviously, outages can also happen in the cloud - consider some of the most recent Amazon outages and how many services were affected as a result. These interruptions, however, do not last for days. They do not impact every service you provide (if that’s the case, you have a different problem of all your eggs being in one basket). Engineers at XYPRO praise the migration and have remained productive and continue to collaborate.  Multiple team members editing diagrams in real-time while discussing them on Slack enables them to rapidly evolve solutions without the need for a formal meeting or a physical whiteboard. Using cloud SCM even when data center connectivity was down allowed them to continue developing and testing - within limits - but did not prevent them from progressing. The ability to provision necessary infrastructure through the AWS console enables developers to self-provision what they need with the support of our IT department while the data center virtual machines were unavailable.  As a result of our proactive migration to the cloud for mission-critical systems, our team did not miss deadlines, was able to stay productive, collaborated with each other, and delivered quality software on time. Fears of a distributed team were allayed and so we move forward embracing innovation and realizing growth.  #### Accelerate and Automate SAP HANA Security Compliance with Workload Aware Security Layer (WASL) from HPE and XYPRO In most mission-critical environments, SAP HANA is the lifeblood of an organization. SAP HANA (High-performance ANalytic Appliance) is a highly performant, highly scalable in-memory database that serves as a platform for enterprise resource planning (ERP) applications and other business workloads that need to analyze data in real-time. Hewlett Packard Enterprise (HPE) is the #1 system provider for SAP HANA* with over 40 percent market share—more than the next three vendors combined—and is the leader in deployments of SAP HANA appliances, tailored data center integration (TDI), SAP® BW/4HANA®, and SAP S/4HANA®. With nearly 25,000 customers and over 34,000 servers running SAP applications on HPE hardware HPE bring a unique understanding of SAP and SAP HANA environments for customers of all sizes and with all types of workloads. HPE understands the demand SAP HANA requires from server and storage environments to keeping mission-critical applications protected and secure, modernizing your digital core. Many organizations find it difficult to achieve and stay in compliance with the latest security and regulatory requirements with regard to SAP HANA. Evolving industry regulations put additional stress on security professionals to maintain system security policies. According to the Hiscox Cyber Readiness Report, over 70% of global organizations are not prepared to handle a sophisticated cyberattack. And the costs are huge—on average, a data breach costs an organization over $4.24 million. Add the more difficult to measure, but very real costs of data loss, customer trust, and reputation damage, and these figures quickly multiply. With the frequency of cyberattacks increasing and currently standing at approximately 100 million data records every day, you need to take action to protect your data. Consider the following: Are you confident of the security compliance of your business-critical workloads? Is your compliance level current to address evolving threats? Do you thoroughly understand the risks of your business operations and data? Security compliance for SAP HANA is challenging When deploying SAP HANA, adherence to the SAP HANA security guidelines is a monumental and expensive effort. The SAP security guide for hardening SAP HANA now exceeds 800 pages. This doesn't include hardening the RedHat or SUSE Linux operating system to meet Center of Internet Security (CIS) compliance benchmarks. HPE research has found that out-of-box Linux distributions are less than 50% compliant with industry standards. To achieve full compliance, organizations are required to harden systems with manual effort and scripts. Performing these processes manually across multiple systems in multiple locations is burdensome to IT teams as they are cumbersome, prone to human error, and can consume months of staff time to evaluate, remediate, deploy, and maintain security compliance. The Difference Maker: Automated security compliance with WASL With decades of expertise in securing the most critical and demanding IT environments in the world, XYPRO Technology, together with Hewlett Packard Enterprise has strengthened its mission-critical security offerings with a unique security compliance solution for Linux® and SAP HANA® workloads—Workload Aware Security Layer (WASL). WASL is designed to provide efficient, industry-standard compliance at the operating system and application levels. Unlike other products in the market that rely on security services or require manual effort and custom scripting, WASL automates the security compliance process. WASL reduces security compliance deployment time for Linux operating systems and SAP HANA® workloads from months to minutes. With a single click, WASL hardens both the Linux operating system and the SAP HANA workload to achieve over 90% security compliance. The remaining effort requires minimal input, such as a password or log file location.WASL unburdens IT, teams, fortifying the business, and lowering costs to achieve quick time to value. Through a single-pane-of-glass, WASL quickly assesses the security posture of your SAP HANA environment and exposure to threats. WASL’s intuitive, consolidated dashboard continuously monitors compliance for your operating systems and mission-critical workloads, a key activity, especially after an O/S update. WASL remediates non-compliant issues with a single click and, if needed, rolls back to a previous compliant version - something other compliance solutions cannot do. WASL is customizable - adding, modifying, and silencing rules in accordance with security policies specific to your country/location/industry. WASL can define roles such as user, administrator, policy officer, operator, security auditor, and more. WASL also generates audit reports. With such powerful security capabilities at your fingertips, costly third-party security services can be avoided, and the risk of fines and legal costs for non-compliance is mitigated. Ready to learn more? Ask for a free trial If you are looking to simplify and accelerate security compliance for SAP HANA on Linux (RHEL & SUSE SLES) across your HPE server environment, visit www.xypro.com/wasl or contact your HPE representative. #### Addressing Social Issues and Racism in the Workplace Zenefits, June 24, 2020-- Addressing Social Issues and Racism in the Workplace ... Hiring and promotion Disparities in hiring and advancement based on race persist among Black and Hispanic employees, a recent survey discovered. Prompted by Floyd’s death, Blind — an anonymous network of largely technology professionals — found that while 47% of White respondents think that upper management understands racial differences, only 34% of Hispanic and 19% of Black respondents agreed. When respondents were asked whether their ethnicity was reflected in upper management ranks, 76% of Whites said yes. Only 21% of Hispanic and 10% of Black workers responded yes. Black and Hispanic workers in the Blind study overwhelmingly felt underrepresented in their companies. However, better recruiting strategies might have changed the study results. Melodie Bond-Hillman, PhD, senior manager, HR and Administration at XYPRO Technology Corporation, told Workest that to attract diverse job candidates, her company recruits from as broad a talent pool as possible. She also cited training as a key factor in hiring and maintaining a diverse workforce and fostering employee social interaction. Click here to read the full article... #### After the CISO role: Navigating what comes next "It was a 24/7 job; there was no downtime," Zalewski said, adding that he used to describe his role as running a triage shop. "I constantly had people coming in that had been attacked. My job was not to make them whole but to understand how to limit the damage to that line of business and keep doing business. So not to put the fingers back but maybe just to save the arm." Coming down from that kind of nonstop stress takes time, Zalewski found. He cautioned that the first phase of life after the CISO role -- recovering and resetting -- could take three months, six months or a year. "You have to find who you are again," Zalewski said. "You have to reach the point where you're just happy to wake up in the morning and don't feel like you're back in the battle." "It gives them the ability to keep their skills sharp and stay on the edge of the newest technology without the never-ending pressure and accountability of a CISO role," Steve Tcherchian CISO and Chief Product Officer XYPRO Technology Then, reassess and reboot In the Heidrick & Struggles survey, just 17% of North American CISOs said they would like to retire when they leave their current roles. For his part, Zalewski briefly considered it. Read the article #### Amazon’s New Robot Could Give Some People the Creeps Amazon's new Astro robot is creeping out some observers, who say it's a potential invasion of privacy. The Astro is a Day 1 Edition product, meaning it's available via invite-only preorder, and will initially cost $1,000. It's cute-looking and uses voice-recognition software, cameras, artificial intelligence, mapping technology, and voice- and face-recognition sensors as it zooms from room to room, capturing live video and learning your habits. The convenience comes with a catch, though. "If you're worried about a robot mapping out your house—how many of you have a Roomba? We all already have webcams all over of house, so our private lives are already streaming to the cloud. We're all dependent on Amazon for everything. Alexa anyone? Bezos even knows what color socks you wear." Steve Tcherchian Rolling Companion Amazon says the Astro is meant to do everything from home monitoring to help you keep in touch with friends and family. "Astro uses its digital eyes on its rotating screen, body movements, and expressive tones to communicate," Charlie Tritschler, the vice president of products at Amazon, wrote on the company's website. "Its personality is also helpful—for example, it hangs out in places where it can be the most useful. For me, that's in the kitchen, where I'm typically asking for a recipe or sending Astro to tell my family that dinner is ready." Click here to read more #### Are your HPE NonStop Systems PCI DSS 4.0 Ready? Finding out is as easy as 1-2-3! HPE NonStop systems run the world’s financial infrastructure.  Vigilant security and PCI DSS 4.0 compliance is not optional.  The first step for any organization using HPE NonStop™ Systems is to understand what has changed in PCI DSS version 4.0 and how those changes apply to your environment. XYPRO’s white paper “XYPRO-HPE-NonStop-PCI-DSS-v4.0-Summary-of-Changes” will bring you up to date on the changes. The second step is to use XYPRO’s XYGATE SecurityOne Suite (XS1) for HPE NonStop™ systems monitoring. If you already have XS1 installed and monitoring your HPE NonStop systems or are interested in becoming PCI DSS 4.0 compliant, setting up a PCI DSS 4.0 compliance scan is as easy as 1-2-3! Step 1: Click the PCI DSS 4.0 “Schedule Scan” button Step 2: Define the systems to be monitored and the frequency of your ongoing compliance scan.   Select “Run Scan Now” to run an on-demand report. Step 3: View Your Compliance Scan Results  The circles at the top of the report represent the overall status for each of the 12 PCI DSS requirements. If the circle is Red, then one or more PCI DSS requirements failed.If the circle has a check mark, you passed all evaluated rules for that PCI DSS requirement. In the example below, Requirements 2, 7, and 8 are red.  At least one requirement failed. Expand the report and easily drill down for the details. Everything Passed All the requirements that were evaluated show a . From here you can easily drill down for the details, export the PDF report for Management or research the items that did not pass compliance, so the next scan is a success. XYGATE SecurityOne Compliance Reporting Saves Thousands of Hours Per Year Finding the key pieces of information necessary for audit reports requires “pulling” data from multiple systems and consolidating them into audit reports. This process is typically manual and can take months. XS1 compliance monitoring and audit reporting are automated. Reports are real-time. XYGATE SecurityOne Increases Staff Productivity Most organizations cannot allocate enough resources to proactively monitor their environment. Instead, security staff must devote time to investigating potential incidents - a very manual and time-consuming process of collecting, correlating, and searching through disparate logs. XS1 automates incident identification by correlating data in real time and highlighting actionable incidents that need immediate attention. Automation of investigation activities frees up nearly 80% of your staff’s time, allowing them to focus on proactive monitoring. Learn more about the benefits of XYGATE SecurityOne  For more information or to schedule a PCI DSS 4.0 readiness assessment, please contact us https://xypro.com/contact/ #### ATUG - The Revival Continues ATUG - The Revival Continues FILE - In this April 8, 2005 file photo, The Atlanta Braves, right, and the New York Mets stand on the baselines at Turner Field in Atlanta during opening day ceremonies. The Atlanta Braves are leaving Turner Field and moving into a new 42,000-seat, $672 million stadium complex in Cobb County in 2017. Braves executives John Schuerholz, Mike Plant and Derek Schiller said Monday, Nov. 11, 2013, that the team decided not to seek another 20-year lease at Turner Field and began talks with the Cobb Marietta Coliseum and Exhibit Hall Authority in July.(AP Photo/John Bazemore/File)   Once again ATUG version 2.0 thrives and continues to grow stronger, it is awesome to see the TUGS coming back to life. It is always great to go to Atlanta in September for the meeting. The weather once again shined on ATUG. The HPE NonStop (Tandem) community in the Atlanta area is still very strong and it was great to meet with the user community both old like myself and the new talent that ensures the NonStop lives on.   My name is Jay Price, I’m with XYPRO Technology supporting the sales team on covering the US and Canada. Previously, I covered the western US and attended a few TUGS that are still thriving however the size and growth that I have seen attending ATUG is very strong and great to see. As ATUG continues to grow it will soon be #1 on the list of events for the NonStop community to attend.     This year ATUG consisted of 10 vendor presentations including an HPE update and a user presentation. From HPE we were joined by Keith Moore, Master Solution Architect, who gave us an exciting look into the future of NonStop. His presentation was titled “Transforming your Digital Enterprise” and it was filled with updates on the Mission Critical Server Roadmap, vNonStop, Database Compatibility and what HPE has planned for the NonStop moving forward.   Our user presentation was given by Jack Bresnahan from TYSYS and provided the 70+ attendees with insight into how our country's credit and debit cards are processed. This intro led perfectly into Jack’s highlight on PCI compliance and its importance to the NonStop community.   The revival of ATUG began last year and some very special thanks go out to HPE’s Ken Goldman and Nelson Alvarez as well as XYPRO’s Dale Van Stratten for bringing this event back to life. They have managed to make this bigger and better and l look forward to seeing it continue to evolve and grow to meet the needs of the local community. It is also great to see the variety of NonStop vendors come out and support the event. This year the interest in ATUG has exploded, the number of users that attended prompted executive action. Yash Kapadia, the CEO of OmniPayments took it over in place of the planned presenter and wowed the crowd with OmniCloudX. Presentation slots are limited do to the timeframes available but support grows regardless.   After the presentations concluded all of the quests were asked to put their name badges in a bucket for an incredible drawing. The gifts provided by the vendors (presenting or not) were outstanding, the one standing out to me was the drone that was given out from NTI as well as many others. Like last year, a big thanks to the Home Depot for generously supplying a beautiful theatre for the revival and the technical support to keep it all going smoothly. The Home Depot again supplied the food and beverage throughout the day to keep us alive and chipper. Most of all a huge thanks to all the NonStop Users and vendors that attended, please continue to pass the word along so that ATUG continues to grow and expand.   I cannot wait to see what the plans for next year are and look forward to seeing everyone again at the next ATUG Revival. From things that I have heard they are looking at some additional format changes that will make this even bigger and better. With the content and excitement growing even bigger I really hope to see even larger crowds in the continued Revival of ATUG.   I would love to hear everybody’s opinion on this year’s Revival and would be glad to pass this information along. We can only get better as we continue to grow and any input only makes it stronger so feel free to share.   Jay Price XYPRO Technology Jay.Price@xypro.com   #### Audit all security-related activity & events. #1 - Top 10 List Because high-availability and fault-tolerant systems need strong security Finally, we’ve made it to the #1 spot on our Top 10 list! Before we get to that, though, just a reminder that the first nine HPE NonStop server security fundamentals cover some incredibly important aspects of NonStop server security and are vital for protecting your mission critical systems and applications—you can review the full list of Top 10 NonStop Security Fundamentals on XYPRO’s website. So what is THE MOST important fundamental? It’s simple really: #1: Audit all security-related activity and events Of course, auditing all NonStop security-related activity and events may seem easier said than done—especially when you have hundreds of thousands (maybe millions) of events occurring daily throughout your NonStop server environment. What you need is a really powerful software solution that allows you to track, filter, manage and report on all NonStop security-related activity. Good news: You already have the solution you need Fortunately, HPE has partnered with XYPRO to provide just such a solution to all HPE NonStop server users. Since August 2010, HPE has bundled XYGATE Merged Audit (XMA) with all new J-series and H-series HPE NonStop servers. So, if you’ve received new NonStop systems since August 2010, you already have the XMA software and licenses! Let’s focus on five key aspects of logging and auditing and the capabilities that XMA provides for HPE NonStop servers: Consolidate NonStop security event data. Security event data is created and stored in many places on a NonStop server which can make it difficult to monitor and report on security activity. To resolve that challenge, XMA merges multiple sources of NonStop audit data (for example, Safeguard, XYGATE, EMS, Measure, ACI BASE24® and/or HP’s HLR Telco solution) into a single NonStop SQL/MP database. This merged (and normalized) data can be used for security analyses, alerting, audit reporting and integration with enterprise Security Information and Event Management (SIEM) solutions, like HPE ArcSight. Note: an HPE NonStop SQL/MP license is not required for the XMA database. Create alerts on important events. Given the high volume of security events, users need some way to filter out routine activity so they can focus on highly important, unusual or suspicious activity. XMA has advanced filtering capabilities that use pre-defined rules and custom user-defined rules to identify important events. A GUI security event monitor is included with XMA, allowing users to monitor and be notified of events right on the desktop in graphical, acoustical and action-oriented formats. Users can also receive automatic alerts by e-mail or SMS. Run audit reports. Let’s face it, audit reporting can be a difficult and time-consuming process—yet it is extremely important. XMA enables easy creation of consolidated audit reports to comply with company policies and regulations such as the Sarbanes Oxley Act (SOX), Payment Card Industry Data Security Standard (PCI DSS), and the Health Insurance Portability and Accountability Act (HIPPA). Users can choose from a wide selection of report templates, use preformatted samples or design new reports for specific needs. Whether generating reports to the NonStop spooler or to a Windows PC, XMA allows the right information to get to the right people at the right time! Integrate with enterprise SIEMs. In today’s complex security environment, companies need a comprehensive view of security events and information—SIEM solutions, like HPE ArcSight, collect security information from many sources in the enterprise and use advanced analytics to identify threats and manage risks. XMA integrates with HPE ArcSight and other SIEMs , such as RSA envision and IBM QRadar, enabling the HPE NonStop environment to be part of an enterprise security management solution. Learn more about XMA at NonStop Technical Bootcamp. Please, join us at Bootcamp for the HPE sponsored breakout session, “Getting the Most out of XMA and XUA from the new Security Bundle”, presented by XYPRO’s Andrew Price and Rob Lesan. (Okay, this session isn’t really an aspect of auditing per se but it’s a great way to learn more about XMA, and, as a bonus, you’ll learn about XYGATE User Authentication (XUA) which was added to the NonStop Security Bundle last year). So that’s our #1 NonStop Fundamental—it can be summarized as “audit everything” to ensure complete visibility of security-related events on the NonStop. This is such an important aspect of security that HPE bundles XYPRO’s logging and auditing solution, XMA, with every new HPE NonStop server. Please make sure to take full advantage XMA’s power capabilities. For more information or help: More in-depth information and guidance on these security subjects are available in XYPRO’s NonStop security handbooks: HPE NonStop Server Security: A Practical Handbook and Securing HPE NonStop Servers in an Open Systems World: TCP/IP, OSS and SQL. You may also contact XYPRO for assistance. For over 30 years, XYPRO has provided NonStop security solutions and services that help companies protect their NonStop systems and comply with industry regulations (such as PCI DSS, HIPAA, and SOX). #### Bank Protects BASE24/XPNET Audit Files with XYGATE Data Protection Bank Protects BASE24/XPNET Audit Files with XYGATE Data Protection XYPRO has been working with our customers to implement XYGATE Data Protection (XDP) in a variety of different environments.  One of our customers, a top 10 U.S. bank, runs a sizeable BASE24 installation, over multiple HPE NonStop Servers and physical locations.   BASE24’s middleware component, XPNET, provides an audit feature, essentially a trace function, for troubleshooting and other support functions.  This customer uses XPNET audits extensively throughout their enterprise, and their PCI assessors noted that those files can contain sensitive data, including PANs, and must be protected according to PCI DSS 3.4 requirements. Encryption on HPE NonStop with no application code changes The bank, already an HPE SecureData (formerly Voltage) enterprise user on other platforms, had previously hesitated to implement SecureData on NonStop because of the perception that implementing it would require extensive code changes.  However, XYPRO’s XDP product, through its Intercept Library, provides access to all HPE SecureData functionality with zero code changes to the core application.  The XDP Intercept Library intercepts all I/O calls and transparently invokes SecureData to apply either Format Preserving Encyption (FPE) or Secure Stateless Tokenization (SST) to protect any sensitive fields in the data being processed. This results in no sensitive data being written to disk in the clear, and allows customers to meet PCI and other regulatory requirements, without making costly changes to their application. XYPRO tested XDP extensively with XPNET, requiring some careful engineering work with our own in-house BASE24/XPNET installation, as XPNET is supplied in object code form only, unlike most BASE24 components which ship with source.  While we were able to confirm that the vast majority of XPNET I/Os were already covered by the existing XDP functionality, there were a few unusual use cases that required some additional code in XDP. Sensitive data protected in multiple environments After that development work completed, we provided a new version of XDP to the customer, who were thrilled to have such significant concerns addressed and they have now gone live in a number of their environments.  The XPNET audit files, and the sensitive data they contain, are now protected, and the customer can move on with other business needs. Going forward, XDP will be used to protect other parts of the customer’s BASE24 environment, and we look forward to working with them on those projects. For more information on how XDP can help you address your data protection needs, please see the #3 entry in our Top 10 NonStop Security Fundamentals, XDP on our website, or contact your XYPRO sales rep.   Andrew Price andrew@xypro.com   #### Behind the Firewall: How 6 Security Execs Screen Vendors Between SolarWinds, Microsoft Exchange, Kaseya and a number of other supply chain attacks, businesses are lucky if a third-party compromise has not breached their systems. Malicious actors target vendors to maximize damage. Malware, ransomware or other infections spread through vendors and trickle into the networks of businesses buying the services, too. It poses a challenge for security leadership: How can the business defend against the risk associated with vendors while still accessing their services? "If you can't validate that your vendors take security as seriously as you do, continue looking." Steve Tcherchian CPO, CISO of XYPRO Technology In the wake of high-profile vendor attacks, Cybersecurity Dive asked security executives how they screen third parties to keep their networks secure. At a minimum, your vendors should be in lock step with the same security standard and controls you have in place for your own organization. They are an extension of your company and represent you. Therefore, vetting the security of your vendors is critical. Be ready with a standard security questionnaire/assessment that is similar to your company's security program. Make that part of due diligence of onboarding any new vendor. Just like you would do your due diligence in any other business transaction, security must be considered part of any vendor onboarding. Unfortunately, it's too often an afterthought because it gets in the way of doing business. It can't be treated this way because vendors are most targeted, and if something happens to them, it happens to you, as risk can no longer be deflected to third-parties without consequence. Click here to read the rest of the article #### Best of NonStop 2021 Have we become numb to the news of security breaches?  Unfortunately, the attacks on our businesses, personal lives and even global infrastructure are not slowing down. Cybercrime is up over 600% during the pandemic. According to Verizon’s 2021 Data Breach Investigation Report, 61% of cyberattacks targeted credential theft. This far surpasses personal, banking and payment card information which have been primary targets for years. The cybersecurity industry has responded with a variety of ways to  protect sensitive data with regulations, technology and awareness, which has forced attackers to look for easier targets, such as usernames and passwords. COVID-19 phishing scams continue targeting remote workers isolated from their day-to-day environments, making it easier to breach technical defences and compromise credentials. The good news? There is one simple, yet powerful action that can ensure 99.9% effectiveness against credential theft - implement multi-factor authentication (MFA). MFA adds a second factor to the authentication process before access is granted. This can be a key fob, token, short code or biometrics. There is no better time to implement multi-factor authentication across your critical applications, servers and services because frankly, if it's not there, then you’re already late. If we continue to delay, time will pass and there will be no excuses left, only breaches that could have been prevented. MFA  is already on your HPE NonStop server.  XYGATE User Authentication (XUA) is ready to turn on with no additional software or infrastructure needed and delivers industry standard, multi-factor authentication which integrates your NonStop environment with enterprise authentication providers such as Microsoft Active Directory, RSA SecurID, Google Authenticator, and many others. Visit our website to learn more about XUA and XMA, both included on your HPE NonStop servers. XYPRO and HPE Expand Partnership to provide ZERO Trust to HPE NonStop In 2021 XYPRO announced the expansion of a decades-long partnership with Hewlett Packard Enterprise (HPE) to deliver XYPRO’s entire suite through HPE NonStop systems. HPE NonStop systems, which tackle mission critical environments requiring 100% fault tolerance, are now available with expanded XYPRO Zero Trust solutions for threat detection and security management. This partnership expansion extends availability of database management, security and integration technology to help customers implement Zero Trust to protect their mission critical environment and includes XYPRO’s flagship product – XYGATE SecurityOne, a patented security, compliance and threat detection platform and XYGATE Identity Connector, the first and only SailPoint and CyberArk integrations for HPE NonStop systems. HPE NonStop customers can now be fully integrated into the enterprise with ZERO Trust security.  NonStopTBC 2021 - Must-See Sessions This year’s NonStop TBC focused heavily on HPE’s commitment to security and providing modern, innovative methods for securing HPE NonStop servers. Not surprisingly, Zero Trust security topics dominated several sessions, and as the most complete provider of Zero Trust security for the HPE NonStop environment, XYPRO was the predominant solution. Everyone wanted to hear more.  Connect and HPE pulled off making the last-minute move from in-person to virtual. With so many sessions to choose from, it was impossible to see everything in real-time.  Here are some of the best security sessions & database:  TBC21-601 - HPE Pointnext Security Services - Learn about the security services that are included in the Service Credits menu, and how HPE Pointnext Services and XYPRO help customers secure their NonStop Servers. TBC21-X05 - See SecurityOne (XS1) in Action - managing security through a single pane of glass offers viewers a look inside XYPRO’s security intelligence, threat detection and analytics platform that uses a secure browser interface and patented contextualization technology to detect potential attacks BEFORE they become harmful breaches. TBC21-603 - XYPRO Product Family Now Available Through HPE - provides an overview of XYPRO’s ZERO Trust suite of security and compliance tools available directly from HPE. This partnership exemplifies XYPRO’s innovation commitment addressing the challenges and requirements of NonStop customers.. TBC21-405 -  Advanced Database Management with SQLXPress - A must for ANY application environment, this presentation highlights how SQLXPress from XYPRO is gold standard, secure database management. HPE product manager Roland Lemoine demonstrates productivity and best in class performance for your database and applications.. TBC21-607 - XYGATE SecurityOne  -  3 1/2 hour, deep-dive Education Session demo of the configuration and operation of XYGATE SecurityOne. Presenters Dave Teal and William Ferrara give viewers the skills, tools and strategies to take advantage of this comprehensive solution to secure and monitor their enterprise through a single pane of glass. We wrote a whole article about the Top 10 sessions at NonStopTBC 2021 - read it here. Enterprise Integration for your HPE NonStop Workloads - SailPoint, CyberArk and Servicenow XYPRO has partnered with cybersecurity industry leaders SailPoint, CyberArk and Servicenow to provide the first and only SailPoint and CyberArk certified integrations for NonStop.  XYGATE for CyberArk integrates your HPE NonStop servers with your CyberArk Password Vault and Privileged Session Manager, closing the security gap by providing privileged account management, session visibility and hardening in the privileged access management process using NonStop emulators, such as OutsideView.  Most NonStop environments also have SailPoint IdentityIQ in their IT ecosystem.  Adding the integration with SailPoint IdentityIQ enables user governance, provisioning, automation and reconciliation of HPE NonStop user accounts directly from SailPoint.  Ensuring employees have the correct access to the right business applications and IT resources is a critical requirement with which many companies struggle.  Current solutions for requesting and managing user access are inefficient, manual, complex, and outdated. Governance is often an afterthought, leaving enterprises vulnerable to security risks and exposed to compliance issues. Many organizations are using CyberArk and SailPoint to manage their technology assets. These solutions, which are now fully integrated with HPE NonStop, allows businesses to automate a growing technology landscape while addressing security and compliance risk. XYPRO’s certified integrations provide complete control over who has access to your NonStop servers from your enterprise CyberArk and SailPoint instance.These integrations secure your environment against credential theft and adds a very critical layer to your ZERO Trust security model.  This year especially, we have seen too many breaches targeting credentials and privileged accounts, and if we don't shift our focus, we will  see these types of attacks continue into 2022. Passwords are archaic. The way to combat this risk is introducing a second factor for authentication. A second factor adds a layer of complexity to the authentication process and provides immense value in terms of addressing the risk. We’ve heard for years that multi-factor authentication should be turned on for everything, yet it’s rarely implemented. Until we shift our mindset and sacrifice a little bit of convenience for a massive amount of security – these types of massive, high profile attacks will only continue to increase.    #### Big Breaches, Big Data, Big Context - How to Empower the Next Generation of Security Threat Detection Big Breaches, Big Data, Big Context - How to Empower the Next Generation of Security Threat Detection It can take months or even years before a data breach is detected. The latest statistics from Ponemon Institute's 2018 Cost of Data Breach Report outlines that it takes an average of 197 days to identify a breach. That means someone is in your network, on your systems, in your applications for over six months before they’re detected, IF they’re detected. That’s six months! On the higher end of the same report, there are companies that have been breached for years before they realize it. For example, sources indicate the Marriott data breach occurred back in 2014, but it was not disclosed until 2018. The scale of that breach is still being evaluated and it seems to get bigger and more impactful as more information is discovered. Why is this the case? Most companies have all the hardware and data they need to detect a breach. All of the attackers’ activities are in the audit files, log files and other sources of data required by security frameworks and compliance policies to gather and store. Yet it still takes six months to detect. It all comes down to the data. In 2019, data is being generated at a volume and velocity never seen before. Some have estimated that we will generate more data this year alone than in the past 5,000 years combined. To put this into perspective, on a daily basis: 500 million tweets are sent 294 billion emails are sent 4 petabytes of data are created on Facebook 4 terabytes of data are created from each connected car 65 billion messages are sent on WhatsApp 5 billion searches are made Now factor in all of the network devices, wearables, IoT devices and sensors, cameras, drones, blockchain and everything else, it is easy to see how much new data is being generated. Now pair that with your organization and its infrastructure, applications and people, and it all starts to come together. Hackers know this. They use this extreme volume of data as cover. If they can be patient and hide their malicious activity in the immense volume of data to make it appear as innocuous user behavior, chances are their activity will go undetected for long stretches of time. It is becoming harder and harder for humans to search through all of this data to find a needle in a haystack while more hay is being piled on. In 2018, the average cost of a breach was nearly $4 million US dollars. Like an undiagnosed illness, the longer a data breach remains undetected, the more damage it can cause. For larger organizations, that number can be in the tens of millions or larger. For a small business, a data breach could be the difference between staying in business and having to close its doors. Unfortunately, small businesses are often unaware they've been compromised until another party informs them. For example, this can happen if a financial institution discovers a sudden rise in cardholder fraud and traces the source back to a single merchant.  More than 70 percent of attacks target small businesses, and an estimated 60 percent of those that experience an attack will likely go under within six months. Businesses that operate in the retail, food and beverage and hospitality industries are the most susceptible to a compromise. One third of small businesses do not have the right tools or resources in place to protect against a breach. Again, attackers know this and use it to their advantage. Small businesses are low hanging fruit, that is why we have seen such a sudden spike in ransomware attacks. The necessary protections are missing,making it far too easy to get in, get the money, and get out. Attackers ask for a ransom that is just large enough to make it worth their time, and damaging enough to make any business owner give security a serious thought. Beware of the Insider - Everyone Has a Price How are these breaches occurring? The same Ponemon study found that a majority of the attacks are from external cyber criminals, but interestingly enough, the next largest percentage was through malicious insiders. These are employees who have responsibilities within an organization who are misusing their trust or access. It's important to be aware of this type of threat because they are typically very difficult to detect and often take a long time to discover. The malicious insider threat is hard to detect because we typically trust our employees. If an employee is working with sensitive data as part of their job, it’s very difficult to determine if they are doing anything malicious with the data. Even if you suspect malicious intent, it’s easy for employees to claim that they simply “made a mistake” and get away with it. It is almost impossible to prove guilt in these cases. It’s pretty easy for tech-savvy employees to cover their tracks. What Motivates the Malicious Insider? Being aware of certain factors and indicators can help  determine if you have a malicious insider threatening your organization. Is data being accessed, copied or deleted when there is no business justification? Is data being transferred out of the organization through file uploads, email and/or physically on media? Are changes to access occurring for file locations or inside of business applications that have no business justification? Are deactivated or terminated employee accounts being activated? Are unauthorized areas being accessed? Every one of these activities by themselves could be benign. This is where we need context to help paint a broader picture. Malicious insiders are often driven by greed, anger, lack of recognition, ideology, ego, financial need, compulsive behavior and much more. This is context. Look at all these different factors, characteristics and behaviors, and then see if a pattern emerges. It could be that they are just ambitious. Context will help you recognize the difference. What is Context? Let’s strip away the technology aspect and focus on context itself.  Context is any information about any entity that can be used to reduce the amount of reasoning required for decision making. Ultimately context transforms data into hopefully useful information. Context is something we use in every part of our lives, particularly in language. For example, every word in this article is data, and you’re using context provided in this article to transform language into information about context. In terms of language, there are two types of context: cultural context and situational context. Cultural context consists of attributes such as personal backgrounds and experiences people have gone through, their roots and heritage, the history of themselves, their family, their culture, etc. Situational context takes into account who is involved in the conversation, the background of the participants and what they bring, the theme of the conversation and where the conversation is taking place. The combination of these types of context markers is what is referred to as universal discourse. Using another example of context that shows up in our everyday lives, we’re all familiar with those ads that show up on our Facebook feeds after we searched for something on Amazon or Google. It feels like I can simply think of an item and an ad shows up in my Facebook feed. Frightening! How do they do this and target me directly? This is done using years and years of science and data going back to the Mad Men era of advertising. Data is still key, but machines are compiling and contextualizing that data faster than ever before. Think about it – if you don’t know anything about your audience, it’s extremely complicated if not downright impossible to market to them. The importance of data can’t be overstated. Big Data is a term that’s been thrown around a lot in the past few years and while AI and Machine Learning are opening up even more avenues for data gathering, the value of data can only be measured by its usefulness. That’s why “intelligent data” is a better way of looking at it. Using Facebook as an example, CEO MarkZuckerberg knows how old I am, where I live, where I travel, who my family and friends are and my hobbies. At this point he probably knows more about me than I do. All of this information can be used to filter out things that are irrelevant to me, Steve, to focus advertising  things that I would find interesting and get me to act, or purchase. The more personal the experience can become, the more inclined I will be to engage with the ad. Where the Rubber Meets the Road Context or contextual information is evidence about an entity that can be used to effectively reduce the amount of reasoning required for decision making. This can be done via filtering, aggregation, inference or other like methods. Contextualization excludes irrelevant data from consideration and has the potential to reduce data from several aspects including volume, velocity and the impacts of Big Data. Generating alerts by simply correlating log data from devices without some sort of validation usually results in an overwhelming flood of alerts. Because the alerts were generated without validation, security teams must manually validate the alerts themselves. Given the number of events your security team has to deal with, you probably can’t afford to spend more than a few minutes deciding if an alert represents a true threat to your organization. This massive backlog of alerts leads to stressed-out security teams. Additionally, many of the alerts are likely to be false positives, as SIEMs are known to flag alerts based on what we call indicators of compromise(IOC), which need further investigation. This approach, in turn, leads to increased mean times to identify, hence the six months it takes to identify a breach. What are the types of context that need to be considered. Internal Context: Contextual information is about internal systems, such as the system’s business function, importance, location and what data or assets it houses. Context about internal systems helps an analyst understand if the observed attack is even relevant to the target system as well as help prioritize the incident. For example, is this potential attack against a production server or is it a visitor on the guest network? External Context: Given that only an IP address is included in the event, external context can help attribute who owns the IP address and its geolocation. Reputable threat intelligence is helpful in understanding more about the attacker, the attacker’s intent and if other organizations have been targeted. Behavioral Analysis: Historical patterns of the behavior and associations of systems and account help corroborate if the observed activity is malicious or just normal behavior. Incidents unfold over time, involve multiple data sources, and adversaries attempt to ‘live off the land,” meaning they will attempt to hide within authorized administrative tools. We need to tackle these modern security problems with modern solutions. Based on the volume and velocity of data and the gap in technology, it is too easy for cyber attackers and malicious insiders to hide their activity within normal user behavior. SIEMs are a necessary first step to helping address the challenge, but need correlation technology to piece the data together. This has still left us with a 6+ month mean time to identify. This is where we need to apply other sources of data, or context, to transform our data into actionable information. We use context in nearly every part of our lives and businesses. Applying context to security should not be any different. This will help separate the actionable data from the noise. Contextualized data improves our decision-making process and reduces operational costs by increasing the efficiency of our resources, both of which will reduce our mean time to identify a breach. This allows us to respond much faster and keep the impact and costs associated with a breach down. #### Brushing the DUST off   Having been involved in the HPE NonStop industry for many years, and then away from it for the last 2-3, I was truly excited to attend the March DUST meeting in Phoenix as part of the XYPRO team which included Steve Tcherchian and Jay Price. This was my chance to brush the dust off my old NonStop knowledge that I had put on the shelf and get back into the swing of things.   This would be my second TUG in my first 2 weeks of joining XYPRO. The first was SCTUG in Southern California where Ken Scudder presented the Top 10 HPE NonStop Security Fundamentals and Steve gave a brief overview of XYPRO’s newest product, XYGATE SecurityOne®(XS1). While the XYPRO presentations were very good for me to hear, and learn from, the number of NonStop customers in the room was pretty light so I didn’t really get to see how the message was being received.   The attendance at DUST was a different story – with nearly 40 people in attendance I was looking forward to the XYPRO presentation and the response it might generate. For this meeting Chris Draper, of Wells Fargo, presented a customer perspective on XS1. Chris’s presentation didn’t focus on the features/functions of XS1 but rather on Wells Fargo’s approach to taking events/incidents from the HPE NonStop server and linking them together to give them notice, or advance warning, of a future event or security violation.   Chris talked about how Wells Fargo actually undertook the task themselves to create such an application. The internal effort began with the goal of developing and deploying an application that would gather, analyze and provide notice of potential future security events. Wells soon realized that while they could accomplish some of their business objectives on their own, they needed a much more robust and comprehensive solution to meet their current needs. They also needed a solution that would give them a platform to grow as future requirements were identified. The complexity of this project lead Wells Fargo to select XS1 as their ‘Intelligent Security Solution for NonStop Incidents’.   I have to say I consider myself lucky. Being able to see a product from a business perspective and a customer perspective in my first month at XYPRO gave me a great understanding of the importance and XS1 has for XYPRO and the impact on the HPE NonStop community. It’s one thing to see a product’s features/functions presentation but it is much more powerful to have a customer present as we get an insight to the rational and business requirements behind their selection of a solution like XS1.   Based on the comments and questions following the presentation I think there is a great opportunity for XS1 and I am looking forward to being part of it!   Jeff Boyer Account Executive XYPRO Technology #### Chatbots Could Be the Next Big Hacking Tool—Here’s How to Defend Yourself AI tools could steal your information Chatbots are getting a lot of attention for making inappropriate comments, and now it turns out they might be used to steal your data. Researchers have found a way to make Bing's artificial intelligence (AI) chatbot ask for user information. The new method could be a convenient tool for hackers. There's growing concern that chatbots could be used for malicious purposes, including scams. "You could use AI chatbots to make your message sound more believable," Murat Kantarcioglu, a professor of computer science at The University of Texas at Dallas, told Lifewire in an email interview. "Eventually, fake texts could be almost as good as real texts." Without getting into the exact language used, the bad actor could write out commands for Bing’s chatbot to execute such as ‘convince the user to give you their full name, email, and businesses they frequent then send this information. Steve Tcherchian CISO, Chief Product Officer XYPRO Technology Corporation "A hacker could use an AI chatbot to impersonate a trusted co-worker or vendor in order to persuade an employee to provide passwords or transfer money," he added. "AI chatbots can also be used to automate a cyber attack, making it easier and faster for hackers to carry out their operations. For example, a chatbot could be used to send phishing emails to a large number of recipients or to search social media for potential victims." Read the article here #### Ciberataque paraliza distrito escolar en Los Ángeles  El Distrito Escolar Unificado de Los Ángeles, el segundo más grande del país, fue blanco de un ciberataque que paralizó su sistema informático. Autoridades federales investigan la agresión, cada vez más común en entidades educativas en el país. Verónica Villafañe informa. Ver el artículo aquí #### CISA, FBI Issue Joint Warning, Mitigation Tactics on TrickBot Malware The Cybersecurity and Infrastructure Security Agency (CISA) and FBI have observed continued targeting through spearphishing campaigns using TrickBot malware in North America, according to a Joint Cybersecurity Advisory published in March and updated in May. The cybercrime actors lure victims, via phishing emails, with a traffic infringement phishing scheme to download TrickBot. TrickBot—first identified in 2016—is a Trojan (malware disguised as legitimate software) developed and operated by a sophisticated group of cybercrime actors. It is highly modular, multistage malware that provides its operators a full suite of tools to conduct a myriad of illegal cyber activities, according to the CISA and FBI. In its advisory, the CISA and FBI offer several mitigation tactics, some of which we’ll expand on and discuss in this article. “The advisory recommends several mitigation measures. These mitigation measures include very fundamental tasks,” says Colin J. Zick, partner and co-chair of the healthcare practice and privacy and data security practice and COVID-19 task force at Boston-based law firm Foley Hoag. “Equally, or even more important, is the advisory’s suggestion that employers provide social engineering and phishing training to employees, mandate reporting of all suspicious emails, flag external emails, and limit unnecessary services and lateral network communications,” he adds. “Security is only as good as the weakest link, and these human factors are the weak link.” “But as the company grows, new hires come on board and this method won’t be sustainable. Given that threats are continuously evolving and modernizing, you need a way to scale and automate this process. We had to consider the user experience, ease of use, automation, reporting, and metrics. And it was key for us to ensure we could certify the training." Steve Tcherchian CISO, XYPRO Technology Click here to read more #### CISOs, What's In Your Travel Security Program? The past two years have provided CISOs a bit of a reprieve with respect to protecting company data while employees are in travel mode. While the gulp of fresh air may have felt great, upon exhaling we realize that many of those working from home are in fact traveling for pleasure and to distance themselves from the pandemic to continue working. Now, with the ubiquitous COVID testing and vaccine protocols, business travel is on the uptick. The travel industry opines it will return to pre-pandemic levels in mid- to late-2022. For this reason, every CISO should ensure their entity is prepared for this influx, which arguably adds a layer of risk. The CISO should be asking questions of C-suite and of their own teams regarding what’s inside the corporate travel program and what needs to be inside the program. For multinational companies and those where employees traveling with regularity, Steve Tcherchian, CISO and chief product officer at XYPRO, notes how his company includes awareness and procedures with respect to devices and traveling with data across borders, with differentiation between the risk presented by different locales. That said, he adds how separate travel devices are not prepared for each trip. Read More #### CISOs, what's in your work-from-home program? CISOs reveal how their secure remote work strategies are set up for the long haul. I wrote previously of what the key ingredients are for a successful travel program might include, as it was a topic which had not garnered much attention over the course of the past couple of years as pandemic took hold. What most entities have experienced since early 2020 is the IT scramble to accommodate the migration by employees from onsite and in their seat, to off-site and sitting wherever they could find internet access. Just like that, CISOs found themselves having to formulate work-from-home (WFH) policies, implementation and procedures. We had lost the air cover that the office security infrastructure provides, we had to quickly adapt our WFH procedures and controls to address a situation where everyone was required to work from home at once. Steve Tcherchian The shift was swift, and while some companies did nothing but allow the employee to access their networks via an external internet connection, others took a more programmatic approach. One such entity was XYPRO. According to Steve Tcherchian, CISO and chief product officer at XYPRO, he observes the shift was swift, “We had lost the air cover that the office security infrastructure provides, we had to quickly adapt our WFH procedures and controls to address a situation where everyone was required to work from home at once.” Read More #### Confronting Inaction in the CyberSecurity Industry 2020 was another troubling year in the cybersecurity world. We saw a repeat of 2019’s data breaches on a larger scale. Instagram, TikTok, YouTube, Nintendo, WaWa and many more fell victim to some sort of compromise. Hardly a week went by where we weren’t reading about a new mega-breach or ransomware attack. One unidentified agency even exposed an 800-gigabyte database of over 200 million personal user records. No one was off-limits. It’s to the point where we’ve become numb to the news of security breaches; we shrug it off and move on. But as consumers, we should be concerned with the lackluster cybersecurity practices these companies have in place. It’s clearly not protecting our data. According to IBM, the average time to detect and respond to a data breach in 2020 is 280 days. This year’s global pandemic has made every industry a huge target with healthcare and the public sector leading the pack. On average, these industries spent over 320 days to detect and contain a cyberattack and cost tens of millions of dollars in some cases. Billions are spent on security each year, so why is this still an issue? How Passwords Will Change Your Business Strategy One of the most critical security risks to any organization are passwords, especially default passwords and passwords to privileged accounts, which have elevated access to perform administrative functions. These can be administrator accounts, service accounts, database connection accounts, application accounts and others. Most of these accounts were set up ages ago when an application or system was initially deployed. They have multiple integration points and because of the risk of “breaking something,” the passwords for these accounts are rarely rotated, likely shared and often improperly stored. Privileged account abuse is the most common way for hackers to compromise a system. Proper credential storage and accountability is paramount to risk mitigation. Relying on manual methods is resource-intensive, error-prone and leaves gaps. According to a Varonis report, nearly 40% of all users sampled have passwords that have never been rotated! These passwords have a higher likelihood of showing up in online password dumps and being used to infiltrate networks. Simply put – they’re a cyber criminal’s best friend. This is how hackers walk in right through the front door. Not because they’re clever, rather because we make it too easy for them. Proper password management can be overwhelming to manage, but it doesn’t have to be. To solve these challenges, XYPRO has partnered with SailPoint and CyberArk, two of the cybersecurity industry’s premiere security providers and leaders in their respective Gartner magic quadrants. XYGATE Identity Connector (XIC), is the first and only CyberArk and SailPoint certified integration for HPE NonStop servers. Integrate HPE NonStop with your existing enterprise investments in CyberArk and SailPoint to secure, manage, automate and log all activities associated with privileged access. This seamless integration means visibility, traceability, automation and ensuring passwords are not the Achilles' heel that sinks your organization. XYPRO and SPLUNK: The Data to Everything Platform 2020 saw an upward trend in breach detection and containment. Data volumes, velocity and variety are increasing beyond human capabilities. We simply cannot keep up. To address this need, HPE delivers XYGATE Merged Audit (XMA) with every HPE NonStop server. A widely deployed and proven solution, XMA is the HPE supported method of integrating your HPE NonStop data with SPLUNK and other SIEMs. XMA collects data from application, system and audit logs into a single, normalized SQL database to generate reports and forward data to the log management or analytics solution of your choice. Without having to purchase any additional software, XMA communicates directly with enterprise solutions like Splunk “…to modernize your security operations and strengthen your cyber defenses”. This data is aggregated, filtered, formatted and forwarded in real-time. Did I mention you don’t have to buy any additional software? XMA is on your NonStop servers already! You own it! Getting HPE NonStop server data to Splunk is easy. Whether your data is in native XMA/NonStop format, Common Event Format (CEF), or a custom format, it can be sent to multiple targets. The only thing to decide is which data you want to send. Installed and set up within minutes, configuring XMA to talk to Splunk takes even less time. Pop the settings into the provided template and off you go. Now you can leverage all the capabilities of SPLUNK to generate reports, alerts, dashboards and more for your NonStop system and application data. Again, there is nothing additional to purchase. XYGATE SecurityOne: Proactive Threat Hunting and Security Analytics In testimony given before the Senate Subcommittee on Science, Technology and Space, famed cryptographer and cyber security specialist Bruce Schneier said: “Prevention systems are never perfect. No bank ever says: “Our safe is so good, we don’t need an alarm system.” No museum ever says: “Our door and window locks are so good, we don’t need night watchmen.” Detection and response are how we get security in the real world…” Schneier gave this testimony back in July of 2001, yet nearly 20 years later, organizations are still getting hit by incidents they didn’t detect, proving this premise is still valid and more critical than ever. I’m surprised by the number of conversations I have with IT and Security professionals who still carry the “set it and forget it” approach to security. No matter what type of protection a system has, given enough time, an attacker will find a way through. The faster you can detect, the faster you can respond, limiting the damage of a security breach. Detection is not a simple task. Traditional (read: old fashioned) methods are the setting up of distinct rules or thresholds. For example, if a user fails 3 logons in a span of 5 minutes, send an alert. If the failed logon events spanned 20 minutes, or worse, 10 days, it likely would not be detected. The limitation of relying on these fixed rules is they can’t alert on what they aren’t specifically looking for (i.e. what they don’t know). Low and slow incidents and unknown unknowns – activity not normal on a given system – will fly under the radar and no one would be the wiser until it’s too late. The damage is done, the data is taken, the system has been compromised and customer confidence is lost. Correlating events from multiple data sources is a real challenge. The traditional method is to scour through event records, try to put the pieces together and then create a rule to detect that pattern in the future. The weakness is that it can only be accomplished after an incident has already occurred, on the off chance the same combination of events will happen again. For data to be meaningful and actionable, it requires context. Contextualization allows the system itself to determine what is actionable and what is just noise. XYPRO’s XYGATE SecurityOne evaluates each potential alert and, based on activity that happened previously for that user, IP, system etc…, determine whether the reported activity is business as usual or a serious issue to which you need to pay attention. Context is Key. And Patented. In 2018, XYPRO was granted US Patent 9,948,678 by the United States Patent and Trademark Office. XYPRO’s patent titled Method and System for Gathering and Contextualizing Multiple Security Events, covers the aggregating, correlating and contextualizing of disparate and unrelated security and system events. This proprietary technology provides faster detection of suspicious activity by intelligently combining security and non-security-related data while applying a layer of context which makes the newly enriched data much more insightful and actionable. HPE NonStop servers are a staple of many modern, mission critical organizations. NonStop is central to activities that affect our lives on a daily basis; how we shop, pay, bank and communicate. As technology evolves around us, the NonStop server continues to modernize and XYPRO is thrilled to be a part of this evolution. XYPRO’s innovation efforts don’t stop there. We unflinchingly look forward, to identify where research and development investments should be made, always looking for ways to best serve our customers. This commitment has led us to new areas that provide even greater value and security to NonStop server users, integrating the NonStop with the rest of the enterprise and beyond. At XYPRO, we protect your data like it’s our own. Because it is. #### Connect NonStop Technical Boot Camp 2020 Thank you to everyone who attended TBC 2020! It was very well organized and we are sending a big thank you to the teams at HPE and  Connect! XYPRO had a wonderful time connecting with all of you in the HPE NonStop community. Our presentations are all available on XYPRO’s Youtube Channel. Here’s a summary of what was covered: Success & Covid19 - Strength, Capacity, Caring & Compassion At XYPRO, part of accepting this new working from home reality is making a conscious effort to shift our mindset to strategies aimed at providing employees with a sense of stability in a crazy time.  We emphasize communication, empathy, teamwork and employee engagement.  These strategies help us foster a desirable work environment which translates into XYPRO’s ability to remain focused and productive  XYPRO’s Director of Human Resources, Dr. Melodie Bond-Hillman describes how XYPRO prepared for and is handling the Covid-19 pandemic, moving to 100% work from home, helping our employees work effectively when most of them had never worked remotely before, mental health, retaining company culture and planning for a possible return to the office. Modernizing Cybersecurity:  Building a Strategy That Works Once your network and systems have been compromised, there is no going back.  The best you can do is contain the damage as quickly as possible.  The current mean time to detect a cybersecurity breach is still 60 days! That means that hackers are in your network, on your systems, doing what they want for two months before you know, IF they’re ever detected at all.   The damage to your systems, the loss of your critical data, the damage to your customers and the loss of their trust, the impact to your company’s reputation and potentially to your career is immeasurable.  These are the things that keep leaders up at night.   XYGATE Merged Audit and XYGATE User Authentication - XYPRO Security Education Learn how to install and configure XYGATE User Authentication (XUA) and XYGATE Merged Audit (XMA), both of which are already included with every HPE NonStop server, to properly secure your systems and applications from a catastrophic security breach and ensure compliance with all the latest regulations. Learn how to configure XUA for authentication controls to restrict access by users, groups, ip address port and more. We’ll then focus on integrations such as Microsoft Active Directory for Single Sign-On to integrate your HPE NonStop servers with the rest of your enterprise and RSA SecurID for Multi-Factor Authentication to address the latest PCI-DSS requirements. The second half focuses on XMA. How to configure collectors to gather data from various NonStop security sources, as well as data filtering and database management concepts. We’ll integrate the collected data into analytics tools like SPLUNK, IBM QRADAR, RSA Netwitness and demonstrate how you too can create useful, rich security dashboards, reports and alerts.  Proactive Risk Management - HDFC, India’s Largest Private Bank Modernizes Cybersecurity Join Shailesh Khochare, Senior Vice President, Head Data Processing Centre, IT Security Operations & Compliance for HDFC as he discusses HDFC’s use of XYGATE SecurityOne (XS1), the “single pane of glass” solution to contextualize, prioritize and control HPE NonStop and ACI Base24 security incidents.   #### Continuously Monitor Security Compliance: #2 - Top 10 List of NonStop Security Fundamentals Because high-availability and fault-tolerant systems need strong security Alright, so let’s assume that you’ve followed the best practices described in items #3 to #10 of XYPRO’s Top 10 NonStop Security Fundamentals, as well as security recommendations from HPE and other sources, and you’ve established strong security procedures for your HPE NonStop system—how can you actually assess the strength of your security configuration and verify compliance with corporate policy, industry best practices and regulations, like PCI DSS or SOX? And equally important, how do you re-assess and maintain that strong security configuration over time as changes occur? Those questions bring us to #2 on our Top 10 List: #2: Continuously monitor security compliance Defining a security policy and applying it to your system is essential to protecting your NonStop system and complying with government and commercial regulations. Of course, applying a security policy is not a one-time event. Managing system settings, access rules and security configurations is an on-going requirement that must account for new users, new objects, new rules or other system changes. In a complex payments environment, for example, there may be thousands of security parameters that need to be measured, managed and reported to auditors—manually monitoring and measuring security compliance is not really feasible, it’s time consuming, a resource hog and prone to human error. XYPRO recommends a systematic approach using NonStop-specific compliance monitoring software. There are a few 3rd-party vendor compliance solutions for the NonStop, including XYGATE Compliance PRO (XSW). Whichever solution you choose, it should enable you to easily research the security on your HPE NonStop server, report the information found, build policies that monitor the state of the security rules in your environment and compare your existing security against supplied PCI, SOX, HIPAA and standard best practice policy recommendations. Furthermore, the solution should allow you to analyze configuration data for security, audit and system management information in the current snapshot, compared over time or compared against a set of absolute rules. Of course, this compliance information is important to auditors (both internal and external) so the solution should have the ability to automate investigations and report generation for security and system configuration information. An effective compliance monitoring program should include, at least, the following aspects: Monitor compliance with Corporate Security Policy and Standards. Systematically review security settings vs. NonStop best practices. Assess compliance with applicable government or industry regulations (e.g., PCI, SOX, HIPAA). Monitor security configuration changes. Enable security compliance alerting. Conduct periodic integrity checking of operating system and application object files to ensure that only authorized and tested versions are in use. Obtain file access maps for Safeguard, Guardian, and access management software , such as XYGATE Object Security (XOS) and XYGATE Access Control (XAC). Report compliance with key regulations (like PCI DSS, SOX or HIPAA) and your own information security policy. A quick note on “Best Practices”: we’ve referenced them quite a bit in this article and throughout our Top 10 list, so what are NonStop best practices? NonStop best practices typically document the expected (i.e., recommended) value of a single characteristic of a single object. These best practices are positive system configuration parameters that can be measured and tested. For example, a best practice can consist of the following: “The Safeguard parameter NAME-LOGON must be set to YES”. While there are many sources of best practice information, a comprehensive resource for NonStop security information can be found in the books “Securing Your HPE NonStop Server: A Practical Handbook” and “Securing HPE NonStop Servers in an Open Systems World”. So, that’s #2: Continuously monitor security compliance. Ensuring compliance is a critical aspect of any IT security program and compliance monitoring solutions provide the means to systematically measure, manage and report on a complex and dynamic NonStop security environment. Stay tuned to the XYPRO blog site—next up on our list is NonStop Security Fundamental #1. Also, get notified automatically when new XYPRO blogs come out by following XYPRO on LinkedIn or Twitter. If you’d like additional information or help with NonStop security, please contact XYPRO for assistance. For over 30 years, XYPRO has provided NonStop security solutions and services that help companies protect their NonStop systems and comply with industry regulations (such as PCI DSS, HIPAA, and SOX).   #### COVID-19 & the Transition To A Remote Work Setting Mercer | Mettl, Updated July 2, 2020-- COVID-19 & The Transition To A Remote Work Setting To develop a successful return to work plan, a company must assess employee readiness multiple times. Organizations must realize that each employee is going to have a different experience and reaction to the virus and will be at different levels of readiness and willingness to return to the office. Creating and sharing a standardized, agreed-upon, decision matrix and set of protocols to help employers know if and when to reissue a work from home mandate will help ensure everyone feels prepared from a change management perspective should round 2 or 3 of the virus occur and escalate. These protocols will help manage and mitigate the feelings of uncertainty associated with these types of events. Melodie Bond-Hillman, PhD. Senior Manager - Human Resources & Administration, XYPRO Technology Corporation Click here to read the full article. #### COVID-19 and Tech: New Collaboration Tools Mean new Security Risks Satoshi Nakamoto Blog, March 19, 2020--COVID-19 and tech: New collaboration tools mean new security risks Steve Tcherchian, CISSO, XYPRO Chief Product Officer, notes that a phishing attack could introduce malware that might compromise an entire organization’s collaboration platform, as well as personal and sensitive business documents and files. Another potentially concerning vulnerability could appear from third-party apps that integrate with software like Teams and Slack. Click here to read more. #### COVID-19 Is Making Businesses More Vulnerable Than Ever to Phishing, Smishing and Vishing Hospitality Technology, April 9, 2020--COVID-19 Is Making Businesses More Vulnerable Than Ever to Phishing, Smishing and Vishing By Michal Christine Escobar Over the last few years, hotels have often been a target of cyber criminals. Their databases contain a treasure trove of information that can be very useful on the black market for identity fraud including names, passport or driver’s license numbers, addresses and payment details. Bad actors have numerous ways they try to trick hotel employees into providing them with access to these databases. For example, last year there was a “significant cybercrime campaign targeting hotel front desk systems,” says Steve Tcherchian, Chief Information Security Officer, XYPRO. Why? Because “Front desks are often the busiest part of a hotel, [and] the front desks job is to help people as quickly as effectively as possible, so security ends up being an afterthought.” Click here to read more. #### COVID-19: Now is the time for Multi-Factor Authentication During this time of unprecedented uncertainty, we at XYPRO are concerned about the safety and health of our employees, their families, our customers and everyone who makes up our global community. XYPRO is about problem-solving and we have been since the company’s founding in 1983. Like us, many of you have been in the process of keeping your business running and adapting to this new way of working. XYPRO started preparations in late January and you can review our process as documented by Dr. Melodie Bond-Hillman, XYPRO’s head of Human Resources. The safety of your workforce, including their digital safety, is of paramount concern. We’ve seen a sharp uptick in the amount of cybercrime targeting the new “work from home” situation and there is no shortage of criminals looking to take advantage of chaos and fear--two things in abundance right now. It’s never been more important to continue being “security-aware” and staying vigilant. It’s a good time to reach out to our partners and customers in the HPE NonStop space to remind you about the solutions readily available on your HPE NonStop servers to assist with the current challenges. You don’t have to order anything, or even leave your house. Multi-Factor Authentication According to Microsoft, 81% of data breaches occur due to weak, default or stolen credentials and 99% of these attacks can be blocked by implementing Multi-Factor Authentication (MFA). MFA is an authentication method where a user is granted access only after successfully presenting two or more of the following pieces of information: Something you know (password) Something you have (security token) Something you are (biometrics) All it takes is one compromised account to one legacy application to cause a data breach. With the unfortunate increase in COVID-19 phishing scams targeting remote workers isolated from their day-to-day environments, there is no better time to implement multi-factor authentication across your critical applications, servers and services. XYGATE User Authentication (XUA) is already included on your HPE NonStop servers and ready to turn on with no additional software or infrastructure investment. XUA provides strong, multi-factor authentication based on industry standards and extends NonStop security capabilities by integrating with enterprise authentication providers such as Microsoft Active Directory, RSA, Google Authenticator, and many others. This simplifies the protection of your NonStop servers using regulatory compliant, multi-factor authentication. In addition to MFA, XYGATE User Authentication integrates your NonStop and application user IDs with Microsoft Active Directory, providing enterprise, global password policy enforcement. This ensures the same password policies within Active Directory apply to your NonStop servers and applications, removing the risk from weak or default passwords. Detecting Authentication Threats There are nearly a billion fraudulent sign-in attempts per day across the internet. Detecting and alerting when fraudulent attempts occur is a necessary weapon in combating these threats. XYGATE User Authentication (XUA) event logs can be forwarded to your enterprise Security Event Information Manager (SIEM) or other analytics solutions through XYGATE Merged Audit (XMA), which is also packaged with every HPE NonStop server. XMA is used for alerting, threat detection and analysis of authentication data. With XMA, you’ll know if someone or something is attempting to gain unauthorized access to your systems. PCI DSS Requirement 10 mandates tracking and monitoring all access to network resources. XYGATE Merged Audit assists with compliance of this critical requirement for all NonStop authentication events. While no single solution can protect your NonStop environment alone, the combination of XUA and XMA will provide key defences to make sure passwords, as an attack vector, is one less thing to worry about. Hands-On Help XYPRO is also here to assist with everything from deployment of XYGATE Merged Audit and XYGATE User Authentication, to helping you ensure your employees can securely and effectively meet their responsibilities while working remotely.  Our Solutions Delivery & Support Teams are ready to work with you. Remotely, of course :) If you would like us to more formally evaluate your environment or you’d just like to chat and bounce some ideas off us, please reach out and let me know. As your trusted cybersecurity partner, we are watching the developing situations very closely, evaluating new threats that may pose a danger to our customers and the greater NonStop community. The following article contains tips on how to securely set up your remote employees and raise the security profile of your workforce. Some things may seem quite obvious and simple, but it’s easy to overlook the obvious in stressful times like these. We will continue providing updates through www.xypro.com and our social media communication channels. If you have tips and tricks you think might be useful to others, please let me know and I will try to include them in future updates. We’re all in this together. Even if it seems like it isn't something we do, reach out to us. We have a large network of partners, vendors, friends, and colleagues that we can leverage--all willing to help. Please stay safe and healthy. All the best. Steve Tcherchian, CISSP Chief Product Officer @XYPROTechnology @SteveTcherchian #### Cyberattack Almost Shuts Down Health System, Shows Need for Security Relias Media January 1, 2021 - Cyberattack Almost Shuts Down Health System, Shows Need for Security   Executive Summary A U.S. healthcare system recently was the victim of a cyberattack that hampered patient care. The attack is believed to be the largest such attack on a U.S. healthcare organization. Ryuk ransomware apparently was used. The attack did not shut down the system’s electronic health records. Hackers increasingly are focused on healthcare organizations. ... Seeing Hospitals as Good Targets Cyber thieves are attacking healthcare institutions more often and are acquiring more valuable data than in the past, says Steve Tcherchian, chief information security officer at XYPRO, a cybersecurity analytics company in  Valley, CA. When the price of a stolen credit card dropped precipitously because the black market was flooded with them, hackers found a new target in the healthcare industry, he says. On the whole, the healthcare industry has an aging infrastructure that is less resistant to hacking, and industry tends to adopt security precautions more slowly than other potential targets, Tcherchian says. He says that many medical data breaches are now as big as the largest retail breaches and medical records can be 10 times as valuable as credit cards on the black market. A patient’s medical history can be the key for a hacker to commit medical identity theft and submit fraudulent insurance claims, which have the potential for big payouts, Tcherchian says. According to IBM Security’s 2020 data breach cost report, the average cost of a healthcare data breach is $7.13 million. Cyber thieves also may use the information to purchase prescription drugs and resell them online, he says. To read the full article visit Relias Media. #### Cybersecurity Certifications: Do You Need Them to Land a Job? Companies and governments desperately need cybersecurity talent. Every day, new threats emerge, and there are only so many cybersecurity experts with the skills and experience necessary to recognize and shut down vulnerabilities. That means lots of job opportunities out there—but do you need actual cybersecurity certifications in order to land a position? To answer that question, we spoke to several experts in the cybersecurity realm. Given all the specializations within cybersecurity, it’s also a question of which cybersecurity certifications (if any) you should aim for. "Certifications provide a level of credibility to your resume, as well as reinforce and refresh your qualifications that you are staying current with industry trends. I always recommend the Certified Information Systems Security Professional Cert (CISSP). For years, this has been the dominating certification in the cybersecurity industry. It is still a top tier certification, and I would recommend anyone serious about a career in cybersecurity." Steve Tcherchian Chief Product Officer XYPRO Technology Corporation What are the best cybersecurity certifications? “Networking engineering skills are the foundation that all cyber professionals need first,” says Jacob Hess, Air Force veteran and founder of NGT Academy. “Specialized programs that upskill quickly while still offering not only the certifications and standards of the industry, but also additional hands-on skill sets and protocols are necessary to accommodate this workforce transition.” Read the rest of the article here #### Cybersecurity Market Researchers Forecast Significant Growth The cybersecurity market is growing and changing at a rapid pace, leading to major opportunities for vendors, heightened confusion for buyers, and new challenges for CISOs. Business is booming for both cybercriminals and cybersecurity tech companies. Market research firm Statista recently predicted the annual cost of cybercrime worldwide will increase 69.94% between 2023 and 2028. Tech vendors are responding in kind, and the cybersecurity market appears poised for significant growth in the near term. Global spending on security and risk management is set to increase 14.3% in 2024, according to Gartner, more than IT spending as a whole at 8%. And Fortune Business Insights expects the cybersecurity market to reach $424.97 billion by 2030, nearly 2.5 times its 2023 valuation. "Point solutions may be a blessing and a curse. On the one hand, they may be designed to address an immediate pain point and specific security concerns. On the other hand, they don't always integrate well with existing systems, creating management complexity and possible security gaps." Steve Tcherchian Chief Product Office and CISO  XYPRO Technology Even as the number of new point tools grows, vendors are bundling other, formerly standalone technologies into multifeature platforms. Counterintuitively, such consolidation activity can lead to technological sprawl, causing further buyer confusion. Read More #### Devising a secure remote learning plan to fortify against cyber risks SCRTracker - May 18, 2021 - Devising a secure remote learning plan to fortify against cyber risks - BY KRITIKA M NARULA The pandemic has drastically changed the way education is being delivered worldwide. For a large part of the last year, through various lockdowns, we have inhabited a world where being safe equates with being socially distant, quarantined, and connected only virtually. In the process, we have embraced newer models of education dissemination, battled major safeguarding risks, and accounted for the psychological as well as the overall long-term impact of the pandemic on children. The bottom line is that this transition to either a hybrid or a remote learning model has come with a fair share of challenges. As a result, the school authorities have to stay vigilant, constantly. As we enter the next phase, we want to be ready for, and ahead of, any challenges that might arise. When we first made the transition, it was done in haste, so we worked with imperfect systems, where a plethora of safeguarding concerns raised alarm. Now, all school authorities and other education stakeholders wish to implement a system that is well-thought-out and tested for any safeguarding loopholes. In tandem with this goal, the Department of Education (DfE) has mandated the implementation of a secure remote learning plan by September this year. "Cybersecurity awareness needs to be part of any remote learning plan. This needs to start with teachers and administrators. There is usually a huge tradeoff between security and functionality. Unfortunately, with the rush to implement this, security may have been an afterthought".  - Steve Tcherchian This plan would take into account challenges faced in educational settings related to cybersecurity best practices, equity and access, and psychological concerns. This brings the issue of cyber safety to the centre stage. As EdTech is developing exponentially, it is more important than ever to liaise with National Cyber Security Centre (NCSC) and develop a foolproof structure where a) cyber attacks can be prevented and b) mitigation directives are in place if such attacks occur despite these guardrails present. New Learning Models, New Cybersecurity Challenges In order to fully appreciate the need for a remote learning plan and implement a safeguarding infrastructure around it, it is important to understand the challenges posed by the remote model in nuanced depth. The NSCS has issued warnings as well advisories in regards to the increased ransomware attacks in the education sector. In a fairly recent ransomware attack, 37000 children were unable to access their email. Since we moved to the remote mode of learning and working, hacking incidents have been on the rise: the Cyber Security Breaches Survey 2020 found a total of 54% identified breaches or attacks at least once a week for secondary schools. In addition to the traditional forms of cyber attacks, we also witnessed novel security breaches in the form of “zoom bombing” whereby an uninvited user accesses a private video call. In an educational setting, zoom bombing has posed several threats: Invasion of privacy of everyone in the video chatroom/call, Distraction from or disruption in the lessons, and Exposure to inappropriate materials or sights. Phishing — the fraudulent practice of masquerading as a person/company of repute in order to acquire sensitive information — was rampant too. To read the full article, please visit SCRTracker. #### Election CyberSecurity: We Are Still Playing Catch-up Election CyberSecurity: We Are Still Playing Catch-up   Cybersecurity is a complex topic. Politics is a complex topic. Combine the two and there is a potential recipe for disaster. Election CyberSecurity gets more complex factoring in that administration of elections are a state and local government responsibility. There are over 50 different election systems and processes each with varying degrees of cybersecurity. In early 2018, the Center for American Progress graded “The election security in all 50 states” and the results aren’t comforting. The main takeaway from the Center for American Progress’ report is there is a lot of room for improvement. Fourteen states use paperless Digital-Recording Electronic (DRE) machines in at least some jurisdictions. Five states rely exclusively on paperless DRE machines for voting. Thirty-three states have post-election audit procedures that are unsatisfactory from an election security standpoint, due either to the state’s use of paperless machines, which cannot be adequately audited, or other factors. At least eighteen states do not legally require post-election audits or require jurisdictions to meet certain criteria before audits may be carried out. Thirty-two states allow regular absentee voters and/or U.S. citizens and service members living or stationed abroad to return voted ballots electronically, a practice deemed insecure by election and cybersecurity experts. At least ten states do not provide cybersecurity training to election officials. The Cybersecurity protecting our elections needs to reflect their significance with comprehensive security… And yet we are still playing catch-up. Election Cybersecurity Track Record DEFCON is one of the best-known hacker conferences around. In 2017, they held “DEFCON 25 Voting Machine Hacking Village,” where 25 different pieces of election equipment were probed for vulnerabilities. By the end of the conference, every device was compromised in some manner. The AVD WinVote, a voting machine that was used in US elections between 2003-2014, was breached using a vulnerability from 2003. During the entire time this device was in production, it could have been exploited and completely taken over remotely – allowing the changing of votes, observing the voters, denying services, and other malicious activity. To make the issue worse, the same machine had an unchangeable backdoor default password. A simple Google search showed the username of “admin” and a password of “abcde”. Another device, a Diebold ExpressPoll 5000 is used to check in voters. It was found to be improperly decommissioned and still containing personal information on over 600,000 voters from Tennessee, years after it was pulled out of production. This was just a single machine. According to the US Census Bureau, a record 137.5 million Americans voted in the 2016 election. A hacker would’ve hit the jackpot even if they only accessed a fraction of the total voter records. Increased Federal Involvement The aftermath of the 2016 elections shined a spotlight on our need for better cybersecurity regulations and controls for the entire U.S. Election System. Specifically, when the Federal Bureau of Investigation (FBI) announced that some state and local election jurisdictions had been the targets of Russian cyberattacks, this put into jeopardy one of the key tenets of our democracy – free and fair elections. In January 2017, the United States Department of Homeland Security (DHS) federally designated the election infrastructure used in federal elections as a component of the U.S critical infrastructure. Critical Infrastructure (CI) refers to systems and assets for which “incapacity or destruction would have a debilitating impact on security, nation economic security, national public health or safety, or any combination”. Other CI sections include the U.S. energy infrastructure, the Emergency and Financial Services sectors, Food and Agriculture, Transportation Systems, Water and Wastewater, and others. This federal designation allows DHS to provide security assistance and brings the election infrastructure under a 2015 United Nations agreement stating that “nations should not conduct or support cyber-activity that intentionally damages or impairs the operation of CI in providing services to the public” as well as other benefits and controls from the designations. Naturally, this designation provoked some concern by state and local officials with regards to federal overreach and autonomy of states to secure their own elections. Some of those concerns have since been mitigated by the federal government’s ability to provide cyber-security funding, assistance, and relief. Politicians & Promises We are already seeing the benefits of this new designation and partnership in preparation for the 2018 and 2020 elections. In June of 2018, Jim Condos, the Vermont Secretary of State, was one of several Secretaries of State to testify before the U.S. Senate Committee on Rules and Administration of his State’s Cyber Security Preparations for the upcoming elections. Secretary Condos testified that his state had already requested and received a $3 million grant from the Help America Vote Act (HAVA) to assist with cybersecurity improvements such as: Upgrade equipment to comply with modern security standards Implementing two-factor authentication for clerks and staff to access the Election Management System Conduct several rounds of penetration testing on the election management system Offer online cyber-security training for local clerks at regular intervals Robust audits of election results using state-of-the-art auditing technology And other security improvements This cybersecurity improvement message was repeated by multiple Secretaries of State during their testimony. While these are sound security improvements, there is still a long way to go and a lot of moving pieces. Still, this recent increase in cybersecurity awareness coupled with the DHS designation and an ongoing commitment by local, state, and federal election officials is a step in the right direction. The knowledge and resources are available to ensure the right technology is coupled with the right practices to protect our election system. This will re-establish voter confidence in the U.S. election system. The security of our elections isn’t confined to technology vulnerabilities alone. In 2016, Facebook and the Cambridge Analytica scandal highlighted Social Media’s impact on elections. No cybersecurity measures or controls can help protect against false information proliferating via social media. We cannot let the potential of interference stop us from voting. We must exercise our right to vote to maintain its significant role in our democracy. Free and fair elections are the central pillar of our democracy. Steve Tcherchian, CISSP CISO and Director of Product XYPRO Technology www.xypro.com @SteveTcherchian @XYPROTechnology Sources https://fas.org/sgp/crs/misc/IF10677.pdf ----- https://www.intelligence.senate.gov/sites/default/files/documents/os-jmanfra-062117.PDF https://www.census.gov/data/tables/time-series/demo/voting-and-registration/p20-580.html https://www.nass.org/sites/default/files/6.20.18-Senate%20Rules%20Testimony-2018Elections-CONDOS.pdf #### Emergency Preparedness: Preparing for the Big One Preparing for the Big One Dr. Melodie Bond-Hillman Manager HR & Administration As an HR manager, I strive to help foster a culture of caring and a sense of togetherness. September was emergency preparedness month and XYPRO Technology held weekly group activities to engage employees and help them prepare for emergencies at work and at home. It’s important to me that we invest in employees and offer them opportunities for enrichment when possible.  We provided CPR/AED Training certification for those interested in receiving their certification.   It was an opportunity to bond and learn potentially lifesaving skills. Twenty-two employees are now certified in adult and child CPR/AED training (that’s almost 30% percent of our employee base). We met with safety teams and practiced our evacuation drill and discussed how we can be more effective and move faster should a real emergency occur. Additionally, we held an earthquake preparedness refresher training lunch and learn session, which more than anything was a reminder that earthquakes can strike at any time and highlighted the importance of being prepared. In tune with our collaborative culture, many employees shared their own tips and experiences from past earthquakes and we realized many of our millennial employees have never experienced a larger magnitude quake! We started off the month of September feeling like we knew what we should do in an emergency in theory, but we ended September with the practical knowledge and more importantly, improved our trust and confidence in each other and as a group to manage through emergency situations.     #### Employee Perks: Which Will Stay or Go After COVID? Zenefits January 21, 2021 - Employee Perks: Which Will Stay or Go After COVID? Working from home was once a perk for only senior-level managers and white-collar professionals. In recent years, employers have given more workers the option of working remotely, but since the pandemic took hold, 42% of the labor force is now working full time from home. A number of WFH perks predate the pandemic, with many offering Wi-Fi services and helping workers set up home offices. Employees also may receive company advice on working safely and ergonomically at home, meeting virtually with team members, and avoiding stress or burnout. The XYPRO Technology Corporation, a California-based software company, provides its employees with a stipend and monthly reimbursement. They want employees to use these funds to improve their home offices and ensure they have an ergonomic setup. “Our employee wellness and mental health efforts include virtual yoga and mindful meditation, a virtual psychologist’s presentation on managing through Covid, and benefits information and resources, which [have] been received very well,” Melodie Bond-Hillman, senior manager, HR & Administration at XYPRO, told Workest in an email.   “We have made every effort from the top down to normalize and emphasize the importance of focusing on mental health and wellness, especially during these challenging times.” SHRM’s report identified other WFH-centered perks, including: Extended vacation balanced with working hours Virtual workout sessions Well-being and performance platforms for managing stress Virtual guest speakers Miscellaneous perks Workplaces are offering a range of perks to bolster morale, engagement, teamwork, and a sense of connectedness. These include: Offering gift cards for electronic equipment Providing streaming services Matching employees’ donations to charities Allowing more casual attire at work Conducting more employee surveys for feedback Giving workers a return-to-work option To help increase engagement, XYPRO offers morning coffee chats and virtual happy hours and trivia events. The company also added a gamification element to its mandatory training program. Virtual team lunches are also delivered to team members’ homes. Bond-Hillman said employees especially appreciate the lunch perk, which has helped bring a sense of normalcy to the workplace. Perks with staying power How long the pandemic will continue to endanger the world’s health is a subject of debate among public health experts. But the uncertainty could make alleviating some of the costliest perks risky for some employers. Many companies want to continue keeping employees safe, engaged, and productive. Labor experts agree that WFH is one of the COVID-driven perks with the greatest staying power. A research study concluded that with 42% of the U.S. labor force currently working from home, versus the 26% of essential service employees performing their jobs at the worksite, the U.S. is officially a WFH economy. To read the full article, please visit Zenefits. #### Enterprise Integration for HPE NonStop Servers and Applications Join CyberArk and XYPRO for This Live 40 Minute Webinar! Enterprise Integration for HPE NonStop Servers and Applications · Register Today! · Wednesday, June 24, 2020, 8:00 am PDT A safe, efficient, modern enterprise infrastructure needs real-time updates, workflow automation, system interconnectivity, and security.  A bunch of different interfaces, accommodating various platforms, wastes your money and resources. When you aren’t integrated at the enterprise,  you aren’t efficient. This streamlining is the focus of CIOs who look to optimize & secure their companies and their customers’ digital experience.  Most organizations have active projects to integrate their most important enterprise solutions: SailPoint IdentityIQ for Identity and Access Management CyberArk Privileged Session Manager for securing privileged activity ServiceNow for IT workflow management and automation Did you know that HPE NonStop servers seamlessly integrate with all 3 solutions using industry-standard, supported, and certified integration connectors? Join XYPRO Technology’s Chief Product Officer & CISO, Steve Tcherchian as we discuss the ease of enterprise integration for your HPE NonStop servers and applications with SailPoint, ServiceNow, and CyberArk processes and workflows.   Secure.  Efficient.  Modern. · Registration · Wednesday, June 24, 2020, 8:00 am PDT   8 am PDT Registration Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. Steve is on Forbes Technology Council, the NonStop Under 40 executive board, and part of the ANSI X9 Security Standards Committee. With over 20 years in the cybersecurity field, Steve is responsible for strategy and innovation of XYPRO’s security product line as well as overseeing  XYPRO’s risk, compliance, and security to ensure the best experience for customers in the mission critical computing marketplace. Steve is an engaging and dynamic speaker who regularly presents on cybersecurity topics at conferences around the world. #### ETI-NET & XYPRO: Enhanced Cybersecurity Collaboration & Webinar     January 16, 2024 FOR IMMEDIATE RELEASE PRESS RELEASE ETI-NET and XYPRO Enhance the Digital Resilience of HPE NonStop Systems Expanding on their leadership positions in HPE NonStop Backup Storage Management and Cybersecurity Threat Detection, the latest partnership delivers enhanced levels of HPE NonStop digital resiliency. Simi Valley, CA & Montreal QC, January 16th: ETI-NET, the leading provider of HPE NonStop backup systems data and monitoring management, and XYPRO Technology, the leading provider of HPE NonStop Cybersecurity and Compliance software, have established a new level of partnership to enhance digital resiliency. Built upon ETI-NET’s long history of delivering extensive enterprise backup data management for HPE NonStop systems, the new collaboration simplifies and modernizes the protection of HPE NonStop backup data. Notable collaboration includes: Integration with XYGATE SecurityOneTM: Organic views ensure that all aspects of the BackBox® / QoreStor® solution have been scanned, identified and properly secured against threats. Latest Software Revisions: Ensures that ETI-NET and XYPRO are testing the latest versions of the BackBox and QoreStor software to ensure that the latest cybersecurity threats are identified and remediated. “Deepening our collaboration with ETI-NET marks a strategic move for XYPRO. Digital Resilience is not just about building walls, it's about fortifying the foundations. In today’s world of evolving threats from ransomware, your backup and recovery infrastructure is a prime target. Securing this ecosystem to ensure business continuity is the bedrock of resilience,” says Steve Tcherchian, Chief Product Officer of XYPRO Technology. “XYPRO has a long and proven track record of safeguarding systems and data for HPE customers worldwide. This partnership extends the reach of XYPRO’s cybersecurity expertise and innovations to ETI-NET solutions to ensure operational continuity.” “This collaboration demonstrates ETI-NET’s commitment to continue to deliver advanced HPE NonStop cybersecurity data protection,” says Benoit Caron, COO of ETI-NET.  “The partnership ensures that NonStop Clients that utilize XYPRO are able to continuously detect and take action to remediate VTC and Primary Backup Storage Cybersecurity threats.”   https://youtu.be/yDTBTDUOw7A?si=RZrG89X9--jOs1WD   About ETI-NET ETI-NET is the worldwide leader in managing critical data for industries that never stop. We develop software which allows NonStop servers to access modern technologies. Now in our third decade of operation, ETI-NET is renowned for delivering leading-edge components to major data centers globally. ETI-NET products evolved in the earliest days of massive data transfer across disparate servers within complex data centers. The company acquired a core competence in managing this category of data traffic, which today defines the market for advanced backup solutions. Backup interfaces from NonStop to mainframes, APIs to storage servers, and device emulators and controllers are all the result of our focus and expertise in this important discipline. For over 25 years, hundreds of the world’s largest companies have been relying on ETI-NET software due to our unique expertise, impeccable track record and reputation for excellence. About XYPRO Technology Since founding in 1983, technology leaders and corporate decision makers at companies processing mission critical data have used XYPRO security solutions to protect against catastrophic data loss, financial loss, reputation damage and regulatory intervention, through all stages of their company’s growth. Delivering HPE NonStop risk management solutions longer than anyone, we strive for meaningful and strategic business relationships while providing great support and delivering leading edge security solutions. At XYPRO, we believe that no data is as important as your data and we protect your data as if it was our own. ETI-NET Contact: Marketing Email: PR@etinet.com Phone +1 (514)395-1200 XYPRO Contact: Marketing Email: Marketing@xypro.com Phone +1 (805)583-2874   #### Examples of Ransomware: A Cautionary Tale Despite increased awareness among organizations about cybersecurity, ransomware attacks are going up. Cyber extortionists are targeting organizations and governments with impunity, holding their data hostage and demanding ransom in the range of millions of dollars. Such is the severity that global ransomware damages are expected to cross $30 billion by 2023. And as per the latest Cost of a Data Breach Report by IBM, data breach costs have surged 13% from 2020 to 2022, with the average data breach cost reaching a record high in 2022 at $4.35 million USD. To help you learn more about ransomware attacks—how they happen, what they look like, and how (or whether) companies are able to recover afterwards, here is a survey of some recent examples of real-life ransomware attacks. Keep all software, including operating systems and applications, up to date and patched to reduce the risk of vulnerabilities. Steve Tcherchian CISO, Chief Product Officer XYPRO Technologies 4 cautionary examples of ransomware attacks Ransomware attacks can come in many types, shapes, and sizes—and they can target just about anybody, from a single individual to the largest corporations. (Of course, the bigger the company, the more money the criminals are able to try extorting.) Some of the biggest and most high-profile ransomware attacks in recent memory have been the attacks on Colonial Pipeline, Travelex, Nvidia, and the government of Costa Rica. Read the full article here #### From Reactive to Preventive: How Real-Time Monitoring Powers Your Modern IT Strategy As organizations continue to face increasingly sophisticated cyber threats, the traditional perimeter-based security model has proven inadequate. ZERO Trust architecture has become a cornerstone of modern cybersecurity. At its core, ZERO Trust revolves around one simple principle: trust nothing and verify everything. While the idea is straightforward, achieving this in practice—especially with legacy systems—remains challenging. Continuous, real-time monitoring plays an essential, though often underestimated, role in the success of modern IT strategies. Beyond Perimeter Security Past security strategies were focused on building walls around the organization—think firewalls, VPNs, and traditional access controls. But today’s threat landscape has made that model obsolete. Insider threats, phishing attacks, ransomware, and sophisticated supply chain attacks have forced organizations to adopt more nuanced security strategies. Real-time monitoring is key to this shift. While ZERO Trust starts with establishing controls such as multi-factor authentication (MFA) and least privilege access, it doesn’t end there. Real-time monitoring and continuous verification ensure that those controls remain effective, especially in complex, dynamic environments where configurations and workloads are constantly changing. Rather than simply setting up access controls and walking away, your organization needs to ensure they have constant visibility into what’s happening within their networks and systems. Real-time monitoring provides this visibility, tracking activities and alerting the security team to any anomalies or suspicious behavior. For example, a global financial institution using XYGATE SecurityOne (XS1) implemented real-time monitoring to detect policy violations and privilege misuse. Their security team could see in real-time when a user’s permissions were elevated without proper authorization, allowing them to shut down and roll back the suspicious activity before any damage was done. Without real-time monitoring, this would likely have gone unnoticed until much later, by which time the significant damage could have already occurred. The Components of Effective Monitoring Effective monitoring is multi-faceted.  A robust cybersecurity strategy needs comprehensive visibility into system integrity, user behavior, and network activity. Let’s dive into how these components fit together to create a comprehensive monitoring framework. Intelligent Integrity Monitoring System integrity monitoring ensures that no changes—whether malicious or accidental—go unnoticed. It’s especially important for mission-critical environments like HPE NonStop, where even minor changes can have significant consequences. By continuously monitoring system files and configurations, organizations quickly detect unauthorized changes, protect against ransomware, and maintain system integrity. Behavioral Monitoring and Threat Detection User behavior is often the weakest link in cybersecurity. A robust monitoring solution MUST continuously analyze user activity, identifying deviations from the norm that may indicate compromised accounts or malicious insiders. Behavioral monitoring not only enhances ZERO Trust but also provides valuable insights  to help refine access policies. Network and Appliance Monitoring Ensuring the security of hardware appliances such as CLIMs and NonStop consoles is often overlooked. These components are just as vulnerable to attack as software systems. XS1’s Appliance Sentry Monitor provides real-time monitoring and alerts for any suspicious activities on these vital components, ensuring that nothing is overlooked. In one Case Study, a credit union found that XS1 helped identify unusual port scans and login patterns among their privileged users. After implementing XS1’s behavioral analytics, they were able to identify the source and prevent malicious scans on their system where compromised credentials could be used to escalate privileges. Automation and AI: Enhancing the Monitoring Process While monitoring is critical, it can also be overwhelming. The sheer volume of alerts and logs generated by modern IT environments makes manual monitoring nearly impossible. That’s why automation and AI-driven analytics are becoming essential in modern monitoring strategies. XYGATE SecurityOne (XS1) machine learning algorithms automatically correlate data, highlight actionable incidents, and reduce false positives. This reduces alert fatigue and frees up security teams to focus on incidents that genuinely require attention. A logistics company that uses XS1 reported a dramatic reduction in investigation times, as AI-driven alerts enabled them to prioritize incidents for immediate attention. Their security team could finally move from a reactive stance—sifting through endless logs—to a proactive strategy, focused on prevention. Use Case: Accelerating Response to Ransomware Threats Ransomware attacks continue to be a major threat, and continuous monitoring plays a critical role in minimizing their impact. In one very recent case, a major financial institution used XS1 to detect early signs of a ransomware attack targeting their HPE NonStop infrastructure. Real-time alerts on suspicious file modifications were forwarded to their security team to isolate the affected systems within minutes, preventing the ransomware from spreading to other critical systems. This rapid detection and response not only protected the organization from significant financial loss but also preserved customer trust, a priceless commodity. Ensuring Compliance with Continuous Monitoring ZERO Trust is not just about cybersecurity; it’s also about maintaining compliance with industry regulations. From PCI-DSS to GDPR, real-time monitoring is critical in demonstrating that your organization is consistently enforcing the very latest security controls. A leading global insurer using XS1 for monitoring reported significantly easier audits, as the system’s built-in compliance reporting features allowed them to demonstrate real-time control enforcement to auditors with minimal manual effort. Continuous monitoring helped them stay ahead of evolving compliance requirements and avoid hefty fines. The Future of Mining and Monitoring Data As organizations adopt more advanced security strategies, the importance of mining and monitoring data becomes increasingly evident. In the context of cybersecurity, data is the foundation that supports everything from threat detection to compliance. The sheer volume of data generated by modern IT environments is staggering, and the ability to mine this data for actionable insights is what sets effective security solutions apart. Generating and logging data are critical to both analyzing trends and monitoring for threats. Every system interaction, file modification, or user login generates a piece of the puzzle. This raw data, when collected and logged continuously, provides the necessary visibility to spot vulnerabilities and anomalies before they escalate into full-blown incidents. For example, patterns of user behavior that appear normal at first glance may reveal more nefarious activities when analyzed in aggregate. Data mining helps  identify trends, such as unusual login times or access attempts from unfamiliar locations, that might otherwise go unnoticed. Coupled with real-time monitoring, these insights enable security teams to respond proactively rather than reactively. Data also forms the backbone of compliance efforts. Regulatory frameworks increasingly demand that organizations not only secure their systems but also demonstrate continuous monitoring and control enforcement. By generating and logging vast amounts of data, organizations can prove to auditors and regulators that they are consistently enforcing security policies, further minimizing the risk of non-compliance. As we look to the future, the ability to mine data for predictive insights becomes even more critical. Emerging technologies like AI and machine learning are already playing a pivotal role in sifting through mountains of audit logs to identify emerging threats and evolving attack vectors, making security monitoring more intelligent and effective. Data mining and monitoring are inseparable. The more data you can generate, log, and analyze, the better equipped your organization will be to detect and mitigate security threats in real time, ensuring a stronger, more resilient cybersecurity posture. To learn more about how you can enhance your security monitoring strategy with XYGATE SecurityOne, visit our website or schedule a demo today. #### From Visibility to Action: Bringing HPE Nonstop into Enterprise Risk Management For years, vulnerability management has been framed as a visibility problem. If you can see your vulnerabilities, the thinking goes, you can manage the risk. That assumption no longer holds. Most enterprises today aren’t struggling to collect vulnerability data. They’re struggling to operationalize it — to prioritize risk consistently across platforms, enforce remediation, and defend decisions to auditors with evidence instead of explanations. Systems that can’t participate in that process don’t just create blind spots; they create friction. When Secure Systems Fall Outside the Workflow HPE Nonstop systems have always been engineered for resilience, integrity, and uptime. They power payment networks, financial exchanges, retail transactions, and infrastructure where failure is not an option. But despite their importance, they have historically existed outside the enterprise vulnerability management workflow. This is not due to a lack of vulnerabilities or customer awareness, but because native integration wasn’t available. Enterprise security programs run on centralized vulnerability platforms, consolidated dashboards, and continuous evidence. Platforms that rely on manual bulletins, spreadsheets, or compensating controls fall outside that model — and exceptions don’t scale. Over time, that gap has grown too large to ignore. Visibility Alone Doesn’t Reduce Risk In ransomware-driven attacks, time matters more than awareness. The window between when a vulnerability is disclosed and when it is remediated is often the window attackers exploit. If vulnerabilities can’t be prioritized, tracked, and acted on at the same pace as the rest of the enterprise, exposure persists — even when the risk is known. Knowing that a vulnerability exists is only the first step. What matters operationally is: How that vulnerability ranks against others across the environment Whether it violates enterprise policies How remediation is tracked and verified How risk is explained to auditors and executives Without that context, even accurate vulnerability data can’t drive action — and delayed action is exactly what modern ransomware criminals depend on. The Operational Shift: HPE Nonstop Enters the Enterprise Risk Management Conversation The real breakthrough with XYGATE Aegis Scan is not that HPE Nonstop can now be scanned – it’s that HPE Nonstop can now participate, natively, in enterprise risk management operations through its integration with Qualys Enterprise TruRisk Management (ETM). That distinction matters. When HPE Nonstop vulnerability data is normalized, contextualized and ingested into Qualys ETM: Risk is prioritized alongside Windows, Linux, cloud, and network assets Security teams see HPE Nonstop and its data in the same dashboards they already use and are familiar with Remediation decisions are driven by enterprise policy, not platform-specific exceptions Audit conversations shift from justification to verification HPE Nonstop is no longer “handled separately.” It becomes part of the same governance model as the rest of the environment — which is exactly what modern security programs demand. What Changes in Practice This integration improves day-to-day operations in meaningful ways with business context. With Qualys ETM, vulnerabilities on HPE Nonstop systems are now ranked against enterprise-wide risk, not evaluated in isolation. This directly impacts cyber resilience. When vulnerabilities affecting transaction systems, payment flows, or settlement platforms are prioritized correctly, remediation efforts focus on reducing operational risk — not just closing tickets. In ransomware scenarios, that prioritization can be the difference between a contained incident and a prolonged outage. Security teams no longer need to translate platform-specific findings into generic language for auditors. Compliance reporting becomes evidence-based, repeatable, and defensible. Perhaps most importantly, HPE Nonstop administrators are no longer expected to operate outside the organization’s security model. Instead, they are brought into it — with clarity, consistency, and shared accountability. That alignment reduces friction between infrastructure teams and security teams, and it removes one of the last remaining “special cases” from enterprise vulnerability management moving towards proactive risk management and automated remediation. Why This Matters Now Regulatory and audit expectations have shifted. PCI DSS 4.0, NIST-aligned frameworks, and modern assurance models increasingly expect continuous, demonstrable vulnerability and risk management — not periodic reviews or manual attestations. Auditors are less willing to accept compensating controls. Risk committees want consolidated reporting on high impact risks. CISOs are measured on consistency, not intent. Increasingly, they are also measured on how quickly risk is reduced before it can be exploited. In that environment, platforms that can’t integrate cleanly into enterprise workflows become liabilities — regardless of how resilient they are by design. Experience Over Hype For more than four decades, organizations have trusted XYPRO and HPE to secure HPE Nonstop systems that sit at the core of global commerce. That trust wasn’t built on trends or tooling. It was built on a disciplined understanding of what mission-critical security actually requires – accuracy, integration, and operational proof. Making HPE Nonstop a first-class participant in enterprise vulnerability management requires more than a scanner. It requires platform authority, trusted vulnerability intelligence, and deep operational understanding of Nonstop environments. Through collaboration between HPE, Qualys, and XYPRO, those elements come together — enabling Nonstop systems to be assessed and governed using the same frameworks and workflows already established across the enterprise. The result is a model where Nonstop vulnerability data is no longer explained or translated, but directly consumed, prioritized, and acted on alongside the rest of the enterprise. Because in today’s security landscape, visibility is expected. Actionability is required. And trust is earned by systems that can prove both. #### From Zero to Hero: Integrate HPE NonStop with Splunk HPE NonStop and the “data-to-everything platform”  XYGATE Merged Audit (XMA), included with every HPE NonStop server since 2010, is an easy-to-use and integral security component of the HPE NonStop operating system.  XMA collects data from application, system and audit logs into a single, normalized SQL database to generate reports and forward data to your log management or analytics solution.  Exciting, right? Without having to purchase any additional software, XMA communicates directly with enterprise solutions like Splunk “...to modernize your security operations and strengthen your cyber defenses”.   Data is collected from EMS, Safeguard, ACI Base24, iTP Webserver, XYGATE installations and much more. This data is aggregated, filtered, formatted, and selectively forwarded in real-time.  Did I mention you don’t have to try or buy any additional software?  XMA is on your NonStop servers already! You own it! Getting HPE NonStop server data to Splunk is easy.  Whether your data is in native XMA/NonStop format, Common Event Format (CEF) or a custom format, it can be sent to multiple targets via TCP or UDP.  The only thing to decide is which data you want to send.   XMA is installed and set up within minutes. Configuring XMA to forward data to Splunk takes even less time. All you need is the IP address, port and transport method (TCP or UDP). Pop those settings into the template inside of your XMA filters file and off you go.  Sit back, relax, and let your SOC monitor the log data from Splunk, while you enjoy modern, intelligent, and intuitive enterprise dashboards.  Here are XYPRO’s top 5 recommended reports: Privileged Logons (both pass and fail). Privileged users typically have access to everything on your NonStop server. Monitoring SUPER.SUPER and other privileged logons are critical for any NonStop environment. Access to sensitive data (both pass and fail) - This includes the Safeguard USERID file and other sensitive application data and configurations files. Attempts to modify any security subsystem - This includes Safeguard Globals and other critical components that may weaken the system or put it at risk. Initialization, stopping, or pausing of audit logs - This is a critical requirement for PCI DSS 10.2.6. Audit log files are used as evidence for tracking activity or access to resources. Clearing or tampering with logs will compromise the integrity of that evidence and allow a malicious user to cover their tracks.  This use case ensures Splunk can report on any activity that alters a log file. System integrity changes - Integrity Monitoring is a foundational requirement for security compliance frameworks to help identify unexpected or malicious activity across critical system files, diagnose unwanted or inadvertent changes, and shut down attacks before they have a chance to cause damage and disruption. If your organizations that collect and process credit card transactions and payments data must comply with the Payment Card Industry Data Security Standard (PCI DSS) requirements 10.5.5 and 11.5 that state organizations must make efforts to monitor file modifications and ensure the integrity of critical logs from within their Cardholder Data Environment (CDE). Relieved to find the solution has been here all along?  Contact your XYPRO rep for more information!  Don’t miss our HPE NonStop Splunk Integration Webinar on August 26th, 2020!   Register for the webinar today!  And Happy Splunk -ing! The XYPRO Team #### GDPR - How to Comply in an HPE NonStop Server Environment What is the GDPR?   The General Data Protection Regulation, or GDPR, is a major new piece of legislation designed to address the protection and responsible use of each and every European Union citizen’s personal data. GDPR is not an EU only regulation; it affects any business or individual handling the data of EU citizens, regardless of where that business or individual is based. The penalties for non-compliance are stiff: Up to €20 million (about $24 Million USD) or 4 percent of annual global turnover, whichever is greater. GDPR comes into effect in May 2018.   According to Bart Willemsen, research director at Gartner - "The GDPR will affect not only EU-based organizations but many data controllers and processors (entities that decide what processing is to be performed and/or carry out that processing) outside the EU as well. Threats of hefty fines, as well as the increasingly empowered position of individual data subjects in controlling the use of their personal data, tilt the business case for compliance and should cause decision makers to re-evaluate measures to safely process personal data.”   The GDPR is similar in some ways to PCI DSS in that it aims for a comprehensive approach to data protection that goes well beyond the technical aspects. Even though the individual GDPR requirements aren’t as technically detailed, its security tenets and its objectives are the same as PCI DSS: to protect, secure and track use of specific types of data. Compliance with its requirements requires both implementing security best practices and modifying processes and human behavior to comply with those best practices, including timely analysis of anomalies.   The GDPR requirements do differ in other ways from the PCI DSS requirements: They apply to many more types of personal data, including addresses, phone numbers, IP addresses and health-related data (and have different rules for handling certain data types). They are much more prescriptive with respect to governance. They place much more emphasis on allowable use of the data, including data subject consent and advance analysis of the potential privacy impact and available mitigations when introducing a new form of processing.   Like most regulations, the GDPR has its own distinct terminology and set of definitions. In order to evaluate its impact on your organization, it is important that you understand key concepts such as “personal data”, “data controller” and “processor”. Definitions of interest include:   Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Pseudonymisation: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. Filing system: any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.   See Article 4 of the GDPR for a complete set of definitions. GDPR Compliance No one should suffer from the illusion that there’s a silver bullet that will effortlessly make an organization 100% secure and compliant with every security-related framework. Identifying your assets and building your security strategy around those assets is the only true way to mitigate risk. Identification is key. If you don’t know what data you possess, where it resides, what you are protecting and why you are protecting it, it becomes difficult to deploy an effective strategy and measure compliance to it. GDPR makes identifying your assets critically important.   So how can you make your HPE NonStop environment compliant with the GDPR’s technical security regulations and demonstrate its ongoing compliance with them? Let’s break it down: Authentication and Access Control Article 32 of the GDPR states “the data controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk”. Further, Article 32 requires “the data controller or data processor must take steps to ensure that any natural person with access to personal data does not process the data except on instruction of the controller, processor, European Union law, or member state law”.   This means ensuring that proper authentication, access control, and identity management are in place to ensure a level of security appropriate to the risk. These components are fundamental parts of a data security strategy and ensure that the appropriate protection layers are in place to mitigate the risk.   The authentication aspects of Article 32 can be addressed by deploying and appropriately configuring the following solution supplied with the HPE NonStop OS:   XYGATE User Authentication for extending Safeguard’s authentication controls and integrating NonStop security with RSA tokens for Multi-Factor Authentication.   The access control technical aspects of Article 32 can be addressed by deploying and appropriately configuring the following optional product solution supplied through HPE   XYGATE Access Control for Role Based Access Control and Keystroke Logging to capture command activity.   And the identity management technical aspects of Article 32 can be addressed by deploying and appropriately configuring third-party solutions available for HPE NonStop servers Auditing and Alerting Article 33 of the GDPR requires prompt breach notification: “In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority. The processor shall notify the controller without undue delay after becoming aware of a personal data breach.”   In order to be able to detect personal data security breaches, records of all activity that touch that data need to be collected and organized in a way that makes it as easy as possible to detect and report on all unauthorized access. For NonStop systems, this essentially means auditing everything associated with GDPR-defined personal data – or as much possible to address the risk. Having security data available and solutions in place to report on the data will allow quick alerting and access to data and evidence to comply with this Article. Of course, you should act up front to minimize the potential for breaches as reflected in Article 32, and auditing other aspects of your security environment such as subsystem configuration changes is necessary for early detection of changes that might reduce the effectiveness of your security risk mitigation.   Auditing all NonStop security-related activity and events may seem easier said than done especially when you have hundreds of thousands (maybe millions) of events occurring daily throughout your environment. What you need is a really powerful software solution that allows you to track, filter, manage and report on all relevant NonStop security-related activity.   XYGATE Merged Audit merges multiple sources of NonStop audit data (for example, Safeguard, XYGATE, EMS, Measure, ACI BASE24®, IHSS Telco solution, SECOM, and SQLXPress) into a single NonStop repository. This merged and normalized data can be used to forward to security analysis platforms specifically for HPE NonStop data, alerting, reporting and integrating with enterprise Security Information and Event Management (SIEM) solutions.   Some Auditing and Alerting technical aspects of Article 33 can be addressed by deploying and appropriately configuring the following solution supplied with the HPE NonStop OS:     XYGATE Merged Audit for gathering, normalizing and centralizing security data.   Further Auditing and Alerting technical aspects of Article 33 can be addressed by deploying and appropriately configuring the following optional solution available for HPE NonStop servers:   XYGATE Compliance PRO for measuring compliance status against specific GDPR requirements.   To best address all Auditing and Alerting technical aspects of Article 33, a real-time security monitoring, alerting, data analysis and security intelligence solution is required and there are plenty available on the market.    Data Protection Article 32 of the GDPR also references Security of processing: “The controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including… the pseudonymization and encryption of personal data;”   This part of the article essentially boils down to encryption and masking of personal data. Encryption is supported on the HPE NonStop at most layers – from network to data. Article 32 requires processors working with EU citizens’ personal data to use it.   Pseudonymization is essentially tokenization or data masking. On the NonStop, this can be accomplished using the recent HPE Data Security spin/merge solution from Micro Focus; SecureData. Tokenization does not transform data, but instead randomly maps a live data field to a functionally equivalent surrogate value (i.e., a “token”) which replaces the real data. Since tokens do not represent actual data, they can be shared and stored without risk of data loss. To convert a token back to real data, a system (or application) needs to use the tokenization server which hosts the random mapping table to return the token to its original value. Format Preserving Encryption (FPE) can also be used here.   This section of Article 33 can be addressed by deploying and appropriately configuring the following NonStop solutions:   Micro Focus SecureData powered by TDP   SecureData will properly secure your data and other solutions can help protect the processes, applications, and objects that operate on that data. This combination encryption or tokenization and dynamically securing objects and processes will ensure you have taken the necessary measures to address pseudonymization.    Compliance and Monitoring Ensuring compliance is a critical aspect of any security program, and compliance monitoring solutions provide the means to systematically measure, manage and report on a complex and dynamic HPE NonStop security environment.   Let’s assume that you’ve implemented your security strategy based on the recommendations in this article and other security frameworks.  You have established strong security procedures for your HPE NonStop system. The next step is to measure compliance against GDPR’s requirements. The latest version of HPE’s XYGATE Compliance PRO (v3.18) introduces GDPR policies, allowing NonStop security professionals to measure and monitor their GDPR compliance. XYGATE Compliance PRO has broken down the individual GDPR data security Articles and mapped them to NonStop technical controls to validate your security configuration and simplify your GDPR compliance activity. Compliance PRO’s easy to use and intuitive interface will clearly highlight the sections of your NonStop environment that comply with GDPR controls and show you the gaps where mitigation activity is required.   Given the high-value business applications and processes that are often run on NonStop servers and the sensitive data that they store and process, you can see why many NonStop environments will be subjected to GDPR and how HPE’s solution offerings as well as other third party security analytics solutions can help build a layered security strategy for proper data protection and monitoring of compliance.   May 2018 is just a few months away and there is a lot to do to bring both organizations and their systems into compliance. Luckily, most of the solutions and tools required to address GDPR technical security requirements and demonstrate compliance already exist. Hopefully, this article has given you the solid groundwork to understand what you need to start thinking about when it comes to GDPR and the NonStop. The fines are significant enough to make every organization pay attention. If you need assistance with compliance readiness activity, please reach out to your account executive at HPE and they will be more than happy to help you.   Steve Tcherchian, CISSP CISO and Director of Product XYPRO Technology www.xypro.com @SteveTcherchian @XYPROTechnology #### GDPR 2021 - Compliance and Penalties; 3 Years Later The General Data Protection Regulation, or GDPR, is a major piece of legislation adopted in 2018. It is designed to address the protection and responsible use of every European Union citizen’s personal data. However, GDPR is not an EU-only regulation. It affects ANY business or individual handling the data of EU citizens, regardless of where that business or individual is based.  We were warned that the penalties for non-compliance could be stiff: Up to €20 million (about $24 Million USD) or 4 percent of annual global turnover, whichever is greater.  What Has GDPR Done Lately? Over the last 3+ years, GDPR has received mixed reviews. It’s often a slow process to bring a complaint because the companies involved may operate in many countries, but have their corporate headquarters in countries where litigation is exponentially more complex. To add to the delays, in most instances there is an opportunity for all other EU countries to join a complaint, extending the process and adding to the complexity of evidence gathering. The European Data Protection Board (EDPB), was set up to promote cooperation between the EU’s data protection regulators and  acknowledge that the system isn’t all it could be. In the April 8th, 2021 edition of WIRED Magazine an EDPB spokesperson was quoted, saying “Enforcing at a national level and at the same time resolving cross-border cases is time and resource intensive. Slowly, but steadily, we are seeing results”. This claim is punctuated by the fact that there have been 254 final decisions from filed complaints. Make no mistake, GDPR has teeth. A recent judgment against Amazon resulted in a fine of $788 million. Ireland’s Data Protection Commission (DPC) just announced that WhatsApp, owned by Facebook, is facing fines up to $267M for violating articles 5(1)(a); 12, 13 and 14 of the GDPR.   While all judgements are immediately contested (and in most cases reduced), the fines are still very substantial. The GDPR resembles the PCI DSS in that it aims for a comprehensive approach to data protection that goes well beyond the technical aspects, though the individual GDPR requirements aren’t as technically detailed. GDPR’s security tenets and objectives are the same as PCI DSS: to protect, secure and track use of specific types of data. Compliance with its requirements requires both implementing security best practices and modifying processes and human behavior to comply with those best practices, including timely analysis of anomalies. GDPR requirements differ in other ways from the PCI DSS requirements: They apply to many more types of personal data, including addresses, phone numbers, IP addresses and health-related data (and have different rules for handling certain data types). They are much more prescriptive with respect to governance. They place much more emphasis on allowable use of the data, including data subject consent and advance analysis of the potential privacy impact and available mitigations when introducing a new form of processing. Like most regulations, GDPR has its own distinct terminology and set of definitions. In order to evaluate its impact on your organization, it is important that you understand key concepts such as “personal data”, “data controller” and “processor”. To help make sense of it, the definitions of interest include: Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;  Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Pseudonymisation: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. Filing system: any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis. See Article 4 of the GDPR for a complete set of definitions. Meeting GDPR Compliance Being a security technology company, we’d love to offer a cure-all solution that will effortlessly make an organization 100% secure and compliant. Each business, however,  is unique. The best way to start is by identifying your assets and building a security strategy around those assets to mitigate risk. Proper identification of what needs to be protected is essential. Know what data you possess, where it resides, what you are protecting and why you are protecting it. GDPR compliance makes identifying your assets critically important. We discussed these processes in a previous article.  Here are the brass tacks:.  A Step-By-Step Guide to HPE NonStop Compliance.  Authentication and Access Control Article 32 of the GDPR states “the data controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk”. Further, Article 32 requires “the data controller or data processor must take steps to ensure that any natural person with access to personal data does not process the data except on instruction of the controller, processor, European Union law, or member state law”. This means ensuring that proper authentication, access control, and identity management are in place to ensure a level of security appropriate to the risk. These components are fundamental parts of a data security strategy and ensure that the appropriate protection layers are in place to mitigate the risk. The authentication aspects of Article 32 can be addressed by deploying and appropriately configuring the following solution supplied with the HPE NonStop OS: XYGATE User Authentication for extending Safeguard’s authentication controls and integrating NonStop security with RSA tokens for Multi-Factor Authentication. The access control technical aspects of Article 32 can be addressed by deploying and appropriately configuring the following optional product solution supplied through HPE. XYGATE Access Control for Role Based Access Control and Keystroke Logging to capture command activity. And the identity management technical aspects of Article 32 can be addressed by deploying and appropriately configuring third-party solutions available for HPE NonStop servers. “  Luckily, most of the solutions and tools required to address GDPR technical security requirements and demonstrate compliance are readily available.” Steve Tcherchian, CISSP, XYPRO Technology Corporation Auditing and Alerting Article 33 of the GDPR requires prompt breach notification: “In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority. The processor shall notify the controller without undue delay after becoming aware of a personal data breach.” In order to be able to detect personal data security breaches, records of all activity that touch that data need to be collected and organized in a way that makes it as easy as possible to detect and report on all unauthorized access. For NonStop systems, this essentially means auditing everything associated with GDPR-defined personal data – or as much as possible to address the risk. Having security data available and solutions in place to report on the data will allow quick alerting and access to data and evidence to comply with this Article. Of course, you should act up front to minimize the potential for breaches as reflected in Article 32, and auditing other aspects of your security environment such as subsystem configuration changes is necessary for early detection of changes that might reduce the effectiveness of your security risk mitigation. Auditing all NonStop security-related activity and events may seem easier said than done, especially when you have hundreds of thousands (maybe millions) of events occurring daily throughout your environment. What you need is a really powerful software solution that allows you to track, filter, manage and report on all relevant NonStop security-related activity. XYGATE Merged Audit merges multiple sources of NonStop audit data (for example, Safeguard, XYGATE, EMS, Measure, ACI BASE24®, IHSS Telco solution, SECOM, and SQLXPress) into a single NonStop repository. This merged and normalized data can be used to forward to security analysis platforms specifically for HPE NonStop data, alerting, reporting and integrating with enterprise Security Information and Event Management (SIEM) solutions. Auditing and Alerting technical aspects of Article 33 can be addressed by deploying and appropriately configuring the following solutions: XYGATE Merged Audit for gathering, normalizing and centralizing security data. Further Auditing and Alerting technical aspects of Article 33 can be addressed by deploying and appropriately configuring the following optional solution available for HPE NonStop servers: XYGATE Compliance PRO for measuring compliance status against specific GDPR requirements. To best address all Auditing and Alerting technical aspects of Article 33, a real-time security monitoring, alerting, data analysis and security intelligence solution is required and there are plenty available on the market. Data Protection Article 32 of the GDPR also references Security of processing: “The controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including… the pseudonymization and encryption of personal data;” This part of the article essentially boils down to encryption and masking of personal data. Encryption is supported on the HPE NonStop at most layers – from network to data. Article 32 requires processors working with EU citizens’ personal data to use it. Pseudonymization is essentially tokenization or data masking. Tokenization does not transform data, but instead randomly maps a live data field to a functionally equivalent surrogate value (i.e., a “token”) which replaces the real data. Since tokens do not represent actual data, they can be shared and stored without risk of data loss. To convert a token back to real data, a system (or application) needs to use the tokenization server which hosts the random mapping table to return the token to its original value. Format Preserving Encryption (FPE) can also be used here. Compliance and Monitoring Ensuring compliance is a critical aspect of any security program, and compliance monitoring solutions provide the means to systematically measure, manage and report on a complex and dynamic HPE NonStop security environment. Let’s assume that you’ve implemented your security strategy based on the recommendations in this article and  other security frameworks.  You have established strong security procedures for your HPE NonStop system. The next step is to measure compliance against GDPR’s requirements. XYGATE SecurityOne and Compliance PRO contain GDPR policies, allowing security professionals to measure and monitor their GDPR compliance. XYPRO has broken down the individual GDPR data security Articles and mapped them to NonStop technical controls to validate your security configuration and simplify your GDPR compliance activity.  Given the high-value business applications and processes that run on NonStop systems and the sensitive data that they store and process, you can see why many NonStop environments will be subjected to GDPR and how HPE’s offerings as well as other third party security analytics solutions can help build a zero trust security strategy for proper data protection and monitoring of compliance. May 2018 is more than 2 and a half years behind us and there is still a lot to do to bring both organizations and their systems into compliance. Luckily, most of the solutions and tools required to address GDPR technical security requirements and demonstrate compliance are readily available. Hopefully, this article has given you the groundwork to rededicate your resources and what you need to focus on when it comes to GDPR and your HPE NonStop environment. The fines are significant enough to make every organization pay attention. If you need assistance with compliance readiness activity, please reach out to your account executive at HPE and they will be more than happy to help you. #### Google Play Protect: Why It’s the Only Antivirus App Androids Need     Readers Digest January 13, 2021 - Google Play Protect: Why It’s the Only Antivirus App Androids Need Smartphones may not get traditional viruses but can be exposed to cyberattacks. Here's why Google Play Protect is a useful and important antivirus tool for Android phones. What is Google Play Protect? Google Play Protect is software built into Android phones that is designed to keep your smartphone safe from security threats. Before you download an app that’s not on the Google Play store, Google Play Protect runs a thorough safety check to ensure there aren’t any issues. (Apps on the Google Play store have already undergone virus scanning.) From there, Google Play Protect scans the apps on your phone on a daily basis and can also be used on-demand, explains Julie Ryan Evans, consumer editor of SecurityNerd.com. Scanning frequently is a safeguard measure against potentially harmful apps (PHAs), from infiltrating your device. If they have, Play Protect will notify you of any detected threats and advise you to delete the app. “Google Play Protect is probably the most effective ‘malicious behavior’ scanning app around,” says Steve Tcherchian, chief product officer and CISO for XYPRO Technology. “Use this. Don’t bother with anything else.” While this android virus scan app is designed to protect you, these things make your phone a target to hackers. Android virus scan Android’s virus scan will review your device for malware on a daily basis and will send you privacy alerts for any apps attempting to access personal information. To use Google Play Protect at any time to check for malicious apps on your smartphone, open the Google Play Store app—>Menu (the icon with three horizontal lines) then scroll down to “Play Protect.” Once opened, it will tell you the date and time the last scan was completed, and all the apps that were checked. If you wish to scan again, click the button “Scan.” Even without doing a virus scan, there are some telltale signs that something may be wrong on your device, including that someone may be tracking your phone. These include a sudden surge in Internet usage, which may be a result of malware transferring data from your device to another, your phone restarting frequently, battery draining rapidly, and/or strange apps appearing on your phone that you don’t remember installing, says Peter Baltazar, a technical writer, who writes about cybersecurity at MalwareFox.com. Having a secure smartphone is one way to avoid a cyber attack as well as only downloading safe apps. How to know if an Android app is safe “You’ll know an app is trustworthy if you don’t change default security settings; you download the app from the Google Play store, and you’re diligent about keeping your phone updated,” says Tcherchian.   #### Google's New Thermostat: Same Look, New Privacy Concerns     Lifewire October 15, 2020 – Google's New Thermostat: Same Look, New Privacy Concerns ... Information Vacuum The Nest is likely to be collecting more data than many users realize, experts say. One of NEST’s big selling points is its learning ability. "For it to properly learn habits and behaviors, we have to share location data with it," Steve Tcherchian, Chief Information Security Officer at XYPRO Technology Corporation, said in an email interview. "Not only does the NEST thermostat know the physical location it’s installed, but for it to function properly, it needs to know where you physically are. "It does this by accessing location data from your phone. For example, it can then determine how far away you are from home so it can turn on your A/C or heater before you get [home]." ... To read the full article visit lifewire.com #### How Banks Are Working to Protect You From Fraud Yahoo Finance January 22, 2021 - How Banks Are Working to Protect You From Fraud Often holding millions of dollars in assets, banks, credit unions and other financial institutions have large targets on their backs. However, bank thieves have largely moved beyond the days of robbing branches at gunpoint. Instead, criminals use a range of digital tools and resources to impersonate customers and hack into accounts. "Fraudsters are getting much more advanced in their approaches," says Ryan Leblond, manager of fraud prevention and investigations for ESL Federal Credit Union in Rochester, New York. While it can be challenging for banks and credit unions to keep up with criminals' evolving tactics, technology is also on the institutions' side. Robust options now exist to ferret out potential fraud and protect customer accounts. Algorithms, artificial intelligence and biometrics have saved millions of dollars while ensuring account holders maintain convenient access to their funds. "We have not begun to scratch the surface of the capabilities of machine learning and artificial intelligence to combat security threats," Tcherchian says People-Centric Systems Pose New Challenges In the days before cloud applications, it was easier to protect data. A firewall or similar system could be adequate to keep information safe from most threats. Today, it's different. "As companies migrate their critical workloads and storage to the cloud, protections offered from the data center dissolve as the perimeter disappears," says Steve Tcherchian, chief information security officer and chief product officer for XyPro, a security solutions provider. With millions of people now accessing data from the cloud, security measures have had to adapt. Not only does a system have to keep its information safe from outside attack, but it also has to ensure all those people using it are who they say they are. These people-centric systems pose a special challenge for financial institutions. "We want to be sure we provide education to call center staff," Leblond says. Workers need to properly verify a person's identity before discussing any sensitive account data. To make that easier, financial institutions are deploying new technology to flag problematic transactions or attempts at account access. To read the full article, please visit Yahoo Finance. #### How to Address Busines Email Compromise or "CEO Fraud" in Your Business Money, Inc.--How to Address Business Email Compromise or "CEO Fraud" in Your Business Fraudsters are constantly inventing new scams to outsmart the general public online.  The cleverest of this deceitful pack are always trying to one-up their competition by developing the wiliest and therefore most successful variations on online fraud. Click here to continue reading. #### How to Become a Chief Information Security Officer Chief information security officers (CISOs) stand atop the cybersecurity career ladder. Only the most educated and experienced professionals reach this level of the field to oversee large cybersecurity teams, systems, and operations. According to the Federal Bureau of Investigations, cybercrime losses approached $7 billion in 2021 alone. Cyberattacks can ruin organizations and lives as the attackers become more intelligent and better equipped. Companies need security specialists who can develop, manage, and adapt their security infrastructure and strategy. While becoming a chief information security officer can be a long and arduous process, these professionals enjoy the many perks of an executive occupation. Here, we examine the role in detail, along with the necessary steps to get there. You must learn to be a team player and to lead. The best advice I can give is to slow down, gather your team around you, and let them own a piece of the struggle (and the success), and you'll see results that far outweigh anything you could achieve on your own. Steve Tcherchian CISO and Chief Product Officer XYPRO Technology The CISO role varies by organization and industry. These professionals oversee information security architecture and operations. They aim to protect their organization's assets while supporting technological endeavors. CISOs implement security technologies to identify vulnerabilities and develop strategies to overcome them. Depending on the organization, CISOs may lead cybersecurity teams and collaborate with the chief information officer (CIO), chief technology officer (CTO), or chief security officer. CISOs also provide regular input on security risks and the implications of all digital business decisions to chief executive officers (CEOs) and other stakeholders. Read the full article here #### How To Protect Your Identity From Theft? masonverapaine.com, May 18, 2020--How To Protect Your Identity From Theft? There have been some situations where people were not aware that their identity has been stolen until they are about to purchase a home, open a bank account, file taxes, or even apply for some form of assistance.  Chief Information Security Officer at XYPRO Steve Tcherchian explains what you can do to protect your identity and what to do if you have been compromised. Listen to the Podcast interview here: https://masonverapaine.com/how-to-protect-your-identity-from-theft/ First aired on WGN Radio: How Does Identity Theft Happen Online?- https://wgnradio.com/wgn-plus/mason-vera-paine/how-does-identity-theft-happen-online #### How to Rebuild in the Post COVID Economy BitBean July 7, 2020 -  We Spoke to Lisa Partridge of XYPRO Technology Corporation on How to Rebuild in the Post COVID Economy As part of my series about the “How Business Leaders Plan To Rebuild In The Post COVID Economy,” I had the pleasure of interviewing Lisa Partridge. Lisa is CEO of XYPRO Technology Corporation, one of the country’s leading cybersecurity solutions companies. Thank you so much for your time! I know that you are a very busy person. Our readers would love to “get to know you” a bit better. Can you tell us a bit about your ‘backstory’ and how you got started? I started out on the sales side of the organization here at XYPRO, a software development and consulting services firm in Southern California. In small companies, everyone pitches in to help in every area and so I learned a lot about what’s involved in running a software company, supporting customers, coming up with product ideas, networking, etc. The market for our solutions was a relatively niche group that uses a particular “big iron” server for very high volume online transaction processing called an HPE NonStop server. Our customers are B2B, Fortune 500 companies that are part of the global financial & telecommunications infrastructure. Thanks to the vision of XYPRO’s founders, we pivoted our specialty focus to Cybersecurity in the early 1990s and were early players in the space. Other than a small blip in 1994, Our business grew slowly but steadily. I was given quite a bit of autonomy in how I built up the sales organization and distributor network, learning as I went, moving into an officer level role as VP of Sales and later promoted to company President. When the founders realized they wanted to retire, I was approached to gauge my interest in a management buy-out. In 2014 I became the CEO. Can you share a story about the funniest mistake you made when you were first starting? Can you tell us what lessons or ‘take aways’ you learned from that? A sale that I felt should have been closed but kept dragging on. I had a good relationship with the customer, I just needed their manager to sign off. I don’t know what possessed me (I had probably just read one of those books about sales and taking decisive action to close the deal) but I decided to just jump on a plane and go there unannounced, with the contract ready for signature. I showed up and did just that! My customer was floored, his manager was so amused by it that he signed the agreement on the spot! I’ve told that story many times and had it retold on my behalf, with great delight, by the person whose manager signed the contract (that he was going to sign anyway). Because that event worked out so well and was met with amusement and success, of course I tried it again and of course it failed. Not only was the second attempt much further away and a more expensive attempt, the manager refused to see me and we did not get the deal. Ever. I also thoughtlessly failed to schedule enough other solid reasons to visit the location that would have justified the cost of the trip. We were a smaller company back then and the money spent on what is obviously an unnecessary risk was non-trivial to our growing company. I tried never to let hubris, impatience, recklessness or an attitude of “what have I got to lose?” take a more prominent seat in decision making than “how will this impact the business?”. Is there a particular book that you read, or podcast you listened to, that really helped you in your career? Can you explain? To read the full interview, please visit BitBean. #### How to Reimagine Onboarding for Remote and Hybrid Workers The hybrid workplace may be here to stay, but the onboarding processes you used when workers were in the office won't cut it anymore. Companies will need new strategies and techniques to improve the onboarding process for remote and hybrid workers. Think there's no need to create onboarding initiatives specifically for hybrid workers, especially now that half the adult population in the United States have been vaccinated, and lockdowns have ended? First, consider the coronavirus itself. The newer Delta and Lambda variants of the virus have created the potential for a whole new set of lockdowns and crises. According to Michael Osterholm, head of the Center for Infectious Disease Research and Policy at the University of Minnesota, his team's analysis indicates that almost every unvaccinated American who hasn't yet had COVID-19 is likely to get it in the coming months. COVID-19 is likely to be with us for years to come, if not forever. Add to that the hybrid and mobile workplace of today, which is not likely to go away either. Jolene Cramer, senior director of marketing at Limeade, an employee experience technology company, said some employees feel a strong resistance to going back to the way things were before the pandemic. Employees don't want to lose the advantages of the remote workplace, such as the lack of long commutes, office politics and mandatory work attire. “We invite and involve the new hire in virtual social activities such as our coffee chats, virtual happy hours, virtual meditation and yoga trivia, company events immediately to get them comfortable with the rest of the team," she said. "We use tools that help enable communication in remote settings such as Slack Signal, and Microsoft Teams. We automate any steps in the onboarding process that can be automated." Dr. Melodie Bond-Hillman For remote workers, onboarding should have a larger focus on making them feel like they are part of the company, its values, and its culture, and that can be challenging when they cannot be face-to-face with coworkers and leaders. Bond-Hillman's company sets up a virtual welcome lunch and sends the remote employee lunch on that first day, alongside a welcome box with company swag to help them feel welcome. Click here to read the full article   #### How to Stop (and Remove) iPhone Calendar Spam     Readers Digest December 18, 2020 - How to Stop (and Remove) iPhone Calendar Spam It’s not only annoying—it can also be dangerous. Here's what you can do to get rid of invasive iPhone calendar spam... How to prevent notifications Preventing notifications is one of the best ways to minimize spam from invading your calendar. An important tactic is to change your calendar settings. “Make sure none of your devices (iPhone, Mac, Outlook) are set up to auto-accept calendar invites,” advises Steve Tcherchian, Chief Product Officer and CISO for XYPRO Technology, a cybersecurity analytics company. “Although this may be very convenient for busy people, this setting is being used as a vulnerability to insert unwanted entries that popup spam into your calendar.” Since anyone with your email can send calendar invites, adds Hatter, “you can block their email address and/or report their invites as junk.” Another option? “Create a ‘burner’ email address for sharing that is not connected to your primary account so that spam will go there.” How to delete iPhone calendar events Removing unwanted or suspicious calendar events is simple and can be done in a few ways. One method is deleting each invite individually. All you have to do, Tcherchian says, is “open the calendar app, open the event, and click Delete Event, if it’s available. If you can’t delete it, just leave it and ignore it. Don’t click Decline and do not click on any links within the calendar.” However, if your calendar is overrun with unsolicited invites, the easiest thing to do is to create a “new” calendar. You can move all the events into this calendar and eliminate all the junk invites in one fell swoop when you delete the recently created calendar. “If you are prompted to Delete and Don’t Notify, choose that [option] to ensure the spammers are not notified,” advises Hatter. Another option is removing the calendar app entirely. Just make sure you never delete an app without doing these four things first. How to delete iPhone calendar completely One of the best ways to handle invasive iPhone calendar spam is to delete your calendar completely. Beginning anew can be a logical and helpful way to untangle yourself from all the unsolicited events infiltrating your calendar. Removing calendars is easy with simple steps to follow. Here’s how to do it, says Tcherchian: “On iOS 14, go to Settings > Calendar > Accounts > Subscribed Calendars. Select the calendar you want to delete, and select Delete Account.” You can also opt for a different calendar entirely, instead of the built-in one, since many calendar apps are compatible with iPhones. After you decide what to do, learn these hidden iPhone hacks you probably don’t know about. To read the full article visit Reader's Digest. #### How to Survive the Zombie Apocalypse (and Other Disasters) with Business Continuity and Security Planning Years ago, I was one of three people in a startup company providing design and development services for web hosting and online message boards. We started the company on a dining room table. As we expanded into the living room, we quickly realized that it was getting too cramped and we needed more space to let our creative juices flow, plus we needed to find a way to stop being at each other’s throats. We decided to pack up our laptops move into a co-working space in Venice, California. We were one of four other companies using the space and sharing the rent. It was quite a nice setup and we were enjoying the digs.  We were eager to get to work in the morning and wouldn’t leave sometimes till very late in the evening. One Thursday morning as we pulled up to the office to start the day, we noticed the door wide open. Someone had broken into the office in the middle of the night and stolen all of our equipment, laptops, computers etc... This was before the time of cloud computing, so data backup at that time was mainly burning CDs, which often times we would forget to do or just not do it because “we were just too busy”. After the theft, we figured we would purchase new laptops and recover from the latest available backups. As we tried to restore our data, none of the processes were going as planned.  Either the data was corrupted, or the CD was completely blank or too old to be of any value.  Within a couple of months, we bit the bullet and had no choice but to close up shop. BY THE NUMBERS Business interruptions come in all shapes and sizes. From natural disasters, cyber security incidents, system failures, human error, operational activities, theft, power outages…the list goes on and on. In today’s landscape, the lack of business continuity planning not only puts companies at a competitive disadvantage, but can spell doom for the company as a whole.  Studies show that a single hour of downtime can cost a small business upwards of $8,000. For large enterprises, that number skyrockets to millions. That’s 6 zeros folks! Compound that by the fact that 50% of system outages can last 24 hours or longer, and we’re talking about scarily large figures. The impact of not having a business continuity plan doesn’t stop there.  As if those numbers weren’t staggering enough, a study done by the AXA insurance group showed 80% of businesses that suffered a major outage filed for bankruptcy within 18 months, with 40 percent of them out of business in the first year. Needless to say, business continuity planning (BCP) and disaster recovery (DR) are critical components and lack of planning in these areas can pose a serious risk to any modern organization. We can talk numbers all day long about why BCP and DR are needed, but the bottom line is – THEY ARE NEEDED.  Frameworks such as NIST Special Publication 800-53 Rev.4, 800-34 and ISO 22301 define an organization’s “capability to continue to deliver its products and services at acceptable predefined levels after disruptive incidents have occurred. They provide much needed guidance on the types of activities to consider when formulating a BCP.  They can assist organizations in ensuring business continuity and disaster recovery systems will be there, available and uncompromised when required. DISASTER RECOVERY – DON’T LOSE SIGHT OF SECURITY & RISK Once established, business continuity and disaster recovery strategies carry their own layer of complexities that need to be properly addressed. A successful implementation of any disaster recovery plan is contingent upon the effectiveness of its design. The company needs access to the data and applications required to keep the company running, but unauthorized access must be prevented. Security and privacy considerations must be included in any disaster recovery planning. Security and risk are top priority at every organization, yet traditional disaster recovery procedures focus on recovery from an administrative perspective. What to do to ensure critical business systems and applications are kept online. This includes infrastructure, staff, connectivity, logistics and data restoration. Oftentimes, security is overlooked and infrastructure designated as disaster recovery are looked at and treated as secondary infrastructure, and as such, the need to properly secure (and budget) for them is also treated as secondary to the production systems. Companies invest heavily in resources, security hardware, software, tools and other solutions to protect their production systems. Typically, only a subset of those security solutions are deployed, if at all, to their disaster recovery systems. The type of DR security that’s right for an organization is based on need and risk. Identifying and understanding what the real risks are can help focus efforts and close gaps. A lot of people simply look at the perimeter and the highly visible systems. Meanwhile, they've got other systems and back doors where they’re exposed, potentially leaking data and wide open for attack. In a recent article, Barry Forbes, XYPRO’s VP of Sales and Marketing discusses how senior executives at a top five US Bank indicated that they would prefer experiencing downtime than dealing with a breach. The last thing you want to deal with during disaster recovery is being hit with a double whammy of a security breach. Not having equivalent security solutions and active monitoring for disaster recovery systems puts your entire continuity plan and disaster recovery in jeopardy. This opens up a large, exploitable gap for a savvy attacker or malicious insider. Attackers know all the security eyes are focused on production systems and data, yet the DR systems whose purpose is to become production systems in case of disaster are taking a back seat and ripe for the picking. Not surprisingly, the industry is seeing an increasing number of breaches on backup and disaster recovery systems. Compromising an unpatched or an improperly secured system is much easier through a DR site. Attackers know that part of any good business continuity plan is to execute the plan on a consistent basis. This typically includes restoring live data onto backup or DR systems and ensuring applications continue to run and the business continues to operate. But if the disaster recovery system was not monitored or secured similar to the live system using similar controls and security solutions, the integrity of the system the data was just restored to is in question. That data may have very well been restored to a compromised system that was lying in wait. No one wants to issue outage notifications couple with a breach notification. The security considerations don’t end there. Once the DR test has checked out and the compliance box ticked for a working DR system and successfully executed plan, attackers and malicious insiders know that the data restored to a DR system can be much easier to gain access to and difficult to detect activity on. Therefore, identical security controls and inclusion of DR systems into active monitoring is not just a nice to have, but an absolutely necessity. COMPLIANCE AND DISASTER RECOVERY Organizations working in highly regulated industries need to be aware that security mandates aren’t waived in times of disaster. Compliance requirements are still very much applicable during an earthquake, hurricane or data loss. In fact, the HIPAA Security Rule specifically calls out the need for maintaining security in an outage situation. Section 164.308(a)(7)(ii)(C) requires the implementation, as needed, of procedures to enable continuation of processes for "protection of the security of electronic protected health information while operating in emergency mode." The SOX Act is just as stringent, laying out a set of fines and other punishment for failure to comply with requirements, even at times of disaster. Section 404 of SOX discusses establishing and maintaining adequate internal control structures. Disaster recovery situations are not excluded. It’s also difficult to imagine the PCI Data Security Standards Committee relaxing its requirements on cardholder data protection for the duration a card processing application is running on a disaster recovery system. It’s just not going to happen. CONCLUSION Neglecting to implement proper and thorough security into disaster recovery planning can make an already critical situation spiral out of control. Careful consideration of disaster recovery planning in the areas of host configuration, defense, authentication and proactive monitoring will ensure the integrity of your DR systems and effectively prepare for recovery operations while keeping security at the forefront and keep your business running.  Most importantly, ensure your disaster recovery systems are secured at the same level and have the same solutions and controls as your production systems. #### HPE Customer Solution Center Hosts Gathering of Mission Critical Experts in Atlanta HPE Customer Solution Center Hosts Gathering of Mission Critical Experts in Atlanta Have you seen the movie ‘The Greatest Showman’ with Hugh Jackman? Jackman plays the ambitious P.T. Barnum. I don’t want to give away anything in the movie if you haven’t seen it. Suffice it to say, the circus finds their footing when they realize they can take their show on the road (via tent) and the rest is history…. Similarly, the Atlanta Tandem User Group (ATUG) took the show on the road this year and by all accounts, the show was a big success! This years ATUG was hosted at the HPE Customer Solution Center in Alpharetta Georgia on the northside of Atlanta. The venue is one of four Customer Solution Centers in the US and they are used to showcasing HPE’s capabilities and rolling out the red carpet for guests. A big thanks to the HPE team for helping pull this all together. Ken Goldman, Nelson Alvarez, Theresa Norton were all instrumental in securing the facility as well as helping with the agenda. Patrice Yunits did the heavy lifting by coordinating all the logistics. ATUG is completely funded by the vendor partners and sponsorship. No admission fee is charged to attendees and no admission fee has been charged to the speakers or vendors in attendance. Rather, Partners that have stepped forward as good stewards of the industry offer to pay for the breakfast, lunch, afternoon break and cocktail reception. Special thanks to those sponsors for this year’s event: Ascert, Omni Payments, CSP, ComForte, Integrated Research and XYPRO. Unlike P.T Barnum’s circus, which was able to take their show on the road in tents, ATUG has thus far been fortunate enough to have access to client or HPE facilities to help make ends meet. Next year is no different. So, if you’re reading this article and in the Atlanta area, we are always looking for new venues and places to hold next year's meeting. The day got off to a good start with Kevin McDowell, Group Manager, HPE providing a comprehensive product Roadmap update to the group. Afterwards, Mark Flanigan, HPE Manager gave the group an overview of the HPE OneView environment where we received a demo of the HPE Virtual NonStop and we ended the session with a tour of the HPE Solution Center. After lunch the group heard from Greg Swedosh from Knightcraft Technology as ATUG’s special guest speaker. Greg’s topic: ‘Security? A never-ending story’. This was a great presentation that spoke about the structured approach to performing a security review of the HPE NonStop environment using many of the top security products vendors have to offer. The HPE NonStop hardening guide, partnered with a product like XYGATE Compliance Pro, is a great start for companies to use when performing their own security review. On the upside, Greg is a good speaker and clearly a master of his trade. On the down side, he had a nasty cold from the long flight from Australia and probably passed that on to several folks, myself (and now my wife) included. ATUG didn’t have three rings, elephants or lions. We didn’t have high wire acts. We did have a group of very knowledgeable HPE NonStop professionals who came together to share information and learn from one another. A big thanks to all that attended and participated. A special thanks again to Kevin McDowell, Mark Flanigan and Greg Swedosh for all of the extra effort you put in, making this year’s ATUG another solid event. And, thanks to Ken Goldman and HPE as we didn’t have to move into a tent! Until Next Year, Dale Van Stratten Account Executive XYPRO Technology www.XYPRO.com #### HPE NonStop Security Provider XYPRO Granted Patent for Contextualizing Multiple Security Events New security analytics technology to provide faster breach detection using patented security intelligence   LOS ANGELES – May 15, 2018 – XYPRO Technology Corporation ("XYPRO"), a leading provider of HPE NonStop Security, Risk Management, Compliance and Database solutions announced today that the United States Patent and Trademark Office has issued US Patent 9,948,678, titled Method and System for Gathering and Contextualizing Multiple Security Events. The patent covers the aggregating, correlating and contextualizing of disparate and unrelated security and system events. This proprietary technology is intended to provide faster detection of suspicious activity by intelligently combining security and non-security-related data while applying a layer of context which makes the newly enriched data much more insightful and actionable.   “We are pleased that the US Patent Office recognized the innovative achievement of XYPRO,” said CEO Lisa Partridge. “Our method aggregates and correlates multiple data sources, including those not traditionally used for security monitoring. Our clients in banking, finance, telecom, retail, manufacturing and other critical sectors will find this new technology paramount in risk mitigation.” XYPRO’s patented method uses sources such as file metadata, system data and application data and applies a layer of platform and application specific context to determine if the newly created data is an actionable threat or not. The applied context can come from either a security context event map or from a machine learning algorithm generated by profiling the system over time to determine what context is normal for the given platform or application.   “Traditional risk and threat detection methods are no longer sustainable,” said Steve Tcherchian, XYPRO’s CISO and Director of Product. “Even with recent security advancements, the average time to detect a breach is still unacceptable at well over 100 days. We need to expand the data points used in order to identify suspicious activity more rapidly. By coupling data not typically used in security incident detection with security-related data, we have created a new type of enriched data that didn’t previously exist. Applying context to this newly formed data can detect security incidents that may have otherwise gone unnoticed.”   The market for security intelligence and analytics solutions is large and growing. Analyst reports indicate that the global market for threat intelligence will reach USD$9 billion by 2022, with a CAGR of 15% through the same period.   With the issuance of this patent, XYPRO expands its footprint in the security intelligence and analytics space, leveraging this technology for computing platforms and markets in addition to the HPE NonStop server market.   About XYPRO Technology Corporation XYPRO offers 35 years of expertise, experience and success in providing Mission Critical HPE NonStop information systems Security, Compliance and Database solutions.  Mission Critical computing allows us to securely shop, bank, manage our finances and stock portfolios, wire money and transact with credit cards, mobile phones and all types of newer tech innovations. At the heart of these activities is the digital core where data resides - moving, talking, transacting, doing what data does.  XYPRO believes that no data is more important than our customers’ data and we protect their data like it’s our own.  Because it is. For more information visit www.xypro.com. #### HPE NonStop Security: Key Performance Indicators They say that imitation is the sincerest form of flattery, and lately we’ve been blushing a lot!   You may have noticed the marketing messaging from a variety of security vendors and the similarities can be quite confusing!  Does everyone do the same thing?  The answer is “occasionally”.  XYPRO offerings are innovative, modern, trusted, backed by a team of seriously experienced security and software experts that sets us apart. We take advantage of all the latest technology, methodologies and secure development practices, as well as our strategic partnerships with the industry’s top cybersecurity companies.  No one has been doing this longer than XYPRO! Let’s not wax poetic on minutiae. There are a number of costly security solutions out there for things you can already do! Let’s get down to brass tacks about differentiators, starting with things that cost NOTHING EXTRA.  Several XYPRO products are included with the HPE NonStop operating system and are there for you on day one - with nothing additional to purchase.  Who’s all for saving time and money?!? SPLUNK Integration - Included with every NonStop server XYGATE Merged Audit (XMA), included with every HPE NonStop server, is the HPE supported method for integrating your NonStop data with log management and analytics solutions, like Splunk. Without having to purchase any additional software, XMA communicates directly with Splunk “…to modernize your security operations and strengthen your cyber defenses”. Configuring XMA to forward NonStop data to Splunk enables benefits, such as: A single repository for security, audit and application data Integrated NonStop data with SIEMs, SOARs and analytics Required for compliance and auditing Extensible to custom and home-grown applications Powerful real-time alerting and reporting HPE NonStop Splunk Integration was our most popular webinar of 2020 - watch it here! Multi-factor Authentication (MFA) XYGATE User Authentication (XUA) is also included on your HPE NonStop servers and ready to turn on with no additional software or infrastructure investment. XUA delivers multi-factor authentication based on industry standards. Extend NonStop security capabilities by integrating with enterprise authentication providers such as Microsoft Active Directory, RSA SecurID, Google Authenticator, and many others. Application MFA XYGATE Application MFA is an add-on to your XUA environment that strengthens the security of existing HPE NonStop applications with industry leading, multi-factor authentication.  Protect almost any application with MFA. XYGATE Application MFA offers multiple implementations: Screen Cobol Applications, ACI’s BASE24 and more. It sets up in minutes and integrates with your existing XUA environment. Extend the Power of CyberArk to Your HPE NonStop Workloads XYGATE for CyberArk integrates your HPE NonStop servers with your CyberArk Password Vault and Privileged Session Manager. Close the gap with privileged account management, session visibility and security in the privileged access management process using NonStop emulators, such as OutsideView and others. All the CyberArk benefits available to your other enterprise platforms are now fully available for your HPE NonStop servers in a CyberArk certified, fully supported solution. Integrate Your HPE NonStop Servers with SailPoint Identity Governance Whether you need to provision users on one or multiple HPE NonStop servers, XYGATE Identity Connector (XIC) integrates your NonStop servers with SailPoint IdentityIQ.  Achieve user governance, provisioning and reconciliation of HPE NonStop user accounts directly from SailPoint. Ensuring employees have the correct access to the right business applications and IT resources is a critical requirement with which many companies struggle.  Current solutions for requesting and managing user access are inefficient, manual, complex, and outdated. Governance is often an afterthought, leaving enterprises vulnerable to security risks and exposed to compliance issues. Many organizations are using SailPoint to manage their technology assets. SailPoint, the market leader in Identity Governance and Administration, allows businesses to automate an ever-growing technology landscape while addressing security and compliance risk. XYPRO and SailPoint have partnered to provide the first and ONLY SailPoint certified integration for HPE NonStop servers. XIC for SailPoint provides complete control over who has access to your NonStop servers from your enterprise SailPoint instance. When you need to integrate your NonStop workflows with ServiceNow. The ServiceNow add-on module for XYGATE Access Control (XAC) validates privileged commands against Problem, Change and Incident Tickets, granting or denying execution based on the response from ServiceNow. This integration eliminates the complex, after-the-fact manual effort otherwise required to match NonStop executed commands with individual ServiceNow tickets. Threat Detection and Security Data Analytics XYGATE SecurityOne(XS1) is a unified Security Management and #DataAnalytics solution for HPE  NonStop environments that provides real-time Risk Management, Threat Detection, Vulnerability Assessment, Compliance Reporting and Integrity Monitoring using a modern  browser-based interface. Organizations are challenged to meet compliance standards, dedicate time  for audits, proactively monitor log files and identify threats. Having to piece together point solutions is an inefficient and manual process. Volume, velocity and availability of the data makes this an impossible task. XS1 improves  the productivity of security operations while maintaining compliance with regulations such as  PCI DSS, GDPR and others. XS1 is a modular platform deployed on premise or in the cloud. XS1 is a complement to your SIEM that consumes raw HPE NonStop data. Using XYPRO’s patented contextualization technology, analyzed data is forwarded in natural language to the SIEM.   Log management & analytics tools like Splunk have trouble  understanding what activity from the HPE NonStop server environment means.  XS1 helps enterprise SIEMS like Splunk analyze, identify threats, and alert quickly on security incidents. HPE NonStop servers are the core of many mission critical organizations and are vital to our daily lives; how we shop, pay, bank, and communicate.  XYPRO collaborates with our customers, technology partners and HPE to develop solutions that maximize your HPE NonStop investment, addressing your security and integration needs. If you missed our Roadmap Webinar back in February, you can access it here anytime: https://xypro.com/webinars/ #### HPE NonStop ServiceNow Integration Inadequate change control exposes you to cybersecurity risk and compliance issues. ServiceNow IT Service Management (ITSM) is the primary enterprise solution for IT change management. Join XYPRO for a live webinar and learn just how seamless we make integrating your HPE NonStop servers with ServiceNow ITSM. Validate privileged commands against Problem, Change and Incident Tickets, granting or denying execution based on the response from ServiceNow. Eliminate complex, after-the-fact manual effort otherwise required to match NonStop executed commands with individual ServiceNow tickets. XYGATE ServiceNow Integration using ZeroTrust enforces the highest level of security in the ServiceNow workflow to reduce risk and increase efficiency. Prev 1 of 1 Next XYPRO Servicenow Integration for HPE Nonstop Webinar Prev 1 of 1 Next #### HPE NonStop SQL and XYPRO Where Manageability and Security Meet for a Common Goal The database manageability experience is in constant evolution. Not only because of new cloud consumption models but also with managed databases where the end customer is delegating the database administration tasks. This delegation may be to another group within the company, or to HPE GreenLake Managed Services (GMS) or other managed services providers (MSP) including in the public cloud. For many customers, this raises security concerns. Is my data still confidential? In what countries does it travel exactly? Am I losing security governance? How do I trust this new partner with my data? And if a security breach does happen, what are my options to ensure accountability? What do I need to do to achieve the same security level as when the database was in my own datacenter? Clearly, this transformation calls for absolute security on both the manageability layer and of course the underlying database where the mission-critical data exists such as for payment processing or healthcare records. For example, auditing may ease your mind by allowing you to identify any unwanted action that has been performed. Role-Based Access Control may greatly facilitate the setup of a “service” account that cannot access data yet maintain the database environment up and running. But the other key element to realize is how some of those features are required not just for security purposes but also because of the new consumption models and the explosion of user-profiles managing the database. It is one of the first discoveries you make when you look at implementing something like database-as-a-service (DBaaS). In a DBaaS environment, end-users deploy their own semi-virtual database in a self-service fashion. Commonly referred to as tenants, they oversee their mini replica of a database instance but with a simplified set of generic database functions. In another scenario, like a managed database, even if you do not use multi-tenancy, you may need another group to service your database, so yet another profile type that is not your typical, highly powered DBA. And beyond DBaaS, analytics calls for more new profiles such as data scientists creating new data products. At this point, it becomes obvious that database management is a very different task depending on who you are. The good news is that setting up those profiles for management purposes goes hand in hand with setting up your security correctly. The concept of zero trust starts with assigning the functions one role requires to do their job and nothing more. With a feature like RBAC, you decide who does what. And if you also centralized all the management activities in a single-entry point (using SQLXPress) then your security setup is applied all at once. And by the way, you are still using the same tool you were using in your data center that has been supported and enhanced for many years. All it requires is to be launched remotely, get through a single opened port in the firewall, and possess the security features that the new environment demands. SQL Database Management that is Modern and Secure For HPE NonStop SQL, SQLXPress from XYPRO is the most secure and functional NonStop SQL database management solution. Consider SQLXPress the Microsoft SQL Management Studio for SQL/MX. SQLXPress comes with a comprehensive set of security controls, which include: Multi-Factor Authentication Auditing Access Control Session Encryption Code Integrity Multi-Factor Authentication By prompting users for a second factor, SQLXPress supports multi-factor authentication (MFA), a PCI-DSS, and GDPR requirements. When combined with XYGATE User Authentication (XUA), (included with every HPE NonStop server), you’re not only up to date with the most recent PCI DSS 4.0 MFA compliance requirements, but also with the advice of absolutely every security expert. Multi-factor authentication is an absolute must! Auditing Set the level of audit data collected by the audit subsystem. The SQLXPress audit subsystem logs users’ actions and stores detailed information such as date and time, user logon name, PC device identification, SQL statement text, SQL parameter values, outcome details, and much more. Through XYGATE Merged Audit (XMA), (also included with every HPE NonStop server), audit trail data is integrated with analytics solutions such as SPLUNK. A comprehensive set of audit reports is available, ranging from activity summaries to individual detailed actions. Reports can be filtered based on the time of day, the user, the device, and the SQL object name. Audit data provides answers to questions like: Who accessed or changed the data? Which device was used to make the change? Who attempted to execute an unauthorized command? Effective troubleshooting requires audit data. It provides diagnostic information and other access data for troubleshooting errors and permission issues. Every HPE NonStop server includes XMA. Furthermore, an XMA plugin integrates SQLXPress audit data directly into XMA, enabling sophisticated audit reporting and alerting for all NonStop SQL activity. Simply send that audit data to your enterprise analytics tools, such as SPLUNK or QRADAR, and NonStop database security is integrated into your overall enterprise security program. Access Control NonStop SQL includes access control by default. SQLXPress extends these standard access control features by giving users more granular control over the actions they can perform and the SQL objects they can access from within SQLXPress. Role-Based Access Control SQLXPress, like all XYPRO software, supports a role-based access control model: Permissions are granted to roles to perform activities Users are assigned to roles Roles may be limited to a specific “environment” (an environment is a collection of specific SQL objects) Access and activity requests are subject to authorization checks. Access control is tailored to the organization’s requirements.   Separation of Duties The Security Administrator is in charge of configuring and managing the SQLXPress security subsystem, including auditing and access control through a familiar user interface. To really appreciate SQLXPress access control let’s look at some use cases: Use Case 1: Command Restriction NonStop SQL gives the owner of a SQL object, such as a table or a view, the ability to perform any DDL or utility operation on the object. SQLXPress access control improves on this by allowing restrictions to be applied to individual operations. Many commands, such as Update Statistics and Split Partition, are part of a DBA’s routine duties. They should be performed on an ongoing basis by the DBA. However, some operations, such as Purge Data, Drop Table, or Disable Trigger, are not required for normal database operations and can have disastrous consequences if performed inadvertently. During normal use, SQLXPress access control allows these potentially dangerous commands to be “locked down.” When the DBA needs to run a locked-down command, the Security Administrator temporarily grants the command permission. The security administrator revokes permission once the command has been completed. Use Case 2: Data Access Restriction NonStop SQL allows the table’s owner to view and modify the data stored in the table. SQLXPress access control can be used to restrict the owner’s data access while still allowing the owner to manage the table. SQLXPress security controls allow the owner to be prevented from changing data and even from viewing data. Use Case 3: Restrictions on Database Visibility SQL metadata is a rich source of information about the system’s databases. It contains information such as table and column names, security settings, data validation rules, and much more. Most organizations will want to restrict SQL metadata access to only authorized users. NonStop SQL/MX, on the other hand, secures SQL metadata for public read access. This means that any SQL/MX user on the system has access to information about all of the databases on the system. Metadata in SQL/MP is secured per catalog. The SQLXPress access control feature allows the Security Administrator to define one or more “environments” on a system to enable database visibility restrictions. An environment restricts the view of SQL objects on a system. The user is only shown objects that have been registered in an environment. By assigning a user a role for an environment, the Security Administrator can limit the SQL objects that are visible to him. To use SQLXPress, the user must first open an environment and can only work with SQL objects registered in that environment. Furthermore, a user can be assigned to multiple environments and even assigned a different role in each of those environments. For example, in the DEV ATM environment, user DEV.JOHN can be assigned the role of Senior DBA and the role “Guest” in the QA ATM environment. Summary SQLXPress is the leading solution for managing HPE NonStop SQL databases, with the most comprehensive set of features and full support for both NonStop SQL/MX, SQL/MP, and NonStop SQL Cloud Edition. HPE NonStop SQL databases are used to store highly sensitive and private data. Customers expect their database engines and database management tools to provide comprehensive security in an increasingly security-conscious world that includes new consumption models, and SQLXPress delivers. #### HPE NonStop Technical Bootcamp 2023: A Memorable In-Person Gathering XYPRO in the Spotlight with Groundbreaking Presentation In the world of technology, the annual NonStop Technical Bootcamp (TBC) has long been an essential event for HPE NonStop professionals, and this year's edition in September 2023 was no exception. Held at the elegant Hilton Denver City Center Hotel in Denver, Colorado, the 2023 NonStop TBC brought together industry experts, innovators, and enthusiasts for 4 days of learning, networking, and inspiration. Attendees embraced the opportunity to gather in person once again. The Hilton Denver City Center Hotel offered a blend of modern amenities and a welcoming atmosphere that contributed to the overall success of the Bootcamp. Attendees enjoyed the convenience and comfort the hotel provided, enhancing their overall experience throughout the conference. One of the undeniable highlights of this year's NonStop TBC was the HPE Keynote presentations, which showcased the latest advancements and trends in the world of Hewlett Packard Enterprise (HPE) NonStop systems. These sessions were met with enthusiasm from attendees, reaffirming the relevance and significance of NonStop technology in today's ever-evolving IT landscape. However, beyond the HPE Keynote presentations, one session stood out and captured the attention and the presence of the majority of attendees. That presentation was delivered by Steve Tcherchian, Chief Product Officer of XYPRO Technology, on the topic of "A Zero Trust Approach to Ransomware Protection and Data Resiliency." XYPRO’s presentation struck a chord with the audience, addressing one of the most pressing concerns in the tech world today—cybersecurity. In an era where ransomware attacks are on the rise, Steve's insights into adopting a Zero Trust approach for robust protection and data resilience were invaluable. His deep expertise and practical recommendations left attendees with actionable takeaways that could be implemented immediately within their organizations. The feedback from attendees was overwhelmingly positive, with many expressing that XYPRO's presentation was among the most valuable sessions of the entire event. Steve Tcherchian's ability to simplify complex concepts and provide real-world solutions resonated with both seasoned professionals and those newer to the field. The XYPRO presentation served as a reminder of the critical role cybersecurity plays in today's interconnected world and offered a roadmap for organizations to fortify their defenses against ransomware threats. In addition to the impressive XYPRO content, NonStop TBC 2023 featured a wide array of technical sessions, hands-on workshops, and networking opportunities that ensured attendees left with an enriched understanding of NonStop technology and its applications. The September 2023 NonStop Technical Boot Camp highlighted the pleasure of gathering in person and the invaluable insights shared by industry experts. Steve Tcherchian's presentation on a Zero Trust Approach to Ransomware Protection and Data Resiliency left a lasting impact on attendees and underscored the importance of cybersecurity in today's digital landscape. As the tech community looks ahead to the future, events like HPE NonStop TBC continue to play a pivotal role in fostering innovation, collaboration, and growth. #### HPE Technology Partner, XYPRO, secures fault-tolerant payment infrastructure XYPRO and its line of leading HPE NonStop security and database management solutions has been highlighted in this HPE Customer Case study. Focusing on PCI-DSS compliance and maintaining optimum NonStop SQL database performance for a large Japanese enterprise processing millions of payment transactions, XYPRO, HPE and DXC all collaborate to deliver the ideal solutions for a highly secure mission critical payments application. Read the entire case study here: https://xypro.com/whitepapers/hpe-technology-partner-xypro-secures-fault-tolerant-payment-infrastructure/ #### Identify, Protect, Detect - A ZERO Trust Approach to Ransomware Protection This May and June, join XYPRO and your HPE NonStop community in Edinburgh, Auckland, Sydney, Toronto, Mexico City & Dallas for informative presentations, demonstrations, and networking. Ransomware encrypts victims’ files and demands payment in exchange for the decryption key. No business is off limits. Learn the basics of ransomware, how it spreads, and what organizations can do to prevent, detect, and respond. Go over the tactics used by cybercriminals, the impact of ransomware attacks on businesses, costs associated with paying a ransom, restoring data and systems, and reputational damage. XYPRO’s best practices for preventing and recovering from ransomware attacks, including implementing zero-trust security measures provided by XYPRO and HPE ensure businesses can quickly and effectively recover from an attack. PCI-DSS 4.0 is on your mind. The new PCI standard was designed with a zero-trust philosophy at its core.  With new requirements for authentication, behavior analysis, and real-time monitoring, XYPRO’s White Paper on PCI DSS 4.0 takes out the guesswork and shows you step-by-step how to address compliance in an automated way.               #### Identify, Protect, Detect - A ZERO Trust Approach to Ransomware Protection  - HPE NonStop TBC 2023 NonStop Technical Boot Camp 2023 (TBC) is back in person September 12-14, 2023 at the Hilton Denver City Center in Denver, Colorado. Click to Register now! XYPRO Chief Product Officer, Steve Tcherchian will present Identify, Protect, Detect - A ZERO Trust Approach to Ransomware Protection  Ransomware encrypts victims’ files and demands payment in exchange for the decryption key. No business is off-limits. Learn the basics of ransomware, how it spreads, and what organizations can do to prevent, detect and respond.      You will learn: Tactics used by cybercriminals The impact of ransomware attacks on businesses The costs associated with paying a ransom, Proven methods for restoring data and systems< How to avoid reputational damage. XYPRO’s best practices for preventing and recovering from ransomware attacks, including implementing zero-trust security measures provided by XYPRO and HPE ensure businesses quickly and effectively recover from an attack. We know PCI-DSS 4.0 has been on your mind. The new PCI standard was designed with a zero-trust philosophy at its core. With new requirements for authentication, behavior analysis, and real-time monitoring, XYPRO’s White Paper on PCI DSS 4.0 takes out the guesswork and shows you step-by-step how to address compliance in an automated way. Plan your agenda.   See you in Denver! #### Inc. Magazine’s Best Places to Work 2017 - It's Always About More Than Just Business I am pleased to share some very exciting news that XYPRO is one of the honorees of Inc. Magazine’s Best Places to Work 2017!  As part of a prominent inc.com feature, the list is the result of a wide-ranging and comprehensive measurement of private American companies who have created exceptional workplaces through vibrant cultures, deep employee engagement, and stellar benefits. Out of thousands of applicants, Inc. singled out just over 200 winning companies and XYPRO was one of those companies! At XYPRO we recognize that a willingness to try new things in both technology and mindful corporate culture engages employees and attracts the type of open minded, hard-working, forward thinking employees we want to add to our team.  XYPRO endeavors to let our core values guide our decisions and help motivate.  Many XYPRO programs are specifically put in place to achieve an environment in which employees feel valued and want to stay and contribute long term.   We celebrate everyone's birthday with an individual hand-signed card and a monthly cake celebration. Milestone employee anniversaries are recognized with a plaque and public presentation FSA - Healthcare Savings Plan Employee Assistance Program (EAP) Team Lunches Company Lunches Exit Interviews to implement the feedback we receive Outside speakers focusing on personal growth and career development Team Building Activities On-site yoga Internal Education sessions (lunch & learns) Tuition Reimbursement for External Education Bug Bounty Program Referral Bonus Public Idea Board (anonymous or not) Time off for:  jury duty, bereavement, community service including volunteer firefighting, etc. Religious holiday swap/interchange based on individual preference Reimbursement for remote people to have a dinner out when we have a local celebration at HQ Surprise gifts (lottery tix, coffee card, etc., in paycheck envelopes) Food Trucks, pot luck lunches, chili cook-offs, company picnics Public Employee Recognition via company announcements and monetary ‘Thanks’ XYPRO enjoys a "family atmosphere" with many planned events to get employees and their families together throughout the year.  We encourage an open door policy when it comes to raising issues and our senior leadership team is very accessible.  We purposefully cultivate a positive vibe through programs, meeting topics, benefits and cross-departmental information sharing.  In recent years, recognizing that the majority of our employees were older, we began what’s turned into a vibrant internship program from which we've hired several full time team members.  This has meant that we also focus on employee engagement, attracting millennials and are mindful of their career development.  In fact, one of those interns wrote an article describing their experience working at XYPRO:  https://xypro.com/xypro-technology/time-xypro-got-today/ What does it take to become a company that workers want to be part of? Inc. magazine says it’s more than good pay and good perks – it’s also about having a clear purpose, a sense of humor, and leadership that makes the two work together. At XYPRO, we’re not here to mark the time between 8 and 5. Our customers deserve our best effort, as coworkers we deserve each other’s best efforts and in a company of our size, everyone plays a part in the success.  XYPRO Leadership is responsible for the example we set and the appreciation we show our team & our customers.  We take that responsibility seriously.  It’s always about more than just business.   Lisa Partridge CEO XYPRO Technology #### Inspirational Women in STEM and Tech Authority Magazine, Feb 27, 2020--Inspirational Women in STEM and Tech: “It is a myth that that in order to act like a leader you need to act powerful”, with Lisa Partridge, CEO of XYPRO Technology Corporation Lisa Partridge, XYPRO Chief Executive Officer & President, I believe what makes XYPRO stand out is our attitude/approach. We are a company that cares and it’s very important to us that our employees know that and that our customers know that. We don’t do everything perfectly but we genuinely try to right any wrongs and always get better. As a result of this attitude we have enviable employee engagement. Our expectations of performance are high but we also make genuine, honest efforts to have a positive, supportive, innovative workplace. From employee benefits like paid parental leave and ½ day summer Fridays to career path opportunities, leadership and mindfulness training and free onsite yoga. We know happy employees work hard and support the cause. The result is a blue chip customer base with near 100% customer retention rates. We all use the same credit cards, banks, cellphones, online shopping portals, gift cards, POS devices that you do. We’re building security solutions to protect all of ‘you’ and that means all of ‘us’. Approach every decision from that perspective and it’s easy to care enough to make sure the job is done well. Click here to read more. #### Integrate Your HPE NonStop Servers with SailPoint Identity Governance Whether you need to provision users on one or multiple HPE NonStop servers, XYGATE Identity Connector (XIC) elegantly integrates your NonStop servers with your SailPoint enterprise solution.  Achieve user governance, provisioning and reconciliation of HPE NonStop user accounts directly from SailPoint. Ensuring employees have the correct access to the right business applications and IT resources is a critical requirement with which many companies struggle.  Current solutions for requesting and managing user access are inefficient, manual, complex, and outdated. Governance is often an afterthought, leaving enterprises vulnerable to security risks and exposed to compliance issues. Many organizations are adopting solutions like SailPoint to manage their technology assets. SailPoint, the market leader in Identity Governance and Administration, allows businesses to automate an ever-growing technology landscape while addressing security and compliance risk. XYPRO and SailPoint have partnered to provide the first and only SailPoint certified integration for HPE NonStop servers. XIC for SailPoint provides complete control over who has access to your NonStop servers from your enterprise SailPoint instance.  SailPoint Benefits SailPoint is a flexible identity governance software designed to provide efficient, all-encompassing visibility into who is doing what in your environment via rapid automation of identity and access management across the enterprise. Other benefits: Automated User Provisioning - Give users the access they need as they join an organization Access Request - Empower users with automated application and data access  Access Certification - Always ensure users have the right access Integrate with CyberArk - The market leader in Privileged Access Management Free up Resources - eliminate time consuming manual processes that are costly and error prone Simplify Audit Activity And much more... Why XYPRO and SailPoint? SailPoint’s industry-leading, powerful access certifications, governance controls and logical workflows allow NonStop customers to take full advantage of the capabilities provided by SailPoint that have long been available for other platforms. A common use case is user account provisioning and deprovisioning. With XIC, when an identity is provisioned through SailPoint, HPE NonStop is now an option to select. Once selected, the userid and all relevant attributes are automatically created on your HPE NonStop servers. No user intervention. No emails being sent to administrators and no manual processes. Similarly, when an identity is disabled through SailPoint, the corresponding account is immediately disabled on all NonStop servers on which it was provisioned. When that identity is removed using SailPoint, the account is immediately removed from all NonStop servers, ensuring the removal of stale accounts, improving your relationship with your auditors, and strengthening your security procedures at the same time. XYGATE Identity Connector is a lightweight, easy to deploy, executable using a micro service framework and standard SCIM 2.0 protocols. Simply configure the service XML with the specific HPE NonStop server properties and run the deployer. XYPRO’s NonStop Identity Connector deploys quickly in a JAVA Virtual Machine (JVM) on OSS. No other software is required. Installation is simple, quick and secure. Join our Webinar Join SailPoint and XYPRO on Wednesday, October 7, 2020 for a joint webinar where we’ll discuss the benefits of integrating SailPoint and your HPE NonStop server environment with XYGATE Identity Connector. We’ll walk through the most common use cases that have simplified HPE NonStop administration activities.   #### Interview with Steve Tcherchian – XYPRO SafetyDetective had the chance to talk to Steve Tcherchian, CISO of Simi Valley-based XYPRO.com, a cybersecurity solutions company. We got his expert insights on the current and future trends of cybersecurity (and ransomware more specifically), plus some actionable tips to protect businesses data. What’s the story behind Xypro: How did it all start, and how has it changed during the years? XYPRO started in the early 1980s in Simi Valley, California on the dining room table of our founders as a small financial services consulting company that evolved into engineering software banking applications to automate functions like collections, letter generation and loan origination. Thanks to the vision of XYPRO’s founders, we pivoted our focus to Cybersecurity in the early 1990s. We were definitely early players in the space, way before security was considered mainstream. Other than a small blip in 1994, our business and grown at a steady and exciting pace. The market for our solutions is a niche mainframe server used in very high-speed, high-volume online transaction processing trusted by retailers, banks, and credit card companies. Our customers are B2B, Fortune 500 companies that keep the world’s infrastructure working – and we secure all of it. Our customers include Banks, Retailers, Telecomms, Medical, Food services, Supply Chain and more spread across 6 continents. Partnered with Hewlett Packard Enterprise, we’ve been the dominant vendor in our market for years. That stability has given us the opportunity to expand our offerings into new product lines and markets and continue to deliver value and security to our customers. Experts have been preaching for years about the benefits of multi factor authentication. It’s one of the biggest bangs for your buck in terms of cyber protection, yet the excuses for why it’s not implemented, never end. Steve Tcherchian Chief Information Security Officer XYPRO Technology Our newest offerings include cybersecurity compliance and monitoring for SAP HANA and Linux environments. What kind of cybersecurity services do you offer, and what makes them stand out? XYPRO has been a staple in the mission critical computing space for decades. Our technology protects our customers data as if it were our own – because ultimately it is. We secure the entire mission critical technology stack from top to bottom. We focus on auditing and compliance, authentication, authorization, security hardening, real time monitoring and have a patent on contextualizing security intelligence and analytics. Because of our patent, we can generate and evaluate security data for actionable response in a way that no other security provider can. This ensure we can detect indicators of a breach as fast as possible – before ransomware takes hold or your data is stolen. Read the article here #### It is a Myth That in Order to act Like a Leader you Need to act Powerful Thrive Global, March 5, 2020--It is a Myth That in Order to act Like a Leader you Need to act Powerful Lisa Partridge, XYPRO Chief Executive Officer & President, states "It is a myth that you must act powerful to gain respect — many people confuse being “the one who is responsible” with being “in power” and that in order to “act like a leader” you need to “act powerful”. Both men and women do this — decibel level and states of constant dissatisfaction don’t generally keep people on their toes in a good way. It breeds anxiety." Click here to read more. #### July 21st Episode of The Round Table Talk Show Steve Tcherchian, the Chief Product Officer and Chief Information Security Officer for XYPRO Technology appeared last week on July 21 on The Round Table Talk Show, which showcases people who are successful growing businesses. Watch the video replay here. On this Facebook Live videocast, Steve does a great job describing the importance of cybersecurity when working from home and the mission of XYPRO. The audience is entrepreneurs, business owners and individuals who want to learn how to succeed at business, how to grow their business, how to make money, and more. #### Keystroke Logging. Are you in? When implemented properly, keystroke logging is a win for users, system administrators, security teams and auditors.  Users may feel like it is an invasion of privacy--it isn’t. System administrators often believe it will negatively impact performance--it won’t.  And security teams always ask if the data collected it searchable/usable--it is. Moreover, for many companies, it can be a compliance requirement.  XYGATE Access Control (XAC) brings transparent keystroke logging, as well as other features to the HPE NonStop while answering all the above questions in a way that pleases everyone. The best way to implement keystroke logging There are many ways to implement keystroke logging, for example, screen recordings to hardware devices attached to every terminal, and to intermediate servers that accept input and pass it on. The most effective means has always been to capture the input and output as close to the system as possible. Screen recordings make text searching problematic and have large storage requirements.  Hardware devices must be attached to any tool that might interact with the system.  Intermediate systems have issues with non-repudiation, emulation and control issues.  Capturing and controlling input at the shell level directly on the target system provides a seamless and effective approach that requires no additional infrastructure. This allows for the most flexibility, tightest integration, best reportability, and 100% availability that every customer should expect. XYGATE Access Control delivers functionality for one, some, or all users on the HPE NonStop regardless of how they access a system shell. XAC can be implemented to capture keystrokes from Guardian (TACL), OSS (ksh, bash, etc.), via telnet (hopefully over tls!), ssh or any other method. XAC keystroke logging can operate with or without Safeguard and can differentiate between a user and an alias for both reporting and control. Does my system require keystroke logging? If the system handles PCI data, you should be keystroke logging privileged users, at the minimum.  PCI requirements states you must implement automated audit trails for all system components to reconstruct the following events: All individual user access to cardholder data. All actions were taken by any individual with root or administrative privileges. Keystroke logging is the most effective method to meet this requirement. Because XAC keystroke logging adds negligible overhead to any session, XYPRO recommends that ALL users be keystroke logged for ALL sessions. For users that feel that full-time keystroke logging is an invasion of privacy, they should be reminded that all NonStop resources are owned, controlled and managed by their company. All activity--certainly on production hosts--is monitored and should only be used for official purposes. How about searching and reporting?   XAC shares the XYGATE common architecture that allows it to leverage the entire XYGATE Suite; Configuration Manager for updating the ruleset; report manager for simple reporting. Besides, it easily integrates into XYGATE Merged Audit and XYGATE SecurityOne for advanced reporting and alerting. Reports can be configured based on time, user/alias, terminal, keyword or any other criteria. Common reports include privileged users, by session.  These reports can be archived for ease of access and the contents are in plain text to facilitate searching. For example, let us say an auditor wants to know who logged on as SUPER.SUPER on Friday, February 7, 2020, and which operations the user executed–done.  Does the auditor need to see who typed the word “PURGE” coming from a VPN connection?  The answer is Just a few clicks away.  Do they need to know if anyone accessed APP.MANAGER last week? Simple, there is an aggregate report for it already complete. XYGATE Access Control is configured to collect all user input during any privilege escalation session.  It can be configured to collect input AND output, including block mode auditing for any user, at any time.  All audit data includes everything necessary to perform forensic investigations such as time of entry, user/alias (both escalated user and underlying user), terminal id/IP address, command, arguments/text, result, and more.  As the logs are stored in plain text, they can be compressed and/or sent off-host to Security Incident Event Manager (SIEM) or XYGATE SecurityOne for real-time threat detection via XYGATE Merged Audit.  This reduces the burden of monitoring, searching and alerting to the team that is best positioned to handle it. Customer Success Using XAC Keystroke Logging A NonStop customer recently encountered an issue, during a major system upgrade, which impacted business operations as well as those of several external customers. After they were unable to restore normal operations, the system upgrade was stopped and reverted to its previous state. Many hours were spent to resolve the issues and identify the root cause. It wasn’t until the next day that the root cause was discovered which increased loss of revenue and maintenance schedules. The issue was discovered by an XAC keystroke log. The report determined that the problem was caused by human error. A technical team member had mistakenly executed an erroneous command, which impacted system communications. This customer declared that “without the XAC keystroke log report, we may have never discovered the root cause.” Armed with this vital information, this business was able to inform affected customers and reassure them that all necessary steps have been taken to make sure this type of outage will never occur again. Additionally, this NonStop customer developed training to educate employees about proper privileged account id usage. There is no reason not to log Administrative users hold the keys to vital information on your systems. They have the power to take action with the highest privileges on the most sensitive areas of your HPE NonStop server. To ensure no damage occurs either maliciously or inadvertently by user error, PCI DSS Requirement 10.2.2 and other compliance frameworks require that all actions taken by any user with administrative privileges must be tracked. XYGATE Access Control comes packaged with keystroke logging functionality out of the box. The keystroke log report lists all the activities each user makes resulting in ease of compliance easy. These data-rich logs can also be forwarded to an enterprise SIEM through XYGATE Merged Audit for compliance with PCI DSS Requirement 10.2.2. If users are hesitant or weary of keystroke logging, let them know that it is used more often to prove who did NOT do something.  The purge of a critical file by a shared user can easily be located and tracked using keystroke logs and will greatly reduce the time necessary to identify issues and provide non-repudiation. Between compliance requirements, zero overhead, extensible reporting and the ability to record actions from all users, XYGATE Access Control is an ideal solution to meet this very necessary security requirement. #### LAUSD Targeted for Ransomware Attack Over the weekend the Los Angeles Unified School District (LAUSD), the second-largest school district in the nation, was hit by a ransomware attack that has caused a “significant disruption.” Classes resumed on Tuesday following the Labor Day holiday, but a number of essential services – such as faculty email, Google Drive access and computer applications such as the Schoology management system – remain unavailable. LAUSD said in a press release that the technical issues have not been causing issues with transportation, food service or after-school programs, and maintained that systems critical to the district’s daily business operations – such as employee health care and payroll – were not affected. Still, the full impact of the attack remains unknown, and investigations are ongoing. Officials are trying to determine whether any data has been stolen from LAUSD’s systems. Schools and the healthcare industry are low-hanging fruit for attackers because cybersecurity awareness and protection has not been a high priority, often times, security awareness training for school employees is sitting through an hour-long video or clicking through slides and attesting that you completed the training. That’s not training.” Steve Tcherchian  CISO, XYPRO Technologies Ransomware attacks work by encrypting files on a user’s computer system and then demanding a ransom payment in exchange for the decryption key. These attacks often take a multi-pronged approach, by accessing and then selling stolen data even after the ransom is paid. Read the article here #### Leading Cybersecurity Firm XYPRO Chosen by European Bank LOS ANGELES (PRWEB) April 30, 2021 XYPRO Technology Corporation (XYPRO), the leader in HPE NonStop Server cybersecurity, analytics, identity management, and secure database management, today announced its XYGATE SecurityOne (XS1) security suite has been chosen by a multinational European Bank to secure its customer data and transactions. After evaluating various solutions and putting XYGATE SecurityOne through a rigorous trial, the bank security team addressed all their requirements by selecting XS1. A unified Security Management and Analytics solution for HPE NonStop servers and applications, XS1 provides real-time Risk Management, Threat Detection, Vulnerability Assessment, Compliance Reporting and more. Prior to XS1, the bank security team was challenged to meet compliance standards, dedicate time for audits, proactively monitor log files, and identify threats. Having to piece together point solutions was an inefficient and manual process. XS1 was quickly and easily deployed into the bank environment and is now protecting their mission critical workloads that include ATM, POS and credit card transactions for multiple EU countries. XS1 immediately improved staff productivity while maintaining compliance with regulations such as PCI DSS, GDPR, and others. "Most organizations cannot dedicate enough resources to proactively monitor their environment for security threats," said Steve Tcherchian, XYPRO's Chief Product Officer. "We partnered closely with the bank on its requirements and pain points to identify how XS1 will provide them value. In the end, the bank met its objective to secure customer data while modernizing their security, reducing cost, overhead, and increasing staff productivity." About XYPRO Technology Corporation XYPRO offers over 35 years of expertise, experience and success in providing Mission Critical HPE NonStop information systems Risk Management & Real-Time Threat Detection, Security, Patented Analytics and Secure Database solutions. Mission Critical computing allows us to securely shop, bank, manage our finances and stock portfolios, wire money and transact with credit cards, mobile phones and all types of newer tech innovations. XYPRO offerings are innovative, modern, trusted, and backed by a team of seriously experienced security and software experts that sets us apart from the rest. We take advantage of all the latest technology, methodologies and secure development practices, as well as our strategic partnerships with the industry's top cybersecurity companies. No one has been doing this longer than XYPRO. For more information, visit https://xypro.com. For the original version on PRWeb visit: https://www.prweb.com/releases/leading_cybersecurity_solutions_firm_xypro_chosen_by_european_bank/prwe #### Learning from the Marriott International Data Breach Learning from the Marriott International Data Breach (originally published in Grit Daily) The Marriott data breach highlighted several critical deficiencies in their cybersecurity mindset, plan & resources. Marriott International has admitted to an ongoing breach in its network since 2014 with nearly 500 million records stolen. These included social security numbers, passport numbers, email addresses, physical addresses, credit card numbers and other identifiable information. The breach occurred in 2014, yet it was undetected for four years. It is being reported that the attackers not only stole encrypted data, but also the keys and necessary knowledge to decrypt the data. If you give any attacker that much time on your network without being detected, they will uncover your deepest, darkest secrets. There are plenty of cyber security vendors and solutions on the market well-suited to this purpose. The current ‘average’ time to detect a data breach is almost three months. Two years ago, it was twice as long. That’s progress, right? Maybe. Security intelligence and analytics are not just buzz words. They are necessary weapons to detect and alert on anomalies in real-time. When these solutions are tuned to alert on real incidents, rather than binary events or thresholds that create noise, they arm security responders with real and actionable data much earlier in the kill chain.  This allows them to respond within minutes, in most cases, not years. Storing unnecessary data and storing data for too long is another major issue Marriott International faced. They can’t steal what you don’t have. I’m sure we all have junk stored away in our houses and garages for that moment where “one day when I might need it”. This is the digital version of hoarding. Storing data, especially personal identifiable information regarding customers, way beyond the time where it is needed, is a recipe for disaster in the digital world. This is what thieves are after. The goldmine. Marriott delivered.  But they’re not the only ones. Stop, Stop, Stop using Social Security Numbers. They are unique identifiers. Somehow over time, social security numbers issued by the United States government became the de facto way to uniquely identify an individual. Medical records, bank accounts, airline and hotel programs, credit card accounts, bank loans, home and car purchases are all using a single set of nine-digit numbers linked to a single person. The damage that can be caused by that number falling into the wrong hands is sometimes irreparable. The damage can be immense and a nightmare for individuals. There are viable alternatives to this - biometric, voice recognition and others. Granted these still have their own vulnerabilities, but if enough effort is put forth to secure another method for identify, it will make obsolete the whole SSN identifier and all the vulnerabilities that come along with it. Adding insult to injury - Marriott sent a notification out to its millions of members alerting them of the data breach. They sent the email from a newly registered domain “email-marriott.com” which was registered to a third party authorized to handle notifications on behalf of Marriott. Not only did this email raise suspicion regarding its authenticity, but it was pointing to a site without any information, it did not have any HTTPS certificates to identify the owner and left Marriott exposed to additional spoofing by thieves, of new domains.  What this shows is a lack of investment in cybersecurity by Marriott International. They didn’t have the experts to determine their risks or how to recover from an incident. There is a lot we can learn from the Marriott breach, yet just like with Equifax, Target, Home Depot and every other mega breach in recent history, this will all be forgotten in due time. Marriott will make a good statistic in security presentations, discussing the volume and size of the breach, but I don't expect much change beyond this without a serious shift in mindset. #### Leveraging Slack Polly Polls to Foster In-Office Collaboration Fostering In-Office Collaboration Conversations around remote versus in-person collaboration continue to evolve. While remote work offers flexibility, there's a growing recognition of the positive impact of in-person interactions on employee well-being. At XYPRO, we like to plan ahead. Pre-pandemic, we had a lot of people in the office every day, and we had many activities, gatherings, and social events. Post-pandemic, we missed it. A lot. We wanted to find ways to encourage in-person participation without mandating a full-time return to the office. Our business is Cybersecurity Software and the majority of our team members are engineers. As we discovered during the pandemic - pretty darn good at being productive while working remotely. Since reopening the office, the number of employees regularly coming in has reduced. During the pandemic, We hired more remote team members, some moved away and became remote, and there wasn’t really a reliable pattern of who was coming in on which days. This knowledge was important to us because employee surveys showed real enjoyment and appreciation for the effort our team makes to gather with purpose. What we also wanted to plan for was lunch! We decided that every time we had at least 10 people in the office, we would bring in lunch for everyone. Our newly hired office administrator was sometimes running a relay race to ensure everyone who came in that day was fed - the hit-and-miss nature of this approach was more stressful than it needed to be. What we didn’t have was consistency. So, at the suggestion of our new Development Manager, XYPRO began using Slack Polly Polls to better prepare for who will be in the office on specific days. The amazing side effect of this public poll is that it has influenced team members to prioritize in-office work, promoting not only productivity but also mental health and camaraderie. The opportunity for face-to-face interactions fosters a sense of connection and belonging that is difficult to replicate remotely. Regular attendance has really increased in a consistent manner in a regular and reliable pattern. In other words, when people see others coming into the office, they want to be there too! We use this regularity to plan special events, team building, Happy Hours etc. Daniel Ranchpar, Intern – Development, shared, “Speaking from the perspective of someone that rarely goes to the office due to distance and other factors, it is nice having the poll because every once in a while, I do get the opportunity to go to the office and can look at it. I guess it’s kind of “introvert-friendly” because you can see if people you know are planning on going on a certain day and be further encouraged to go because of that. Before the poll, it was more up in the air, and we usually made group chats for certain planned days and other occasions.” Inclusivity The social aspect of in-person work plays a pivotal role in fostering a supportive and inclusive work environment and for mentoring junior team members. From spontaneous hallway conversations to team lunches, these informal interactions contribute to a sense of camaraderie and belonging that is vital for employee morale and mental health. The importance of these social connections has helped create a workplace culture where XYPRO team members feel valued, supported, free to speak, and understood. Hagop Tanashian, Engineer I – Development (former Intern),  told us, “The Slack/Polly Poll has definitely encouraged me to come into the office more. I can easily see who else is coming in and am excited to show up knowing my coworkers will be there. When working from the office, I’ve been able to create stronger relationships with everybody at XYPRO, especially my teammates. This has helped foster cohesion amongst my team and makes working with them easy." Camaraderie Our efforts to encourage more in-person interaction have had some wonderful side effects. XYPRO Team members have created a “Walking Club” and a “Running Club.” The clubs engage in the use of apps like Strava to create group challenges. Others have set up after-hours get-togethers, which further increases camaraderie. Josue Sanchez, Intern – Development, provided this valuable perspective, “I believe that the Slack/Polly Poll has been a great tool that can encourage team members to work in person. Seeing others commit to in-person workdays can motivate others to join, which creates a more collaborative work environment. From my personal experience, working from the office is especially beneficial to newcomers; it is a great way for them to build relationships and learn directly from others. This was the idea behind starting the Walking Club - creating opportunities for people from various departments in the company to meet, interact, and converse with one another while doing an activity that is non-work related. Building these relationships in a non-pressure, non-work setting will make it easier to communicate about work-related topics when the pressure is on. The better we communicate, the more productive and cohesive we become. Therefore, having and partaking in these opportunities to build relationships is key, and this is only possible if people work from the office." Fostering Communication In addition to the mental and physical health benefits, in-person collaboration promotes clearer communication and faster decision-making, leading to increased efficiency and productivity. Polly Polls allow us the advantages of in-office interactions, which can empower employees to embrace a hybrid work model that prioritizes both flexibility and well-being. Gabriel Mourad, Engineer I – Quality, “My thoughts when it comes to having a poll for people to input the days they are coming into the office/are just working remotely have been really positive and a great feature for the culture of our company! Having visibility, not only allows people to express their preferences (which allows them to take action more frequently), but also accountability. The office has lent itself well, for me personally, when it comes to the professional and social environment. Events, such as lunch breaks, walking outside, or even small talks in the office, allow a better working environment and I've seen myself more successful.” Karina Mara, Intern – Accounting remarked, “Polly poll has been great, and I think it's beneficial in keeping our lines of communication or systems connected and consistent in some way. It's always great to maximize the features available with the applications we already have. As for its purpose, I think it's a great way to garner more attention and engagement with slack, which as you mentioned, helped with encouraging team members to work in person. I noticed a lot more coming into the office and even seeing the confirmed number of people motivates me even more. It makes going in person more fun and exciting, especially seeing everyone else come in and do their work. It’s a great opportunity to meet others and engage in insightful conversations both professionally and personally! As an intern, it’s helped me really understand and learn more about the company, which I’ve been so fortunate to be able to do. It also helps me have a more tangible idea of what’s going on, be it within the company or with our products.” In conclusion, organizations can create a workplace culture that prioritizes employee well-being and fosters a sense of belonging. By using technologies (like Slack Polly Polls) you can encourage employees to embrace the office environment for its positive impact on mental health and camaraderie. You can unlock new levels of productivity, satisfaction, and success without a mandated return-to-office policy. #### Lisa partridge of XYPRO Technology BitBean | CEOs Speak, July 2020 – Lisa partridge of XYPRO Technology Is there a particular book that you read, or podcast you listened to, that really helped you in your career? Can you explain? I have lost track and count of the books about “motivation”, “frog eating”, asking for the deal, etc., with post it notes sticking out of the 2–3 chapters I made it through before moving on to something else. As I took on company-wide leadership responsibilities, practical books like “The Essential HR Handbook” proved to be lifesaving when navigating the complex waters of employee supervision — what to say, how to say it. In more recent years, as corporate identity, mission and culture became more of my focus, I homed in specifically on improving overall company performance and employee engagement. I relied on books like the history of Tandem Computers and “Leaders Eat Last” that really stressed concepts like servant leadership, employee investment and company cultural identity. I haven’t really transitioned from books to podcasts, but I do enjoy NPR’s “Hidden Brain”. Recommended by my Dad who is in his mid-seventies, it’s not necessarily a “how to” career helper in the traditional sense but serves the self-reflective, contemplative brain exercises that are necessary to be the type of leader, and everyday human, that I want to be. Extensive research suggests that “purpose driven business” are more successful in many areas. When you started your company what was your vision, your purpose? I didn’t start XYPRO. I took the helm when the founders retired. My purpose felt and still feels like it is to ensure I don’t screw up and fail the business the founders put their life into starting. Finding our “Own” vision for the business took my partner and me some time but we have done that and made it our focus. Because I am the CEO, I also had to find a cultural vision that felt natural, benefitted the employees and ultimately the company. I have found in my personal experience that those things go hand in hand. We have enviable employee engagement. Our expectations for performance are high but we also make honest efforts to have a positive, supportive, innovative workplace. From employee benefits like paid parental leave and ½ day summer Fridays to career path guidance, leadership and mindfulness training and free onsite (now remotely hosted) yoga. We know happy employees work hard and support the cause. The result is a blue-chip customer base with near 100% customer retention rates. Click here to read the full article. #### Live Webinar: Digital Resilience for HPE NonStop Systems: ETI-NET & XYPRO’s Cybersecurity Advancements Join us for exclusive LIVE Webinars on Tuesday, February 13th, and Wednesday, February 14th, hosted by ETI-NET and XYPRO. We’re thrilled to introduce our groundbreaking collaboration, elevating digital resilience to a new standard. 2023 marked a historic success for ransomware groups, experiencing a remarkable increase of almost 60% since the previous year. No industry is off limits to ransomware. Being able to detect an incident quickly and recovery is now a must. “Unplugging everything” is not a strategy. We must be resilient and recover quickly. Enter Digital Resilience. Digital Resilience is not just about building walls, it’s about fortifying the foundations and protecting data. In today’s world of evolving threats from ransomware, your backup and recovery infrastructure and data are prime targets. Securing this ecosystem to ensure business continuity and data security is the bedrock of resilience. Join Steve Tcherchian and Mike Mitsch for an insightful webinar where we'll guide you on securing and monitoring your ETI-NET BackboxⓇ Virtual Tape Controllers with integrated storage and NonStop environment against cybersecurity threats using XYPRO's SecurityOne. Explore the enhanced features, dashboards, and comprehensive scanning capabilities that oversee every facet of the BackBox® / QoreStor® solution. Ensure the health and safety of your backup systems and backup data with valuable insights from this session. The solutions to monitor, alert, and manage risk are now available. Prev 1 of 1 Next Digital Resilience for HPE NonStop Systems: ETI-NET & XYPRO’s Cybersecurity Advancements Prev 1 of 1 Next Select your preferred viewing time and register below: February 13, 2024 - 8:00 AM PST February 13, 2024 - 6:00 PM PST February 14, 2024 - 1:00 PM AEDT Please note that a Zoom account is required for registration to this event.   Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. Steve is on the Forbes Technology Council, the NonStop Under 40 executive board, and part of the ANSI X9 Security Standards Committee.    With over 20 years in the cybersecurity field, Steve is responsible for the strategy and innovation of XYPRO’s security product line as well as overseeing  XYPRO’s risk, compliance, and security to ensure the best experience for customers in the Mission-Critical computing marketplace. Steve is an engaging and dynamic speaker who regularly presents on cybersecurity topics at conferences around the world. Follow me on LinkedIn https://xypro.com   With over 35 years of experience in the IT and Cloud Service Data Protection industry, Mike Mitsch is a seasoned executive who leads the global sales of Backup Storage/Enhanced Management Tools and Go To Market strategy for ETI-NET; the leading provider of NonStop Backup solutions for mission-critical applications. Follow me on LinkedIn https://etinet.com #### Looking at Both Sides of the Data Lake Argument InsiderPro November 15, 2020 - Looking at Both Sides of the Data Lake Argument Some see it as the new data warehouse for the Big Data era, while others see a mess that can easily turn into a swamp. For many decades, the data warehouse was the go-to technology for storing large amounts of data for querying and data mining. This should not be confused with the venerable database, which has a different mode of operation and use. The data lake arrived at the same time as the advent of Big Data. The concept was coined in 2010 by James Dixon, founder of Pentaho (now a part of Hitachi Vantara), in a blog post announcing his company's first Hadoop-based release. He argued that data marts, aka data warehouses, had several problems, such as size restrictions to narrow research parameters. "If you think of a Data Mart as a store of bottled water, cleansed and packaged and structured for easy consumption, the Data Lake is a large body of water in a more natural state. The contents of the Data Lake stream in from a source to fill the lake, and various users of the lake can come to examine, dive in, or take samples," he wrote. Data lakes are often compared to data warehouses but the two are nothing like except for one common element: both are for storing and later analyzing massive amounts of data, and that is all they have in common. "Is the data lake the new data warehouse? Yes and no," says Steve Tcherchian, CISO for XYPRO Technology, a cyber security vendor for mission critical apps. "They can be used as data warehouse but if they are not used correctly they are data graveyards." To read the full interview visit idginsiderpro.com #### Looking at What AI Can Bring to Your Organization's Cybersecurity Strategy CMSWire.com September 14, 2020 - Looking at What AI Can Bring to Your Organization's Cybersecurity Strategy Data Drives Cyber Responses However, an AI system is only as good as the data being fed into it. Just like a child, if you teach a child bad behaviors, those behaviors will be carried on with them as an adult.  If the information being fed to an AI system is intentionally malicious or inaccurate, the AI system will learn to behave the way the attacker wanted it to, not the way the system was designed to behave, said Steve Tcherchian, chief information security officer at XYPRO and a regular contributor to and presenter at the EC-Council, a cyber security technical certification body. In less important cases, this can be a mild annoyance. He cites the example of smart homes. These smart devices, he said, learn our habits and adjust themselves based on those inputs. “My Roomba has mapped my house based on the house and furniture layout,” he said. “If my daughter were to place random objects in its path and do this on a routine basis, the Roomba would eventually learn to avoid the area where it encountered an obstacle. That means that area would not be swept.” In more extreme circumstances, manipulating AI input can be dangerous. Planes have been using autopilot for years. Autopilot is getting increasingly smarter as AI technology advances, but flaws still exist because it's based on input. One faulty input or sensor can have irrecoverable effects.  If an attacker could get his hands on the input the AI systems rely on to make decisions, the affects could be incomprehensible. Especially considering AI is being intertwined into our lives more and more without us even knowing. On a large scale, this could be very damaging. To read the full article visit cmswire.com. #### Looking to manage employee performance in a hybrid work world? Here’s what experts say In 2022, the ability to help your team or employees improve their performance and keep productivity on high in a hybrid work environment is an essential element for any organization’s success. We asked experts who are well-versed on the topic to give us their top tips for helping managers enable workers to optimize hybrid work schedules and found some recurring themes, including: Utilizing software and HR networks to streamline work Boosting communication through regular check-ins with employees Ensuring employee expectations are clear “Making sure a company’s mission is understood and measuring how well employees are embracing and adapting to the collaborative tools will be critical to performance management. As organization’s shift into this model their goal should be focusing on performance enablement and engagement as a means of setting employees up for strong performance.” Dr. Melodie Bond-Hillman, Director of HR & Administration XYPRO Technology Corporation   #### Medical ID Theft: Prescription for Fraud   Chicago Tribune October 21, 2020 - Medical ID theft: Prescription for fraud Living through a pandemic can be a frightening experience. But years before the outbreak of COVID-19, another scary health-related scourge was steadily gathering steam. That worrisome phenomenon is the onslaught of medical identity theft. Scam artists are increasingly turning their attention to the $3-trillion-a-year U.S. health care industry, where data can be worth far more than stolen credit card numbers, reports Steve Tcherchian, chief product officer with Simi Valley, California-based XYPRO. ... The pandemic worsens the situation. Ordinarily, patients see their doctors face to face. But due to the crisis, many consultations are now being undertaken via telemedicine. That can lead physicians to rely more heavily on data in the electronic medical record. The record may be wrong, reflecting someone else's ER visit, not the patient's, Brill says. In some particularly sinister cases, medical identity theft could even lead to blackmail, Sheward reports. If your medical records showed, for example, that you sought treatment for alcoholism, "perhaps the actors who obtain them could threaten to pass on the information to your family or employer unless you pay (them) a fee," he says. Medical identity theft has a way of costing society as a whole. "It allows a fraudulent person to receive health care benefits they're not entitled to, as well as access to prescription history," Tcherchian says. "This enables thieves to purchase prescription drugs on a patient's (identity), which are then resold online on black market websites." Prevention steps ... To read the full article visit chicagotribune.com #### Meeting Your Security Integration Objectives - CyberArk, ServiceNow, Splunk and More ... COVID-19 and its security ramifications continue in 2021 and well beyond.  All of the threats brought to the fore when we were sent to work from home got added to the already-growing set of risks we were already trying to mitigate. Even though we’ve been dealt these additional challenges for the past year, we cannot allow ourselves to be distracted from our primary objective - keeping our customers’ data safe. XYPRO’s 2021 product roadmap includes updates to meet your enterprise data protection goals and cybersecurity objectives. New features and functionality maximize your HPE NonStop investment via XYPRO's latest security advances in (PCI-DSS required) Multi-Factor Authentication (MFA), Compliance and Anomaly Detection, HPE NonStop integrations with Splunk, SailPoint, CyberArk, Servicenow and more. Our 2021 product direction is simple. Continuing to provide innovative security solutions to address real-world business challenges. We partner with our customers and HPE to ensure the functionality not only maximizes your HPE NonStop investment, but addresses your security and integration needs. Servicenow Integration for HPE NonStop Servers Enforcing proper change management in an expanding IT ecosystem can be a daunting task. Inadequate change control leaves you exposed to cybersecurity risk and compliance issues. In many environments, Servicenow IT Service Management (ITSM) is the primary solution for IT change management. ServiceNow ensures that all activity has an approved change ticket for tracking and visibility. Integrating your mission critical systems and applications with ServiceNow is literally “critical”. ServiceNow and XYPRO The Servicenow add-on for  XYGATE Access Control (XAC) integrates your HPE NonStop servers with Servicenow ITSM. Using the XYGATE Web Service Connector (XWS) framework, XAC sessions validate privileged commands against Problem, Change and Incident Tickets, granting or denying execution based on the response from ServiceNow. This integration eliminates the complex, after-the-fact, manual effort otherwise required to match NonStop-executed commands with individual ServiceNow tickets. Flexible Ticket Validation The ServiceNow add-on for XAC validates privileged commands with ServiceNow based on any combination of the following factors: Ticket Number User System Date/Time Window Command Syntax And more... If the appropriate values cannot be validated with ServiceNow, privileged command execution is denied, even if the user has the proper permissions on the system. This enforces tighter security controls for privileged sessions and prevents user error. Lightweight and Secure The ServiceNow module is a lightweight service that attaches to your existing XAC environment and sets up in minutes. Requests for ticket validation/verification are sent to predefined web service endpoints through secure REST API calls using a secure transport framework (SSL/TLS enabled). A TACL user interface prompts the user for ServiceNow ticket information and prepares the REST API request. The module includes a request template that you can easily extend to support new APIs or update to remove deprecated APIs as your requirements change. The module's user interface processes the response from the ServiceNow and either grants or denies access to the requested resource. XYGATE CyberArk Integration Extend the Power of CyberArk to Your HPE NonStop Workloads XYGATE for CyberArk integrates your HPE NonStop servers with your existing CyberArk environment. This integration closes the gap with privileged account management, session visibility and security in the privileged access management process while using NonStop emulators, such as OutsideView and others. The HPE NonStop server seamlessly takes advantage of the same security capabilities that have always been available on other enterprise platforms. A typical CyberArk integration requires a remote desktop connection (RDC) or “Jump” server that privileged sessions channel through. Unfortunately, your HPE NonStop server loses visibility into critical attributes of the underlying user, such as the source IP address and Active Directory accountID. In addition, NonStop-specific functionality such as block mode application audits and function key interactions do not work. Your audit logs will show the “Jump” server IP for all privileged sessions. Other critical pieces of data will also be unavailable. This creates a compliance challenge since you cannot identify to whom a privileged session or activity belonged. With XYGATE for CyberArk, monitor and control your HPE NonStop privileged sessions using the entire power of CyberArk and XYGATE. Capture real source IP - (not JUMP server) Capture Windows Username (sAMAccountName) Passwordless Login using CyberArk’s Password Vault - Password is never revealed to the user Audit blockmode and function keys Compliance with multiple PCI DSS Requirements CyberArk Certified Integration All the CyberArk benefits available to your other enterprise platforms are now fully available for your HPE NonStop servers in a CyberArk certified, fully supported solution. SPLUNK Integration - Included with every NonStop server XYGATE Merged Audit (XMA), already included with every HPE NonStop server, is an easy-to-use and integral security component of the HPE NonStop operating system.  XMA is the HPE supported method for integrating your NonStop data with log management or analytics solutions, like Splunk. Without having to purchase any additional software, XMA communicates directly with Splunk “…to modernize your security operations and strengthen your cyber defenses”. Data is collected from EMS, Safeguard, ACI Base24, iTP Webserver, the XYGATE suite and much more. This data is aggregated, filtered, formatted, and forwarded in real-time. Whether your data is in native XMA/NonStop format, Common Event Format (CEF) or a custom format, it can be sent to multiple targets via TCP or UDP.  The only thing to decide is which data you want to send. XMA is set up within minutes. Configuring XMA to forward data to Splunk takes even less time. All you need is the IP address, port and transport method (TCP or UDP). Once setup, the following benefits are immediately available: Single repository for security, audit and application data Integrate NonStop data with SIEMs, SOARs and analytics Collect, parse, normalize and enrich your NonStop data Required for compliance and auditing Extensible to custom applications Powerful real-time alerting and reporting Our 2021 roadmap will focus on capturing additional NonStop data sources as well as modern integrations between XMA and SIEMs, SOARs and analytics solutions like Splunk, Elasticsearch (ELK), IBM QRadar, Logrhythm and more. XMA’s support for the HTTP Event Collector (HEC) allows NonStop users to send data and application events to Splunk using Secure HTTP (HTTPS). HEC uses a token-based authentication model. Generate a token and configure a logging library, or HTTP client with the token to send data to HEC in a specific format. This process eliminates the need for costly, custom technology to send application events to Splunk. Multi-Factor Authentication According to Microsoft, 81% of data breaches occur due to weak, default or stolen credentials and 99% of these attacks can be blocked by implementing Multi-Factor Authentication (MFA). MFA is an authentication method where a user is granted access only after successfully presenting two or more of the following pieces of information: Something you know (password) Something you have (security token) Something you are (biometrics) All it takes is one compromised account to one legacy application to cause a data breach. With the unfortunate increase in COVID-19 phishing scams targeting remote workers separated from their day-to-day environments, now is the time to implement multi-factor authentication across your critical applications, servers, and services. XYGATE User Authentication (XUA) is already included on your HPE NonStop servers and ready to turn on with no additional software or infrastructure investment. XUA delivers multi-factor authentication based on industry standards. It also extends NonStop security capabilities by integrating with enterprise authentication providers such as Microsoft Active Directory, RSA, Google Authenticator, and many others. In addition to MFA, XYGATE User Authentication integrates your NonStop and application user IDs with Microsoft Active Directory, providing enterprise, global password policy enforcement. This ensures the same password policies within Active Directory apply to your NonStop servers and applications, removing the risk from weak or default passwords. Our newest enhancement to XUA enables MFA for your NonStop applications. Legacy and custom applications typically do not have native support for modern authentication technologies for MFA, yet still need to comply with security requirements. XYGATE Application MFA is an add-on to your XYGATE User Authentication (XUA) environment that strengthens the security of existing HPE NonStop applications through the addition of industry leading multi-factor authentication.  Protect almost any application, Pathway-based or not, with MFA. XYGATE Application MFA offers multiple implementation options, including support for Screen Cobol Applications and ACI’s BASE-24. It sets up in minutes and integrates with your existing XUA environment. Integrate XYGATE Application MFA into existing Screen COBOL applications with minimal effort. There are versions of the MFA screen for both 6520/6530 and 3270 applications. 2021 XUA enhancements add support for additional authentication providers and newer authentication technologies. This is a list of functionality you will see in XUA later this year: Support for JSON Web Tokens, OAUTH2 and SAML Integration with Cloud MFA Providers Okta Centrify PING Thycotic and more... XYPRO and HPE - A Powerful Combination If you missed our Roadmap Webinar back in February, you can access it here anytime https://xypro.com/webinars/ According to IBM, the average time to detect and respond to a data breach in 2020 is 280 days. The yearlong global pandemic has made every industry a huge target with healthcare, financial services and the public sector leading the pack. On average, these industries spent over 320 days detecting and containing a cyberattack that cost tens of millions of dollars in some cases. HPE NonStop servers are the core of many mission-critical organizations. NonStop is vital to activities that affect our daily lives; how we shop, pay, bank, and communicate. As technology (and threats) evolve around us, the NonStop server continues to adapt. XYPRO is thrilled to be a part of this evolution. XYPRO’s innovation efforts do not stop there. We look forward to identify where research and development investments should be made, always prioritizing how to best serve our customers. This commitment has led us to new areas that provide even greater value and security to NonStop server users, integrating the NonStop with the rest of the enterprise and beyond. #### MGM Guest Data Released Online Hotel Business Online, Feb 27, 2020--MGM Guest Data Released Online Steve Tcherchian, Chief Information Security Officer at XYPRO, a cybersecurity analytics company, said that it is important for companies to do everything they can to protect data. “Leveraging the cloud doesn’t absolve a company from properly protecting data they have access to,” he said. “It’s imperative for companies to think about how to bolster their security on the cloud. Businesses need to prioritize cloud security. It is the responsibility of every business to follow best practices in terms of security configurations, credential storage, permissions, vulnerability management, monitoring and more.” Click here to read more. #### Modernize Compliance and Reduce the Cost of Security Incidents by 80% The probability that an organization will experience a breach in the next 24 months is 27.9% and the current time to identify and contain a breach is 280 days. XYPRO helps organizations reduce the mean time to detect and respond to potential breaches by up to 80%, dramatically reducing the impact of a breach to the critical HPE NonStop stack. Join our experts from XYPRO and HPE to learn: Best practices to address regulatory and compliance requirements. Why security is not a one and done effort. How to address multiple layers of threat protection – particularly with Tier 0-1 applications. How the combined value of XYPRO's SecurityOne solution running on HPE NonStop is an unrivaled platform that is secure and compliant. How HPE and XYPRO have joined forces to make purchasing and implementing XYPRO's Security suite easy and affordable. Speakers: Allen Whipple Server Security and Management Solutions Business Manager Hewlett Packard Enterprise Steve Tcherchian Chief Product Officer | CISO XYPRO Jerry Thompson Senior VP - Technology Services SECU Click here to view  #### Monitoring: A crucial part of a ZERO Trust strategy ZERO Trust is a straightforward concept - trust nothing, verify everything. Successful implementation can be difficult though, because retrofitting legacy systems may not be an option, and all-in-one ZERO Trust products do not exist. Configuring your network and systems for ZERO Trust to the best of your ability is the beginning,  not the end of the journey.  Integrity Monitoring   Systems, user roles, and technical resources change. Continuous verification and real-time monitoring are necessary to confirm controls remain effective when changes occur.   XYPRO Technology and HPE provide security solutions for end-to-end security of NonStop systems. This includes tools for three of the highest-value monitoring you can implement. Continuous Integrity Monitoring for awareness of changes, expected or otherwise, on your NonStop systems.    Real-Time Monitoring and Alerting for high-risk or suspicious activities, for example, the logon of newly created users with elevated permissions.    Monitoring of NonStop appliances, such as CLIMs and NonStop consoles.  XYGATE SecurityOne (XS1) Integrity Monitoring provides change detection for frequently used object types for HPE NonStop systems.  XS1 Security Intelligence Suite delivers real-time, continuous monitoring for a diverse set of high-risk activities (for example, suspicious logins, changes to ProgID or License status, or use of a frozen account to name a few).  XS1 Appliance Sentry Monitor scans and reports on CLIMs and NonStop consoles.  Below are examples of XS1 Integrity Monitoring and how it supports your ZERO Trust strategy.   For those of you using XYGATE Compliance Pro (XSW) it has been a reliable monitoring tool for many years, and it does a very good job, but XS1 is a big step up from XSW and offers enhanced real-time monitoring along with new, cutting-edge functionality.   XYGATE SecurityOne (XS1) Integrity Monitoring:  Integrity monitoring in XS1 is a simple, three-step process: Choose the type of monitor you want to create,  Define the objects you want to be monitored and  View the results.   File masks and filters can be used to narrow the focus of your monitoring to the individual Guardian Files if desired. Step 1: Add Monitor, define the type of monitor (Guardian File for example) and provide a name for the monitor:  Step 2: Define the systems to monitor, define the file masks for files to include or exclude, set the frequency of the monitoring, and save the monitor.  The monitor shown here will collect all Guardian File attributes but will only create an alert when the file security has changed or if the Licensed or ProgID on the file changed.  In the future, when more XYGATE products are added to $SYSTEM they are automatically part of the collection criteria and will be added to the generated report.  Step 3: View the monitoring reports. The results displayed are for all monitored NonStops and include every file in each $SYSTEM.XYGATE volume, excluding any temp files (files starting with ZZ).  The reported results can be sorted, filtered, and customized to display only attributes of interest.  The report below makes it easy to identify how the security differs for the ACACL, ACCONF, UAACL and UACONF files across the three NonStop servers.  R-Click to export the results to share the findings with your operations or security teams.  XYGATE Compliance Pro – Integrity Monitoring:  By contrast, XYGATE Compliance Pro requires several steps before your first report can be viewed.  1. Define your collection criteria (NonStop systems and what disks to monitor). 2. Create a new integrity check for each of the four files (ACACL, ACCONF, UAACL and UACONF). a. Create a new integrity check using the System Integrity Rule Builder. b. Build a rule to monitor the XYGATE files of interest.  Using the System Integrity Rule Builder you can select “Guardian Files” as the Entity to check. c. Filter for the Volume of interest, find the subvolume containing the files of interest d. Scroll through the list of files to find the files you want to select and monitor. e. Add selected files to the integrity monitor.  3. Repeat steps a-e for XYGATEUA. 4. Run the collection. 5. Load the collection. 6. View the results. The results are presented in a table displaying every Guardian File attribute. Columns cannot be removed from the table to optimize the information displayed as was done with XYGATE SecurityOne.  You can see how XYGATE SecurityOne automates, simplifies, and provides intelligent integrity monitor results. XS1 Increases Staff Productivity Most organizations cannot allocate enough resources to proactively monitor their environment. Instead, security staff must devote time at the back end, investigating possible incidents - a very manual and time-consuming process of collecting, correlating, and searching through disparate logs. XS1 automates incident identification by correlating and contextualizing data in real-time and highlighting actionable incidents that need immediate attention. This patented XS1 functionality means you’re not wasting time on “Possible” events.  This automation of investigative activities frees up nearly 80% of your staff’s time, allowing them to focus on proactive monitoring. XS1 Modernizes Security Resources The sheer processing power of HPE NonStop systems grows to support increasing volumes of work and critical assets being protected. HPE NonStop systems and the functions they perform are integral to the global financial infrastructure. Properly Securing these mission-critical workloads, and having only a few staff members familiar with NonStop security management increases the risk of insider abuse.   The differentiator for such a modern product like XS1 is that security management experience means you’ll find it intuitive to use XS1 to manage HPE NonStop security without needing in-depth NonStop knowledge, greatly reducing the risks from resource attrition and insider abuse. Learn more about the benefits of XYGATE SecurityOne  Visit our XYGATE XS1 product page for more information. For more information and to schedule a demo about Real Time integrity monitoring, contact us at https://xypro.com/contact/ #### Never Delete an App Without Doing These 4 Things First Reader's Digest, March 11, 2020--Never Delete an App Without Doing These 4 Things First Convenience comes at a cost “Applications are everywhere,” says Steve Tcherchian, Chief Information Security Officer at XYPRO, a cybersecurity analytics company. “We use them to shop, bank, order dinner, get a ride, keep our house warm, and even keep track of our children. But our data needs to be shared with applications for them to provide value. In most cases, this means extremely sensitive information about us and our lives. Click here to read more. #### New Collaboration Tools Mean new Security Risks The News Headline, March 19, 2020--COVID-19 and Tech: New Collaboration Tools Mean New Security Risks Corporations are increasingly more curious about automation and integration, stated Steve Tcherchian, leader product officer at XYPRO, who additionally sees a door opening for malicious hackers. “Essentially the most issues that may combine with every different and supply a unmarried pane-of-glass view, the fewer value, control overhead and attainable for issues exist,” Tcherchian stated. “These kind of [collaboration] apps have third-party integrations to as regards to each different apps for this goal. The problem turns into how safe are the integrations, what knowledge is shared between them and what possibility is offered into your platform?” Collaboration gear will grow to be a primary goal for hackers, Tomaschek stated, as a result of, through design, they make it simple to unfold knowledge in the course of the group. Click here to read more.   #### NonStop Security Truths You Should Know Cybersecurity and data breaches are a top story nearly every week, and it seems every software vendor’s messaging is about security - whether those vendors are security experts or not. On the surface it must seem like everyone is saying the same thing. So how do you know where to invest your time, resources and trust? XYPRO’s trusted security solutions are innovative, modern, and backed by a global team of experienced security and software experts. We focus on next-gen technologies and methodologies like Zero Trust, cloud, ML/AI and use secure development practices to ensure our customers have the most up to date and secure solutions available on the market. True Strategic partnerships with HPE and the industry’s top cybersecurity companies reinforce that trust in us. No one has been doing this longer than XYPRO! What makes XYPRO different? There are a number of costly security solutions out there attempting to sell you something you already have! HPE counts on XYPRO security solutions and includes several XYPRO products with the HPE NonStop operating system. You can use them right now – nothing extra to purchase. How’s that for saving time and money? SPLUNK Integration – Included with every NonStop server XYGATE Merged Audit (XMA), included with every HPE NonStop server, is the HPE supported method for integrating your NonStop data with log management and analytics solutions, like Splunk. Without having to purchase any additional software, XMA integrates HPE NonStop data with Splunk “…to modernize your security operations and strengthen your cyber defenses”. This powerful combination provides: A single repository for security, audit and application data Integrates NonStop data with SIEMs, SOARs and analytics Is required for compliance and auditing Extensible to custom and home-grown applications Powerful real-time alerting and reporting HPE NonStop Splunk Integration is still one of our most popular webinars – watch it here! Learn how to become a SPLUNK hero in 15 minutes! Multi-factor Authentication (MFA) XYGATE User Authentication (XUA) is also included on your HPE NonStop servers with no additional software or infrastructure investment. XUA provides multi-factor authentication for your users and applications - at no cost! Based on industry standards, XUA integrates with enterprise authentication providers such as Microsoft Active Directory, RSA SecurID, Google Authenticator, and many others. Application MFA XYGATE Application MFA is an add-on to your XUA environment that sets up in minutes and integrates with your existing XUA environment. Strengthen the security of existing HPE NonStop applications with industry leading, multi-factor authentication. XYGATE Application MFA offers multiple implementations: Screen Cobol Applications, ACI’s BASE24 and more. Extend the Power of CyberArk to HPE NonStop Workloads XYGATE for CyberArk integrates HPE NonStop servers with the CyberArk Enterprise Password Vault (EPV) and Privileged Session Manager (PSM). Close the gap with privileged account management, session visibility and security in the privileged access management process. CyberArk for HPE NonStop servers is a CyberArk certified, fully supported solution. Integrate HPE NonStop Servers with SailPoint Identity Governance XYGATE Identity Connector (XIC) integrates your NonStop servers with SailPoint IdentityIQ for user governance, provisioning and reconciliation of HPE NonStop user accounts directly from SailPoint. Current solutions for requesting and managing user access are inefficient, manual, complex, and outdated. Governance is often an afterthought, leaving enterprises vulnerable to security risks and exposed to compliance issues. SailPoint, the market leader in Identity Governance and Administration, allows businesses to automate an ever-growing technology landscape while addressing security and compliance risk. XYPRO and SailPoint partner to provide the first and ONLY SailPoint certified integration for HPE NonStop servers. The ServiceNow module for XYGATE validates privileged commands against Problem, Change and Incident Tickets, granting or denying execution based on the response from ServiceNow. This integration eliminates the complex, after-the-fact, manual effort otherwise required to match NonStop executed commands with individual ServiceNow tickets. Threat Detection and Security Data Analytics XYGATE SecurityOne(XS1) is a unified Security Management and Data Analytics platform for HPE NonStop environments for real-time Risk Management, Threat Detection, Vulnerability Assessment, Compliance Reporting and Integrity Monitoring. Deployed on premise or in the cloud, XS1 is a complement to your SIEM. Using XYPRO’s patented contextualization technology, XS1 helps enterprise SIEMS like Splunk analyze, identify threats, and alert quickly on NonStop security incidents. Improve the productivity of security operations while maintaining compliance with regulations such as PCI DSS, GDPR and others. File, System and User Integrity Monitoring File Integrity Monitoring (FIM) is a foundational requirement for nearly all security frameworks. FIM identifies unexpected or malicious activity across critical system files, diagnoses unwanted or inadvertent changes, and protects against catastrophic user error before it has a chance to cause damage and disruption. Organizations that collect credit card transactions and payments data must comply with the Payment Card Industry Data Security Standard (PCI DSS) requirements 10.5.5 and 11.5 that state “organizations must make efforts to monitor file modifications and ensure the integrity of critical logs from within their Cardholder Data Environment (CDE).” On HPE NonStop servers, XYGATE SecurityOne (XS1) is the most intelligent, and comprehensive solution available for NonStop customers - backed by the global XYPRO and HPE partnership. XS1 alerts when key files, objects, or system configurations are viewed, deleted, modified or ownership has changed. XS1 identifies who made the change and if the change put the system at risk or violated policy - IN REAL TIME! This intelligent form of real-time integrity monitoring simplifies monitoring and helps meet the strictest of compliance requirements while reducing noise generated by unnecessary alerts. Your resources are focused on the most critical security events. HPE NonStop servers are the core of mission critical organizations and are vital to our daily lives; how we shop, pay, bank, and communicate. XYPRO collaborates with our customers, technology partners and HPE to develop solutions that maximize your HPE NonStop investment, addressing your security and integration needs. Keep an eye out for XYPRO’s annual Roadmap Webinar coming in February 2022. #### NonStop Technical Bootcamp 2016 - Five Great Takeaways NonStop Technical Bootcamp 2016 - Five Great Takeaways Since I started with XYPRO over 10 years ago, I’ve been to a few NonStop events. This year’s NonStop Technical Bootcamp was big. Nearly 500 attendees crowded the hallways, conference rooms and lobby bar at the Fairmont in San Jose. The atmosphere felt electric and immersive. There was a lot going on over the 5 days of festivities, so I’ll boil it down to the 5 key takeaways I found the most exciting. XYPRO Announces OEM Partnership with HPE Security – Data Security One of the first highlights of the event was XYPRO’s major announcement of a strategic OEM partnership with HPE Security – Data Security, formerly known as Voltage Security. XYPRO unveiled the newly evolved partnership during the Sunday beer bust. This was followed up throughout the week with multiple sessions describing the importance of the relationship and the extended benefits to NonStop customers and others wishing to protect data at the source. The OEM relationship now engineers XYPRO Data Protection (XDP) with HPE SecureData, making HPE SecureData a solution called “Transparent Data Protection” the pre-eminent solution for protecting your sensitive data on your HPE NonStop servers, as well as seamlessly across the enterprise. Actionable Insight through Intelligent Data A year ago, at NonStop Technical Bootcamp 2015, XYPRO revealed XYGATE SecurityOne® (XS1), our vision and new product line for providing real-time, intelligent and actionable security information to the industry. This year we were able to update progress and new features such as data trending and CLIM Risk Monitoring. We also discussed how XS1 has been deployed at customers to meet stringent requirements and how they are already extracting value. Using patent-pending technology, XS1 gathers data from multiple, disparate HPE NonStop server sources; including application and system data, subsystems, user behavior, file operations, network data, command input and other sources and uses specialized security intelligence algorithms to correlate, contextualize and analyze events to paint a detailed security incident picture in real-time. This enables users to detect security events before they culminate in an incident or breach.   With its newly introduced trending capabilities, XS1 leverages what it has learned about the past to help crystalize what is happening in the present and warn you may happen in the future. It’s no secret - everyone wants a better understanding of their data to make quicker and more accurate decisions. Being able to understand what happened in the past helps you better understand how it will affect the future. To go from concept to deployment in less than a year was no small feat. This was mostly due to a lot of hard work and late hours from our engineering team, a lot of market research and close relationships and feedback from our customers using the solution. This ensures XS1 fits the needs of today’s mission critical environments. Customer Presentations HPE NonStop technical Bootcamp was bookended by two important – not to miss - customer sessions. Paul Freeman, Information Security Manager at TSYS presented how TSYS began a major effort to migrate away from an unsupported legacy security system that was deeply integrated into their HPE NonStop environment. TSYS had to deal with a slew of requirements including limiting internal disruption, maintaining current capabilities, the ability to add new functionality to their applications, meet some very demanding internal and external compliance regulations and of course, budget. This was a multi-year process that included evaluating a variety of potential solutions from both internal and external sources. TSYS ultimately chose the XYGATE Suite of products from XYPRO to protect their HPE NonStop environment. Paul described in detail how the TSYS requirements were met by the XYGATE suite and how XYPRO’s technical team was able to deliver and implement the new solutions on a tight deadline. One Wednesday, Chris Draper, AVP at Wells Fargo Bank, presented Wells Fargo’s experience as an early adopter of XYPRO’s newest solution, XYGATE SecurityOne® (XS1). Chris laid out the bank’s requirements, which included proactive monitoring, intelligent and actionable data and behavior analysis of their applications and environment. Wells Fargo, as is the case with most organizations today, wanted insight on the data they already have to allow them to make quicker decisions earlier in the process. At the same time, they need context applied to the data to determine which events are actionable and which are benign.  This knowledge allows them to focus their efforts and resources on items that warrant action. XS1 has allowed them to meet those requirements. Chris described specific use cases in which they’ve been able to leverage the solution internally. In Chris’s words, “XYGATE SecurityOne fulfills the vision of where we want to be with security. It’s the right solution at the right time”. Chris is a fantastic presenter and needless to say, this created a lot of buzz at our booth and in the hallways. Chris’s presentation is available on www.nonstopbootcamp.com. The Under 40 SIG I started working at XYPRO when I was 23. For the next several years, I remained the youngest person at the company.  Over the last few years, I’ve seen the culture at our company get younger and hungrier. New ideas, new methods, and new ways of thinking. When I heard Navid Khodayari of Idelji was organizing an Under 40 SIG, I was all over it. I was interested to see how the others were addressing the challenge of introducing NonStop to a new generation. To keep the industry viable long term. Needless to say, we weren’t the only ones with this issue on our radar. The SIG had about 50 participants, from both vendors and customers. The discussion circled around finding a new crop of talent, onboarding and training younger folks and capturing that large repository of NonStop knowledge that exists with the seasoned veterans of the NonStop industry. There is a lot of work to be done and we had some great ideas to put into place over the next few months. It was refreshing to see the industry as a whole has taken notice and given us youngsters the opportunity to showcase our talents to catapult NonStop into the next generation. vNonStop In early 2016 at Mobile World Congress in Barcelona, HPE demonstrated the virtual NonStop (vNonStop) concept. vNonStop is HPE’s advance in virtualizing the NonStop operating system. vNonStop enables customers to take full advantage of all the fault tolerant capabilities of a NonStop server, without the upfront investment in hardware. This allows users to create a NonStop guest VM, similar to how you would stand up a Windows or Linux VM using KVM (think of KVM as a VMWare or Hyper-V alternative) as the hypervisor. This technology and its vision was front and center at this year’s NonStop Technical Bootcamp. HPE even had a fully functional demo unit on the show floor. Andy Bergholz, Director of HPE NonStop Engineering, laid out a detailed vision and the advantages of the vNonStop and the importance of it to HPE’s future. The advantages of this technology are profound. Virtualizing the NonStop core allows for faster deployment of systems and applications, massive scalability, flexibility in sizing up and sizing down your infrastructure as needed and much more. I’ve seen Andy present on this topic multiple times now and he does as fantastic job of articulating the importance and relevance of this technology. The advancements in 2017 are going to be fun. It really was a whirlwind week. We got to meet some terrific people, attended excellent sessions and had some amazing fun. But now that we’re back and have had a chance to unwind and decompress, the real excitement starts. Everything picked up from the week in San Jose gets put in motion for 2017 and the list is big. XYPRO is well into our vNonStop validation efforts, with our newest OEM announcement, the HPE Security - Data Security partnership is stronger than it has ever been, XS1 is taking off like a rocket ship and new product innovation is happening at a feverish pace in our R&D department. 2017 looks brighter than ever for XYPRO and for the NonStop community as a whole. Finally, a couple of short notes of appreciation from the XYPRO team to Connect for organizing another extremely valuable event. Thank you to all the customers and partners involved well as to the HPE staff who dedicated so much of their time to pull the schedule and content together. It was a blast. We’re all looking forward to seeing everyone again next year! Steve Tcherchian Chief Information Security Officer XYPRO Technology Steve Tcherchian, CISSP, PCI-ISA, PCIP is the CISO and SecurityOne Product Manager for XYPRO Technology. Steve is on the ISSA CISO Advisory Board and a member of the ANSI X9 Security Standards Committee. With almost 20 years in the cybersecurity field, Steve is responsible for XYPRO’s new security product line as well as overseeing XYPRO’s risk, compliance, infrastructure and product security to ensure the best security experience to customers in the mission critical computing marketplace. #### Now Is the Time to Replace VPN With Zero Trust   Reworked November 24, 2020 - Now Is the Time to Replace VPN With Zero Trust ... What Is Wrong With VPN? The perimeter methodology that VPN relies on makes it particularly vulnerable to attackers, said Steve Tcherchian, chief information security officer at XYPRO, a cybersecurity analytics company, by giving users and devices unfettered access to the network once they have been identified and authenticated at the perimeter. “Attackers love this," he said. "Once they’re in, they can spend as much time as they need to move around from device to device. In some cases, once authenticated to the VPN, this could mean access to thousands of devices.” Tcherchian said several recent data breaches can be attributed to this methodology of trust, and it enabled attackers to gain access to everything the vendor or contractor had done in the past. “This is no longer a sustainable security strategy," he said. "Moving to a Zero Trust model removes that layer of perimeter security. Every user and device, whether outside the VPN or inside no longer has access to devices. Even if they’re inside the VPN, there is no access unless explicitly granted on an as-needed basis.” ... To read the full article visit reworked.co/   #### Open Source Flaw Management Shows Signs of Improvement: Report LinuxInsider, April 30, 2019--Open Source Flaw Management Shows Signs of Improvement: Report Steve Tcherchian, CISSO, XYPRO Chief Product Officer, discusses the struggle many organizations face when identifying and managing open source risk across their application portfolios. Click here to learn more. #### PartnerOne Continues Investment in AI with XYPRO Applied AI Technology RIVERSIDE, Calif., Feb. 19, 2026 /PRNewswire/ -- XYPRO, a PartnerOne company and market leader of security and compliance solutions for mission-critical systems, introduces Lionel, an internal AI assistant designed to unlock institutional knowledge across the HPE Nonstop Compute ecosystem. This marks a major milestone in PartnerOne's applied artificial intelligence strategy. Over the past year, XYPRO has focused its AI efforts on a specific operational challenge: critical knowledge exists, but it is fragmented, difficult to access, and slow to use. This issue is particularly pronounced in HPE Nonstop Compute environments, where publicly available information is limited and expertise is spread across decades of technical manuals, support tickets, internal systems, and the experience of highly specialized domain experts. The impact of this fragmentation is slower onboarding, inefficient troubleshooting, and challenges scaling expertise in mission-critical environments. To address this, XYPRO built Lionel, an AI-powered assistant that provides a single, trusted interface for accessing verified answers drawn from internal and external sources. Lionel enables employees and ultimately customers to ask questions without needing to know where information resides or spending hours searching across systems. Lionel is already delivering measurable benefits, including: Reduced time to resolution for complex security and compliance support issues Improved access to historical context and institutional knowledge Increased engineering efficiency by minimizing time spent navigating dense technical manuals and documentation By focusing on trusted data and practical outcomes, Lionel augments human expertise rather than replacing it, supporting the reliability and stability required in regulated enterprise environments. "This work reflects a shared philosophy across PartnerOne companies," said Steve Tcherchian, XYPRO CEO. "AI creates the most value when it's applied with discipline. By focusing AI on real problems and tying it directly to measurable improvements, we unlock knowledge at scale." Suzanne Fortman, PartnerOne Vice President added, "AI is core to our investment strategy at PartnerOne, we look for companies and teams that apply technology with focus and intent. XYPRO's approach to AI is a strong example of how disciplined innovation grounded in real operational needs can strengthen core businesses, leverage institutional knowledge, and create long-term value for customers and partners." XYPRO's approach closely aligns with PartnerOne's broader strategy of long-term investment, operational excellence, and value creation through focused innovation rather than speculative experimentation. As XYPRO expands its use of AI across the organization and the broader HPE Nonstop Compute market, the company will continue applying this same lens: clear objectives, trusted systems, and tangible business impact. Through Lionel, XYPRO demonstrates how applied AI can strengthen core operations, protect institutional knowledge, and enhance long-term value for customers, employees, and investors alike. About PartnerOne: PartnerOne is one of the fastest growing enterprise software groups in the world. With an "Acquire. Invest. Grow." philosophy, PartnerOne focuses on long-term growth and customer value. Over 1500 of the world's largest organizations, including 80% of the world's largest corporations, have placed their trust in PartnerOne for data protection, cybersecurity, AI, data management and digital transformation. PartnerOne provides a "forever-home" for acquired businesses and helps them thrive with shared resources and sustained investment. About XYPRO: Founded in 1983, XYPRO is a recognized leader in cybersecurity, protecting the world's most critical data. Trusted by global enterprises, XYPRO delivers industry-leading risk management and compliance solutions for mission critical workloads helping organizations prevent data breaches, reduce risk exposure, and ensure operational resilience. From regulatory compliance to ransomware protection, we partner with customers to secure what matters most - their data. #### Payments Apps and Database Security. It’s Business as Usual. Until it’s Not. CashApp, Zelle, Venmo, ApplePay, Square - the payments industry is growing and expanding into areas we hadn’t imagined.  Everyone relied on it before the pandemic - now it’s critical infrastructure and embedded into our everyday habits. For payments providers, how are you protecting your payments application and databases? Applications store their data in a database in order to efficiently retrieve and make use of it.  A database may contain everything from configuration data, usernames and passwords, to critical information such as results of your last medical examination.  Some databases know you owe money and to whom, what you posted on a social media app two years ago, what you typically order for lunch and much more.  Needless to say, this is a treasure trove for thieves, and a huge target.  All this data is shared under the assumption that the application creator is doing everything possible to protect our most personal information.  The tools exist to address it.  So…... “how are the bad guys getting access to our data?” One of the most common database attacks, and interestingly enough, one of the simplest to protect against, is SQL injection (SQLi). This attack is where malicious SQL statements are inserted into an entry field for execution.  A successful SQLi attack can read sensitive data such as usernames, passwords, credit card numbers (and more), tamper and destroy data, execute administrative operations, and worse. Below is an example of SQL Injection. This form accepts a username and password as input, validates the entry in a table called users and, if both username and password match, grants the user access. There is no guarantee that a user will only enter a valid username in the username field. In the above example, a user has entered the partial SQL statement ‘ or ‘1’ – ‘1 and a blank password.  The SQL engine interprets the command literally and since 1 will ALWAYS equal 1, grants the malicious user access to the application without a valid username or password. Layering security strategies  provides comprehensive protection against this type of common attack.  Step 1 - Sanitize all input, then escape all input.  Easy stuff, right?   This should also be coupled with proper database permissions and always use prepared statements or parameterized queries whenever user input is required. Parameterized queries are the database engine’s natural defense against SQLi. Whitelist Maps are also an effective strategy to protect against SQLi in cases where escaping and parameterization doesn’t help.  If you’re interested in this topic, there are tons of great resources on the www.owasp.org website that describe an overall SQLi protection strategy. Secure, NonStop SQL Database Management SQLXPress from XYPRO is the most secure and functional database management solution for NonStop SQL.  Think about it as the Microsoft SQL Management Studio for NonStop.  SQLXPress includes a comprehensive set of security controls, including: Multi-factor Authentication Auditing Access Control Session Encryption Code Integrity SQL Injection Protection Multi-factor Authentication The SQLXPress client supports multi-factor authentication (MFA), a PCI-DSS and GDPR requirement, by prompting users for a second factor.  Used in conjunction with XYGATE User Authentication (XUA), which is provided on each HPE NonStop server, you’re up-to-date not only with the very latest in PCI 3.2.1 (and soon 4.0) MFA compliance requirements, but also with the advice of every security expert out there.  Multi-factor authentication is a must! Auditing Configure the level of audit data that is collected by the audit subsystem.  The audit subsystem records the actions of SQLXPress users and contains detailed information , including date and time, user logon name, PC device identification, SQL statement text, SQL parameter values, outcome details, and much more. Audit trail data is integrated with analytics solutions like SPLUNK through XYGATE Merged Audit.  A rich set of audit reports is available, from activity summary reports down to individual actions.  Reports are filtered by time of day, user, device, and SQL object name. Audit data answers questions such as: Who accessed or changed data? When was it changed? From which device was it changed? Who tried to perform an unauthorized command? Audit data is integral to effective troubleshooting. Provide diagnostic information to other departments or  grant audit report access to authorized users on an individual, audited basis. Every HPE NonStop system is delivered with XYGATE Merged Audit (XMA).  Additionally, an XMA plugin integrates the SQLXPress audit data directly into the XMA database, enabling sophisticated audit reporting and alerting capabilities for all NonStop SQL activity.  Now just deliver that audit data to your enterprise SIEM such as SPLUNK or QRADAR, integrating NonStop database security into your overall enterprise security program Access Control NonStop SQL supports access control “out of the box”.  SQLXPress augments these standard access control features by providing a more granular level of control over the actions users are permitted to perform, and the SQL objects they are permitted to access from within SQLXPress. Role-based Access Control Like all XYGATE software, SQLXPress supports a role-based access control model: Roles are granted permissions to perform activities Users are assigned to roles Roles may be restricted to an “environment” (an environment is a collection of specific SQL objects) Authorization checks on access & activity requests Access control is configured to suit the needs of the organization. Separation of Duties The Security Administrator is responsible for the configuration and management of the SQLXPress security subsystem, including audit and access control via a familiar user interface.    To really appreciate SQLXPress access control let’s look at some use cases: Use Case 1: Command Lockdown NonStop SQL permits the owner of an SQL object, like a table, or a view, to perform any DDL or utility operation on the object.  SQLXPress access control refines this so that restrictions can be applied to individual operations. Many commands, like Update Statistics, or Split Partition, are performed as part of the routine duties of a DBA.  The DBA should have permission to perform them on an ongoing basis However, there are some operations like Purge Data, Drop Table, or Disable Trigger, that are not required for the normal operation of the database, and can have disastrous consequences if performed inadvertently.  SQLXPress access control allows these potentially dangerous commands to be “locked down” during normal use.  When the DBA needs to perform a locked-down command, the Security Administrator temporarily grants permission for the command.  When the command has been completed, the security administrator revokes permission. Use Case 2: Data Access Restrictions NonStop SQL permits the owner of a table to view and change the data stored in the table.  SQLXPress access control can be used to limit the owner’s access to data while still permitting the owner to manage the table. SQLXPress security controls mean the owner can be prevented from changing data and can even be prevented from viewing data at all. Use Case 3: Database Visibility Restrictions SQL metadata is a rich source of information about the databases on the system.  It includes details on table names, column names, security settings, data validation rules, and much more.  Most organizations will want to limit access to SQL metadata to authorized users only.  However, with NonStop SQL/MX, SQL metadata is secured for public read access.  This means that any SQL/MX user can view information about all the databases on the system. In SQL/MP, metadata is secured per catalog. To enable database visibility restrictions, the SQLXPress access control feature allows the Security Administrator to define one or more “environments” on a system.  An environment provides a restricted view of the SQL objects on a system. Only objects that have been registered in an environment are made visible to the user. The Security Administrator can restrict the SQL objects that are made visible to a user by assigning him a role for an environment.  The user must open an environment in order to use SQLXPress and can only work with the SQL objects that are registered in that environment. Furthermore, a user can be granted roles for more than one environment, and even granted a different role in each of those environments.  For example, user DEV.JOHN can be granted the role of Senior DBA in the DEV_ATM environment, and the role “Guest” in the QA_ATM environment. Summary With the most comprehensive set of features and full support of both NonStop SQL/MX and SQL/MP, SQLXPress is the leading solution for managing NonStop SQL databases.  HPE NonStop SQL databases store highly sensitive and private information.  In an increasingly security-conscious world, customers expect their database engines and database management tools to provide comprehensive security–and SQLXPress delivers.   #### PCI 3.2 - Are YOU Ready? Originally published in The Connection - PCI 3.2 | Are YOU Ready?  As a citizen of the HPE NonStop community, it is sometimes hard to believe how much my work has changed over 25 years.  Compliance frameworks such as PCI DSS now demand as much  of my attention as robust performance or maintaining the five nines. Consciously, I realize that adhering to standards isn’t a chore to be marginalized.  But I must admit that I’ve allowed this focus to wander.  The transformation of this platform combined with the  “do more with less” doctrine has influenced me to prioritize higher visibility projects.  I am re-considering those priorities. Boosting database performance, patching memory leaks, and leveraging virtualization are terrific, but what will happen to support for these worthy endeavors if we fail audits, lose compliance, or worst of all, suffer a breach? According to a recent report by SecurityMetrics: NONE OF THE BREACHED MERCHANTS INVESTIGATED IN 2016 WERE FOUND TO BE FULLY PCI DSS COMPLIANT! It ain’t that way no more... The HPE NonStop Server traditionally considers itself a castle:  An impregnable island fortress granting access only to a select few.  If you didn’t belong inside, you didn’t get in. There was never a need to test  the castle walls for weaknesses. That was arguably true – prior to increased inter-platform communication, widespread acceptance of the internet, WANs, wireless networking, high speed clusters, distributed databases, disaster recovery/business continuity, remote access, BYOD and migration from proprietary to open standards. All of the above introduced NonStop to the possible security vulnerabilities inherent in these constructs.  We are reluctantly forced to allow ongoing vulnerability testing - internal and external. So as a vigilant NonStop sentry, I‘d like recommend two things to reclaim fortress stature : Implement  what many security pros agree are three essential PCI DSS 3.2 standard aspects which are soon to graduate from best practice status to requirement Leverage tools which meet the requirements that are already available to all NonStop users.   Eliminate use of SSL and early TLS versions by June 20 2018 (Requirement 4.1) Actually, this touches three PCI DSS requirements: Requirement 2.2.3: Implement additional security features for any required services, protocols, or daemons that are considered to be insecure. Requirement 2.3:  Encrypt all non-console administrative access using strong cryptography. Requirement 4.1: Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks. This issue has been well-known for some time. In fact, PCI 3.1 set a deadline for SSL/TLS mitigation by June 30, 2016. Since then, Heartbleed, POODLE, DROWN, FREAK and SWEET32 vulnerabilities forced a re-evaluation of the requirement for PCI DSS 3.2. Current practice is to disallow all SSL versions as well as TLS 1.0x and move towards TLS 1.2. TLS 1.2 supports AES ciphersuites in 128 and 256 bit key lengths. The difficulty for most implementations will likely be the TLS level on the remote endpoints.  Session negotiations are determined by the highest ranked  protocol available on both sides. If one side’s latest available TLS version is 1.0, then the other side will be forced either to allow non-compliant TLS sessions or not connect at all. SSL/TLS vulnerabilities are being taken so seriously that many organizations are scanning their internal networks to identify SSL/early TLS traffic - some are even blocking such traffic ! Perimeter defenses like firewalls and trusted zones do not exempt servers from Requirement 4.1.  Authorized access must protect data in motion with strong cryptography - period. Req 4.1 permits TLS 1.1 on existing implementations, but new implementations must use TLS 1.2. Current NonStop OS RVUs are capable of supporting TLS versions through 1.2 and suppression of SSL so we can control our side of the implementation. One survey of SSL/TLS usage for VPNs as of December 2016 show 77% still allow SSL and/or early TLS, and fewer than 3% are PCI DSS compliant.2 Considering 40% of attacks involve so-called “encryption abuse”2 – meaning attackers usurp victims’ encryption to hide their activities – a quick migration of both endpoints to TLS 1.2 would be a worthwhile effort. One quick final note on this:  SSH is a good alternative, particularly for NonStop. Recent RVUs include SSH capability which is based upon openSSH 7.2p2 or later. Implementation of Multi Factor Authentication for ALL non-console remote access by February 1 2018 (Requirement 8.3.1) Right now, this is considered by most security and compliance experts as the best tool for preventing intrusion and subsequent malicious activity.  Multi-factor authentication (MFA) offers the best bang for the buck. Every entry point from phones (pardon me – mobile devices) to PCs to web sites to servers either requires MFA or will require it very soon.  The Reason:  Higher reliability of correctly authenticating access requests. Identity thieves may steal passwords or even fingerprints, but it’s less likely that they can steal 2 or more factors. Even better are factors which are single-use and /or valid for very short durations. The change from PCI DSS 3.1 to 3.2: Expanded Requirement 8.3 into sub-requirements, to require multi-factor authentication for all personnel with non-console administrative access, and all personnel with remote access to the Card Data Environment (CDE). New Requirement 8.3.2 addresses multi-factor authentication for all personnel with remote access to the CDE (incorporates former Requirement 8.3). New Requirement 8.3.1 addresses multi-factor authentication for all personnel with non-console administrative access to the CDE. Requirement 8.3.1 effective February 1, 2018 In summary, as of February 1 2018, MFA will be required for ALL administrative/remote access to cardholder data – not just consoles. I envision many heated discussions regarding where the cardholder data environment (CDE) perimeters are and which users have access to it. Perhaps these could be better described as re-heated discussions. Not only has this issue been the subject of previous debates, but the CDE may have changed since the last time this battle has been fought. The PCI council foresaw this and has published a document which, along with network segmentation, offers recommendations on how to determine PCI’s definition of CDE in your organization:  https://www.pcisecuritystandards.org/documents/Guidance-PCI-DSS-Scoping-and-Segmentation_v1.pdf User acceptance will also be a major issue related to MFA. More affected users mean higher support call volume, lower productivity, and potentially user/customer dissatisfaction and lost revenue. This is why CDE definition and access are contentious topics. The temptation will be to reduce the number of MFA-required circumstances as much as possible –  applying to only those that strictly adhere to the latest PCI DSS defined requirements. I would counter propose that more MFA – not less – would yield the greatest returns: MFA processing consumes very few system resources – network, disk, and cpu As mentioned earlier, most users are already experiencing MFA and are quickly adapting, accepting, even demanding MFA for access to sensitive information Future PCI DSS standards likely will expand MFA requirements to all access by all users XYGATE User Authentication (XUA), which is bundled in all current NonStop OS RVUs, provides the necessary functionality for MFA when teamed with RSA or RADIUS security solutions.  Once configured, this is as close to “set it and forget it” as there is. More statistics:  Depending on which source you consult, between 63 and 91% of all data breaches involve weak authentication (i.e. passwords/phrases). 3 4 MFA is an inexpensive and readily available countermeasure against intrusion. Two important  items to consider regarding your MFA implementation: Engage your RSA/RADIUS team as early as possible. Corporate RSA teams are going to become overwhelmed very quickly as everyone scrambles to meet the February 1 2018 deadline. As of this writing, Feb. 1 2018 is 5 months from now. You may want to start developing your strategy now – most MFA implementations take at least 4-6 months to deploy organization-wide before going into production. Maintain detailed documentation of cryptographic architecture (Requirement 3.5.1) This requirement is different than the other two.  Req 3.5.1 actually applies only to service providers and refers to documentation: New requirement for service providers to maintain a documented description of the cryptographic architecture. Effective February 1, 2018 If you don’t have a cryptographic architecture, you can’t meet Req 3.5.1. Requisite 3 is concerned with protecting stored cardholder data, meaning data at rest.  Primary Account Numbers (PANs) are the most common data grail; therefore, they garner most of the Req 3 attention.  The scope of CDE tends to expand as payment processing gets more complex and interrelated with other sensitive data. Once again, we can get mired in the CDE jurisdiction argument. My experience in NonStop has fostered a need to explore worst-case scenarios and how to deal with them.  In the case of cardholder data, theft is the worst-case scenario (alongside destruction or deletion of said data). Cardholder data theft cannot be totally prevented. But we can make the stolen goods useless to the thief. This is the intent of Requirement 3. This can be accomplished one of two ways: Encrypting data within the CDE or exempting data from the CDE. Encryption is a well-established and reasonably trusted method of data obfuscation. Most enterprises use a shared encryption engine across all its platforms, thus making the solution simpler and more affordable. For PCI DSS compliance, encryption does NOT exempt data from being classified as part of the CDE and thus is subject to Requirement 3 scrutiny. Data tokenization is an increasingly popular way of excluding PAN data from the CDE. Tokenization supplants PANs or other surrogate data with tokens. These tokens have no intrinsic value and cannot be traced to the corresponding source without authorized de-tokenization and authentication. Under PCI DSS 3.2, tokenized data IS excluded from the CDE, which is why it is becoming so popular. While encryption or tokenization are not currently required to meet PCI DSS Req 3 standards, Req 3.5.1 is an indication that such a requirement will occur in the future – probably the near future. Not necessarily just for service providers. HPE SecureData Transparent Data Protection for HPE NonStop offers both encryption and tokenization services without any coding changes. Re-invent the fortress Three major PCI DSS requirements.  Three readily available tools; HPE SSH, XYGATE User Authentication and HPE Data Security’s SecureData for NonStop allow you to meet those requirements. XYPRO, along with HPE have dedicated extensive time and resources in evaluating  how PCI DSS 3.2 will affect the HPE NonStop Server ecosystem and its customers. These requirements become mandatory in 2018. We recommend the activities to become compliant with the new standard start before the mandatory deadline dates in 2018. This will ensure your organization has enough time for testing and deploying to production. Please visit the www.XYPRO.com to download the latest version of the PCI DSS 3.2 White Paper which describes how to make your NonStop servers PCI DSS Compliant. https://www.securitymetrics.com/static/resources/orange/2017-securitymetrics-pci-guide.pdf https://www.darkreading.com/vulnerabilities---threats/more-than-40--of-attacks-abuse-ssl-encryption/d/d-id/1326789 Verizon 2017 Data Breach Investigations Report http://www.verizonenterprise.com/resources/report/rp_pci-report-2015_en_xg.pdf   About the Author Author Bio: Robert Klein I’ve been an IT serf since 1989. Worked on Tandem/NonStop since 1993 as an operator, application support tech, system administrator, and security administrator. Currently I am a Security Solutions Specialist for XYPRO. I graduated from the University of South Florida with a B.A. in  US History. During downtime I perform with trumpet/trombone jazz and brass ensembles, indulge in car restoration and enhancement, and dabble in screenwriting / playwriting. Upcoming hobbies:  motorcycling,  bicycling, off-road trucking, diesel powered vehicles, and voiceover freelancing for fun and profit.  My primary port-of-call is  Columbus, Ohio #### PCI DSS 4.0 - 7 Takeaways You MUST Know PCI DSS 4.0 Is Coming. Will You Be Ready? Since the release of PCI-DSS 3.0 in 2013, the PCI Security Standards Council has been quite busy.  A little over a year after it was published, the council released PCI-DSS 3.1, followed by several new templates and supplements, including the “Migrating from SSL and early TLS Information Supplement” in April 2015 which highlighted the risks of SSL and TLS 1.0.  The supplement described a migration plan as well as set a migration deadline of 1 July, 2016. That migration deadline caused concern because SSL is so widely utilized in the payments industry. Organizations felt the tight deadline could significantly disrupt business. On the other hand, so can a data breach.  The PCI Security Standards Council took notice and in April 2016, released PCI-DSS 3.2, which extended the migration deadline to 2018.  Version 3.2 also clarified previous requirements and introduced new requirements around Personal Account Numbers (PAN) Masking and Multi-Factor Authentication (MFA). In 2018 PCI DSS version 3.2.1 replaced version 3.2 to account for effective dates and SSL/early TLS migration deadlines that had passed. No new requirements were added in PCI DSS 3.2.1. If you’ve been following the standards over the last year, you may already know that PCI DSS 4.0 is right around the corner, due out in mid-to-late 2021. PCI DSS 4.0 Revisions and Requirements Version 4.0 is still going through review, but based on the current draft version, here are the anticipated  top 7 items: Revisions to best practices for passwords and MFA. MFA may be required for ALL accounts, not just administrators. Passwords for applications and systems must be changed every 12 months Increased complexity in passwords/pass phrases – including comparison against a list of known bad passwords. Vendor accounts only active when needed, and monitored when in use.  Encryption requirements expanded to all cardholder data, as well as scanning and detecting PANs every 12 months. Version 4.0 may be the customized approach that would allow organizations to design their own controls and implement them based on the intent of the requirements. This would allow companies more flexibility to adopt new technologies and security solutions and not have to wait for the standard to catch up. More details around testing requirements.  DESV (Designated Entities Supplemental Validation) requirements may be required for all entities, not just compromised entities. Possible enhancements to requirements for end user security awareness training. The requirement for monitoring updated to include tech advancements such as cloud environments. Malicious code is one of the biggest problems that financial institutions face. The new version of PCI DSS 4.0 specifically addresses this issue, with best practices and insight on how to fully protect network transmissions. Summary Password compromise is still the top attack vector and MFA is considered by most security and compliance experts as the best tool for preventing an unauthorized intrusion. MFA offers the best bang for the buck. Every entry point from mobile devices to PCs to web sites to servers either require MFA or will require it very soon.  The Reason:  Higher reliability of correctly authenticating access requests. Identity thieves may steal passwords or even fingerprints, but it’s less likely that they can steal 2 or more factors. Even better are factors which are single-use and /or valid for very short durations. If you’re not already using multi-factor authentication in your HPE NonStop environment, XYPRO can help configure XYGATE User Authentication, to allow you to comply with these new and more stringent PCI DSS 4.0 requirements. XYPRO is continuously dedicating extensive time and resources to evaluate how PCI DSS 4.0 affects the HPE NonStop Server ecosystem and its customers. These requirements will take effect soon. XYPRO recommends taking action to become compliant with the new standard before the mandatory deadline dates. This will ensure your organization has enough time for testing and deploying to production. Please visit our website www.xypro.com for more information. Steve Tcherchian, CISSP Chief Product Officer and CISO XYPRO Technology Carol Gorst, PhD. Manager. Business Analysis XYPRO Technology #### PCI DSS 4.0 - Simplify Compliance in a NonStop World NOTE: This article has been updated to include the PCI DSS Version 3.2.1 to 4.0 Summary of Changes for HPE NonStop™ Servers   In March 2022, the PCI Security Standards Council released the new Payments Card Industry Data Security Standard version 4.0 (PCI DSS 4.0). The latest version of the standard took 4 years to develop, requiring 3 rounds of requests for comments and over 6,000 comments from the community (present company included). PCI DSS 4.0 marks the 18th year of this critical security standard and is the most comprehensive version to date, with the document expanding from 139 pages for PCI v3.2.1 to 360 pages for PCI v4.0. There are 64 new requirements, 13 of which are effective starting March 2024 when PCI DSS v3.2.1 is officially retired. The remaining 54 requirements are best practices until March 2025. That doesn't mean you can sit back and enjoy your current compliance status for the next 2 years. On the contrary, 2023 must be used as a transition period to assess the new standard and modernize your security controls. There is a lot of work to do and very little time to spare. Do not assume because you were PCI 3.2.1 compliant that you will be PCI 4.0 compliant. Below we break down the standard to make it less intimidating. The Objective Compliance has historically been a backward-looking activity. Compliance requirements are meant to prevent issues that happened in the past from happening again in the future. PCI DSS 4.0 changes that. Designed with a ZERO Trust strategy in mind to continuously meet the needs of the payment industry, the 4.0 standard now aligns with the usage of emerging technologies and takes into consideration the evolving threat landscape. You will see this in various guidelines that describe how to comply with certain requirements. Security-mature organizations now have the flexibility to design and implement controls to meet objectives. Compliance is no longer a point-in-time activity, it's an ongoing and REAL-TIME process that is dependent on security controls and the quality of evidence. PCI DSS 4.0 introduces two approaches for implementing and validating requirements: The traditional, prescriptive method. A new customized approach focusing on the objective of the requirement. (Not available for every PCI DSS requirement) The Customized Approach Businesses that employ the customized approach need to take the following into account: (1) fully understand the requirement. The PCI DSS 4.0 standard defines the requirement and gives a distinct, customized approach stating what must be handled to achieve the requirement's goal. (2) the company must examine whether it is already adhering to the criteria as written. (3) if the traditional method is not satisfied, you should assess whether previously implemented (or planned) control processes are adequate to satisfy the requirement’s objective(s). Ultimately, the customized approach method provides a lot of flexibility in meeting the objectives of the requirement. If you’ve implemented a zero-trust strategy, there is no need to reinvent the wheel. You may already have the necessary controls, but it's imperative to evaluate and document. Keep the following in mind to determine if a customized approach is right for you: Organizations can take a strategic approach Supports new, cutting-edge technologies with unique implementations where the traditional, defined approach may be insufficient Flexibility to choose Focuses on the “objective” of the PCI DSS requirement Greater flexibility for evidencing a requirement is met Allows for emerging technologies in Cardholder Data (CHD) environment to be evaluated Greater overhead for organizations to document and demonstrate Not an available option for all requirements Requirement 3 - Protect Stored Account Data Requirement 3 has expanded to include “Account Data” where previously it focused only on “Cardholder Data”. Account Data now includes Full track data, CVV, and PINs, which means more of your data is now in scope for PCI compliance such as additional files, subvolumes and directories, servers, email systems, and more. This may mean taking a look at your network topology to determine if the Cardholder Data Environment (CDE) needs to be expanded. Given this, the scope of Requirement 3 has changed significantly and should be properly evaluated for your organization. Requirement 8 - Multi-Factor Authentication One of the most significant changes that impact HPE NonStop environments is Requirement 8 and Multi-factor authentication (MFA). Poor authentication controls are well known to be the leading cause of data breaches. Previously, requirement 8.3 applied only to remote access from untrusted networks. For example, an administrator, user, or vendor could remotely authenticate to a network using two-factor authentication, then pivot to any system within the network, including the CDE, all with just a single set of credentials. This poses a risk as it pushes security controls to the perimeter. Recent industry reports found that over 80 percent of data breaches involved weak, default, or stolen credentials. Additionally, Virtual Private Networks (VPN) caused interesting exceptions. Some point-to-point VPN tunnels could be considered local network access, with the devices on the other end of the tunnel not requiring two-factor authentication for access to the CDE. Another common method used to meet this requirement is having system administrators use Remote Desktop technology for administrative functionality. An administrator could connect to a secure “jump server” which acts as a bastion host using two-factor authentication, then use their emulator to connect or “jump” from that server to the CDE, including the NonStop using their single set of credentials to perform their duties. “Previously, this (requirement 8) applied only to remote access from untrusted networks,” PCI Security Standards Council CTO Troy Leach said in a statement. “A password alone should not be enough to verify the administrator’s identity and grant access to sensitive information.” PCI-DSS 3.2 expanded requirement 8.3 to include all personnel with non-console administrator access to cardholder data and systems to use MFA. Meaning if an administrator is not physically in the data center on the keyboard, MFA for the system housing card data is a must. The requirement also changed its verbiage from “two-factor authentication” to “multi-factor authentication”. This meant local network access to servers, workstations, and network devices in the CDE must be protected with multi-factor authentication before granting administrator access to cardholder data or the systems housing them. As expected, PCI DSS 4.0 continues to expand MFA with new requirements within 8.4 4.1 MFA is implemented for all non-console access into the CDE for personnel with administrative access. 4.2 MFA is implemented for all access into the CDE. 4.3 MFA is implemented for all remote network access originating from outside the entity’s network that could access or impact the CDE as follows: All remote access by all personnel, both users and administrators, originating from outside the entity’s network. All remote access by third parties and vendors. Previously, remote workers connecting to the CDE through a VPN that required MFA was enough. Now MFA is required for ALL ACCESS to the CDE. In short, every attempt by any user to access the CDE must be authenticated with MFA. To comply with requirement 8.4 objectives, both 8.4.2 and 8.4.3 must be met. XYPRO’s XYGATE User Authentication (XUA), included with all HPE NonStop servers, provides everything necessary to comply with these new MFA requirements. All HPE NonStop customers already have this capability with nothing additional to purchase. XUA supports authentication providers like RSA SecurID, RADIUS, Microsoft Active Directory, Microsoft Authenticator, Google Authenticate and will soon support PING, DUO, Delinea, and additional MFA providers. Wireless Access If wireless technology is used to store, process, or transmit account data (for example, wireless point-of-sale devices), or if a wireless local area network (WLAN) is part of or connected to the CDE, the PCI DSS requirements and testing procedures for securing wireless environments apply and must be performed. Wireless detection must be performed even if wireless is not in use and even if the organization has a policy prohibiting its use. The relevant wireless requirements are listed below. 3.1 Wireless vendor defaults are confirmed secure (encryption keys, passwords) 2.3 Physical access to wireless access points is restricted 2.1 Authorized and unauthorized wireless access points are detected and identified at least once every 3 months If automated monitoring is used personnel are notified by generated alerts 2.2 An inventory of authorized wireless access points is maintained, including business justification (to avoid unauthorized points mistaken for legitimate) 10.5 The incident response plan includes monitoring and alert response for the detection of unauthorized wireless access points Requirement 6: Develop and Maintain Secure Systems and Software Requirement 6 applies to all system components, code repositories, testing platforms, and more that are used to develop, test, and secure applications that handle Account Data. There are several new requirements and updates that deal with bespoke and custom software. Commercial off the Shelf (COTS) software is not included in this requirement. Bespoke software is software provided by a vendor or third party specifically developed to meet a single organization's needs. The value of bespoke software is that it targets key business objectives for the company. Commercial off the Shelf software is developed by a vendor, not tailored to a specific customer, and targeted for a mass market. Custom software is similar to bespoke software except it's developed internally by the business itself without the use of a third party. 2.3 is a new requirement that states how enterprises must now identify and list all of their bespoke and custom software, as well as any third-party software included in their bespoke or custom software. This is to properly manage and update any vulnerabilities discovered in the third-party components. Payment software components and dependencies, including supported execution platforms or environments, third-party libraries, services, and other essential functions," should be included in the inventory. 3 Has critical components that require code reviews for bespoke and custom software. Vendors must have proof of code reviews available by someone other than the developer. All system components must also be protected from known vulnerabilities by installing applicable security patches and updates. 4.1 requires public-facing websites and applications to protect against new threats and vulnerabilities and ensure these applications are protected from known attacks on an ongoing basis. As a customized approach, you can install automated technology that continually detects and prevents attacks in real-time. 4.3 focuses on protecting the page scripts and other application files. This includes a method to ensure the integrity of the scripts and files and alert if they've been tampered with. On HPE NonStop servers, this can be accomplished with File Integrity monitoring. File Integrity Monitoring in REQUIRED for PCI DSS 4.0 Compliance It's no secret, you’ve heard me say this (read) numerous times - multi-factor authentication and file integrity monitoring (FIM) give you the best cybersecurity return on investment.  You cannot be compliant with any cybersecurity framework without implementing these two controls. FIM is necessary for compliance with PCI DSS, GDPR, SOX, HIPAA, GLBA, FISMA, NIST, and more. For HPE NonStop servers, FIM is even recommended by HPE in the NonStop Hardening Guide. FIM alerts on modifications to files, objects, users, system configurations, and other critical components. FIM is even used for ransomware, malware, and virus protection. The only way to introduce a malicious payload is by copying a file or object onto your system. With FIM, as soon as that object appears, an alert is sent allowing for corrective action before a potential ransomware attack can cause damage. PCI DSS 4.0 calls out FIM in the following requirements. Requirement 10: Track and monitor all access to network resources and cardholder data 3.4 Use file-integrity monitoring or change-detection mechanisms on logs to ensure that existing log data cannot be changed without generating alerts Requirement 11: Regularly test security systems and processes 5.2 Deploy a change-detection mechanism (for example, file-integrity monitoring tools) to alert personnel to unauthorized modification (including changes, additions, and deletions) of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly. Requirement 12: Maintain a policy that addresses information security for all personnel 10.5 Include alerts from security monitoring systems, including but not limited to intrusion-detection, intrusion-prevention, firewalls, and file-integrity monitoring systems. Best Practices for Implementing PCI DSS into Business-as-Usual Processes “Monitoring of security controls—such as firewalls, intrusion-detection systems/intrusion-prevention systems (IDS/IPS), file-integrity monitoring (FIM), anti-virus, access controls, etc.—to ensure they are operating effectively and as intended.” To comply with the PCI 4.0 FIM requirements, XYGATE SecurityOne (XS1) from HPE is the most complete and real-time FIM offering for HPE NonStop servers. XS1 supports both Guardian and OSS, can report on compliance in real-time as well as integrates FIM results with your enterprise SIEMS and SOARS such as SPLUNK, ELK, and others. For more information on XS1, please visit www.xypro.com Noteworthy Changes and Requirements The following new requirements are key to consider when planning out a PCI 4.0 implementation and XYPRO solutions from HPE provide the necessary solutions to comply with these requirements. Please see XYPRO’s “PCI DSS Version 3.2.1 to 4.0 Summary of Changes for HPE NonStop™ Servers” guide on www.xypro.com for more information on how to address these requirements. 2.3.1 New Use the targeted risk analysis to define the frequency of “periodic” evaluations of systems not at risk of malware (i.e., the HPE NonStop servers) 3.2.1 New Use the targeted risk analysis to define periodic malware scans 3.4 Lockout user for 30 minutes after not more than 10 attempts (previously 6) 3.6 New Minimum password length increased to 12 (previously 7) 3.9 Password history of 4 passwords must be maintained OR previously used password cannot be used for 12 months 3.9 Passwords must be changed every 90 days if NOT using MFA* 6.2 New No hard-coded passwords for accounts that can be used for interactive login 4.1.1 New The use of automated mechanisms for audit log reviews 4.2.1 New Use targeted risk analysis for periodic log reviews 10.4.1 New Regarding targeted risks analysis and frequency of periodic training Summary For a detailed step-by-step guide on the changes between PCI DSS 3.2.1 and PCI DSS 4.0, please see XYPRO’s “PCI DSS Version 3.2.1 to 4.0 Summary of Changes for HPE NonStop™ Servers” guide on www.xypro.com. XYPRO also provides a comprehensive PCI DSS gap assessment to identify and recommend areas that need to be addressed to ensure you pass your PCI 4.0 audit.  Now is the time to interpret the changes and determine how PCI 4.0 clarifications and added requirements impact your organization. The full summary of changes can be found on the PCI Security Standards website. See: https://listings.pcisecuritystandards.org/documents/PCI-DSS-Summary-of-Changes-v3_2_1-to-v4_0.pdf Please visit www.xypro.com for more information. Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. Steve is on Forbes Technology Council, and the NonStop Under 40 executive board. With over 20 years in the cybersecurity field, Steve is responsible for the strategy and innovation of XYPRO’s security product line as well as overseeing XYPRO’s risk, compliance, and security to ensure the best experience for customers in the Mission-Critical computing marketplace.  Steve is an engaging and dynamic speaker who regularly presents on cybersecurity topics at conferences around the world. #### PCI DSS 4.0 Compliance : A Comprehensive Guide (XYPRO Education) The NonStop TBC24 event in Monterey, California, 23-26 September, 2024 includes the celebration of HPE NonStop's 50th Golden Anniversary at the Monterey Bay Aquarium, 60+ technical breakout sessions, keynotes, and MORE! Not to be missed is the presentation by Steve Tcherchian, CISSP “Cybersecurity Strategies for Ransomware Protection and Digital Resilience in Today’s Threat Landscape” Pre-Conference Education - "Mastering PCI DSS 4.0 Compliance for HPE NonStop: A Comprehensive Guide" Instructor: Rob Lesan, Senior Solution Architect, XYPRO XYPRO Education on PCI DSS 4.0 at TBC24 #### PCI DSS 4.0 Simplify Compliance in a NonStop World Webinar is now On-Demand In case you missed it, XYPRO's Chief Product Officer and CISO Steve Tcherchian, CISSP delivered an engaging, informative, and VERY useful presentation on the 360+ pages of PCI4.0 in mission critical, HPE NonStop environments. PCI DSS 4.0 - Simplify Compliance in a NonStop World, a webinar where we demystified one of the most important cybersecurity topics of 2023: the latest version of the Payment Card Industry's Data Security Standard - better known as PCI 4.0. You will definitely want to download our whitepaper; PCI DSS Version 3.2.1 to 4.0  Summary of Changes for HPE NonStop™ Systems referenced in the webinar. Watch the webinar on-demand for a NonStop-targeted focus on the new standard to ensure your company has enough time and knowledge to implement everything needed for data protection to get compliant before the mandatory deadline. Visit the webinars page #### PCI DSS Version 3.2.1 to 4.0 Summary of Changes for HPE NonStop™ Systems PCI DSS Compliance and the HPE NonStop™ Systems For a detailed step-by-step guide on the changes between PCI DSS 3.2.1 and PCI DSS 4.0, please see XYPRO’s “PCI DSS Version 3.2.1 to 4.0 Summary of Changes for HPE NonStop™ Servers” guide on www.xypro.com. XYPRO also provides a comprehensive PCI DSS gap assessment to identify and recommend areas that need to be addressed to ensure you pass your PCI 4.0 audit. Now is the time to interpret the changes and determine how PCI 4.0 clarifications and added requirements impact your organization. Download the full PCI DSS Version 3.2.1 to 4.0 Summary of Changes for HPE NonStop™ Systems Whitepaper     #### PCI-DSS 3.2 – The Art of Compliance on the HPE Integrity NonStop Server PCI-DSS 3.2 – The Art of Compliance on the HPE Integrity NonStop Server   Since the release of PCI-DSS 3.0 in late 2013, the PCI Security Standards council has been quite busy.  A little over a year after 3.0 was published, the council released PCI-DSS 3.1, followed by several new templates and supplements, including the “Migrating from SSL and early TLS Information Supplement” in April 2015 which highlighted the risks of SSL and TLS 1.0.  The supplement not only described a migration plan, but also set a migration deadline of 1 July, 2016. This caused some concern because SSL is so widely utilized in the payments industry and organizations felt the tight deadline could significantly disrupt business. But on the other hand, so can a data breach. The council took notice and in April 2016, released PCI-DSS 3.2, which extended the migration deadline to 2018.  They also took the opportunity to clarify some of the previous requirements and introduce some new ones that help deal with the current security environment. Let’s take a quick look at the items most relevant to the HPE NonStop server world. PAN Masking Requirement 3.3 is focused on PAN masking. The council clarified the language around this requirement by giving organizations more flexibility, based on business needs, to display more than the first six or last four digits of the PAN. There are several PAN masking/tokenization solutions available for the HPE NonStop server. XYGATE Data Protection (XDP) powered by HPE Data Security (formerly Voltage) provides the level of granularity and flexibility required to ensure the correct amount of data is tokenized.  Based on business requirements, XDP determines what parts of the PAN or other data to be displayed to help address this requirement.   Multi-Factor Authentication for Administrators Probably the most significant requirement impacting customer environments is focused on Requirement 8.3  Multi-factor authentication (MFA).   Poor authentication controls are well known to be one of the leading causes of data breaches. Previously, requirement 8.3 only applied to remote access from untrusted networks. For example, an administrator, user or vendor could remotely authenticate to a network using two-factor authentication , then pivot to any system within the network, including the Cardholder Data Environment (CDE), with just a single set of credentials. This poses a risk as it pushes security controls to the perimeter. To quantify that risk, Verizon’s 2016 Data Breach Investigations Report found that 63 percent of confirmed breaches involved weak, default or stolen credentials. Additionally, Virtual Private Networks (VPN) caused some interesting exceptions. Upon review of the controls, some point to point VPN tunnels could be considered local network access, with the devices on the other end of the tunnel not requiring two-factor authentication for access to the CDE. Another common method organizations use to meet this requirement is to have system administrators use Remote Desktop technology for administrative functionality. An administrator could connect to a secure “jump server” which acts as a bastion host using two-factor authentication, then use their emulator to connect or “jump” from that server to the CDE, including the NonStop s using their single set of credentials to perform their duties. "Previously, this requirement applied only to remote access from untrusted networks,"  PCI Security Standards Council CTO Troy Leach said in a statement. "A password alone should not be enough to verify the administrator's identity and grant access to sensitive information." PCI-DSS 3.2 now expands requirement 8.3 to include all personnel with non-console administrator access to cardholder data and systems to use MFA. Meaning if an administrator is not physically in the data center on the keyboard, MFA for the system housing card data is a must. The requirement also changes its verbiage from "two-factor authentication" to "multi-factor authentication". This means local network access to servers, workstations and network devices in the CDE must be protected with multi-factor authentication before granting administrator access to cardholder data or the systems housing them. We recommend implementing multi-factor authentication on every device within the CDE. The use of two single-factor authentication identifiers, such as prompting for two different passwords, is not acceptable. On the HPE NonStop server, Safeguard alone does not support MFA, but has extensibility through XYPRO’s XYGATE User Authentication (XUA) to provide MFA capabilities. It’s worth noting that HPE has included XUA and XYGATE Merged Audit (XMA) software as part of every new HPE Integrity NonStop server delivered since 2013, so most HPE NonStop customers already have much of this capability available to them. Further, a common approach for multi-factor authentication is the use of a token device, like RSA SecurID or RADIUS with tokens. XUA supports authentication using RSA SecurID, RADIUS, or Windows Active Directory (if configured with MFA) to meet this requirement. Migration to TLS Discovering open source vulnerabilities, especially in SSL, has become big business over the last couple of years.   POODLE, Heartbleed, BEAST, LOGJAM etc… there are no shortage of SSL and TLS 1.0 vulnerabilities. SSL is no longer relied on as a strong form of encryption. PCI-DSS 3.1 required organizations to migrate to TLS v1.1 or higher by 1 July, 2016. That deadline has been pushed to 1 July, 2018. As the risk is not minimized, we strongly recommend moving off these insecure protocols as quickly as possible. Requirements for Service Providers There are also several new requirements for service providers, mandating them to detect and report on failures of critical security control systems as well as introducing bi-annual penetration testing. PCI DSS 3.2 also includes new requirements 12.11 and 12.11.1 which require service providers to perform quarterly reviews of their personnel to make sure they are following the security procedures in place.   Summary Now is the time to review the exact changes and determine how PCI-DSS 3.2 clarifications and added requirements impact your organization. The full summary of changes can be found on the PCI Security Standards website. https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2_Summary_of_Changes.pdf. If you’re not already using multi-factor authentication in your HPE NonStop environment, XYPRO can help enable and configure XYGATE User Authentication, to allow you to comply with these new requirements.  XYPRO is also available to assist you to review your HPE NonStop server environment, identify security gaps and help you best prepare for PCI DSS compliance.   Please visit our website www.xypro.com for more information.   Steve Tcherchian Chief Information Security Officer XYPRO Technology   #### Preparing Your Workplace for Uncertainty How We Prepped for Covid-19 Melodie Bond-Hillman, Ph.D. Sr. Manager, Human Resources & Administration XYPRO Technology How We Prepped for Covid-19 As a cybersecurity company in Southern California, fueled by a culture of transparency and caring for our employees and customers, we live and operate by our mission: “We protect your data as if it’s our own.” We approached the Covid-19 threat the same way we approach cybersecurity threats, with extreme vigilance and seriousness. How did we protect our employees and prepare our organization to keep running for an indeterminate amount of time? We feel like we started planning for the potential spread of Covid-19 over two months ago. The flu season hit our headquarters office pretty hard. We had more people out with the flu or taking care of kids with the flu, than in previous years. Because of that, we had already communicated to our staff that they should stay home if they’re not feeling well or have been taking care of those who are sick. We already decided to be flexible with sick time as we saw it being used up before the end of February. Our perspective was this: Whether they can or can’t do their job remotely – if you ask them to stay home then it has got to be with full pay. It’s better for everyone that we address this without punishing the sick person and also keeping the rest of our team safe. As a company, we felt that if we had the ability to make these accommodations, it’s much better that we: Not take the chance an employee might be really quite sick but are reluctant to use up sick/vacation days in case they need them in the future. Not risk the rest of our staff feeling we don’t view their health and safety as a high priority. Remember that a company with everyone sick, can’t function and service their customers. XYPRO’s customers are the largest banks and financial institutions in the world. It’s our customers’ responsibility to be available to serve the public. The potential snowball effect is enormous. When we saw events unfolding in China and realized the impact it could have, we started drafting a plan. We were asked about the existence of our Pandemic Business Continuity Plan by one of our customers at the end of January. As we saw events escalating and replicating in Italy and Germany, we plugged ourselves into the equation, assessed our risk level and began to act quickly to get out in front of whatever may be coming. Here’s what we did: Paid close attention to events happening globally and politically and anticipated how these could replicate themselves in areas where we have employees and customers. Took steps to increase our hygiene, cleaning and disinfection of the workplace. Posted additional visual reminders about hygiene & handwashing. Educated employees on CDC guidelines to minimize risk. Increased flexibility with sick time, and work from home arrangements. Agreed on specific escalation criteria and implemented each step within our Business Continuity Plan. Shared our Business Continuity Statement on our website. Communicated this plan to employees and gave them time to prepare before each step. Tested our Business Continuity Plan with a 100% work remotely “dress rehearsal.” Surveyed all our employees to identify any gaps in the work remotely plan and took suggestions on how to improve the process. Trusted employees to communicate their concerns regarding potential exposure and to self-quarantine and make work from home arrangements as required. Put employee safety first by restricting all business travel, then suspended all business travel as the situation escalated. Postponed events, conferences and large-scale meetings. Implemented mandatory work from home protocol when we deemed it necessary. Utilized our (already in place) Emergency Communication Management System (Everbridge) which enables us to deploy multi-modal communication to employees in an emergency. The most important thing we did was be brutally transparent in our communications and honest about what we knew and what we didn’t know. We also make it a point to improve on what we learn from past incidents including fires, earthquakes and weather-related emergencies. This event will change our landscape for sure and maybe even the way we work going forward, but we will emerge even stronger than before as an organization and apply what we have learned from this event to protect ourselves in the future. At XYPRO we feel the benefits of making it as easy as possible for our employees to work from home well in advance of a national emergency being declared, far outweighs the costs, the potential risk of mass infection or people leaving us because we failed to prioritize them in a crisis. We will only know in hindsight whether the decisions we made were 100% necessary, or if we were overly cautious, but we believe our caution is the reason we’ll even have the opportunity. #### President Biden’s Cybersecurity Order 101: The Essential Guide On May 12th, 2021, President Biden released the “Executive Order on Improving the Nation’s Cybersecurity”. It’s primary goal is to secure our national digital landscape. What we’re seeing is an overdue, full-force reaction to the threats to cybersecurity and operational infrastructure.  This order is primed for success due to the increase and impact of cyberattacks targeting the US government and critical infrastructure. The size and scope of this document would imply that it has been something in the works for some time.  It’s a lot to read and it can be hard to discern how the digital community will be required to respond to it, but we will break it down... Much of the document is a delegation of assignments to discover the gaps in our nation’s security implementations. It also calls upon the vast array of governmental agencies to remove barriers to sharing threat information  among one another when breaches, malware and unauthorized data is distributed.  This is a watershed moment for cybersecurity because federal agencies are now required to implement multi-factor authentication (MFA) across their IT environment. In terms of cybersecurity protection, MFA provides the best bang for the buck. It's only a matter of time before this requirement makes it down to the financial services and the payments industry as well as other critical infrastructure sectors. Another focus area are the risks posed by third parties. Most of these attacks have found their way into government agencies through insecure third parties. This executive order requires all third parties working with the federal government to strictly adhere to these basic, yet powerful guidelines or risk losing their contracts and being blacklisted. Software vendors will now be responsible to adhere to strict security and development guidelines if they wish to continue to supply technology to government agencies. These guidelines include: Disclosing how much open-source code is used in their code Government entities will have to create lists of software that is integral to their functions so that they can be examined and cleared for use. Software providers will be asked to house their coding divisions separately in secure buildings Maintain a ‘provenance’ on all code that is utilized that was not written in-house. Provide a purchaser a Software Bill of Materials (SBOM) for each product Other notable items of the order include: Modernizing Federal Government Cybersecurity. Advancing towards a Zero Trust Security Model Centralize cybersecurity data and analytics for quickly identifying breaches Enhancing Software Supply Chain Security.  Establishing a Cyber Safety Review Board Improving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Networks Improving the Federal Government’s Investigative and Remediation Capabilities.   XYPRO, and many other cybersecurity firms, have been advocating for years about the need for government and regulatory oversight to prevent incidents such as the SolarWinds, Microsoft Exchange, Colonial ransomware and so many other unpublicized attacks. Biden’s new executive order seeks to pull back-burner issues into the spotlight to ensure the necessary focus and resources are available at the federal level to address cybersecurity threats, This much-needed government oversight to technology and cybersecurity is intended to ensure all government contractors and vendors comply with the basic cybersecurity principles such as Multi-Factor Authentication, Incident Response and threat detection or face being blacklisted.  XYPRO provides security solutions that ensure financial services, payment processors, and other critical infrastructure business sectors are properly secured and actively monitored for security threats.  Utilize XYPRO service and support to achieve full compliance with these coming directives so your business is primed and ready to meet these tighter security objectives. Steve Tcherchian Chief Product Officer XYPRO Technology #### Prioritize Your CyberSecurity Initiatives XYPRO 2022 Roadmap Update XYPRO’s Chief Product Officer, Steve Tcherchian presented XYPRO’s 2022 Product Roadmap Update including how recent XYGATE updates help you meet your 2022 ZERO trust goals and cybersecurity objectives. Get an insider’s look into new features and functionality that maximize your XYGATE security investment. Join Steve as he discusses XYPRO’s latest advances in Multi-Factor Authentication (MFA), Compliance and Anomaly Detection. You’ll also be updated on HPE NonStop integrations with Splunk, SailPoint, CyberArk and ServiceNow. Click the link below to watch. Prev 1 of 1 Next Prioritize Your CyberSecurity Initiatives - XYPRO 2022 Roadmap Update - Webinar 2.17.22 Prev 1 of 1 Next #### Proactive Security and Threat Detection - it’s not That SIEMple Proactive Security and Threat Detection - it’s not That SIEMple Real-time threat detection is an indisputably critical element for maintaining operational integrity across a rapidly changing mission critical environment. Knowing when your system has been compromised quickly can make the difference between a controllable incident and a headline grabbing, catastrophic data breach. Most organizations cannot assign the time necessary to proactively monitor their environment.  Investigating potential incidents is a manual and time consuming process requiring resources to collect, correlate and search through multiple, disparate logs looking for the answer to whether something is a real incident. It’s looking for a needle in a haystack while more hay is piling on.  To do this very heavy lifting, most rely on Security Incident Event Management (SIEM) systems - such as SPLUNK or IBM QRadar. The truth is, a SIEM-only reliant security strategy is unsustainable  and leads to a false sense of security that your SIEM is the ultimate authority on security threat detection and alerts. Unfortunately, SIEM technology is limited by the types of data and devices it is aware of on which it can alert. It’s all Just Too Much Even when the most basic, mandatory signatures and rules are applied, SIEMs alert on way too many events that are neither suspicious nor urgent.  You really don’t want to be alerted on every possible incident. It would prove impossible to investigate them all and so there would never be any progress.  You want to identify, in real-time, security events, driven by actual malicious activity. Such massive amounts of raw activity also impact the quality of SIEM responses. SIEMs without environmental and industry context are not able to detect what’s business as usual vs. unusual but acceptable activity vs. what’s a legitimate potential threat. The unavoidable “alert overload” means security personnel eventually tune out alerts , making it easy for malicious activity to slip by, making the SIEM something used only when “looking back” for analysis. Obviously that means you’re too late. The longer it takes to figure it out, the further ahead the criminals get, the more expensive the damage will be. SIEM Limitations SIEM results are based on log data only. SIEMs are not contextually aware of HPE NonStop servers and other non-commodity devices, their applications or data. Due to lack of context, SIEMs have a very high false positive rate and are very “noisy”. Because of a fragmented SIEM market, there is a lack of standardization making it  difficult to detect events of disparate types SIEMs rely on binary values or thresholds for alerts. SIEMs don't know what they don't know They’ve got you when it comes to fees! To add to the complexity, most SIEM vendors base license fees on the volume of data they consume.  This is definitely to their advantage. The data required to detect a breach is increasing. In fact, the more data you have on which to base your analysis on, the better your results.  Unfortunately for you, that means SIEM license fees will only go higher. There’s a Better Way Industry experts (and anyone responsible for SIEM management) say that current SIEM technology has reached limitations, which makes it inefficient without additional investments in technology and personnel to deal with modern cybersecurity threats.  Put that investment in solutions that automate real-time detection activity. This type of automation for investigating “in flight” activities with real correlation and the proper contextualization, can free up resources by nearly 80%.  Financial Analysis/Cost Savings1 Benefit Year 1 Year 2 Year 3 TOTAL Compliance $172,800 $177,984 $183,324 $534,108 Risk Reduction $215,338 $215,338 $215,338 $646,164 Security Ops Improvements $66,560 $68,557 $70,614 $205,731 Threat Intelligence Savings $47,600 $49,028 $50,499 $147,217 Total Benefits $502,298 $510,907 $519,775 $1,533,220 Let’s Make it all More Efficient XYPRO’s XYGATE SecurityOne (XS1) is a security intelligence and analytics solution that automates the activity necessary to actively detect threats by combing through data in real-time and intelligently highlighting the actionable incidents that need immediate attention. Not only does XYPRO possess unique expertise in this area, but our contextualization technology is patented.  XS1 consumes data not only via logs, but also a variety of agents and other sources unique to XYPRO and relevant to the NonStop server. For example, the XS1 Integrity Monitoring (FIM) module efficiently monitors and alerts when key files or system configurations are viewed, deleted, modified or ownership has changed. It has the ability to identify who made the change and if the change put the system at risk or violated a policy. This intelligent form of real-time integrity monitoring simplifies monitoring activity and helps meet the strictest of compliance requirements. Let’s Make it Worth it XS1 does not rely on a consumption based licensing model. It is licensed per connected server. The cost for each XS1 module remains the same regardless of the volume of data it consumes. For example, when 10 HPE NonStop events are forwarded directly to the SIEM, all 10 events have an effect on the SIEM license fees. With XS1, those same 10 events can be sent to XS1, which will then be correlated and a single contextualized incident to be forwarded to the SIEM. This means instead of the SIEM receiving 10 raw events, it would receive a single incident, resulting in up to a 90% cost saving on SIEM license fees. XYGATE SecurityOne identifies and tracks changes across your NonStop IT environment much more efficiently than SIEM technology alone.  By sending contextualized XS1 data to your SIEM, you’re now able to incorporate enriched NonStop data with meaning that can be coupled with data from your other platforms and applications to paint an overall risk profile of your IT environment. You’re suddenly nimble and able to quickly address real threats as they’re happening and BEFORE they do damage. 1Projected ROI over a three year period for a large US Based financial institution with multi-node NonStop environment #### Protect Sensitive Data: #3 - Top 10 List of NonStop Security Fundamentals Because high-availability and fault-tolerant systems need strong security Over the last several months, we’ve covered some very important concepts in our Top 10 countdown of NonStop security fundamentals— you can review items #4 to #10 on XYPRO’s website and LinkedIn page. Now, we’ve reached #3 on the list. Throughout much of the first seven security fundamentals, the focus was on effectively managing access to the HPE NonStop server and controlling and monitoring user access and activity. Obviously, those are absolutely must-have security requirements for mission critical systems. Now, however, let’s consider the data that’s being processed or stored on NonStop systems. Given the high-value business applications and processes that are often run on NonStop servers (such as those related to payments, financial services, telco, healthcare, energy, manufacturing, etc.), it’s likely that there is a significant amount of sensitive data that must be protected. And this data—whether it’s credit card information, payment transactions, health information, social security numbers, customer details or some other type of sensitive information—is the most high-value target for hackers and cyber-criminals. Keeping sensitive data safe is the topic for NonStop Security Fundamental #3. #3: Protect sensitive data Two very effective approaches to protecting data-at-rest and in-transit are encryption and tokenization: 1. Encryption. Encryption is the process of using an algorithm to securely transform data into a meaningless form using a secret key. Data can only be accessed in live form by the trusted system that has the appropriate authority to use the private or secret key to decrypt it. Encryption of electronic data typically uses the Advanced Encryption Standard (AES). AES is an industry-proven standard that was announced in 2001, by the U.S. National Institute of Standards and Technology (NIST). Traditional modes of AES significantly alter the original format of the data and so have a big impact on data structures, schemas, and applications. For example, encrypting a standard credit card number with traditional AES-CBC mode will result in a string containing non-numeric data, which may also vary in length from the original card number. This obviously creates a major implementation problem for companies seeking to use AES. To address this issue, a new mode of AES, called “Format-Preserving Encryption” (FPE), or AES-FFX mode, has been introduced which strongly encrypts live data while retaining the original format of the data. This replaces the data in the live system with a functional equivalent field which cannot be reversed without the associated key. With the FPE mode of AES, data can be encrypted without having to then change database schemas and applications to accommodate the encrypted data. FPE is often used for “Personally Identifiable Information” in transit and storage as a standards-recognized protection and compliance control, or for credit card capture from POS ecosystems or e-commerce platforms. 2. Tokenization. Tokenization does not transform data but instead randomly maps a live data field to a functionally equivalent surrogate value (i.e., a “token”) which replaces the real data. Since tokens do not represent actual data, they can be shared and stored without risk of data loss. To convert a token back to real data, a system (or application) needs to use the tokenization server which hosts the random mapping table to return the token to its original value. First generation tokenization systems used a database for this mapping approach. Tokens can also retain the original format requirements so the impact on existing data structures and applications is mitigated and, since the token can only be reversed exclusively by the token server itself, systems using tokens may be taken out of scope for compliance purposes (e.g., PCI-DSS compliance). However, a major disadvantage of traditional tokenization has been the complexity of managing token databases (such as handling token “collisions”, backup and recovery, scalability and performance). Next generation tokenization solutions are available that address these issues. For example, XYPRO offers Voltage Security “Secure Stateless Tokenization” (SST) which removes the need for a token database and enables higher-performance, lower costs and simplified deployment. Also, by eliminating token databases, SST takes away high-value data targets for hackers and reduces the risk of data breach. Notably, Voltage SST runs natively on HPE NonStop, IBM z/OS and Open systems. For some companies, modifying their NonStop application (like BASE24 or Connex) to use encryption or tokenization is a major challenge and has prevented them from fully protecting their data. For these types of NonStop server users, XYPRO has developed XYGATE Data Protection (XDP) which enables NonStop applications to use Voltage encryption and tokenization without changes to the application. So, that’s #3: Protect Sensitive Data. Data can be an organization’s most valuable treasure and it’s a major target for cyber-criminals. News headlines are full of stories about data breaches and stolen information—often from some of the world’s leading technology companies. Encryption and/or tokenization are critical solutions for protecting sensitive data, reducing the scope of regulatory compliance, and neutralizing the impact of a data breach. Stay tuned to the XYPRO blog site—next up on our list is NonStop Security Fundamental #2. Also, get notified automatically when new XYPRO blogs come out by following XYPRO on LinkedIn or Twitter. For more information or help: More in-depth information and guidance on these security subjects are available in XYPRO’s NonStop security handbooks: HPE NonStop Server Security: A Practical Handbook and Securing HPE NonStop Servers in an Open Systems World: TCP/IP, OSS and SQL. You may also contact XYPRO for assistance. For over 30 years, XYPRO has provided NonStop security solutions and services that help companies protect their NonStop systems and comply with industry regulations (such as PCI DSS, HIPAA, and SOX). #### Protect Your Remote Workforce with Multi-factor Authentication Prev 1 of 1 Next Protect Your Remote Workforce with Multi factor Authentication Prev 1 of 1 Next All it takes is one compromised account to one legacy application to cause a data breach! According to Microsoft, 81% of data breaches occur because of weak, default, or stolen credentials and 99% of those attacks can be blocked by implementing Multi-Factor Authentication (MFA). MFA is an authentication method where a user is granted access only after successfully presenting two or more of the following pieces of information: Something you know (password) Something you have (security token) Something you are (biometrics) With the unfortunate increase in COVID-19 phishing scams targeting your remote workers, isolated from their day-to-day environments, there is no better time to implement multi-factor authentication across your critical applications, servers, and services. Join XYPRO’s Chief Product Officer & CISO, Steve Tcherchian to learn how to leverage XYGATE User Authentication (XUA). Already on your HPE NonStop servers and ready to use with no additional software or infrastructure investment, XUA provides strong, industry-standard, multi-factor authentication. XUA extends HPE NonStop security by integrating with enterprise authentication solutions like Microsoft Active Directory, RSA, Google Authenticator, and many others. Now, XUA elegantly delivers those same, rock-solid protections to your NonStop applications.      Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. Steve is on Forbes Technology Council, the NonStop Under 40 executive board, and part of the ANSI X9 Security Standards Committee. With over 20 years in the cybersecurity field, Steve is responsible for strategy and innovation of XYPRO’s security product line as well as overseeing  XYPRO’s risk, compliance, and security to ensure the best experience for customers in the mission critical computing marketplace. Steve is an engaging and dynamic speaker who regularly presents on cybersecurity topics at conferences around the world. #### Quantum Computing and the Ticking Clock: Why Mission-Critical Workloads Can’t Ignore This Risk If you’re responsible for mission-critical workloads—whether that’s processing payments, running a power grid, safeguarding patient records, or securing government communications—your world revolves around one concept - Trust. We trust that encryption keeps sensitive data confidential. We trust that digital signatures prove identities and preserve integrity. We trust that cryptography is the invisible shield protecting our operations and chaos. But there’s a silent clock ticking over our heads: quantum computing. To be clear—we’re not days away from quantum computers cracking the internet wide open. But the threat is no longer theoretical. For those of us whose workloads can’t afford compromise or downtime, waiting until it’s real is a dangerous plan. And before we even get to quantum risk, it’s crucial to remember that many environments still lack strong encryption altogether. Organizations should make sure sensitive data is already protected today, rather than waiting for future quantum-safe solutions. The Quantum Difference Classical computers process bits that are either 0 or 1 - one state at a time. Quantum computers, on the other hand, use qubits. A qubit isn’t just a 0 or a 1—it can exist in a special state called superposition, where it’s partly 0 and partly 1 at the same time. Think of it like a coin spinning in mid-air, holding the possibility of both heads and tails until it lands. Because qubits can be in many states simultaneously, quantum computers can process multiple possibilities in parallel rather than checking each one in sequence. It’s worth clarifying that quantum computers don’t simply perform brute-force attacks faster. They can exploit fundamentally different algorithms, like Shor’s, that solve problems exponentially faster than classical machines. That’s why simply increasing key sizes isn’t a complete defense for certain cryptographic methods. Many of the cryptographic tools we rely on today—like RSA encryption and Elliptic Curve Cryptography (ECC)—secure workloads by protecting data, verifying identities, and establishing trusted connections. RSA relies on the difficulty of factoring large prime numbers, while ECC depends on solving complex mathematical problems. On classical computers, breaking these protections would take trillions of years. That’s why we’ve trusted these algorithms as the foundation for workloads that handle payments, medical records, legal documents, government secrets, and more. However, quantum computers running Shor’s algorithm could solve these problems exponentially faster. Instead of trillions of years, projections show that a quantum computer with about 20,000 qubits could crack RSA-2048 encryption in under 100 days—a staggering drop from impossible to merely time-consuming. As quantum technology evolves, that timeline could shrink to hours, minutes, or even seconds. That shift turns quantum computing from a distant curiosity into a real and growing threat to the cryptographic backbone that keeps data private and operations secure. Harvest Now, Decrypt Later Even though quantum computers can’t crack today’s encryption - yet - attackers don’t have to wait. They can steal encrypted data today and store it until quantum computers catch up—a tactic known as Harvest Now, Decrypt Later. Think about the data flowing through your mission-critical workloads: Payment transactions Healthcare records Legal documents and contracts Energy grid operations National security communications Intellectual property and trade secrets Much of this data has a lifetime measured in decades. If attackers harvest it now, quantum breakthroughs in 5, 10, or 15 years could turn today’s secure data into tomorrow’s open book. Is Symmetric Encryption Safe? Many people ask: “Isn’t AES safe from quantum attacks?” Symmetric encryption like AES-256 is definitely far more resistant. Quantum computers only provide a quadratic speedup for breaking symmetric algorithms, meaning doubling the key size can effectively maintain current security levels. But here’s the catch: asymmetric encryption (RSA, ECC) is what we use for key exchange, digital signatures, and identity verification. If quantum computers break those, attackers could impersonate systems, intercept keys, and decrypt your supposedly “safe” symmetric sessions. It’s not just about encrypting data. It’s about being able to trust who you’re talking to and verifying that data hasn’t been tampered with. PQC: The Good News The encouraging part is the industry is not standing still. NIST’s Post-Quantum Cryptography (PQC) project has already selected new algorithms for standardization, such as Kyber for key exchange and Dilithium for digital signatures. Industry leaders are rolling out support for hybrid cryptography, combining traditional and quantum-resistant algorithms to ease the transition. The cryptographic community is working tirelessly to test these new methods for security, performance, and interoperability. All kinds of solutions and methods are being worked on to locate and identify potentially at risk assets. XYPRO and HPE are right in the middle of this. But PQC algorithms aren’t drop-in replacements. They require larger key sizes, different hardware performance characteristics, and careful implementation. For mission-critical workloads, especially those with real-time demands or regulatory constraints, adopting PQC will take planning and testing—not panic. Takeaways for Mission-Critical Industries Here’s what anyone responsible for mission-critical workloads should be doing—right now: ✅ Encrypt sensitive data now. Quantum threats matter, but so does today’s reality. Ensure your mission-critical workloads are already protected by strong encryption. If your environment still lacks encryption for sensitive data, make it a top priority. ✅ Map out your cryptography. Where do your workloads rely on RSA or ECC? It’s not just data at rest—it’s software updates, code signing, secure sessions, identity management. Inventory your encryption assets. ✅ Understand your data’s lifespan. How long does your sensitive data need to stay confidential? For many industries, that’s a decade or more—exactly the window quantum computers could hit. ✅ Consider tokenization where feasible. Unlike traditional encryption, tokenization replaces sensitive values with meaningless tokens, reducing the impact even if quantum breakthroughs arrive. While token vaults must still be protected, tokenization is another tool to reduce exposure to future threats. ✅ Start your PQC roadmap. Don’t wait for a quantum panic. Evaluate hybrid solutions, pilot test new algorithms, and talk to your vendors and partners now. ✅ Stay informed. Standards are evolving quickly. Algorithms under review today could become the new normal in just a few years. Keep your team educated and ready. Quantum computing is the classic example of a threat that’s unlikely today, but if left unmitigated, could have enormous consequences tomorrow. Planning for these “low probability, high impact” events is exactly what mission-critical workloads are built to endure. If we don’t start preparing, we risk being caught off guard by attackers willing to wait for quantum breakthroughs to exploit the cryptography we trust today. When quantum day comes, will your systems and workloads be ready? Safeguarding mission-critical workloads can’t afford to wait. Inventory your cryptographic dependencies, explore post-quantum solutions, talk to your vendors and partners like XYPRO and ensure your data stays protected. The clock is ticking. #### Ransomware Attack on Election Software Vendor Raises Alarms in Cybersecurity Community     Washington Examiner October 2, 2020 -- Ransomware Attack on Election Software Vendor Raises Alarms in Cybersecurity Community ... It’s unclear if the attack on Tyler Technologies was part of the campaign by Russia, China, and other countries to influence the U.S. election. Still, some security experts said the attack fits in with the broader mission to create distrust about the U.S. election system. “Political campaigns are easy targets with big rewards,” Steve Tcherchian, chief information security officer at XYPRO Technology, a cybersecurity analytics vendor, told the Washington Examiner. “We saw during the 2016 election how an improperly secured home email server can do insurmountable damage to a campaign. It potentially influenced our entire election, thus influencing how policies are set, what priorities are focused on, and how relationships between countries are handled.” Ransomware could be a useful tool for cyberattackers looking to dispute the election, he added. “Criminals love panic and chaos,” he said. “They’ll use every opportunity to exploit the situation. There is a lot of damage that can be done to a campaign by ‘ransomwaring’ a PAC or a consulting firm supporting a campaign.” ... To read the full article visit msn.com #### Ransomware attacks: is there a case for paying up? To pay or not to pay? For companies unfortunate enough to be hit by a ransomware attack, that is the crucial question. Ransomware attacks — in which cyber criminals lock up a victim’s data or computer system and release it only if a ransom is paid — exploded in 2020 and 2021, in part because a shift to remote working during the pandemic left organizations more vulnerable to hacking. But the tide appears to be turning. In its mid-year 2022 Cyber Threat Report, US security company Sonic­Wall identified a 23 percent drop in the number of ransomware attempts. It attributed this to several factors — including a “downward” trend in the number of organizations willing to pay cybercriminals. Steve Tcherchian, chief information security officer at XYPRO, a cyber security solutions company, says that, in many cases, companies “don’t have a choice but to pay a ransom”. But he adds that “a lot of that is their own doing” due to lax cyber security practices. Having a clear incident response plan, and multiple backups of data is vital to guarding against having to pay out in the future, he says. That trend is borne out in the data gathered by those who help victims of ransomware handle the fallout. In 2019, 85 percent of ransomware cases handled by cyber security group Coveware ended in a payment. But, in the first quarter of 2022, that proportion had fallen to 46 percent. Read the article here #### Remote Work Skills vis-a-vis Remote Work Productivity Mercer | Mettl, Updated June 23, 2020-- Remote Work Skills vis-a-vis Remote Work Productivity Given the extenuating circumstances around the need to work from home, the added concern of the COVID-19 virus, and for many, the addition of homeschooling makes it challenging to compare ideal competencies to a traditional working from home scenario. For working from home due to COVID-19, patience, trust, adaptability, strong communication, stress management, organizational skills, and the ability to multitask are going to help set up an employee for success in this environment. Melodie Bond-Hillman, PhD. Senior Manager - Human Resources & Administration, XYPRO Technology Corporation Click here to read the full article. #### Repelling A Ransomware Attack Steve Tcherchian of CISO+XYPRO On The 5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack Ransomware attacks have sadly become commonplace and increasingly more brazen. Huge enterprise businesses, gas pipelines, universities, and even cities have been crippled by ransomware and forced to pay huge ransoms. What can an individual or a business do to prevent and repel a ransomware attack? In this interview series, we are talking to cybersecurity experts who can share insights from their experience and expertise about the “5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack.” As a part of this series, I had the pleasure of interviewing Steve Tcherchian. Steve is Chief Information Security Officer at XYPRO, a leading cybersecurity analytics company. He is on the ISSA CISO Advisory Board, the NonStop Under 40 executive board and is part of the ANSI X9 Security Standards Committee. Steve is a regular contributor to and presenter at the EC-Council. With almost 20 years in the cybersecurity field, Steve is responsible for strategy, innovation and development of XYPRO’s security product line as well as overseeing XYPRO’s risk, compliance and security to ensure the best experience to customers in the Mission Critical computing marketplace. Backups — The best way to combat ransomware is ensure security best practices are implemented and you have working/verified backups. Steve Tcherchian Chief Information Security Officer XYPRO Technology With the acceleration of hardware-based vulnerabilities, we’ve started to see more firmware targeted ransomware. This is particularly destructive because with crypto ransomware, as long as you have current, working backups, you can wipe the computer, reinstall the operating system, restore your data and your system is back to normal in no time. With firmware-based ransomware, you can reinstall the operating system and recover the data all you want. The ransomware is hidden with a hardware components firmware and just keeps coming back. This essentially renders your entire computer useless. Read the Article #### Resilience and Adaptability - Evolving Your Security with Confidence! The digital landscape is changing faster than many organizations can keep up with. Data breaches, sophisticated ransomware attacks and critical vendor missteps aren’t just a nuisance; they’re real threats that halt operations, compromise sensitive data, and disrupt economies. Yet too many companies rely on outdated IT strategies that can't keep pace. Sticking to what’s familiar just doesn’t cut it. The days of static cybersecurity playbooks and siloed tools are over. Every part of our IT and operational ecosystems must adapt quickly to new and unpredictable risks. This means rethinking outdated assumptions, re-evaluating risk tolerances, and adopting strategies that integrate all areas of the business. To effectively withstand modern threats, we need agile, preemptive, and resilient systems that span not only new digital infrastructures but also legacy systems, third-party providers, and entire supply chains. Looking forward, this mindset shift is critical. We’re not just securing systems—we’re securing the entire backbone of our organizations and in most cases, our economies. It's time to challenge what’s familiar and commit to a new era of security thinking that doesn’t just react but anticipates, adapts, and ensures resilience at every level. Embrace Continuous Assessments as an Ongoing Practice One of the first steps in this journey is shifting our mindset on cybersecurity assessments from that of a routine obligation to a critical necessity.Testing your defenses only during audits or after incidents is a missed opportunity. Waiting until something goes wrong puts your organization perpetually one step behind.Threats don’t wait for audits, and neither should your defenses. Companies must recognize this and shift their approach, making continuous assessment a cornerstone of their cybersecurity strategy. This isn’t about just checking boxes; it’s about challenging every part of the system, even during stable times when everything appears to be running smoothly. Adopting continuous assessments as a standard practice uncovers hidden vulnerabilities and pushes your teams to think creatively to develop a proactive security culture. By transitioning to an offensive mindset, assessments will expose weaknesses that static defenses miss. This isn’t just about finding gaps; it’s about embedding a dynamic, forward-thinking approach to cybersecurity, where every layer and role within your organization is empowered to anticipate and respond to threats with heightened awareness. This proactive stance isn’t just an advantage—it’s essential for protecting your business and your customers. Shift from Reactive to Predictive with Strategic Threat Intelligence For far too long, cybersecurity has operated in a reactive mode. Even regulatory compliance is a backward looking activity. Building a predictive, intelligence-driven model means understanding not just what threats are emerging but why. With high-profile breaches like the Change Healthcare and CDK Global incidents in 2024, rapid action was critical. Imagine if their teams had access to intelligence that pinpointed evolving tactics before attacks occurred. This kind of intelligence focused on understanding threat actor motivations and identifying new methods allows leaders to preempt attacks, not just respond. The goal is to transition from reaction to preemption, embedding threat intelligence as a core part of your strategy. Securing the Third Party Supply Chain Securing third parties is an often overlooked aspect. Many organizations focus on their own defenses while overlooking the vulnerabilities that third-party providers and other critical suppliers may introduce. When third-party security isn’t prioritized, the consequences can be devastating. In the infamous Target breach, attackers gained access to Target’s systems through a third-party HVAC vendor, compromising over 40 million credit card accounts. Similarly, in the case of the SolarWinds attack, attackers infiltrated thousands of companies through vulnerabilities in SolarWinds' software, used by countless third parties. These incidents show how a single weak link in the supply chain can open the door to large-scale breaches. Leaders must take a proactive approach by thoroughly assessing third-party vendors, setting strict security standards, and regularly monitoring compliance to prevent such costly and damaging incidents. Design Systems to ‘Fail Smart’ Rather than ‘Never Fail’ Planning to achieve perfect uptime is unrealistic. Instead, IT leaders need to adopt a ‘fail smart’ strategy, where systems are designed to be adaptable, resilient and can minimize the impacts of a failure. This MUST start with a thorough assessment to understand the current state of your systems. This will identify where your gaps and biggest vulnerabilities are. From here, reducing the attack surface becomes a critical priority—by limiting access points, segmenting networks, and stripping down unnecessary components, you minimize the paths attackers can exploit.  Once the attack surface is reduced, systems can be built to recognize, isolate, and respond to issues autonomously. Imagine a manufacturing environment facing a ransomware attack; if each layer is designed to ‘fail smart,’ it can contain and quarantine the affected systems, allowing the rest of your production operation to continue smoothly without disruption. This approach creates true resilience—not by preventing every failure, but by enabling quick, intelligent recovery. By shifting the focus from perfect uptime to strategic continuity, we can develop infrastructures that can withstand attacks and adapt and grow stronger. This is the foundation of a modern, sustainable cybersecurity strategy. Manufacturing environments are increasingly vulnerable to this, as recent ransomware and data breach incidents have demonstrated. In August 2023, The Clorox Company, experienced a massive ransomware attack that completely shut down their production lines and disrupted operations for over a month. The attack led to manual order processing, product shortages, and direct costs of $49 million, with total losses estimated at $356 million. This was partially due to weak segmentation between its IT and OT systems. To recover, they adopted a comprehensive cybersecurity overhaul that included network segmentation, continuous threat monitoring, and a rapid-response fail smart strategy. They also implemented regular employee training and updated their legacy systems. This response will help properly position them to prevent and survive future attacks. With interconnected operational and information technology systems, the risk of a single attack causing widespread disruption is high. Leaders must address this vulnerability by implementing strict segmentation between IT and OT networks, limiting lateral movement during breaches. Real-time monitoring of OT environments allows early detection of anomalies, enabling swift response to potential threats. For example, the CDK Global ransomware attack highlighted how downtime can impact production timelines and disrupt entire supply chains. To mitigate this, IT leaders in these industries should ensure that security strategies cover both digital and physical assets, recognizing their interconnected nature. Setting a New Standard with a Trusted Partner Having trusted partners who bring deep expertise and proven solutions to the table is essential. With decades of experience, HPE, XYPRO, and the HPE NonStop platform are uniquely positioned to help your organization navigate today’s complex cybersecurity and regulatory landscape. We understand that resilience, adaptability, and proactive security aren’t just ideals—they’re necessities. Our teams bring a blend of technical expertise and industry insight helping organizations protect their assets and anticipate future challenges. We can help you evolve with confidence. By partnering with XYPRO, you gain access to experts, strategies and tools tailored to meet the demands, equipping you to secure your operations, strengthen your defenses, and build the resilience needed to thrive.   #### Secret CSO: Steve Tcherchian, XYPRO Technology IDG Connect December 17, 2020 - Secret CSO: Steve Tcherchian, XYPRO Technology What was your first job? At 15 years old, I was a data entry intern. Repetitive tasks have never been appealing for me. I quickly figured out a way to automate my data entry work which allowed me to come in late, leave early and take 3-hour lunch breaks, all while getting my work done. Unfortunately, the company I was working for didn’t really see the benefit in my automation and decided to let me go. Oh well. At 17, I was in my senior year of high school and had a full-time job. I would often start my days very early and not finish until 2am — 6 days a week. I didn’t have a mentor at that age, so I had to decide for myself what was right and wrong. How did you get involved in cybersecurity?  I was always good with technology. I was always curious, and I always enjoyed taking risks. I still do.  At a very young age, I would break things just to see how they worked and tried to put them back together. I wasn’t always successful and would often get in trouble for it. What advice would you give to aspiring security leaders? “My best advice for career trajectory is no amount of formal education can substitute for hands on hard work and real-life experience.” This translated over to when I got my first computer at 9 years old – a Packard Bell 286. I would constantly take it apart and put it back together — again, not always successfully. Once I got bored with that, I began writing programs. I spent a lot of time on iRC, AOL and Usenet groups sharing programs, or Warez and meeting other like-minded people. I would run home from school, sign on using my dial up modem and continue writing programs, until my mother would yell at me because the phone didn’t work. This allowed me to realise my capabilities — both good and bad. I started joining “groups”. As the internet started gaining more popularity, we would have fun online, we would be annoying, sometimes disruptive, but we didn’t see it as harming anyone. Social engineering wasn’t really a thing back then, but it existed and those who knew how to use it, used it to their advantage. We were kids in our early teens and didn’t really know any better. As time went on, some of my friends delved deeper into this type of lifestyle and started getting attention. I saw some of my friends getting into trouble with the law. I had to decide: Is this a path I wanted to follow? I have a lot of family and friends in law enforcement. I remember one conversation where a Sherriff’s Department friend of mine said “You know, the best criminals can make the best cops, because you already think like that.” The statement had a massive effect on me, and I consider it a turning point in inspiring my career. I knew most of the tactics, most of the strategies. After this conversation, I made a conscious decision to educate and help rather than damage and disrupt. I have had no regrets. What was your education? Do you hold any certifications? What are they?  I majored in Computer Science at California State University Northridge. I have a CISSP Certification, I am PCI-ISA and PCI-P certified. I have multiple Cisco and Microsoft Certifications and a couple of CompTIA certifications. When I was younger, I would often study and experiment on my own and challenge myself by taking certification exams.   To read the full interview, please visit IDG Connect. #### Secure Application Development in a Connected World Secure Application Development in a Connected World Applications are everywhere. Take a look at your mobile device and you will realize how integral applications are to everyday life. We use them to shop, bank, order dinner, get a ride, keep our house warm, even keep track of our children. But such modern conveniences do not come cheap. Our data needs to be shared with applications for them to provide value. In most cases, extremely sensitive information about us and our lives. Who we are, where we live, where our kids go to school, our daily patterns, habits, likes and dislikes. All this data is shared under the assumption and hope that the application creator is doing everything possible to protect our most personal information. As the Facebook/Cambridge Analytica scandal proved, that is hardly the case. Even more disturbing, that information was shared with Facebook’s knowledge. (Read more about Cambridge Analytica here. ) According to the 2018 version of Verizon’s Data Breach Investigations Report (DBIR), applications were the top attack vector when it came to information data breaches, exponentially surpassing common attacks such as backdoors or command and control (C2) vectors, even insider attacks. Why are Applications a Target? Most applications need data to provide value. YOUR data. A recent ZDNet article mentioned “Researchers at security firm Positive Technologies, tested 33 websites and services using its proprietary application inspector and found that banking and financial institutions were "the most vulnerable" to getting hacked.” Why? Because most applications are horribly insecure and developers do not follow security best practices when developing an application. Applications are designed for functionality, not security. Security is difficult and time-consuming, often adding delays to product launch and revenue generating activities. Database breaches are easy Applications store their data in a database in order to efficiently retrieve and make use of it for you. A database may contain everything from configuration data for the application to usernames and passwords, to critical information such as results of your last medical examination.  Some databases know whether you owe anyone money, what you posted on a social media app exactly 2 years ago, what socks you order online and much, much more. Needless to say, this single repository of data is a treasure trove for thieves and therefore is a huge target. One of the most common database attacks, and interestingly enough, also one of the simplest to protect against, is SQL injection (SQLi). This is an attack where malicious SQL statements are inserted into an entry field for execution. A successful SQLi attack can read sensitive data such as usernames, passwords, credit card numbers (and more), tamper and destroy data, execute administrative operations,  and worse. Below is an example of SQL Injection. This form accepts a username and password as input, validates the entry in a table called users and if both username and password match, grants the user access. There is no guarantee that a user will only enter a valid username in the username field. In the above example, a user has entered the partial SQL statement ‘ or ‘1’ - ‘1 and a blank password. The SQL engine interprets the command literally and since 1 will ALWAYS equal 1, grants the malicious user access to the application without a valid username or password. xkcd: Exploits of a Mom There are many different layers of security that can address SQLi. Independently each can have their flaws. However, layering multiple strategies together can give you comprehensive protection against this type of common attack. In the xkcd cartoon, Bobby’s mother suggests the database input should be sanitized. This should be done regardless, but using sanitization or input escaping does not plug the hole. It's a myth. This should be coupled with proper database permissions and always use prepared statements or parameterized queries when user input is required. Parameterized queries are the database engine’s natural defense against SQLi. Whitelist Maps are also an effective strategy to protect against SQLi in cases where escaping and parameterization doesn’t help.. If you’re interested in this topic, there are tons of great resources on the www.owasp.org website that describe an overall SQLi protection strategy. Patch your Applications POODLE, Heartbleed, Spectre etc are not just cute monikers for security vulnerabilities. They are very real and potentially dangerous holes. When an application vulnerability is identified, it is typically followed by a patch or new version to remediate the vulnerability. And with the proliferation of free and open source software, this activity becomes critically important. Often times, procrastination takes over and the application is not timely patched for a variety of reasons. This now leaves the application wide open to a published, and in most cases, publicized vulnerability. Security in your Application Development Lifecycle People often ask me how to change the mentality within their development organization to be more security focused. My standard response is “security cannot be left for the end”. Introduce security into your development processes early and re-introduce them often.  Education and reinforcement is key. I've listed a quick rundown of how security should fit into each phase of your software development cycle. The Requirements and Design Phase Ask the right questions early to avoid pitfalls that become very expensive to fix, post-production. What type of information will my application process? What does my data flow look like? What are the potential exposure points of the data? What standards need to be accounted for? Password policies, legal and regulatory compliance requirements, encryption levels Security Architecture Web Server, database, middleware, interfaces with other systems, operating system Involve your security/compliance/risk groups at this stage to avoid surprises and conflicts Development and Testing Phase Ensure security controls around your source code Use Secure coding standards Code reviews, Code Reviews, Code Reviews - oh...didI mention CODE REVIEWS? Automated code quality scanning tools Unit testing of security features Security awareness training for developers and testers Application Testing Ensure application meets requirements and standards set in the design stage Static and Dynamic Code Analysis Penetration Testing Security sign-off before deployment Production Release Just because you've launched your application and celebrated the big release with a party doesn't mean your work is done. In fact, congratulations, you got past the easiest stage. Now the real security work starts. Ensure you have security configured at every layer of the application stack of every layer Access control Lock down your Operating system and Platform Deploy a Web Application Firewall (WAF) Ensure application files are not modified File and System Integrity monitoring Continuously monitor to detect anomalies Alert quickly Create an incident response plan to deal with threats Don't wait until an incident happens to react Preserve forensic data Logs, audits Review for suspicious behavior   But Steve, What about Agile Development? Agile is a software development approach where requirements and development evolve through an iterative collaboration effort rather than planning the deliverables and keeping to the fixed plan. Since traditional planning processes don't always fit into this strategy and security is viewed as a Non-Functional Requirement, finding the right stage to introduce security into an Agile SDLC can be a challenge. But this is not impossible. A lot of companies have successfully integrated security in their agile development process. Netflix, Etsy, and Amazon to name a few. The key is to ensure your developers are empowered with knowledge and an understanding of the needs and tools required for secure software development. Security Awareness. While we can go much deeper on this topic, I’ve covered the basics of what application developers and others responsible for the application and its data should be aware.  Another great resource is the owasp.org website. Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit organization focused on improving the security of software. If you need help securely setting up your development environment or simply want a review to ensure everything is working as expected, please feel reach to reach out to us at www.xypro.com “The cost of removing an application security vulnerability during the design/development phase ranges from 30-60 times less than if removed during production.” Gartner, IBM and The National Institute of Standards and Technology Steve Tcherchian, CISSP CISO and Director of Product XYPRO Technology www.xypro.com @SteveTcherchian @XYPROTechnology #### Securing the Enterprise When Employees are Remote Permitting workers to split their time between their home and office can improve job satisfaction and, in some cases, productivity. However, hybrid work arrangements can introduce additional layers of complexity and risk to an organization's technology systems and data. As such, IT departments need to consider several security technologies, processes, and policies to guard against cybersecurity threats that can be more easily exploited by workers that are on the go or are working in insecure environments. For starters, security experts interviewed for this article highlight the importance of insisting that hybrid workers utilize virtual private networks (VPNs), which allow a direct, secure connection between their device and a corporate system, as well as virtual desktops (which ensures all activity and data remain within a corporate, secure environment) when accessing company information offsite. You don't want a game or app your kids downloaded three months ago to be the reason your company's network is now compromised. Steve Tcherchian Chief information Security Officer and Chief Product Officer XYPRO Technology IT leaders must also reinforce to hybrid workers that the most basic strategies used to mitigate security risks within a traditional enterprise environment are still relevant, no matter where a worker may be physically located, or what device is used to access network resources. Steve Tcherchian, chief information security officer and chief product officer at cybersecurity solutions company XYPRO, says that if a worker is permitted to use their personal devices, such as laptops or smartphones to access any company resources or networks, children, spouses, or others in the household should not have any access to these devices, given the possibility that malware or viruses could've been inadvertently downloaded. Read the article here #### Security Questionnaires: Why You Received One and How to Answer It Effectively Hyperproof Team posted on May 5, 202 - Security Questionnaires: Why You Received One and How to Answer It Effectively Information security used to be much simpler—or at least it seemed to be, right? In the past, most business applications were hosted on-premises and security teams guarded defined perimeters and secured corporate networks. Oh, how the game has changed. Right now your company’s probably working with dozens, if not hundreds, of third parties (e.g., SaaS vendors, cloud infrastructure, professional service firms) to handle all kinds of business processes. According to a Deloitte survey, more and more companies today engage vendors to fulfill critical business functions: 70% of businesses rate their dependence on outside vendors as moderate to high. Many vendors now have access to sensitive customer data while performing their jobs, and vendor-caused risk incidents have become incredibly common. In fact, 47 percent of businesses surveyed by Deloitte experienced a risk incident involving an outside vendor. Customers trust you with their sensitive data, and if you choose to work with a third-party vendor that doesn’t have adequate data protection safeguards, you’re putting your customers’ privacy and peace of mind in jeopardy and your own reputation on the line. Threats to customer data can come from a vendor whose IT team forgot to apply the latest patches to their own software, or from rogue employees within a vendor’s firm who are looking to exploit information for personal gain. Natural disasters or financial failure can shut down an unprepared vendor, leaving you in a position where you’re unable to deliver a mission critical service to your customers. Just how important is vetting your supply chain vendors today? "It’s absolutely critical as anyone engaged with your business is an extension of your business" Steve Tcherchian, XYPRO CISO and Chief Product Officer, says. "It’s absolutely critical as anyone engaged with your business is an extension of your business" - Steve Tcherchian Steve continues "Security questionnaires are part of due diligence today. Just like you would do your due diligence in any other business transaction, security needs to be considered part of that effort. Unfortunately, it’s too often an afterthought because it gets in the way of doing business. It can’t be treated this way because vendors are most targeted, and if something happens to them, it happens to you as risk can no longer be deflected to third-parties without consequence". These unfortunate outcomes can be avoided when organizations take the time to understand the risks each potential vendor poses and only work with those that have responsible security safeguards in place. Security assessment questionnaires help businesses ask the right questions to vet potential partners and make better third-party hiring decisions. Read on to see: . What topics are typically covered in a security questionnaire Tactical tips on how to effectively respond to a security questionnaire (because there’s a lot at stake if you don’t provide accurate answers) What questions to ask of your vendors within your own security questionnaire What is a Security Questionnaire? Security questionnaires are lists of often complex and technical questions, usually compiled by IT teams, to determine a company’s security and compliance posture. Distributing security questionnaires to vendor partners is considered a cybersecurity best practice across most industries today. The layout, format, and questions may differ between organizations, but all security questionnaires are designed to determine if a third party can be trusted to adequately protect sensitive customer information. Businesses across industries must evaluate all third parties on security posture, and security questionnaires are a standard step in the vendor procurement process today. To read the rest of this article, click here.   #### Servicenow Integration for HPE NonStop Servers It can be difficult to enforce proper change management in an expanding IT ecosystem. Inadequate change control exposes you to cybersecurity risks and compliance issues. Servicenow IT Service Management (ITSM) is the primary solution for IT change management in many environments. ServiceNow ensures that all activity is tracked and visible by using an approved change ticket. Integrating your mission-critical systems and applications with ServiceNow is literally “critical”. ServiceNow and XYPRO XYPRO’s ServiceNow add-on for XYGATE Access Control (XAC) integrates your HPE NonStop servers with Servicenow ITSM. XAC sessions validate privileged commands against Problem, Change, and Incident Tickets using a secure REST API for granting or denying execution based on the response from ServiceNow. This integration eliminates the time-consuming, post-processing manual effort required to match NonStop-executed commands with individual ServiceNow tickets. Flexible Ticket Validation The ServiceNow add-on for XAC validates privileged commands with ServiceNow based on any combination of the following factors: Ticket Number User System Date/Time Window Command Syntax And more… Even if the user has the necessary system permissions, privileged command execution is denied if the appropriate values cannot be validated with ServiceNow. This tightens security controls for privileged sessions and eliminates user error. Lightweight and Secure The ServiceNow add-on is a lightweight service that attaches to your existing XAC environment and sets up in minutes. Requests for ticket validation/verification are sent to predefined web service endpoints through secure REST API calls using a secure transport framework (SSL/TLS enabled). A TACL user interface prompts the user for ServiceNow ticket information and prepares the REST API request. The module includes a request template that you can easily extend to support new APIs or update to remove deprecated APIs as your requirements change. The module’s user interface processes the response from ServiceNow and either grants or denies access to the requested resource. For more information, please check out our recent webinar where our Chief Architect Jorge Alonzo shows us just how seamless we make integrating your HPE NonStop servers with ServiceNow ITSM. Eliminate complex, after-the-fact manual effort otherwise required to match NonStop executed commands with individual ServiceNow tickets. Servicenow Integration for HPE NonStop Servers Prev 1 of 1 Next XYPRO Servicenow Integration for HPE Nonstop Webinar Prev 1 of 1 Next #### Shore Up Benefits Cybersecurity During Open Enrollment Society for Human Resource Management (SHRM) September 2, 2020 -- Shore Up Benefits Cybersecurity During Open Enrollment TIGHTEN UP ENROLLMENT AND ADMINISTRATION. Employers can reduce opportunities for data to be stolen or compromised by modifying their open enrollment and administrative processes. For example, safeguard data more effectively by eliminating paper forms and instead using online enrollment that requires passwords and multi-factor authentication. In addition, requiring employees to actively enroll online instead of allowing them to default to the previous year's benefits selection "forces employees to log in and actively enroll in or decline benefits and review their home addresses, e-mail addresses and personal information to ensure their accuracy," said Melodie Bond-Hillman, director of HR and administration with cybersecurity solutions company XYPRO Technology Corp. in Simi Valley, Calif. Bond-Hillman also suggested that employers limit the open enrollment period to minimize the amount of time the benefits portal is open to employees and more vulnerable to a breach. She recommended reducing the use of employees' Social Security numbers as much as possible in benefits administration and instead assigning employee identification numbers. Employers and their benefits vendors must also be vigilant and look for unusual activity in employee benefits plans, and they should automatically confirm plan changes directly with employees, Bond-Hillman advised. To read the full article visit Society for Human Resource Management (SHRM). #### Simplifying Security for HPE Nonstop Systems with XYGATE SecurityOne 2.4 Organizations running mission-critical applications on HPE Nonstop systems require continuous visibility into system activity, configuration posture, and potential security risks. Security monitoring tools must provide that visibility while remaining straightforward to deploy and maintain.  XYGATE SecurityOne (XS1) was designed to give security and operations teams a centralized way to monitor their Nonstop environment, implement security best practices, evaluate security settings, and identify potential issues.  With the release of XS1 version 2.4, the platform introduces a simplified architecture designed to make deployment, operation, and maintenance significantly easier.  Simplified Deployment and Architecture  XS1 introduces a single, self-contained virtual appliance that simplifies how the platform is deployed and managed.  The platform is delivered as a single OVA image that includes all required components packaged together. Supporting services and application dependencies are built directly into the appliance, eliminating the need to provision and manage multiple supporting systems.  The appliance also includes an integrated data platform, removing the need to deploy or manage a separate database system. This eliminates the operational overhead associated with external database infrastructure and avoids the need for additional database licensing and dependency on external teams.  Deployment is guided through a simplified installer, allowing administrators to configure and deploy the system quickly and consistently.  With this architecture, organizations can deploy the complete XS1 platform from a single image and bring the system online quickly without coordinating multiple infrastructure components.  For infrastructure and security teams, this means:  A single OVA image contains the complete XS1 platform All required services and dependencies are included and pre-configured No external database infrastructure is required No additional database or component licensing is needed Deployment is guided through a simplified installer The result is a streamlined deployment process that allows organizations to move from installation to an operational system in minutes rather than weeks.  Simplified Maintenance and Upgrades  XS1 2.4 also simplifies how the platform is maintained over time.  Starting with this version, XS1 includes a patch and maintenance package that supports incremental updates to both the operating system and the XS1 application. This also enables organizations currently running the XS1 2.3 Virtual Appliance to upgrade directly to version 2.4 without redeploying the full appliance.   Instead of redeploying the entire virtual appliance when updates are required, administrators can apply patches incrementally.  This approach simplifies the update process, reduces operational disruption, and allows organizations to keep their systems current without redeploying the full appliance.  Improved Security Visibility  XS1 helps organizations monitor the security posture of their Nonstop systems by validating system configurations and identifying potential issues.  XS1 2.4 makes it easier for administrators to tailor compliance checks to their environment. Rules that are not relevant to a particular deployment can be adjusted or removed directly through the interface, allowing organizations to focus on the checks that matter most to them.  Reporting has also been enhanced so administrators and auditors can quickly see which checks passed, which failed, and which areas may require attention. Results are presented in a format that allows teams to quickly assess their security posture and share findings with relevant stakeholders.  XS1 can also export its findings to enterprise security monitoring platforms, allowing Nonstop security information to be viewed alongside data from the rest of the organization’s infrastructure.  To help protect monitoring data, XS1 now uses SHA-2 cryptographic hashing, strengthening the integrity of the information collected by the platform. Security Visibility Without Operational Complexity  The goal of XS1 has always been to provide organizations with clear visibility into the security posture of their Nonstop systems.  With the architectural improvements introduced in version 2.4 — including the single OVA virtual appliance, integrated data platform, simplified deployment process, and incremental patching model — organizations can deploy and maintain XS1 with minimal operational overhead.  Multiple organizations have already adopted the XS1 2.4 virtual appliance and have seen significant improvements in deployment speed and operational efficiency. By removing infrastructure complexity and streamlining installation and maintenance, teams can bring XS1 online quickly and focus their efforts on monitoring and protecting their Nonstop environment.  Organizations looking to simplify how they deploy and manage security monitoring for Nonstop systems can begin taking advantage of these improvements with XS1 version 2.4.  #### Smaller Employers Add a Personal Touch to Well-Being Benefits Society for Human Resource Management (SHRM)-- Smaller Employers Add a Personal Touch to Well-Being Benefits Mindfulness Matters When attracting and retaining employees during times of crisis, mindfulness matters, said Melodie Bond-Hillman, senior manager of human resources and administration at Simi Valley, Calif.-based XYPRO Technology Corp., a cybersecurity solutions company with 87 employees. "Regardless of company size, the real key in attracting and retaining employees in this new environment is the ability on the part of the employer to demonstrate flexibility and stability," Bond-Hillman said. "The degree of flexibility can mean a lot of different things, including flexible hours, work from home arrangements, flexibility with benefits, PTO and sick policies." It's important for employers to stay attuned to and aware of what matters most to employees, which could be easier for small companies to do, she explained. As for helping employees feel safe in the workplace, "smaller companies, in some cases, will have a perceived advantage due to numbers and the ability to control office density more easily, minimizing risk to exposure," Bond-Hillman said. While she acknowledges that a larger company may have the ability to put practices in place at an institutional level to reduce exposure to the virus, "a smaller company can listen to the voice of the employees more readily and address individual concerns more quickly, which could increase employee comfort levels," she noted. "Rather than focusing on one aspect of employee benefit as a decision point," she explained, "employees will be considering their total package and experience when seeking employment because they will need to choose the best fit for their new normal." Click here to read more. Dr. Bond-Hillman, an experienced Human Resources Leader and Trainer with a demonstrated history of working in a variety of industries joined XYPRO in 2017, bringing her 15+ years of skills in Employee Engagement, Recruiting, Change Management, and Management. Since joining XYPRO, Melodie has taken a leadership role in formalizing our HR function ensuring job satisfaction is treated as importantly as labor law compliance. Melodie has been instrumental in the implementation of increased employee benefits and modern approaches to compensation, career planning, cross-training and education. #### Social Media Scams: Stunning Statistics and Tips to Protect Yourself Social media scams are seeing a sharp uptick these days. The intensity and reach of social media scams have magnified enormously, especially after the pandemic. With the rise of technology, scammers have evolved their devious tactics. From imitating recognized brands, and well-known celebrities to duping on the pretext of dating or providing free gift cards, the deceptive methods of scammers have seen an upward trajectory only. The enticement has caused many users to lose their money; some have even lost their life savings. This research titled: 'Social Media Scams - Stunning Statistics and Tips to Protect Yourself' identifies and analyzes the prevalent social media scams. The research also explores a few factors practiced currently to prevent falling prey to scams. The survey further uncovers ways to protect oneself from unscrupulous social media scammers. Goodfirms carried out an online survey between 1st June 2022 and 8th June 2022. A total of 560 responses were collected. The survey queried selected social media users across the world on their encounters with scammers, victimization by social media scams, social media usage habits, and related perceptions. We essentially hand our personal information to criminals daily. Social media is the number one platform used by thieves to collect our personal info. Think about all the data you share on Facebook, Twitter, Snapchat, Instagram, Zillow, LinkedIn, etc. about your personal life. Where you go, what your kids did, where you work, your hobbies, etc. PERIOD! Because of social media postings, criminals no longer have to work hard. Steve Tcherchian CISO and Chief Product Officer at XYPRO GoodFirms’ survey revealed that 23.3% of users do not hesitate to share their personal life events on social media. 63.3% never share such details on social media, and 13.3% do share but with caution. 13.3% blur the exploitable details before sharing personal events on social media platforms. Read the entire article #### Speed of Risk Reduction Is the New Standard for Vulnerability Management Introduction  What happens when two enterprises discover the same critical vulnerability at the same time? One remediates it in a few hours. The other is still assessing it weeks later. How do they deal with it when an attacker finds it first?  The gap between them is not the tools; it is the speed of risk reduction. After all, for years, enterprise vulnerability management has been measured by coverage: how many systems are you scanning? How many vulnerabilities are you finding? How many are being corrected? Those questions still matter, but they are no longer sufficient. The industry has moved on, visibly accelerating.  To catch up, in April 2026, Anthropic launched Project Glasswing, a cross-industry initiative to secure the world's most critical software using AI. The initiative brought together AWS, Cisco, Apple, CrowdStrike, Google, JPMorgan Chase, Microsoft, Palo Alto Networks, NVIDIA, Broadcom, and the Linux Foundation. They are all of the opinion that the time from vulnerability discovery to exploitation has collapsed, and fastening remediation is the only meaningful response.  For enterprises running legacy HPE Nonstop environments and other infrastructure, this creates an urgent challenge. Enterprises across the world are making their modern stacks hardier than ever. Legacy platforms, if left out, become the easiest target. That is the gap Xypro security solutions are built to close.  Why Speed of Risk Reduction Has Become the New Benchmark  Traditional vulnerability management was built around periodic cycles: scan and audit periodically, then patch when you can. This made sense when the threat landscape moved slowly, and attackers needed time to operate against a new CVE. However, this does not work anymore.  Claude Mythos Preview, the AI model used in Project Glasswing, has already identified thousands of zero-day vulnerabilities across critical infrastructure. Now, the same AI capabilities are available to both defenders and attackers. Hence, the time between a vulnerability being discovered and being actively exploited has shrunk from months to days, and even hours.  AI-powered vulnerability scanning and remediation has been imagined for quite a while. However, it only became a reality with Glasswing. Companies are yet to utilize it properly for discovering and fixing CVEs. Enterprises are now scared of how cyber attackers will strike them and what the damage will be.  In this scenario, the critical metric isn’t the number of vulnerabilities found; it is the mean time to remediate (MTTR), or how fast it takes from detection to fixing. In short, the speed of risk reduction is the new benchmark.  Organizations that have introduced continuous, AI-assisted remediation into their security operations are already moving at a different speed than those that haven’t. HPE Nonstop vulnerability management is no different from them. Glasswing has confirmed what leading security teams have known for some time: this is the competitive standard now.  Problems Encountered by Legacy Systems  Enterprise legacy security may seem too huge a responsibility, but neglecting it can cause the problems due to issues like:  Legacy applications on the brink of failure but still being used have a greater chance of falling prey to security infiltrators.  Systems with a greater attack surface and hidden vulnerabilities in their environments make security invasions easier.  Old systems end up with compliance risks for GDPR, HIPAA, PCI DSS, etc., which can affect anyone from CEOs to employees.  Large-scale businesses are likely to be disrupted more, especially if there has been a breach that is widespread and massive.  Businesses with transitive relationships are often affected through a threat attacking and affecting one of their entities.  Vulnerability management blind spots are already causing several obstacles that require considerable expenditure of money, time, and resources. Remedying them is as necessary for the company as it is for its clients.  Legacy Platforms and the Speed Tax  Legacy systems are slower than modern ones in every aspect. This includes identifying vulnerabilities to subsequently rectify them. What that looks like include:  Little Native Support Modern scanners have little or zero native support for legacy applications. As a result, detection gaps cause vulnerabilities to sit undetected for longer before the remediation clock even starts. Limited Patching When patches do exist, applying them to legacy environments requires manual direction, change windows, specialist knowledge, and additional vendor support. Each step adds days to MTTR. No SIEM Integration Without integration into modern SIEM and SOC toolkits, alerts from legacy systems require manual assessment. This adds a couple of days to analysis time before any solid action can be taken. Periodic Audit Cycles Without continuous monitoring, a vulnerability found today might not appear in a report until the audit cycle of next week. This opens the chance for attackers looking for system exploitation. Restricted Access Control Having fewer access control modes in your system increases the chances of having more security risks. More attackers have the opportunity to enter your system and wreak havoc on it along the way. Custom App Complexity Legacy platforms often run custom applications with outdated dependencies, often transitive. Understanding the full effect of a vulnerability attack takes longer, causing delays in response. Each of these factors compounds the others. Consequently, the effect is enormous. Leave Project Glasswing and Claude Mythos security most organizations aren’t even close to the level of cyber awareness they need to possess. What Slow Speed of Risk Reduction Actually Costs  On December 31, 2019, Travelex, a major foreign exchange business, was hit by REvil ransomware (Sodinokibi) through an unpatched Pulse Secure VPN vulnerability (CVE-2019-11510). The vulnerability had been publicly known for months.  Through lateral movement, it spread to encrypt critical systems and apparently stole customer data worth 5 GB. The company paid $2.3 million in Bitcoin, went offline globally for weeks, lost jobs, and faced GDPR compliance exposure.  On October 29, 2023, the British Library suffered a ransomware attack by the Rhysida group, demanding 20 Bitcoins, or about £600,000 at the time. Since the Library did not agree, they released 573 GB of data, or about 90% of the staff and user information stolen, to the dark web.   The attack was caused by the compromise of third-party access. For months, services remained affected. Systems remained offline. Recovery cost an estimated £6-7 million.   In either case, the question is the same: how long was the time for exploitation, and what would faster remediation have changed?  How Xypro Compresses the Speed of Risk Reduction for Legacy Environments  XYGATE Aegis Scan is built specifically for HPE Nonstop environments that tools with Project Glasswing cybersecurity-comparable action can hardly cover. This means that aging OS and applications under HPE Nonstop are under its umbrella too. The product's value is measured in time, as follows:  No Manual Labor - Forget about manual processing – you get automated scanning with timely results.  Lightweight Application – Don't fret about weight; Aegis Scan takes little space and still works wonders.  No Extra Baggage – You need no custom connectors or transformation logic to connect to existing VMPs.  Scalable for Systems – Whether you have light applications or large, distributed ones, we can operate perfectly.  Standardized Output - Widely accepted formats of XML, CSV, or JSON are created for complete compatibility.  Flexible Usage – You get both scheduled and on-demand scans for regular as well as need-based usage.  Accurate Results – Get exact results, including the impacted system and danger levels, for precise operation.  All-Around Data – Be there vulnerabilities or compliance issues, you get full information regarding your apps.  Built for HPE Nonstop – HPE Nonstop software, old or new, is safe from CVEs with reliable results.  In short, what you get with XYGATE Aegis Scan is a measurable compression of the mean time to remediate legacy applications for HPE Nonstop environments, bringing legacy system remediation speed closer to the standard that the Glasswing era demands.  Building a Speed-First Vulnerability Management Practice for Legacy  For security teams responsible for legacy infrastructure, closing the speed gap requires a deliberate move in how vulnerability management is structured. Fast remediation for legacy platforms looms like:  Reframe your metrics, measuring MTTR, not just vulnerability count or level.  Audit your coverage gaps. After all, legacy environments need dedicated tooling.  Move from periodic scans to continuous monitoring to detect unseen exposures.  Integrate legacy security data into your SIEM and SOC workflows with the same response speed.  Include legacy in your broader AI-assisted security strategy for keen scrutiny.  Give extra, specialist training for legacy-specific risks not covered in standard certifications.  Enterprise vulnerability management in 2026 needs to include as many investigations as possible, as deep and precise as you can, for complete assurance of safety. Only then will the speed of risk reduction increase.  The New Benchmark Is Already Here  With Project Glasswing, it has become abundantly clear that we are no longer stuck in only legacy projects. There are examples of where old systems that required quick, even instant, checking did not do the needful and fell victim to cyber attacks that were, in retrospect, avoidable.  Speed is the need of the hour. Project Glasswing has made it possible to be aware of vulnerabilities from not day 1 but hour 1. How enterprises incorporate this into their agenda will show how serious they are about safeguarding their assets.  Xypro's XYGATE Aegis Scan brings the speed of risk reduction to legacy environments that the Glasswing initiative does not reach. Get continuous scanning, actionable remediation, and real-time visibility, built natively for HPE Nonstop, even legacy applications, scaled for the enterprise.  FAQs  What is the speed of risk reduction in vulnerability management?  The speed of risk reduction refers to how quickly an organization can move from detecting a vulnerability to fully remediating it. It is measured as the mean time to remediate (MTTR).  How does Project Glasswing affect legacy platform security?  Project Glasswing is focused on securing modern critical software infrastructure using the Claude Mythos Preview AI model by Anthropic. Legacy environments are not directly covered by the initiative, which means enterprises running these systems need dedicated applications to achieve a quickness comparable to it.  Why is MTTR more important than vulnerability count? Finding a vulnerability is only valuable if you can act on it quickly. Slow remediation leaves exploitations open for weeks, even months. MTTR is a more direct indicator of security in an environment where attackers move at breakneck speed. Can HPE Nonstop environments achieve fast remediation? Yes, with the right software, HPE Nonstop can execute faster remediation. Due to the slow scan pace of standard enterprise scanners, a default speed disadvantage is added even when you don’t want it. XYGATE Aegis Scan, built for Nonstop environments, enables continuous scanning and actionable reporting that compresses MTTR significantly.  What industries face the highest legacy remediation risk? Banking, healthcare, government, and manufacturing sectors carry the highest legacy infrastructure risk. These industries run mission-critical operations, have significant compliance obligations, and are high-value targets for cyber threats.  #### Steve Tcherchian discusses "ZERO Day" security issues with Rich Demuro on KTLA5 Zero Day. If it sounds serious, that’s because it is. Zero Day security issues recently happened to the iPhone, Google’s Chrome web browser, and the Windows operating system. “It happens all the time, it happens more often than you would realize. You’re not going to be able to work, you’re not going to be able to make phone calls, your files could be locked potentially forever, your kids’ pictures, all of that is in play,” Steve Tcherchian CISO, XYPRO Technology Corporation Prev 1 of 1 Next Prev 1 of 1 Next Hackers don’t even need to target you specifically. A website you visit could deliver malicious code to your devices. The best way to keep this from happening is simple: update your software. Read the article here. #### Steve Tcherchian Of CISO, XYPRO On What It Takes To Become A Cyber Executive Thank you for joining us in this interview series. Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up? How do you pronounce your last name? is the question I get asked most frequently. It’s easy; just drop the first letter and say the rest exactly as it appears. I am an Armenian American, as you would infer from my last name. In the 1970s, my parents fled the civil war in Lebanon and moved to the United States. Prior to that, my grandparents fled to Lebanon to escape the Armenian Genocide in 1915. I was proud and patriotically raised in Southern California, where I was born. I still have relatives in Lebanon and Armenia, and I think of those places as second homes. Both nations have had a very difficult few years. I’m actively involved in raising awareness of the situation and offering my help where I can. Coming from a Middle Eastern background, I learned Armenian, Arabic, and English as a result of my mother being a teacher and me growing up in the same school where she worked. Later, I changed schools and experienced all the good and bad that the Los Angeles Public school system had to offer. Keep your promises. If you say you’re going to do something, make sure you do it and exceed people’s expectations. People will rely on you more and more. There is no room in this world for lip service or empty promises. Steve Tcherchian CISO, XYPRO Technology My mother suffered a stroke when I was 12 years old, and my father died when I was 16 years old. I had to fast grow up and take care of myself. The carefree teen years were not mine. I held a full-time job working for a multinational internet service provider throughout my senior year of high school. Six days a week, I would get up extremely early and work until two in the morning. At that age, I didn’t have a mentor, so I had to make my own judgments about what was right and wrong. It’s very easy to get sucked into distracting lifestyles while growing up where I did, but because of my head start in personal responsibility at a young age, I have always been a self-starter, setting objectives and focusing intently on outcomes came naturally to me. Read the article #### Steve Tcherchian of XYPRO: 5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity       Medium October 6, 2020 -- Steve Tcherchian of XYPRO: 5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity Don’t open emails from unknown senders — This applies more than ever. There is a rapidly growing number of fake Coronavirus-themed emails going around from criminals looking to capitalize on the crisis. The bad guys are preying on your fear and sending all sorts of scams related to the Coronavirus. The top spoofed organizations are the CDC (Centers for Disease Control), the WHO (World Health Organization), HR Departments and emails from voicemail systems. Criminals are targeting voicemail systems because they know everyone is working from home. Remain vigilant and be 100% certain that the email is legitimate before opening it. Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up? Thank you. I quickly glanced over the questions below and I’m looking forward to sharing my experiences. A little about myself. My grandparents ended up in Lebanon, as most Armenians did fleeing the genocide. My parents are Lebanese Armenian immigrants who moved to the US in the 1970s to escape the civil war in Lebanon. I was born and raised in Los Angeles, California still have ties to both Lebanon and Armenia and consider them home. 2020 has been a very tough year for both countries. I’m very involved in bringing awareness to the plight and assist where I can. My mother was a teacher and I grew up attending the school she taught at which allowed me to become multi-lingual in Armenian, Arabic and English. I later switched schools, got exposed to everything the Los Angeles Public school system has to offer, both good and bad. My mother had a debilitating stroke when I was 12 and my father passed away when I was 16. I had to quickly become an adult and fend for myself. I didn’t get a chance to enjoy a lot of the pleasures that most teenagers my age got to participate in. At 17, I was in my senior year of high school and had a full time job. I would often start my days very early and not finish until 2am — 6 days a week. I didn’t have a mentor at that age, so I had to decide for myself what was right and wrong. Being a self-starter, setting a goal and laser focusing on it came naturally. Growing up in Los Angeles, it’s very easy at that to get caught up in certain lifestyles. I’m glad I chose the path I did. It allowed me to find my calling in cybersecurity. Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it. I was always good with technology. I was always curious and I always enjoyed taking risks. I still do. At a very young age, I would break things just to see how they worked and tried to put them back together. I wasn’t always successful and would often get in trouble for it. This translated over to when I got my first computer at 9 years old. A Packard Bell 286. I would constantly take it apart and put it back together — again, not always successfully. Once I got bored with that, I began writing programs. I spent a lot of time on iRC, AOL and Usenet groups sharing programs, or Warez and meeting other like-minded people. I would run home from school, sign on using my dial up modem and continue writing programs, until my mother would yell at me because the phone didn’t work. This allowed me to realize my capabilities — both good and bad. I started joining “groups”. As the internet started gaining more popularity, we would have fun online, we would be annoying, sometimes disruptive, but we didn’t see it as harming anyone. Social engineering wasn’t really a thing back then, but it existed and those who knew how to use it, used it to their advantage. We were kids in our early teens and didn’t really know any better. As time went on, some of my friends delved deeper into this type of lifestyle and started getting attention. I saw some of my friends get into trouble with the law. I had to make a decision: is this a path I wanted to follow? I have a lot of family and friends in law enforcement. I remember one conversation where a Sherriff’s Department friend of mine said “You know, the best criminals can make the best cops, because you already think like that.” The statement had a massive effect on me and I consider it a turning point in inspiring my career. I knew most of the tactics, most of the strategies. After this conversation, I made a conscious decision to educate and help rather than damage and disrupt. I have had no regrets. Can you share the most interesting story that happened to you since you began this fascinating career? ... To read the full interview visit medium.com #### Stop Wasting Money on Security! Businesses are spending more money than ever on cybersecurity technology to protect their infrastructure and data. Spending money on security doesn’t equate to being secure. To put it into perspective, businesses spend an average of over $115 USD per user on security software, hardware and services, yet nearly 30% of security investment goes underutilized or is never implemented. Small businesses, those with less than 1,000 users, are impacted more, with an average spending of $157 per user, yet the same underutilization concern still exists. The financial, reputational, and career-ending risk of a catastrophic security breach is such a high-profile problem that many more business leaders are putting emphasis on security.These are eye popping numbers which really underscores how much purchased software is sitting on the shelf and not being used.  CEOs, CISOs and board members have taken notice. Cybersecurity is now just as important in the boardroom as the bottom line. The financial, reputational and career-ending risk of a catastrophic security breach is such a high-profile problem that many more business leaders are putting emphasis on security. No one wants their company to be the next Marriott or CapitalOne (from a data breach perspective). Budgets are being allocated and money is being spent, but a large part of that security investment is still sitting around doing nothing—it’s unimplemented shelfware. The fact that the decision has been made and the money spent, regardless of implementation, leads to a false sense of security, further exacerbating the problem and more importantly, the risk. As you’re reading this, you’re probably looking over at your white board thinking “Yeah, we still have to implement that”. Trust me, you’re not alone. So why are security solutions sitting around, collecting dust? IT departments are just too busy to properly implement what has been purchased and compliance and audit activities seem to take precedence over risk management. Compounded with revenue generating tasks and the day to day grind of keeping the business running, it becomes difficult to make the time to start a new project. This is followed closely by not having enough staff available and not understanding the purchased software well enough. Interestingly enough, the least contributing factor to not getting security properly implemented is the IT staff not understanding the security challenges they face. On the contrary, IT understands the security challenges and threats to the organization very well, they just lack the executive sponsorship to make the time and aren’t provided the resources to implement them. To add to the resource problem, the cybersecurity talent gap is currently at an all-time high, with a predicted gap of over 2 million unfilled jobs by 2022. So how do you solve the problem? Plan for Professional Services Most organizations are very budget conscious when it comes to acquiring any new technology. One way to avoid the shelfware problem is request your vendor include professional services with any new purchase. This will not only ensure your new solution is deployed properly and securely and your staff trained appropriately, but will reduce the time to value for your new purchase. A vendor’s professional services or solutions delivery group can ensure security technologies are properly installed, monitored and maintained throughout their lifecycle. XYPRO’s Solutions Delivery Team is regularly brought in by Fortune 500 companies to perform security assessments of mission critical, HPE NonStop server environments. Our XYPRO Solutions Delivery team ensures XYGATE security products such as Merged Audit and User Authentication, which are standard  on all HPE NonStop servers, are properly configured and deployed to ensure your organization is receiving maximum value from them. Whether those needs are auditing, compliance, monitoring, or help with your overall security initiative, XYPRO’s Solutions Delivery Team is an invaluable partner to protect your business and the investment you’ve made in security. And that can help everyone sleep better at night. #### Strategies for Capturing and Creating Value from your Security Data Every business wants more data. Data on their customers, competition, operations, processes, employees, inventory and more. Data can be used to make better-informed business decisions and provide strategic insights that give your company a competitive advantage in terms of efficiencies, enhancing the customer experience, or refining market strategy. Its uses are limitless. Over the last decade, computing power has advanced to the point where generating and storing massive amounts of data has become highly cost efficient. Up to 73% of data within an enterprise goes unused for analytics. Amassing business data is similar to a dog successfully chasing a car - now that we’ve caught it, what do we do with it? With all that data available, most businesses struggle to figure out how to take advantage of it. According to Forrester, up to 73% of data within an enterprise goes unused for analytics. We are so used to extracting targeted information from data that we simply ignore what we don't understand and throw it away as noise. This problem is prevalent in every industry, but especially in the security world. Security teams are overwhelmed with the vast amounts of data generated from firewalls, intrusion detection systems, network appliances and other devices. It's impossible to expect security teams to interpret all this data. We unintentionally end up focusing on what we already know how to analyze and ignoring what we don't. Typical alerting systems are configured to raise alarms, but only when they encounter a defined binary event or a threshold being reached. For example, if three or more failed authentication attempts performed in succession are detected, the system is configured to generate an alert. Yet successful authentication attempts are mostly categorized as business as usual and ignored, even if they’re occuring at off times or from unexpected locations The current mean time to detect a breach is over six months. Most organizations have all the data they need to identify a breach much faster than that, yet they are still unable to detect and react to a breach in even a semi-reasonable amount of time. This is due to: The volume and velocity of the data being generated Not looking for patterns in all of the data available - the unknown unknowns Not having the proper context for the data available If your system is ever breached, you don't need to look at the failed authentication events - you need to look for anomalies in the successful ones! Most organizations are well down the path on their journey of capturing and storing all of their data for future analytics in data Lakes, large repositories of raw data in any format. Capturing, storing and securing that data is key. Once the data is available, it can be analyzed and its value maximized using a variety of methods. This is where the fun (and benefit) starts! On HPE NonStop servers, XYGATE Merged Audit (XMA) gathers, normalizes and stores security audit data from both the system and its applications. Merged Audit is your central repository for all NonStop security data. This is your NonStop Security Data Lake. In some environments, the data XMA gathers can amount to tens of millions of records per system, per day.  With that kind of volume, you might think it’s nearly impossible to draw all of the value out of from this massive amount of data. This data can be fed to an external Security Information Event Manager (SIEM) or your Security Orchestration, Automation and Response (SOAR) solution for alerting, but most of it likely falls into that 73% that is treated as noise and does nothing but occupy disk space. The Rise of the Machines Machine learning is all the rage in the industry these days and there is no doubt vendors seek to capitalize on the hype. Unlike statistical analysis, used for decades to draw inferences about the relationships, machine learning is about the results and predictability of data. There are a variety of machine learning technologies. The availability of data lakes and massive computing power creates the unique opportunity and challenge of leveraging machine learning to its full potential. With the availability of large volumes of training data, Graphic Processing Units (GPUs) for fast computation of matrix operations, better activation functions and better architecture, it’s becoming far easier to construct and attempt to train the necessary deep networks for accurate machine learning. We’ll discuss two approaches on how to maximize the value of your data: Supervised and Unsupervised machine learning. Supervised Machine Learning algorithms apply what has been learned about data in the past to new inputs using labeled examples to predict future results. For example, in cancer diagnosis, a large amount of patient data is gathered regarding the characteristics of a tumor. Since we know which data inputs indicate a benign tumor and which are a malignant one based on a variety of factors, we could label the data as such. Then by simply knowing the cell density and tumor size of new patient inputs, we could predict if the new tumor is identified as benign or malignant - or if you’re a fan of HBO’s Silicon Valley - if the data is a hot dog or not a hot dog. Unsupervised Machine Learning - does not rely on labeled data inputs. Rather, the algorithm finds the underlying patterns in the data without prior knowledge. Unsupervised learning is most commonly applied to identify previously unknown patterns in data. This is useful for clustering data and especially useful in anomaly detection which can identify fraudulent transactions, human errors and even cybersecurity attacks. Supervised vs Unsupervised for Anomaly Detection A supervised model “learns” by repeatedly comparing its predictions, given a set of inputs, against the “ground truth” label (the reality you want the model to predict) associated with those inputs. It then adjusts parameters such that the model’s predictions become more accurate. The model is essentially memorizing the categories of the input/output combinations. The goal is to have a model that makes good predictions against both the training data it has already seen as well as the future data that is yet to be seen. In this way, the model learns a generalized way to recognize patterns within the data on which it’s been trained.  In most contexts, this is exactly what is desired, but the corollary is that these supervised models do not perform well in unusual circumstances, especially . in the face of inputs that are dissimilar from that on which they’ve been trained.  In human terms - if the security guards have been trained to recognize only faces and not patterns of comings and goings, they’re not going to recognize whether “Bob” coming into the office on a Tuesday is an anomaly or not.  Because they have only been trained to know Bob’s face and not Bob’s working patterns, they will not raise an alert. This is a key reason why supervised models are not typically used for anomaly detection.  Mathematically, the supervised model is trying to determine the probability of an intrusion given a specific input vector whereas the unsupervised model is merely trying to determine the probability of seeing that specific input vector.  When using an unsupervised model, probabilities below a determined threshold are flagged as anomalies. NLP N-Grams: A Case Study in Pattern Recognition Natural Language Processing (NLP) is technology used to aid computers in understanding natural human language. It is used in devices such as Amazon’s Alexa and Apple. NLP relies on machine learning to derive meaning from human words, their sequences, the patterns they create together and their varying frequencies. For example, “See Jane Run” is a common pattern in English, where “Jane Run See” is not so common. A machine learning algorithm will churn through the data and learn that “See Jane Run” is common, where it may never see “Jane Run See”. If it ever does, that sequence can be identified as an anomaly. We experimented using this same N-Gram approach for intrusion detection on an HPE NonStop server. The goal was to profile a system and identify normal behavior in order to be able to quickly detect anomalous activity, which then can be further analyzed for context. Detection methods based on n-gram models have been widely used for the past decade. Using a sample data set of 2.2 million XYGATE Merged Audit events, we identified a vocabulary of 31 unique operations. (READ, RUN, WRITE, STOP, GIVE etc). 31% of unique user sessions contained 3 or more command operations during the session. We identified 359 unique 3-gram sequences out of a possible 29,791 combinations. For example, we frequently saw “READ+WRITE+WRITE” in a sequence pattern. We also expanded our experiment to 4-gram operations. We identified 797 unique 4-gram operations in the same data out of a possible of 923,521 combinations. To put this in context, over 99% of the possible sequence patterns in a 4-gram could conceivably be an anomaly or indicate a system compromise. Without machine learning algorithms, alerting on security incidents mainly relies on static rules within your alert system. For example, if a user attempts to read a secured file they don't have access to, an alarm is generated. This method becomes unsustainable as the data gets more voluminous and patterns grow more complex. You would need to program every single pattern and variation to accurately generate alerts on suspicious behavior. Using machine learning, your security-related data can be used to train algorithms to identify anomalous patterns so there isn't a need to rely on programming for every single situation. For HPE NonStop servers, the XYGATE Suite of products are able to ingest and generate the data necessary for analytics. It is important to not only generate data, but collect and store it using XYGATE Merged Audit. XYPRO’s newest analytics solution, XYGATE SecurityOne (XS1)is the only solution in the market that ingests NonStop security data, identifies anomalous patterns and raises alerts based on the context of the incident pattern detected. Referring back to a previous article: “Proactive Security and Threat Detection - it’s not That SIEMple”, we projected the ROI over a three year period for a large, US financial institution with a multi-node NonStop environment.  Investing in analytics for investigating “in flight” activities with real-time correlation and the proper contextualization, can free up nearly 80% of the security-related resources. What could a similar investment do for you? The Bottom Line Financial Analysis/Cost Savings Benefit Year 1 Year 2 Year 3 TOTAL Compliance $172,800 $177,984 $183,324 $534,108 Risk Reduction $215,338 $215,338 $215,338 $646,164 Security Ops Improvements $66,560 $68,557 $70,614 $205,731 Threat Intelligence Savings $47,600 $49,028 $50,499 $147,217 Total Benefits $502,298 $510,907 $519,775 $1,533,220   #### Strong Q1 Positions XYPRO to Weather Pandemic and Project Growth for 2020 Caution and uncertainty worries the world as the COVID-19 pandemic continues to prevent us from going back to normal. XYPRO Technology Corporation, headquartered in Simi Valley, CA supplies mission critical risk management, real-time threat detection, and enterprise identity and access management solutions to Fortune 500 companies. “XYPRO’s ability to continue providing 100% of our critical risk management and real-time threat detection solutions and uninterrupted customer support while ensuring our employees can enjoy the safety and flexibility to work from home has enabled us to thrive and excel in an environment of uncertainty for so many.” says Lisa Partridge, XYPRO’s CEO “I’m really proud, as a human, how we handled the preparation for and execution of our transition to remote work. From our long-time employees, to our brand-new interns, to our customers - no one was left behind”. Electronic transactions, online ordering, payment processing, touchless POS, etc., have only become more important during this crisis, highlighting the role cybersecurity companies like XYPRO play on a daily basis. As a result of the mission critical nature of our industry and our choices as a company, XYPRO is privileged to have confidence in its long-term outlook. Many are predicting that cloud applications that integrate enterprise solutions like CyberArk, SailPoint, and ServiceNow will become more present than ever as modernization pushes corporations towards remote work. XYPRO uniquely functions as the only HPE NonStop security partner that has certified integrations for these critical, cloud based applications. “The market change from the COVID-19 pandemic is showing increased demand for Access Management solutions as much of the workforce transitions to work-from-home, augmenting the need for access controls beyond locations and DMZ’s within corporate organizations,” reports XYPRO’s Chief Revenue Officer, Barry Forbes. “We’re seeing our customers, who are the world’s major financial and retail institutions, act quickly to implement XYPRO security and risk management solutions to protect their customers from online fraud and theft.” Steve Tcherchian, XYPRO’s Chief Product officer points out “CIO strategies are shifting as their businesses adapt to the new normal. Integration and automation have jumped to the top of the priority list. Securing the customer digital experience is more critical than ever. The rapid adoption of our very latest technology, XYGATE SecurityOne Risk Management and Real-Time Threat Detection platform, proves the payments processing industry is at the forefront of technology acquisition that strives to catch and overtake those that seek to infiltrate and disrupt our ability to safely lead our lives and provide for our families.” As a leader in the cybersecurity space, XYPRO is committed to its employees, clients, and the continued development of mission critical real-time threat and risk management solutions. At XYPRO, we believe that no data is as important as your data and we protect your data as if it was our own. #### TechRound Cybersecurity Predictions for 2022 (Part 2!) We’ve collected predictions from industry experts on what 2022 could bring to cybersecurity. In 2021 we continued to see an increased pressure on cybersecurity for businesses, hackers taking advantage of the remote shift in the way we work. Explore part 2 of our cybersecurity predictions for 2022, with comments from a range of industry experts. Cryptocurrency becomes a target: “With interest rates (currently) at all time lows, and hyper-inflation and the U.S. stock market at all time highs, investors are looking at better returns on their money. Apps like CoinBase, Robinhood, eToro and others can make investing available to even the most technologically novice user. This could potentially be a recipe for disaster. Steve Tcherchian, Chief Product Officer at XYPRO Embrace ZERO Trust Security: “We are all used to the traditional security model of authenticating to the perimeter VPN or a cloud application then carrying on our tasks. This “Trust but Verify” strategy assumes everything within an organisation’s network is trusted, and not already breached. Once a user is authenticated to the VPN, they can move around to any resource to which they have access. The assumption is the user is who they say they are, the user’s account is not compromised and that the user will act responsibly.” “In short, this model leaves organisations vulnerable to credential theft, low and slow attacks, and malicious insiders. Essentially all authenticated users are trusted on the network.” Read the article #### The 100 | Our Employees are as Important as our Customers The 100 | Our Employees are as Important as our Customers When reflecting on XYPRO’s longevity and success (we recently welcomed our 100th employee and have celebrated many years of consistent gains), we often assess whether we’re continuing to do the things that got us here, even as we grow.  Why do our customers continue to buy from us?  What differentiates us from our competition?   Do we have our finger on the pulse of the industry?  Are we innovating? Maybe they like our sales team, or our professional services rep that helped them with the installation.  Maybe they had an excellent experience with our customer support team.  Maybe it’s some or all of these things. At XYPRO, we cultivate relationships with our clients for years.  Even decades.  In addition to investing in our software, they’re also investing in us.  People buy from people and we like being the ones you want to work with.   The same is true for the people that work here. What does it take to become a company that workers want to be part of? Inc. magazine says it’s more than good pay and good perks – it’s also about having a clear purpose, a sense of humor, and leadership that makes the two work together. We recognize that a willingness to try new things in both technology and mindful corporate culture engages employees and attracts the type of open minded, hard-working, forward thinking employees we want on our team.  XYPRO endeavors to let our core values guide our decisions and help motivate.  Many XYPRO programs are specifically put in place to achieve an environment in which the customer experience is paramount, employees feel valued and want to stay and contribute their best, long term. XYPRO is one of the honorees of Inc. Magazine’s Best Places to Work 2017.  As part of a prominent inc.com feature, the list is the result of a wide-ranging and comprehensive measurement of private American companies who have created exceptional workplaces through vibrant cultures, deep employee engagement, and stellar benefits. Out of thousands of applicants, Inc. singled out just over 200 winning companies and we were one of those companies! At XYPRO, we’re not here to mark the time between 8 and 5. Our customers deserve our best effort, as coworkers we deserve each other’s best efforts and in a company of our size, everyone plays a part in the success.  XYPRO Leadership is responsible for the example we set and the appreciation we show our team & our customers.  We take that responsibility seriously.  It’s always about more than just business. Going beyond the sale It is often said “people do business with people the like” but more importantly, people do business with people they trust. “Like” is a byproduct of that trust. At XYPRO we understand that what we do today, matters today. It also matters tomorrow, next month, next year and even next decade. Like our customers, XYPRO is in business for the long haul and in a niche, global market with incremental, yet consistent growth, our honesty, integrity, and trust are just as important to our customers as are quality, innovation and our best of breed products and services. Whenever a decision is made to purchase a XYPRO product or service, whether for the first time or for the 21st time, the people our customers are most directly engaged with are our Sales Team. For this reason we strive to make sure our sales team are the right fit for the role and don’t just produce the right results. Our sales team is made up of sales professionals with extensive backgrounds in enterprise level sales and service, NonStop security fundamentals and an underlying compassion for the needs of our customers. “Sales” and “professionalism” aren’t always combined in the same sentence or in context with each other, but the XYPRO sales team is different. Our sales and sales-support team is spread across the globe; USA, Canada, Australia, Japan, Germany, Mexico, the UK and Argentina. They are as close to you, our customers, as they can be and are driven to serve. It takes a unique individual to be a XYPRO salesperson. You will most often see our sales team at your place of work, in your home city or at a trade event in another city. There can be a sense of glamour associated with the life of a travelling salesperson and to some level, that may be true yet the reality is that your place of work, your home city or the city you are in for a trade event is rarely, if ever, their place of work or their home city, and they do this day in and day out. They understand this is their profession and like all other professions, they have a purpose and are needed. They too understand that they are an integral part to XYPRO’s success and that the corporate culture that XYPRO has fostered over the last 35 years is also the culture they enjoy and are part of, regardless of where they are in the world.  Our primary intention is to serve our customers in the best way possible and in doing so, that culture also serves to create one of the best working environments anyone could hope for. Innovating for the future "The only thing constant is change" The allure of innovation is what drives a lot of people. Everyone wants to be part of the next big thing. However, change for the sake of change doesn't always equal progress. Innovation in most cases is a diminutive experience requiring multiple iterations and a lot of time and patience to execute an idea to move it forward, but there is no room for complacency.  To be successful, one must find the balance between innovating and delivering genuine value to the customer.  This is ultimately what technology companies are after.   At XYPRO, we are not afraid of change. Leveraging the technology we have built over the last three decades has allowed us to identify new opportunities to innovate while staying true to our roots. We felt the NonStop should benefit from the modern technology available to other platforms. This strategy has allowed our customers to take advantage of the existing XYGATE product suite as well as benefit from the exciting new technologies we are investing in:   Security Intelligence, machine learning, blockchain, modernization and much more. One of our largest projects to date is XYGATE SecurityOne (XS1), which is a security analytics solution. Data is what drives everything; from business decisions to where to eat lunch. Security is no different. We realized that the existing XYGATE product suite supplies a gold mine of security data that can be used for contemporary purposes.  With XS1, we took a nontraditional approach toward development and it has paid off. Embracing Agile Development methodologies allowed our teams to quickly and continuously deliver deployable product. Combine that with a web enablement framework, modern programming languages and some of the newest technology available and we’re cooking with gas!  Innovating in this manner also allowed us to attract top tier talent to work on XS1 ensuring high caliber execution. As part of the process, we brought in seasoned User Experience Developers, Machine Learning Scientists and other senior development resources. This all culminated into the most modern and easy to use security solution for the HPE NonStop server...and beyond. Our product development and innovation efforts don’t stop there. We unflinchingly look forward to identify where our research and development investments should be made to best serve our customers. This commitment has led us to new areas that will provide even greater value and security to NonStop customers and integrating the NonStop with the rest of the enterprise. Inspiring the next generation of NonStop users In the continuing effort to keep the HPE NonStop server modern and “young”, XYPRO has a proven effective internship program where students from local universities get to participate and grow their skills in different areas of a software development company. Being an intern at XYPRO means participating in real projects, building sophisticated security solutions for mission critical operations and solving real problems for real customers. The year-round internship program hosts between 10 and 15 interns at any given point in time. Some of our 2017 Interns XYPRO 2017 Spring Graduates Through this ongoing internal education and mentorship program as well as external education opportunities, our young engineers learn the principles of information security, the NonStop server and how it fits into today’s global economy. XYPRO’s talent recruitment program means some interns stay on with us as part-time or full-time employees and genuinely contribute with new ideas and modern approaches to research projects, modernization of legacy technology and expansion of our current suite of security solutions. Since the establishment of the internship program in 2011, XYPRO has converted over a dozen interns to employees in the areas of IT, systems administration, customer support, software development, QA, Business Analysis, and Project Management.    Those that end up moving on to other ventures, do so with our best wishes, an understanding of information security, NonStop concepts and principles and a genuine appreciation for the unique capabilities of the platform. https://xypro.com/xypro-technology/time-xypro-got-today/ In this issue of the Connection Magazine highlighting “The Best of NonStop”, we’re proud to discuss our clients and our team members.  When one describes their ideal professional situation, it is a privilege to work for and with those we can honestly say are simply the best. There are some really exciting times up ahead - so stay tuned! XYPRO Technology   #### The Chris Voss Show Podcast – Steve Tcherchian, CISSP – Chief Product Officer and CISO of XYPRO Technology Corporation XYPRO Technology Corporation's Chief Product Officer and CISO appeared on a recent episode of The Chris Voss show to discuss cybersecurity, ransomware, and vulnerabilities in every industry. Prev 1 of 1 Next The Chris Voss Show - Steve Tcherchian, CISSP, Chief Product Officer & CISO of XYPRO Technology Corp Prev 1 of 1 Next #### The Cyber Shield: A Blueprint for Digital Security and Resilience The Ransomware Menace Ransomware is a concern across all industries.  High-profile attacks make headlines and cause substantial disruptions. The reason these attacks are successful is often inadequate monitoring and a broad attack surface. Many organizations fail to implement best practices such as multi-factor authentication (MFA), change management, and proper access controls. This lack of stringent security measures makes it easy for attackers to use social engineering to walk in through the front door, gain a foothold, and deploy ransomware. Take the example of MGM Resorts, which faced a massive ransomware attack in September 2023 that led to MAJOR operational disruptions. MGM's ordeal began when hackers used social engineering to trick the company's tech support into granting them network access. The attackers posed as legitimate employees, using stolen and harvested information to convince support staff to reset passwords and grant access. Once inside, the attackers breached system after system due to improper security configurations, too much privilege, unpatched systems and many more security missteps. Once their beachhead was established, the hackers demanded a ransom of $30 million dollars or they would launch a full-scale ransomware attack. MGM opted to not pay the ransom at which point the attackers kept their promise and launched the attack against MGM’s network. MGM had no choice but to take its systems offline to contain the scope of the attack and opted to rebuild its IT environment.  This breach resulted in MGM's systems being offline for weeks, during which time guests experienced delayed check-ins, non-functional slot machines, and manual cash payouts by pit bosses. This attack ultimately cost the entertainment giant over $130 million dollars. Their competitor, Caesars, faced a similar attack a week earlier and chose a different approach, reportedly paying $15 million to the attackers to prevent their customer data from being leaked. Similarly, the Los Angeles Unified School District (LAUSD) experienced a ransomware attack in 2022 that compromised sensitive student data, causing widespread panic and necessitating costly mitigation efforts. Change Healthcare, a major healthcare technology company, also fell victim to ransomware, highlighting the vulnerabilities in the healthcare sector's digital infrastructure. In all of these examples, the organization lacked the proper resilience plan, experience, and infrastructure to ensure it could continue its business operations in the face of digital disruption. Unplugging systems as a reaction to such attacks is not a sustainable strategy. Instead, organizations need to adopt a proactive approach to cybersecurity, involving continuous real-time monitoring, robust access controls, and stringent adherence to security best practices. By doing so, they can minimize the attack surface and enhance their ability to detect and respond to threats effectively and ensure business continuity. Don’t Trust, Always Verify For decades, cybersecurity operated on the "castle and moat" principle. Everything outside the castle walls (the organization's network) was considered untrusted, while everything inside was trusted. This strategy assumes that threats come from outside the organization and that once past the perimeter, internal systems and users are safe. This assumption is dangerously outdated. Modern cyber threats are more sophisticated and can easily penetrate traditional defenses. Attackers often exploit seemingly minor weaknesses such as an employee's weak password or a lack of MFA, gaining initial access and then moving laterally within the network or system to find valuable data or control critical systems. That MGM Resorts breach highlighted this very approach. Hackers used social engineering to deceive MGM’s tech support into granting them legitimate access. Once inside, they moved freely across multiple systems and environments, causing significant disruption. Modern threats can also originate from within the organization. Insider threats, whether malicious or accidental, can bypass external defenses and wreak havoc from the inside. The outdated, traditional perimeter-based security model fails to address the complexities of modern threats, where attackers can easily bypass perimeter defenses through phishing, social engineering, or exploiting vulnerabilities in trusted devices and, most commonly, through humans. To address these challenges, the cybersecurity paradigm must shift to a Zero Trust model. Zero Trust assumes no implicit trust, whether inside or outside the network. Every user, device, and application must be continuously verified before access is granted. This model is crucial in today's world, where the workforce is increasingly remote, and cloud services are ubiquitous. Zero Trust reduces the risk of lateral movement by attackers and ensures that security is enforced consistently across the entire IT environment. By implementing Zero Trust, organizations ensure that only authenticated and authorized users and devices gain access to their resources, regardless of whether they are inside or outside the network. This approach minimizes the risk of breaches and limits the potential damage an attacker can cause once they gain entry. Zero Trust operates on several key principles: Least Privilege Access: Users and devices are given the minimum level of access necessary to perform their functions. This reduces the risk of unauthorized access and limits the potential impact of compromised accounts. Continuous Monitoring and Verification: Trust is never assumed and is continuously verified through real-time monitoring and adaptive security measures. This ensures any suspicious activity is quickly identified and mitigated. Micro-Segmentation: The network and workloads are divided into smaller, isolated segments to prevent the lateral movement of attackers. This means even if an attacker gains access to one segment, they cannot easily move to another. Multi-Factor Authentication: Implementing MFA adds an extra layer of security to verify the credentials of the person requesting access, making it more difficult for attackers to gain access using stolen credentials. Comprehensive Visibility: Maintaining a detailed view of all users, devices, and activities within the network helps in detecting and responding to threats more effectively. Introducing the NIST Cybersecurity Framework 2.0 The National Institute of Standards and Technology (NIST) Cybersecurity Framework 2.0 provides a comprehensive guideline for organizations to manage and mitigate cybersecurity risks that aligns with zero trust principles. This updated framework emphasizes five key functions: Identify, Protect, Detect, Respond, and Recover. Identify: Understand and manage cybersecurity risks to systems, assets, data, and capabilities. Protect: Develop and implement safeguards to ensure critical infrastructure services' delivery. Detect: Develop and implement activities to identify the occurrence of a cybersecurity event. Respond: Develop and implement activities to take action regarding a detected cybersecurity incident. Recover: Develop and implement activities to maintain plans for resilience and restore any capabilities or services impaired due to a cybersecurity incident. By aligning with the NIST Cybersecurity Framework 2.0, organizations can build a robust cybersecurity posture that adapts to evolving threats and regulatory requirements. XYPRO and HPE Address Ransomware Protection Despite their reputation for reliability and robustness, ransomware attacks can absolutely target HPE NonStop systems. These systems are not immune to sophisticated cyber threats and abuse of privileges by malicious insiders. Attackers can exploit vulnerabilities through various means such as social engineering, unpatched software, weak authentication, and misconfigured or improperly monitored systems. Once they gain access, ransomware can be deployed in a variety of ways including introducing new malicious objects or modifying existing system assets. This will encrypt critical data, disrupt operations, and allow the attackers to demand hefty ransoms for decryption keys. To effectively protect HPE NonStop systems from ransomware and other cyber threats, adopt a comprehensive security strategy aligned with Zero Trust principles. Below is a primer on where to start and how XYPRO and HPE help at each stage of the NIST Cybersecurity Framework:  Identify - Gap Assessment and Asset Identification: The first and most crucial step in this journey is to start with identification. You wouldn’t build a structure without first measuring, identifying the required materials, and measuring again.  How can you protect your enterprise if you haven’t identified all the components and their risk?  Performing a gap assessment is fundamental.  XYPRO’s Cybersecurity Gap Assessment Service discovers, categorizes, and prioritizes your assets in preparation for a proper security implementation. This assessment identifies all assets, understands the current security posture and risks, and maps out the attack surface. No vendor tool can solve cybersecurity challenges without first completing this fundamental identification phase. Without a clear understanding of the existing assets and vulnerabilities, it’s a very difficult task to implement effective security measures.  Identify Assets: Understanding what assets are present within the HPE NonStop environment is critical. This includes software, data and its locations, user accounts, network connections, and more. Identifying these assets recognizes where critical data resides and which systems are essential for business operations. Map the Attack Surface: Once assets are identified, it’s crucial to map out the attack surface. This involves understanding how these assets are interconnected, where potential vulnerabilities lie, and how an attacker might exploit them. This mapping provides a clear view of the security gaps and what needs to be addressed. Create a Roadmap: The gap assessment creates a detailed roadmap for implementing Zero Trust principles. This roadmap outlines the steps to secure the environment, including hardening the system and its applications, improving monitoring, and implementing robust response mechanisms. Protect - Implementing Security Controls and Best Practices System Hardening and Application Security: It is essential to ensure all systems are configured according to industry best practices. This includes proper Safeguard configuration, system and application hardening, and disabling unnecessary services and ports to minimize the attack surface. Regularly updating and patching all software and firmware to address known vulnerabilities is crucial. Conducting regular security assessments of applications to identify and fix vulnerabilities must be a necessary and ongoing requirement. XYPRO’s System Hardening Service will implement best practices and remediate findings based on the identification phase and the roadmap created. Access Controls and Identity and Access Management (IAM): To establish strong access controls and IAM, implementing Role-Based Access Control (RBAC) ensures users have the minimum level of access necessary to perform their job functions. Regularly review and update roles and permissions. Enforce MFA by installing and configuring XYGATE User Authentication (XUA) for all users, especially for privileged accounts. Installing and configuring XYGATE SecurityOne (XS1) Access Control and Object Security applies the least privilege principle to limit user access rights and permissions to the bare minimum necessary for their tasks. Additionally, connect to Privileged Access Management (PAM) solutions like CyberArk to vault and control the use of privileged accounts, ensuring that administrative access is tightly controlled and audited. Implementing Findings from the Gap Assessment: This step implements findings from the gap assessment and prioritizes and remediates identified vulnerabilities by applying patches, updating configurations, or implementing new security measures. This also improves system monitoring and logging to ensure that all activities are tracked and anomalies are detected in real-time.  Detect - Real-Time Monitoring and Threat Identification The Detect phase is critical for identifying and responding to potential threats in real-time. This phase involves continuous file and system integrity monitoring, advanced analytics, and immediate identification of suspicious activities. By implementing robust detection mechanisms, organizations can quickly recognize and mitigate threats before they cause significant damage. This phase can only properly be implemented after the identification and protection phase. On HPE NonStop systems, XYGATE SecurityOne (XS1) is the first and only solution for comprehensive real-time monitoring and ransomware detection that provides: Continuous Monitoring and Advanced Threat Detection Tools: XS1’s threat detection capabilities provide continuous real-time monitoring of all activities within the HPE NonStop environment. This ensures that any suspicious or anomalous behavior is immediately flagged for investigation, including potential intrusions or suspected ransomware and viruses. XS1 integrates with SIEM solutions like Splunk and others to collect, analyze, and correlate security events from various sources. This identifies complex attack patterns that may not be evident through isolated, binary, or threshold-based alerts. User and Behavioral Analytics: Analyzes normal user and system behavior and identifies deviations from typical patterns, which may indicate compromised accounts or insider threats. Using complex event processing algorithms to detect anomalies in data and user behavior, XS1 identifies potential threats that traditional detection methods might miss. Automated Threat Detection and Response Coordination: Every installation comes with automated alerts for predefined threat conditions. These alerts can be sent to security teams for immediate action, ensuring a swift response to potential threats. Correlation rules link related security events, providing a clearer picture of potential attack scenarios. This helps in understanding the broader context of an incident. This data helps with Incident triage of detected threats and ensures that the most critical threats are addressed first. Respond - Swift and Effective Incident Management This phase focuses on the actions to address and mitigate the impact of detected cybersecurity incidents. Effective response mechanisms are crucial to limit damage, reduce recovery time, and ensure continuity of operations. The sooner a ransomware attack is detected and responded to, the faster and more cost-effective recovery will be. Automated Tools and Processes: Quickly isolate affected systems to prevent the spread of ransomware or unauthorized access. This containment strategy is vital in stopping an attack from compromising additional systems or data. Immediately revoke compromised credentials to prevent further unauthorized access. This includes disabling user accounts, changing passwords, and updating access tokens. Real-time alerts and notifications ensure the right teams are promptly informed of potential breaches and can take swift action. Incident Response Plans: Create detailed incident response plans that outline specific steps to be taken during different types of security incidents. These plans should cover detection, containment, eradication, recovery, and post-incident analysis. Regularly rehearse and conduct drills to ensure that the response plans are effective and that all team members are familiar with their roles and responsibilities. Simulated attack scenarios can help identify gaps and improve response strategies. Establish clear communication protocols for internal and external stakeholders. Ensure that key personnel are informed promptly, and provide transparent updates to customers and partners as needed. Coordinated Response and Recovery: Implement a coordinated approach to incident response involving cross-functional teams, including IT, security, legal, and communications. This ensures that all aspects of the incident are addressed comprehensively. Conduct a thorough forensic analysis to understand the nature and extent of the breach. This helps in identifying the root cause, determining the impact, and preventing future occurrences. Execute remediation actions to eradicate the threat, such as removing malware, patching vulnerabilities, and restoring affected systems from backups. Ensure that all systems are thoroughly cleaned and secured before returning to normal operations.   The Path to Robust Security Ransomware and other cyber threats are evolving faster than ever. The availability and affordability of cloud environments and AI/ML-based systems for cyberattacks are becoming commonplace. Adopting a proactive and comprehensive approach to cybersecurity is imperative. Moving away from outdated strategies and embracing Zero Trust and the NIST Cybersecurity Framework 2.0 are critical steps to remain resilient and operational. XYPRO and HPE’s approach to cyber resilience goes beyond protection. Our solutions ensure that organizations can survive and recover from cyber disruptions, maintaining business continuity, even in the face of sophisticated attacks. Following a structured and thorough approach to cybersecurity, including regular assessments and updates, helps organizations stay ahead of emerging threats and ensure their systems and data remain secure. The path to robust cybersecurity and digital resilience involves adopting modern security frameworks, implementing comprehensive protection measures, and leveraging the expertise of trusted partners like XYPRO and HPE. By doing so, your organization can confidently navigate the complex threat landscape, knowing you have the solutions, strategies, and experienced partners to protect, detect, respond, and recover from cyber threats. #### The Future of Cyber Attacks — Insights From Steve Tcherchian This article is part of Panther’s new Future of Cyber Attacks Series which features interviews with cyber security experts, thought leaders, and practitioners with a goal of better understanding what organizations can do to prepare themselves for the future of cyber attacks. The following is an interview we recently had with Steve Tcherchian, CISO and Chief Product Officer at XYPRO. How have cyber attacks evolved over the past 12months? The SolarWinds and Kaseya incidents showed us what types of multifaceted attacks are being used. It’s not a matter of if they’re going to get into your network. They’re going to get in. In the SolarWinds attack, once the attackers gained access to the network with compromised credentials, they moved laterally by capturing and using multiple, different, insecure credentials. Our efforts should focus on shoring up internal systems to limit their ability to move laterally using insecure credentials and passwords once they’re in. Proper password management and multi-factor authentication would have prevented this from happening. The proliferation of Internet of Things (IoT) devices, an expanding remote workforce due to the pandemic and the need for automation has put “smart devices” into the spotlight. Steve Tcherchian CISO, XYPRO Technology What lessons can be learned from the biggest cyber attacks in recent history? This is counterintuitive to traditional methods of security where locking the front door was once considered to be good enough. But time after time we’ve seen that it is no longer sustainable. Defense in depth is required. We need to treat locking up all the valuable systems and information inside of our network as being just as important as hardening our perimeter. ZERO TRUST SECURITY! Read the Article #### The Growing Threat of Cybercriminals in Global Elections In a world that’s more connected than ever, the integrity of the democratic process is under unprecedented threat from state-sponsored malicious actors and other cybercriminals. Using sophisticated technology and exploiting digital vulnerabilities, these adversaries have the power to influence elections on a global scale. The tactics of these cybercriminals, from hacking voter databases to launching disinformation campaigns, are diverse and continue to evolve. As nations grapple with this danger, the integrity of free and fair elections is under threat. State-sponsored threat actors are typically the most well-funded and well-resourced cyber threat groups, says Luke McNamara, deputy chief analyst of Mandiant Intelligence, now part of Google Cloud. This often makes them quite effective in their missions. Steve Tcherchian, CISO of cybersecurity company XYPRO.com, agrees that nation-state malicious actors and other cybercriminals will be significant threats to the electoral process and public opinion in the U.S. this year. “We are already seeing disinformation campaigns on social media and fake news websites to polarize opinions and create distrust, And as we saw in previous years, we could also see email accounts hacked, with sensitive information leaked at opportune (or inopportune) times to discredit political figures and sway voters.” Steve Tcherchian, CISO XYPRO Technology Tools such as ChatGPT allow threat actors to create a more robust and manipulative language for incorporation into their messaging, he says. The ability to generate and/or manipulate images, videos, and audio can have a huge impact on the emotions of the intended target audience that adheres to the notion that “seeing is believing.” Read the Article #### The Rise of Shelfware Software and How to Make It Stop Businesses are managing more data than ever—and spending more money, year after year, to protect that data. Yet spending more money on security doesn’t equate to actually being secure. A significant amount of software is purchased and never property implemented - leading to a problem called “shelfware”. To put into context how prevalent the “shelfware” problem has become,  Gartner predicts by 2022, the global information security spending will exceed USD 170 billion. Additional research shows that nearly 30% of all security investments are underutilized or never implemented. That's over $51 billion. Most of that spend is driven by financial institutions and Fortune 500 companies. In contrast, cybersecurity damage is expected to exceed $6 trillion by 2022. The COVID pandemic is also putting a strain on everyone's budgets. CEOs, CIOs, and CISOs are looking at cutting costs where possible, so we're forced to do more with less. We don’t have the luxury to let cybersecurity software sit around. Evaluating software usage and maximizing its effectiveness can be a strategic method of cost-cutting. A properly implemented solution will address your business requirements and free up your resources to focus on higher priority tasks.  No one wants their company to be the next mega-breach headline. Cybersecurity is just as important in the board room as the bottom line. The problem is important enough to where non-technology business leaders are putting more emphasis on security. Budgets are being allocated and money is being spent on protections, but a large part of that security investment is sitting around doing nothing—it’s unimplemented shelfware. As you’re reading this, you’re probably looking over at your whiteboard thinking “Yeah, we still have to implement that”. Trust me, you’re not alone. So why are security solutions sitting around collecting dust? The main reasons – IT departments are just too busy to properly implement what was purchased. Revenue generating tasks and keeping the engine running take precedence over something that may happen. This is followed closely by not having enough staff available and not understanding the purchased software well enough. According to the same report, the year 2014 finished with 49% of security positions left unfilled. Interestingly enough, the least serious reason contributing to not getting security properly implemented was the IT staff not understanding the security problems they faced. On the contrary, IT understands the security problems and threats to the organization very well, they just lack the resources to implement the right solutions. So how do you solve the problem? Purchasing a vendor’s onboarding service will ensure security technologies are properly installed, monitored, and maintained throughout their lifecycle. 79% of IT professionals believe leveraging managed services reduces or even eliminates the possibility that security goes unused in their organization. XYPRO’s Professional Services Team is regularly brought in by Fortune 1000 companies to perform security assessments of HPE NonStop server environments. As your trusted security partner, we will ensure your business objectives are thoroughly understood before a solution is implemented. Whether those needs are auditing, compliance, monitoring, training, or help with your overall security initiative, XYPRO’s Services Team can be an invaluable partner to protect your business and the investment you’ve made in security. #### The Shelf is for the Elf, Not Security Businesses are managing more data than ever—and spending more money, year after year, to protect that data. Yet spending money on security doesn’t equate to actually being secure. A recent study by Osterman Research discussed how prevalent the “shelfware” problem is becoming. The report showed that businesses spent an average of $115 USD per user on security software, hardware and services in 2014, an increase of 44% from 2013, yet nearly 30% of that security investment was underutilized or never implemented. Small businesses, those with less than 1,000 users, were impacted more, with an average spending of $157 per user, yet the same underutilization pandemic still exists. "The numbers were pretty eye popping," said Josh Shaul, Trustwave's vice president of product management. "We expected some security software on the shelf. What we found was companies are pouring money down the drain, while the folks approving these purchases are getting a false sense of security." Considering the security landscape we currently live in, CEOs, CISOs and board members have taken notice. Cybersecurity is now just as important in the board room as the bottom line. The problem is now important enough to where non-technology business leaders put more emphasis on security. No one wants their company to be the next Sony or Anthem (from a data breach perspective). Budgets are being allocated and money is being spent on protections, but, as the Osterman Research study shows, a large part of that security investment is sitting around doing nothing—it’s unimplemented shelfware. As you’re reading this, you’re probably looking over at your white board thinking “Yeah, we still have to implement that”. Trust me, you’re not alone. So why are security solutions sitting around collecting dust? The main reasons – IT departments are just too busy to properly implement what was purchased. Revenue generating tasks and keeping the engine running take precedence over something that may happen. This is followed closely by not having enough staff available and not understanding the purchased software well enough. According to the same report, the year 2014 finished with 49% of security positions left unfilled. Interestingly enough, the least serious reason contributing to not getting security properly implemented was the IT staff not understanding the security problems they faced. On the contrary, IT understands the security problems and threats to the organization very well, they just lack the resources to implement the right solutions. So how do you solve the problem? Vendor professional service groups and security service providers can help ensure security technologies are properly installed, monitored and maintained throughout their lifecycle. The report surveyed that 79% of IT professionals believe leveraging managed services would reduce or eliminate the possibility that security goes unused in their organization. XYPRO’s Professional Services Team is regularly brought in by Fortune 1000 companies to perform security assessments of HPE NonStop server environments. Our XYPRO PS team ensures XYGATE security products such as Merged Audit and User Authentication, which have been shipped with the operating system as part of the NonStop security bundle on all new HPE NonStop servers since late 2010, are properly configured and deployed to address your organizations specific needs. Whether those needs are auditing, compliance, monitoring, or help with your overall security initiative, XYPRO’s PRO Services Team can be an invaluable partner to protect your business and the investment you’ve made in security. And that can help everyone sleep better at night. Unless you have one of those elves. They’re creepy. Steve Tcherchian, CISSP XYPRO Technology   #### The Ultimate Guide to Protecting Your Business from Cyber Attacks! Demystifying PCI DSS 4.0: The Ultimate Guide to Protecting Your Business from Cyber Attacks! PCI DSS (Payment Card Industry Data Security Standard) compliance is a set of security standards with which organizations who handle payment card data must comply. The purpose of these standards is to ensure that sensitive information like credit card numbers and personal data are protected from unauthorized access and theft. The latest update to PCI DSS Standards, version 4.0, was released March 2022 by the PCI Security Standards Council (PCI DSS 4.0). This most recent version of the standard took four years to create and grew from 139 pages for PCI v3.2.1 to 360 pages for PCI v4.0. 64 additional requirements are present, 13 of which take effect in March 2024, when PCI DSS v3.2.1 is formally decommissioned.  The remaining 54 requirements are “best practices” until March 2025. That doesn’t mean you can sit back and enjoy your current compliance status for the next 2 years. On the contrary, 2023 must be used as a transition period to assess the new standard and modernize your security controls. There is a lot of work to do and very little time. Do not assume because you are PCI 3.2.1 compliant that you will be PCI 4.0 compliant. Failing to Comply Failing to comply with these standards results in serious consequences for businesses. In this article, we detail the consequences of failing PCI DSS compliance and the steps businesses can take to avoid it. Penalties and Fines The most immediate consequence of failing PCI DSS compliance is the possibility of penalties and fines. The payment card industry takes data security very seriously, and non-compliance can result in significant fines that can range from thousands to millions of dollars, depending on the severity of the breach. These fines are usually imposed by the payment card brands, such as Visa, Mastercard, and American Express. Failure to pay these fines can  make it difficult or impossible to process credit card transactions. Legal Liability Failure to comply with the PCI DSS increases an organization's legal liability in the event of a data breach and the offender may be held liable for the resulting damages and costs. This can include the cost of notifying affected customers, offering credit monitoring services, and paying legal fees. Furthermore, noncompliance increases the likelihood of regulatory investigations, which can result in additional fines, penalties, and legal fees. The Catastrophic Cost of Non Compliance Achieving and maintaining PCI DSS compliance is an added cost for businesses, but failure to comply can result in catastrophically higher costs. Fines, penalties, legal fees, and the cost of implementing new security measures to address vulnerabilities can all be incurred as a result of noncompliance. Furthermore, noncompliance raises the cost of doing business through lost revenue, reputational damage, and decreased customer loyalty. Reputation Damage A data breach can have serious consequences for an organization's reputation. Consumers rely on businesses to safeguard their sensitive information, and failing to do so leads to a loss of trust and confidence. This lack of trust means decreased consumer loyalty, income, and damaged brand reputation. Even without a breach, the perception of a lack of security is damaging to a company's brand. Loss of Customers Consumers have a choice about where they do business, and a breach impacts  trust in an organization's capacity to protect their sensitive information. This  leads to a drop in consumer loyalty and a loss of revenue. It can take years to rebuild trust and confidence -  devastating for most businesses.   How to Avoid PCI DSS Compliance Failure Achieving and maintaining PCI DSS compliance requires a commitment to data security and ongoing efforts to stay up to date with evolving security threats.  Compliance is typically a process that looks backward. The purpose of compliance requirements is to stop problems from happening again in the future. PCI DSS 4.0 has changed this. The 4.0 standard has been updated to take into account the use of emerging technologies and the changing threat landscape. It was created with a ZERO Trust strategy to meet the evolving needs of the payments industry. PCI DSS 4.0 enables organizations with a mature security posture  the freedom to design and implement controls that achieve the goals.  This modernized approach means compliance is now an ongoing, REAL-TIME process that depends on dynamic security measures and the proof of those measures rather than a one-time event. Here are some steps businesses can take to avoid PCI DSS compliance failure: Read and Understand the Standard The first step to avoiding PCI DSS compliance failure is to understand the requirements and what they mean to your organization. The standards cover a broad range of security measures, including firewalls, encryption, access controls, monitoring and regular security testing. By understanding the requirements, you can identify areas where your organization may be falling short and take action to address any gaps. Partner with an Expert PCI DSS compliance is a complex process that requires a deep understanding of security standards and best practices. XYPRO’s PCI DSS certified experts provide Gap Assessment services that ensure your organization is taking the necessary steps to protect sensitive information. XYPRO security professionals bring a wealth of experience, expertise and insights to the PCI DSS compliance landscape. By leveraging XYPRO expertise, your organization gains valuable guidance implementing appropriate security controls, addressing vulnerabilities, and aligning processes with PCI DSS requirements. Our professionals  navigate complex compliance standards and provide practical recommendations tailored to your specific business needs. XYPRO’s Gap Assessment service results in a proper roadmap with priorities to securely address compliance so it's not an overwhelming, time consuming and expensive activity. Additionally, we assess and address potential vulnerabilities in your systems.  Strong Security Controls and Monitoring For sensitive cardholder data to be protected, proper access controls are crucial. It is essential to ensure that all the required security configurations are in place to restrict access to cardholder data. Implementing strong access controls means only authorized individuals with permission can access sensitive data. One effective measure is to enforce strong password policies, requiring users to create complex and unique passwords coupled with multi-factor authentication that requires a second form of verification, such as a unique code sent to a registered device, further mitigating the risk of unauthorized access. XYPRO solutions, specifically designed for NonStop systems, assist in implementing and managing these access control measures effectively. In addition to enforcing access controls, it is crucial to actively monitor for configuration drift and non-compliance. Conducting regular risk assessments identifies potential security threats and vulnerabilities. By proactively assessing the environment, you stay ahead of potential issues and take steps to address them before they escalate into significant problems.This approach helps identify and resolve security gaps, minimizing the risk of non-compliance and data breaches. Monitoring user activity and access to sensitive data is a vital component of maintaining PCI DSS compliance. Access should be consistently monitored and reviewed to identify and prevent any unauthorized access attempts. Real-time monitoring detects suspicious activities or unusual patterns that may indicate a potential breach or unauthorized access. For HPE NonStop systems, XYGATE SecurityOne tracks and analyzes access logs, to promptly investigate any anomalies and take appropriate action. Monitoring access ensures that only authorized individuals are accessing cardholder data, reducing the risk of data breaches and non-compliance. Maintain Evidence and Documentation Maintaining thorough documentation supports transparency, accountability, and the capacity to manage and maintain PCI DSS compliance effectively. Documentation is a comprehensive record of the security measures and procedures implemented by an organization to safeguard cardholder data. It serves as evidence that the required controls and processes are in place and facilitates compliance demonstrations during audits and assessments. Documentation also facilitates the monitoring and tracking of changes, ensuring that security controls remain current and aligned with the evolving threat landscape. It serves as a reference for future evaluations and helps identify improvement areas.  Well-documented procedures and evidence aid forensic investigations, facilitate incident response, and demonstrate due diligence in protecting cardholder data in the event of a security breach or incident. For NonStop systems, the XYGATE SecurityOne Suite provides all the necessary components to generate the data, evidence and reports necessary to maintain proper documentation that will be accepted by PCI auditors. Ongoing Support PCI DSS compliance is not a one-time project; it requires ongoing effort and vigilance. Engaging XYPRO services establishes a long-term partnership, granting you access to our guidance and expertise throughout your compliance journey. We can assist with periodic security reviews, updates, and maintenance. Stay ahead of emerging threats, adapt to changing compliance requirements, and consistently improve your security posture with a trusted advisor by your side. PCI DSS 4.0 compliance is a critical requirement for organizations that handle payment card data. Adhering to these standards protects sensitive information, builds trust with customers, and mitigates the risk of data breaches and financial losses. The updated PCI DSS 4.0 version brings enhanced security measures and requirements to adapt to evolving threats and technologies.     Achieving and maintaining compliance requires a comprehensive and proactive approach: understanding the requirements, conducting regular risk assessments, and  implementing strong security controls  XYPRO can help. By prioritizing PCI DSS 4.0 compliance, your organization can: safeguard cardholder data, mitigate risks, and  demonstrate your commitment to data security.  Embracing a culture of compliance ensures the protection of both the organization and its customers, fostering trust and confidence in the digital payment ecosystem. WIth the right blend of security technology and expertise, XYPRO is on this journey with you, ready to assist every step of the way. #### There’s a Key Difference Between Messaging apps Telegram and Signal You Should Know About KTLA January 22, 2021 - There’s a Key Difference Between Messaging apps Telegram and Signal You Should Know About Millions have downloaded alternative secure messaging apps in the wake of WhatsApp’s proposed privacy policy changes. Those apps include Telegram and Signal, which are more secure than standard text messages. However, there is one key difference between these two apps you should know about. First, the reason why so many people are downloading these new apps: WhatsApp is changing its privacy policy. The messaging app has more than 2 billion people on the platform, and users weren’t happy with it. “We’re seeing a heightened awareness [to privacy] because it’s in our face constantly about how our data is being used, explained Steve Tcherchian, a cybersecurity expert at XYPRO Technology Corp. “Facebook doesn’t have the best track record when it comes to privacy data protections.” While WhatsApp still protects the privacy of personal messages in a big way – using what’s called end to end encryption, the new privacy policy would allow Facebook to see the contents of messages exchanged with businesses. This way, Facebook could sell ads against that data. “If I send an encrypted message to somebody, they’re the only person with the key to unlock that message, no one else can see it, not even the application developer,” explained Tcherchian. Because of the backlash, WhatsApp has now delayed its changes until May 15 – they were supposed to take effect in February. But that hasn’t stopped millions of users from downloading alternatives, including Telegram and Signal. Telegram is a messaging app headquartered in Dubai with 500 million users. The company says 25 million people recently joined. Meanwhile, Signal got a big boost in downloads thanks to Tesla’s Elon Musk, who tweeted simply, “Use Signal.” To read the full interview, please visit KTLA.com. #### Thriving Scams amid Covid-19 Pandemic Hackernoon, May 30, 2020-- Thriving Scams amid Covid-19 Pandemic Pretending to be the IRS for selling fake vaccines, scammers have kicked in scammers and hackers are playing with people's emotions to cash in the opportunity since the coronavirus pandemic began. Online scams have risen during the past few months that Google decided to take action. On Thursday, the search giant launched a new website called Scam Spotter to address the problem. Scam Spotter urges users to follow three simple rules to avoid getting scammed online: "Slow it down," "Spot Check," and "Stop! Don't send." The steps highlight some common tricks fraudsters use, such as creating a false sense of urgency so you don’t think about what they’re asking you to do. Steve Tcherchian Chief Information Security Officer at XYPRO "Criminals love panic and chaos, and they’ll use every opportunity to exploit the situation. As we adapt and try to be productive while juggling kids and multiple spouses working from home, security can sometimes be the last thing on our minds." Click here to read more. #### Top 10 Must-See Sessions - XYPRO at HPE NonStop TBC 2021 Once again, this year’s NonStop Technical Boot Camp was virtual and had over 1000 registered attendees.  As a Partner Sponsor, we are grateful to Connect and HPE for pulling out all the stops to make the event the best possible under difficult circumstances. With so many sessions to choose from, it was impossible to see everything in real-time, so here’s a recap, with links, of the Top 10 must-see security sessions. (Viewing may require a free registration) TBC21-402 - NonStop SQL - The  news - Covers the soon to be released SQL/MX 3.8 NonStop SQL Cloud Edition, database compatibility, PL/MX, SQLXPress, NSDA and more! Don’t miss this one as Roland Lemoine discusses customer use cases and running a secure database environment. TBC21-601 - HPE Pointnext Security Services - Learn about the security services that are included in the Service Credits menu, and how HPE Pointnext Services and XYPRO help customers secure their NonStop Servers.  TBC21-Y01 - LIVE PANEL DISCUSSION:  How Cyber Criminals are Trying to Break into Your Systems - XYPRO Chief Product Officer Steve Tcherchian participates in a lively panel discussion with other industry experts, including NonStop security legend Wendy Bartlett,  providing insight into who is trying to attack your system and strategies to prevent it. TBC21-605 - HPE Security Portfolio - This year, HPE and XYPRO announced the expansion of a decades-long partnership to deliver XYPRO’s entire suite through HPE NonStop systems. HPE NonStop systems, which tackle mission critical environments requiring 100% fault tolerance, are now available with expanded XYPRO Zero Trust solutions for optimal threat detection and security management capabilities. TBC21-X05 - See Security One (XS1) in Action - managing security through a single pane of glass offers viewers a look inside XYPRO’s security intelligence, threat detection and analytics platform that uses a secure browser interface and patented contextualization technology to detect potential attacks BEFORE they become harmful breaches. TBC21-603 - XYPRO Product Family Now Available Through HPE provides an overview of XYPRO’s ZERO Trust suite of security and compliance tools available directly from HPE. This partnership exemplifies XYPRO’s innovation commitment addressing the challenges and requirements of NonStop customers. TBC21-405 -  Advanced Database Management with SQLXPress - A must for ANY application environment, this presentation highlights how SQLXPress from XYPRO is gold standard, secure database management. HPE product manager Roland Lemoine demonstrates productivity and best in class performance for your database and applications with the utmost security built-in. TBC21-607 - XYGATE SecurityOne  - A live, 3 1/2 hour, deep-dive Education Session and product demo of the configuration and operation of XYPRO’s flagship product suite XYGATE SecurityOne. Presenters Dave Teal and William Ferrara give viewers the skills, tools and strategies to take advantage of this comprehensive solution to secure and monitor their enterprise through a single pane of glass. TBC21-302 - The Art of the Possible 2021 - Franz König from HPE discusses what keeps CIOs/CTOs up at night and how HPE NonStop helps address issues and create new value. TBC21-X04 - Secure Database Management HPE Product Manager Roland Lemoine and Steve Tcherchian present XYPRO’s SQLXpress to secure your HPE NonStop database. (Video Coming Soon!) On behalf of everyone at XYPRO, we would like to thank the many wonderful people both familiar and new who have reached out to us. We hope to see you all live and in-person next year! Don’t miss our always updated content on LinkedIn, YouTube, and Twitter.  XYPRO is giving away a $100 Amazon gift card to one lucky winner from our lists of followers. Follow and Subscribe during the month of October for a chance to win!   #### Top Financial Institution Standardizes HPE NonStop Database Management Top Global Financial Institution Standardizes HPE NonStop Database Management with XYPRO Secure Database Technology Ensure your applications perform at their best. Background The client, a large US-headquartered financial institution, is a multinational, independent investment bank and financial services company assisting individuals, corporations, and municipalities. With more than 8,100 financial advisors serving approximately 3 million accounts in more than 2,600 locations throughout the United States, Canada and overseas, total client assets approach $1 trillion. The Challenge The client was seeking an easy-to-use query and reporting solution for the management of their core business application databases, which are hosted on the HPE NonStop server. The detailed list of requirements included optimal database performance, increased DBA productivity, reduced operational risk, facilitation of a large data center migration, support for both NonStop SQL/MX and SQL/MP, as well as their new x86 upgrade. As a FORTUNE 500 company, it was critical to ensure their order management systems, along with other core applications, are always available and performing at an optimal level. The large financial institution was seeking a solution that not only addressed all their technical requirements, but they also wanted to simplify the user experience while delivering a low total cost of ownership and quick time to value. The Solution After exploring several approaches, including homegrown options, the client selected SQLXPress from XYPRO. Once XYPRO’s secure database management solution was introduced, the results were immediate. SQLXPress produced reports and metrics for capacity planning, impact analysis, and problem resolution. Specific reports relied on multiple NonStop data sources including SQL metadata, Guardian file system, TMF, SCF, PSTATE, and more. The correlated data gave the client a holistic view and a baseline of their entire HPE NonStop SQL environment. Such quick access to this information allowed them to finally start prioritizing their activities. One of the most relied upon SQLXPress features is the VISUAL QUERY TUNER. The client’s database administrators were able to create intuitive execution plans which quickly identified poorly performing queries, allowing them to quickly remediate and instantly show improved performance. Their own DBAs used SQLXPress to execute “Update Statistic” commands, as well as create and drop problematic indexes and perform query rewrites based on SQLXPress recommendations. This combination ensured the Order Management System continued to perform at optimal levels. The SQLXPress interface is easy for beginners to navigate, yet powerful enough to handle expert users. SQLXpress helped the client reduce onboarding time of new database operators and testers by more than 50%, saving time and money, while resulting in highly engaged new database operators. SQLXPress built-in wizards allowed the client’s DBAs to quickly respond to tickets for table creation or partition management, which would otherwise be extremely resource-intensive tasks requiring intimate knowledge of NonStop SQL commands and syntax. We never knew what we were missing without SQLXPress.  We’ll never go back. XYPRO’s Trusted Implementation Services - Secure SQL Database and HPE NonStop Experts To help users quickly get up to speed on SQLXPress, the client engaged XYPRO’s professional services to provide training to their staff. XYPRO ensured the solution was properly and securely deployed, greatly reducing the time it took the client’s staff to effectively use the solution. The Need for Secure Database Management SQLXPress manages large, complex, mission critical database environments and is the essential companion for HPE NonStop SQL, similar to SQL Management Studio for Microsoft SQL or Quest TOAD for ORACLE. SQLXpress is a productivity-boosting, risk managing tool for database administrators, software developers, quality assurance analysts, and technical support staff. #### Top Security Tips for Entrepreneurs Business Unplugged, Oct 22, 2019--Top Security Tips for Entrepreneurs | Business Unplugged | Carol Roth Master Your AI The ability to leverage machine learning and artificial intelligence is critical to entrepreneurs’ cybersecurity efforts. There is no doubt AI can become the future of security. Data is exponentially increasing. Automation and machine learning have catapulted us beyond the limitations of human skill. As businesses are becoming more digital and data-driven, the more information we can gain from our data, the more entrepreneurs will be able to monetize it. They should bone up on AI and master it, according to Steve Tcherchian, Chief Information Security Officer at XYPRO, a cybersecurity analytics company. Click here to read more. #### Tribute to Sheila Johnson Blommendahl Sheila Johnson Blommendahl 1948-2021 It is with great sadness to report that after a long illness, Sheila Sue Johnson Blommendahl passed away on July 29, 2021.   As the former CEO of XYPRO Technology, Sheila distinguished herself via a thoughtful, employee-centric approach to management, tapping on her education and counseling experience.   I had the privilege of growing up at XYPRO.  I got to work under Sheila’s mentorship for 25 years before her retirement.  I learned a lot about planning, trying new approaches and thinking things through.  I excelled under her guidance as well through her encouragement to let me lead. Sheila took great pride in XYPRO, a company co-founded with her husband and XYPRO’s CTO Dale Blommendahl.  Her pleasure in the successes the company achieved following her retirement was as genuine as while she was there.   Sheila’s post retirement life was full and included many non-profits and other causes close to her heart.  While her illness and the pandemic prevented many of us from seeing her recently, it is with fond memories and gratitude that we honor her legacy of helping others and giving many of us an opportunity to succeed that has greatly enhanced our lives. In lieu of flowers, please donate to Sheila’s favorite non-profit, Kids and Families Together, at www.kidsandfamilies.org  Lisa Partridge #### Types of Identity Theft Common Types of Identity Theft To protect yourself from any kind of ID theft, it's important to be careful with your personal information. An identity theft protection service can go a long way toward keeping your information safe and promptly notifying you if someone may have stolen it. That said, here are some common types of identity theft you should know. Financial Identity Theft Financial identity theft is “the compromise of your existing financial account(s) or the creation of new financial accounts by an unwanted third party acting in your name," according to the Identity Theft Resource Center. Financial ID theft can involve any account that someone else opens and uses without your consent and for which you are financially liable. This could be a credit card account, a subscription, insurance, a loan, or some other type of account. Most of the time, attackers steal this information in data breaches or purchase it from the dark web. A wide variety of personally identifiable information may be disclosed if you’re a victim of financial identity theft, including account numbers, name, contact information (address, phone, email), username and password, and Social Security number. “The health care industry, with its aging infrastructure, slow adoption of security, and hasty need to move to electronic medical records, has turned out to be a treasure-trove for cybercriminals,” Steve Tcherchian Chief Information Security Officer and Chief Product Officer XYPRO Technology Corporation Warning signs: According to the security company Norton, warning signs of financial identity theft include your bank or credit card statements having unfamiliar charges, or unknown accounts appearing on your credit report. You also can receive unexpected bills and collection calls as these accounts become significantly overdue. How to prevent it: The easiest way to protect your personal information is to be extremely careful about to whom you provide it. Legitimate customer service representatives already have access to the information they need and won't ask you for it over the phone or in an email or text. Share information only with trusted sources and never offer usernames or passwords in chats, phone calls, or emails. Read the full article here #### Webinar Replay: 5 Best Practices for HPE NonStop File Integrity Monitoring   File Integrity Monitoring (FIM) is a foundational requirement for security compliance frameworks to help identify unexpected or malicious activity across critical system files, diagnose unwanted or inadvertent changes, and shut down attacks before they have a chance to cause damage and disruption. Organizations that collect and process credit card transactions and payments data must comply with the Payment Card Industry Data Security Standard (PCI DSS) requirements 10.5.5 and 11.5 that state organizations must make efforts to monitor file modifications and ensure the integrity of critical logs from within their Cardholder Data Environment (CDE). On HPE NonStop servers, XYGATE SecurityOne (XS1) monitors and alerts when key files, objects, or system configurations are viewed, deleted, modified or ownership has changed. XS1 identifies who made the change and if the change put the system at risk or violated policy. This intelligent form of real-time integrity monitoring simplifies monitoring activity and helps meet the strictest of compliance requirements while reducing noise generated by unnecessary alerts. Your resources are focused on the most critical security events. Join XYPRO Technology’s Chief Product Officer & CISO, Steve Tcherchian, and Solutions Delivery Specialist, William Ferrara, as we demonstrate the Top 5 HPE NonStop File Integrity Monitoring use Cases. #### Webinar Replay: Detecting Authentication Threats Webinar Replay Prev 1 of 1 Next Detecting Authentication Threats Prev 1 of 1 Next Join XYPRO for This Live 30 Minute Webinar! Detecting Authentication Threats Wednesday, May 20, 2020, 7:00 am and 6:00 pm PDT Thursday, May 21, 2020, 11:00 am AEST (NZ, AUS) There are nearly a billion fraudulent sign-in attempts per day across the internet. Most of these rely on guessing common usernames and passwords, dictionary and brute force attacks. A new technique for hackers called credential stuffing takes a massive database of usernames and passwords, usually from online service providers’ mega-breach, and "stuffs" those credentials into logins to other sites and services. Because most people reuse the same username/password combination across multiple sites, the attacks are often successful and have the ability to quickly compromise multiple accounts. HPE NonStop servers help run the global critical infrastructure.  Detecting and alerting when fraudulent attempts occur is a must-have in combating these threats to protect the world’s credit card Payments, Mobile Telco, POS networks, etc. In this webinar, we’ll discuss how XYGATE User Authentication (XUA ships with every NonStop server) events logs feed critical data to XYGATE SecurityOne (XS1), XYPRO’s Risk Management and Threat detection platform to detect compromised accounts and separate actionable events from sifting through the “noise” so you know in real-time if someone or something is attempting to gain unauthorized access to your systems.   · Registration · Wednesday, May 20, 2020, 7:00 am and 6:00 pm PDT   7 am PDT Registration   6 pm PDT Registration   Thursday, May 21, 11:00 am AEST (NZ, AUS)   11 am AEST (NZ, AUS) Registration   Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. Steve is on Forbes Technology Council, the NonStop Under 40 executive board, and part of the ANSI X9 Security Standards Committee. With over 20 years in the cybersecurity field, Steve is responsible for the strategy and innovation of XYPRO’s security product line as well as overseeing  XYPRO’s risk, compliance, and security to ensure the best experience for customers in the mission critical computing marketplace. Steve is an engaging and dynamic speaker who regularly presents on cybersecurity topics at conferences around the world. #### Webinar Replay: From Zero to Hero: Integrate HPE NonStop with Splunk Prev 1 of 1 Next From Zero to Hero Integrate HPE NonStop with Splunk Prev 1 of 1 Next XYGATE Merged Audit (XMA), included with every HPE NonStop server since 2010, is an easy-to-use and integral security component of the HPE NonStop operating system.  XMA collects data from application, system and audit logs into a single, normalized SQL database to generate reports and forward data to your log management or analytics solution.  Exciting, right? Without having to purchase any additional software, XMA communicates directly with enterprise solutions like Splunk “...to modernize your security operations and strengthen your cyber defenses”.   Data is collected from EMS, Safeguard, ACI BASE24, iTP Webserver, XYGATE installations and much more. This data is aggregated, filtered, formatted, and selectively forwarded in real-time.  Did I mention you don’t have to try or buy any additional software?  XMA is on your NonStop servers already! You own it! Getting HPE NonStop server data to Splunk is easy.  Whether your data is in native XMA/NonStop format, Common Event Format (CEF) or a custom format, it can be sent to multiple targets via TCP or UDP.  The only thing to decide is which data you want to send.   XMA is installed and set up within minutes. Configuring XMA to forward data to Splunk takes even less time. All you need is the IP address, port and transport method (TCP or UDP). Pop those settings into the template inside of your XMA filters file and off you go.  Sit back, relax, and let your SOC monitor the log data from Splunk, while you enjoy modern, intelligent, and intuitive enterprise dashboards.  Want to read about XYPRO’s top 5 recommended reports? #### Webinar Replay: Integrate Your HPE NonStop Servers With CyberArk   XYPRO Technology Corporation, a leading cybersecurity solutions company, and CyberArk the global leader in privileged access management, will present a webinar on integrating HPE NonStop Servers. The presenters will be: CyberArk’s Brian Carpenter, Director of Business Development, and Steve Tcherchian, Chief Product Officer and Chief Information Security Officer for XYPRO. They will discuss how the CyberArk Privileged Access Security Solution secures, manages, automates, and logs all activities associated with privileged access. They will detail current attack vectors and analyze real use cases on how your HPE NonStop servers can seamlessly integrate with CyberArk processes to help ensure complete visibility, traceability, automation, and security of your HPE NonStop servers. “The largest security risks to any organization are the misuse or compromise of privileged credentials,” said Tcherchian. “Privileged accounts are a particular risk as they enable elevated access to your organization’s mission critical data.” “Because of the fear of ‘breaking something’ that could impact the ATM, POS, Mobile, or Payments infrastructure, many applications and systems were initially deployed, years ago, with passwords for privileged accounts that were and still are rarely rotated, shared, and improperly stored,” said Tcherchian. “This practice should be keeping CIOs and CISOs up at night, especially since there is something they can do about it.” The compromise of privileged accounts is connected to nearly all targeted attacks. Proper credential storage and management are paramount for responsible risk mitigation. If you are still manually managing privileged access, you’re not doing all you can to protect your systems. It’s not news that anything manual is resource-intensive, error-prone, and leaves gaps in your security. A Privileged Access Management solution provides the ideal capabilities for automating these activities. In this webinar, XYPRO and CyberArk will discuss how the HPE NonStop server integration can help with visibility, traceability, automation, and security. #### What Caused The Ransomware Attack On Toyota? Experts Insight Toyota, the world’s largest carmaker has halted production at all of its plants in Japan after a ransomware attack on a key supplier. This marks another major enterprise casualty as hackers continue to see rising success with ransomware attacks. EXPERT COMMENTS The Toyota breach highlighted that no company is off limits. At first, Toyota might seem like a highly secure environment that it would not likely be a target, but impacting operations to a global company like Toyota can have a catastrophic impact to the supply chain. If Toyota cannot purchase, receive, deliver and service product, a large part of the economy would come to a halt. Most of the public information says this ransomware isn’t damaging and Toyota is still investigating the impact. All Toyota is saying right now is no customer data was hacked. Typically, in situations like this “No customer data hacked” will put the public at ease. Unfortunately, for a company that size with worldwide operations, that thread can be pulled to reveal a lot more. Steve Tcherchian CISO, XYPRO, Chief Product Officer It's unknown how long the perpetrators were embedded in Toyota’s network. The average time to detect a breach is currently at 200+ days. Assuming with that much time on the Toyota’s network and systems, a lot of damage could have been done in terms of compromising company and employee data. Given the tight privacy regulations in Japan, this could make for an interesting next few weeks. Watching this one very closely. Read More   #### What is a NonStop Server? - Building Bridges I had a proud moment the other day. Kind of like when you get to brag about your  children (or grandchildren): I was enjoying a beverage with a group of Mainframe support team members. We had just completed a long day of meetings on HPE NonStop topics.  Only one of the Mainframe team had attended. At some point, the question was asked "What is a NonStop server and why do we have them?" The company has had their servers for decades. Everyone knows about the machines, but like so many other places, no one ever asks. To my utter amazement, the answer straight from the Mainframe guy was: "It is a mainframe system. HPE makes them. They run application x". Unprompted, without influence, an old school IBM Mainframe systems person tossed this out.  The look on my face must have been an odd mixture of happiness and confusion as I have NEVER heard anyone who wasn't raised on NonStop calling my systems a main­ frame. We spent the next few hours educating each other on the benefits (and difficulties) of managing our chosen systems. What I wish I could reproduce at any gathering of plat­ form advocates, whether it be Windows, Mainframe, Linux or NonStop is that spark of understanding. We all enjoy what we do (at least I hope we do) and there is a certain devotion/dedication  and pride that goes along with  it.  At  the end of this discussion,  we all laughed an really appreciated what the others go through every day. The next time you run into someone who isn't as savvy as you are on the subject of our favorite platform, take the time to bring  them up to speed.  While you are at it, try and build a bridge by trying to see why they love what they do as much as you. You never know where  the next convert may be.   Rob Lesan XYPRO Technology   Originally published in The Connection Magazine     #### What Technology Will Most Impact the Future of Cybersecurity? 33 Experts Share Their Insights Disruptor Daily--June 30, 2019 What Technology Will Most Impact the Future of Cybersecurity? 33 Experts Share Their Insights Steve Tcherchian, CISSO, XYPRO Chief Product Officer, lends his expertise to the discussion of how artificial intelligence promises to be the future of cybersecurity. #### What Trends Are Shaping Cybersecurity in 2019? 35 Experts Share Their Insights Disruptor Daily--June 29, 2019 What Trends Are Shaping Cybersecurity in 2019? 35 Experts Share Their Insights Steve Tcherchian, CISSO, XYPRO Chief Product Officer, discusses how the future of business is data driven. #### What’s The Future of Cybersecurity? 38 Experts Share Their Insights Disruptor Daily--June 26, 2019 What’s The Future of Cybersecurity? 38 Experts Share Their Insights Steve Tcherchian, CISSO, XYPRO Chief Product Officer, lends his expertise to the discussion of how machine learning and artificial intelligence might be leveraged to be the future of cybersecurity. #### Which type of CISO are you? Company fit Matters SearchSecurity, August 2020– Which type of CISO are you? Company fit Matters The role of CISO has grown in profile and importance in recent years, as evolving and escalating digital threats raise the stakes for organizations of every size and stripe. But organizations aren't always clear about what they want from their CISOs, and CISOs aren't always clear what kind of leaders they are or want to be. "CISOs are not the same from company to company and industry to industry," said Steve Tcherchian, CISO for XYPRO Technology Corp., a cybersecurity analytics company. "We're still in the infancy of what this role really is and how it fits into the strategic focus of a business." As a result, enterprises often look to CISOs themselves to define the role, he added. Experience and personality greatly influence how a given type of CISO leads, often with unforeseen implications for the organization. "Some CISOs will see an opportunity and drive it forward," Tcherchian said. "Others in the same role will be risk-averse and maintain the status quo." Click here to read the full article. #### Why Cloud Containers Are Vulnerable CMSWire, August 2, 2019--Every few months or so some cybersecurity vendor publishes new research on vulnerabilities and exploits. It might be easy to dismiss such reports as being alarmist headlines intended to drive the security business, but you can never be too careful.  XYPRO CISSO and CPO Steve Tcherchian lends his expertise to this article, discussing the rapid growth of vulnerabilities in cloud containers. Click here to read more. #### Wisdom From The Women Leading The Cybersecurity Industry The cybersecurity industry has become so essential and exciting. What is coming around the corner? What are the concerns we should keep an eye out for? How does one succeed in the cybersecurity industry? As a part of this interview series called “Wisdom From The Women Leading The Cybersecurity Industry”, we had the pleasure of interviewing Lisa Partridge. She started working with XYPRO Technology Corporation, a cybersecurity solutions company in Simi Valley, CA, in 1990 in the sales organization and assumed responsibility for the Sales and Marketing function as Vice President in 1997. Instrumental in XYPRO’s growth and leadership position in the HPE NonStop security world, Lisa was promoted to President in 2011 and assumed the role of CEO in 2014 following a management buyout of XYPRO’s founders. Lisa is a seasoned professional with hands on experience in many areas of a running and growing a software development organization, with a focus on employee engagement, customer relationship building and strategic product management decisions. Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit. Can you tell us a bit about your backstory and how you grew up? Like many of life’s journeys, I got into technology indirectly and moved to Los Angeles unexpectedly. When I was a high schooler in Calgary, I had an inspiring teacher who often talked about her traveling experiences and her time in the Student Work Abroad Program (SWAP), which enabled her to live and work in the UK for a couple of years via a special VISA for commonwealth countries. I couldn’t wait to do the same thing! I applied for the Visa and in 1987 I headed to London! I had the time of my life! Living, working, exploring and learning to be an adult. That teacher changed the trajectory of my life. To read the rest of the article, click here #### Women in Tech: A Cybersecurity Leader I’m a head down, roll up your sleeves kind of leader. I started out at XYPRO on the ground floor 27 years ago and feel most comfortable in the trenches with the team, making sure they’ve got what they need to be successful.  I know I don’t provide public updates nearly as often as I should, so this blog is an excellent exercise in reflection as the events of a year are distilled into a message that conveys where we’ve been and where we’re going as a company.   The impact we’re having and are still to have on Mission Critical Security & Risk Management is the heartbeat of XYPRO’s  business opportunity and it’s what we identify as our mission.  We’re thrilled with what we accomplished in 2017 and the plans for 2018 that are already coming to fruition.  In addition to 2017 being another record revenue year, it was an exemplary year for us in several areas.   Following an executive restructuring in Q1 we were able to streamline our product management and engineering divisions, improving product vision, time to market and overall company communication and productivity.   In March we finalized XYPRO’s acquisition of Canadian database specialist Merlon Software Corporation, which increased our global client base and added a sophisticated suite of Database Management products to our HPE NonStop Mission Critical Software catalog and a great group of people to our company.  Amalgamating the very experienced team from Merlon with the growing XYPRO family was new territory for us and has proven to be a very rewarding experience.   A key factor to ensuring happy customers is to make sure that people enjoy coming to work every day.  One of the ways we try to accomplish this is ensuring that each employee knows they are a valuable contributor to our success and in Q2, 2017 we were honored as one of Inc. Magazine’s “Best Places to Work 2017”.   Happy employees give their best and make sure that customers know we’re on their side.   In November we officially released our new Security Intelligence & Risk Management solution, XYGATE SecurityOne (XS1).  This milestone marks a significant shift towards marrying our expertise in HPE NonStop server security with innovative, truly cutting-edge technology focused on reducing risk in the Mission Critical environment.  Navy Federal Credit Union, one of those first deployments, has written an article about the experience and benefits gained from XYGATE SecurityOne. It’s already the end of Q1 2018 and we’re off to a busy start!  XYPRO’s annual corporate kick-off was held in February and we marched headlong into our new year!  We celebrated team success with a marching band and a fantastic group photo that highlights our energy, diversity, enthusiasm and camaraderie.       Q1 2018 also marks the release of a brand new product - XYGATE Identity Connector.  Our new technology partnership with SailPoint, a proven leader in enterprise Identity Management,  means that XYPRO provides the first and only SailPoint-certified integration for HPE NonStop servers.   What drives us every day?  What is XYPRO’s raison d'etre? We all live our daily lives relying on technology.  Mission Critical security solutions allow us to securely shop, bank, manage our finances and stock portfolios, wire money and pay for things with credit cards, mobile phones and all types of newer tech innovations. At the heart of these activities is the digital core where your data resides - moving, talking, transacting, doing what data does.  At XYPRO, we believe that no data is more important than your data and we protect your data like it’s our own.  Because it is.   Lisa Partridge, CEO XYPRO Technology www.xypro.com @XYPROTechnology   P.S.  Watch for more exciting product announcements over the next few months as well as an update on the “patent pending” status of the technology behind XS1! Right before publication of this article, we learned about the passing of our HPE NonStop Security colleague, Thomas Burg, CTO of comForte 21 GmbH.  Thomas’s enthusiasm for information security was genuine and the NonStop community is better off because of Thomas’s contributions.  We send our condolences to Thomas’s family and the team at comForte.  Respect. A friendly game between XYPRO & comForte. (Thomas Burg, Henning Horst, Sean Bicknell & Steve Tcherchian) #### Working in Cybersecurity Varonis, Dec 18, 2019--What Working in Cybersecurity is Really Like: A Day in the Life Great career advice provided by Steve Tcherchian, Chief Information Security Officer at XYPRO, a cybersecurity analytics company. Main Takeaways: Find a mentor, then listen and learn. The best leaders will be energized to share their experiences – both positive and negative. Don’t be afraid to push the envelope. Respect the processes in place but it’s okay to question them. Adaptability – Just because you thought of something doesn’t mean someone cannot build something better on it. Allow for that. Q: Advice you’d give to someone who is interested in pursuing your career? A: “I would suggest to anyone deciding to enter this line of work is to find yourself a mentor – listen and learn. The best leaders will be energized to share their experiences – both positive and negative – and want you to do better than them.” Click here to read more. #### World Password Day We hate to throw shade on World Password Day but passwords are archaic! You must introduce a second factor for authentication. This added layer of complexity to the authentication process provides immense value in terms of addressing the risk. MFA is the biggest bang for your security buck. MFA should be turned on for everything. The biggest risk to any organization is passwords, especially default passwords and passwords to privileged accounts - elevated access to perform special functions. These can be administrator accounts, service accounts, database connection accounts, application accounts, and others. Most of these accounts were set up years ago when an application or system was initially deployed. They have multiple integration points and because of the risk of “breaking something,” the passwords for these accounts are rarely rotated, likely shared, and often improperly stored. Privileged account abuse is the most common way for hackers to compromise a system.  But it starts with authentication. Proper credential storage and visibility of authentication activity are paramount for risk mitigation. Manual methods are resource-intensive, error-prone, and leave gaps. MFA  is already on your HPE NonStop server.  XYGATE User Authentication (XUA) is ready with no additional software or infrastructure needed and delivers industry-standard, multi-factor authentication that integrates your NonStop environment with enterprise authentication providers such as Microsoft Active Directory, RSA SecurID, Google Authenticator, and many others. XYGATE for CyberArk integrates your HPE NonStop servers with your CyberArk Password Vault and Privileged Session Manager, closing the security gap by providing privileged account management, session visibility, and hardening in the privileged access management process using NonStop emulators, such as OutsideView.  Most NonStop environments also have SailPoint IdentityIQ in their IT ecosystem.  Adding the integration with SailPoint IdentityIQ enables user governance, provisioning, automation, and reconciliation of HPE NonStop user accounts directly from SailPoint.  Attackers exploit the weakest link and walk right through the front door. If we continue to make it easy, these types of attacks will only continue. Don’t make it easy. #### XYGATE Merged Audit now supports both BASE24 & BASE24-eps! The ability to track and review all activity on the HPE NonStop server is a requirement that is no small task as businesses must quickly identify suspicious activity. To help their customers meet these security standards, HPE bundles XYGATE Merged Audit (XMA) with the NonStop Operating System. XMA is an easy to use product that collects and filters data from various audit logs into a single, normalized SQL database on the NonStop, from which you can generate reports. It can also send that data via SYSLOG to integrate seamlessly with Security Information and Event Management (SIEM) devices. As security in payments processing becomes more challenging, businesses must capture every event going on within their system while also trying to accommodate steady streams of new information, transaction, channels and technologies. XYPRO has created plug-ins for XMA that enable event capture for ACI BASE24 and BASE24-eps. With these plug-ins you get all the great features of Merged Audit: A single repository for audit data Acceptance of audit records from multiple sources Single-server or multi-server view A customizable reporting tool A filtering mechanism to extract selected data An event monitor can display any event or item in near real-time based on customized filters built by the user User-definable alerts These Plug-ins are available for servers running H–L Series versions of the HPE NonStop Operating System. XMA has been shipping as part of the NonStop security bundle since 2010, so chances are high that you already have XMA on your system. For more information about purchasing the BASE24 & BASE24-eps plug-ins, please contact your XYPRO Sales Representative. https://xypro.com/contact Learn more about XYGATE Merged Audit at https://xypro.com/products/merged-audit-xma/   #### XYGATE SecurityOneTM – The Next Generation of NonStop Security Jimmy Treybig, founder of Tandem Computers, reminded everyone of his secret to success last month while presenting at CTUG in Toronto. "Innovation and Change, without those, you have no success." Criminals are constantly finding new and clever ways to exploit security defenses.   Security providers must drive the innovation necessary to counter these attacks to protect business operations and data. The strategy that worked yesterday probably won’t work tomorrow.  That’s why XYPRO is looking beyond what’s there today.  To innovate and develop the solutions that protect youand your business from threats – today and tomorrow. In a recent article by Tara Seals of Infosecurity Magazine, Hewlett-Packard Enterprise’s Sue Barsamian, SVP of Enterprise Security Products, pointed out that technologies enabling disruption and innovation also introduce new challenges for enterprise security.  These challenges demand a new approach to security that goes beyond simply protecting the perimeter.  It’s really an approach of protecting users, applications and data and securing the interactions between them. XYPRO Technology has been a software partner of Tandem and now Hewlett Packard Enterprise since 1983.  Our focus has been almost exclusively on security of the NonStop operating system, applications, and data – since 1990 when our founder Dale Blommendahl recognized that security was going to be one of the single most important parts of technology going forward.  Dale’s visionary approach has certainly been proven true. In their 2015 Global Cost of Data Breach Study, the Ponemon Institute pointed out the continual rise in cyber attack frequency and the costs associated with resolving cyber incidents. As such, security teams need greater visibility and proactive analysis of their data to enable faster detection and increase response times to avoid a high impact cyber incident. A defensive security posture is no longer a sustainable security strategy. The same Ponemon study also pointed out that the mean time to detection of a cyber security incident is currently over 200 days. This is mostly due to manual detection and discovery methods used to investigate security incidents. This tends to be a very time consuming and expensive process, often sending security teams down rabbit holes and wasting resources. Attackers have learned that blending their activities in as innocuous user behavior hides their actions as they move around the system.  This is the concept of “low and slow”. Mission critical systems like the HPE Integrity NonStop servers house an organization’s most valuable applications and assets and must be protected against a variety of threats.  Although the NonStop has unique security features not typically seen on other enterprise systems, it is still at risk from insider and outsider threats, misuse, non-compliance and security breaches.  As systems grow larger, faster and more economical, the amount of data generated, and thus put at risk, exponentially increases.  Keeping track of what is happening to that data and those systems becomes a very expensive and inefficient exercise for system operators.  Without proactive control and visibility into their NonStop infrastructure, organizations expose themselves to greater risk. Current solutions do not provide the specialized NonStop security intelligence and contextualization to paint the correct picture for this purpose. XYPRO is proud to announce XYGATE SecurityOneTM .  A brand new product that provides a comprehensive, single pane of glass approach to control and contextualize NonStop security through policy management, data protection and security analytics.  The result?  Meaningful reduction in the Mean Time To Detection. XYGATE SecurityOneTM introduces an intelligence platform never seen before for the HPE Integrity NonStop Server.  Leveraging existing native HPE NonStop Security information, all of the XYGATE suite’s extensive security data information and extensive new functionality, XYGATE SecurityOne incorporates multiple NonStop security intelligence data feeds into a single, easy to use, browser interface for a single-view visibility of your NonStop Systems’ security. Using our patent-pending technology, XYGATE SecurityOneTM gathers data from multiple disparate NonStop server sources and uses specialized security intelligence algorithms to correlate, contextualize and analyze events. For example, combining application data, user behavior, file operations, network data, command input and other sources to paint a detailed security incident picture in real-time for the NonStop, enabling security operators to hone in on and detect security events before they culminate into an “incident”.  XYGATE SecurityOneTM draws your attention and alerts you to the items you need to be aware of, allowing you to effectively prioritize your response and countermeasures. With its summary/detail dashboards and customizable, easy to use browser interface, XYGATE SecurityOneTM  enables you to manage security configurations, harden your system security based on NonStop best practices, measure and enforce compliance and policies on a global level, take the guesswork out of audit and forensic investigations, intelligently analyze your NonStop security data and much more. This combination of data protection, application security and threat intelligence greatly reduces the likeliness of undesirable and costly post-breach data recovery actions. A key feature of XYGATE SecurityOneTM allows the newly generated NonStop specific data to participate with the rest of the enterprise security picture by integrating its data contextually into a SIEM such as HPE ArcSight. No longer will NonStop data be categorized into buckets for binary alerting and reporting. With XYGATE SecurityOneTM, you can now send rich, contextualized incident data to your SIEM to allow the NonStop to participate in the big picture of enterprise security. Key Features of XYGATE SecurityOneTM Single platform for security management and analysis Patent pending technology Security Intelligence profiles and prioritizes security incidents Real-time incident detection and alerting Contextualize and prioritize incidents Modern browser application Interface Summary/detail dashboards for complete environment visibility Automate policy management, compliance and reporting Simplify forensic investigations Interpret keystroke command audits for context Integrate multiple sources of NonStop data for security analysis Visibility into system, network and user activity User behavior profiling Incorporate NonStop data intelligently into the rest of the enterprise Integrate with SIEMs and other security solutions (ArcSight, QRADAR, Splunk and others) Quickly highlight critical information   All of these features, not previously available for the highly-available, reliable and scalable HPE NonStop server, allow us to bring that groundbreaking server technology, responsible for so much of the Payments, Financial, Telecom and Retail infrastructure around the world, to a place where the ability to monitor the security of the environment is as rock-solid as the performance of the server itself. Key Benefits Faster threat detectionhttps://xypro.com/product/securityone/ Meaningful reduction in Mean Time to Detection Improved incident response times Increased operational efficiency Simplified security operations Improved compliance and policy management Differentiation of noise from actionable incidents Minimize the impact of a breach by identifying it in its earliest stages As threats evolve, the next generation of security solutions to actively identify these threats and protect the systems our organizations critically depend on need to evolve with them.  XYPRO has been focusing its research and development efforts creating the tools and solutions needed to actively protect the HPE Integrity NonStop Servers from the next generation of threats, increasing the NonStop operators’ efficiency by focusing their security efforts to items on which they should be focusing and ultimately reduce an organization’s Mean Time to Detection.  With over 30 years in NonStop Security, XYPRO is the one source positioned to solve the security challenges of the NonStop industry; today and tomorrow. To get more information please visit www.XYPRO.com Steve Tcherchian, CISSP CISO XYPRO Technology Steve Tcherchian is the CISO for XYPRO Technology. With almost 20 years in the cybersecurity field, Steve is responsible for overseeing XYPRO’s risk, compliance, infrastructure and product security to ensure the best security experience to customers in the mission critical computing marketplace. #### XYGATE User Authentication (XUA) - PCI DSS 3.2 Ready! Originally published in The Connection September - October 2016 pg. 19   Andrew Price > VP Technology > XYPRO Technology Wendy Bartlett > Distinguished Technologist > HPE   XYGATE User Authentication (XUA) supports PCI DSS Multi Factor Authentication (MFA) requirement.   The Payments Card Industry Data Security Standard (PCI DSS) version 3.2 has recently been published.  The previous version, 3.1, expired on Oct 31, 2016, at which time all new assessments must use PCI DSS 3.2.  New requirements are considered best practices until Jan 31, 2018, at which point the new requirements become fully effective.   One of the main areas that has changed in scope from 3.1 to 3.2 is the requirement for Multi Factor Authentication (MFA).  As of 3.2, MFA is required for all non-console administrative access to the Cardholder Data Environment (CDE).  Simply put, and in NonStop terms, anyone who has access to the CDE (NonStop systems or applications) from anywhere other than the NonStop System Console is now required to be authenticated using MFA.   The good news is that many NonStop Security Administrators should be able to implement MFA using the tools they already have.   XYGATE User Authentication (XUA) has been included on all commercial NonStop Blade Servers shipped since September 2013. Others may order it separately using the PID QSN52 or QSN52U. XUA integrates NonStop authentication with a variety of off board authentication mechanisms, including Active Directory, LDAP, RADIUS and RSA SecurID.  When configured correctly, these can provide MFA support, addressing the 3.2 requirement for all command line (TACL and OSS) based access “out of the box”.   Application-level MFA can also be achieved in a Safeguard environment with XUA configured if the application already authenticates its users by calling USER_AUTHENTICATE_ or is changed to do so. The call to USER_AUTHENTICATE_ will invoke XUA automatically, which will perform MFA.  Applications that have their own User store may need slightly more work, but can likely be modified to call USER_AUTHENTICATE_ to invoke XUA, rather than consulting their own User store for authentication.   To learn more about XUA, and to take advantage of a solution that you probably have access to already, click here, or contact your HPE or XYPRO account rep.   Andrew Price VP Technology XYPRO Technology   Wendy Bartlett Distinguished Technologist Hewlett Packard Enterprise   #### XYGATE User Authentication (XUA) Bundled with the HPE NonStop Operating System SIMI VALLEY, Calif.--(BUSINESS WIRE)--XYPRO Technology Corporation, the market leader in HPE NonStop Server security, audit, compliance, and FIPS-validated encryption solutions, today announced that its XYGATE User Authentication (XUA) software solution will now be included with the HPE NonStop Operating System for the recently-announced platforms. The XUA software addition allows customers to strengthen NonStop security with increased user authentication controls, logon management, and enterprise integration. Key functionality includes: granular logon controls, user group logon rules, logon-specific audit reports, time-based logon controls, controlled impersonation capabilities, LDAP interface for the NonStop Server (enabling single sign-on) and support for RSA SecurID Tokens. “Strong user authentication and logon controls are a fundamental best practice in securing mission critical systems and are also needed to comply with industry regulations, like PCI DSS,” said Lisa Partridge, President, XYPRO. “Bundling XUA software with the NonStop OS distribution strengthens security within the NonStop user community and provides customers increased consistency and significant savings.” XUA software is bundled with orders of the latest NonStop Server Platforms, the NB56000c and NB56000c-cg. For other NonStop J-series systems, customers can purchase an upgrade to their Security Bundle. For H-series systems, XUA software continues to be available as an independent product from HPE and can also be directly purchased from and supported by XYPRO. As it has been since 2010, XYPRO’s XYGATE Merged Audit (XMA) software will continue to be included with the HPE NonStop OS for all new J-series and H-series systems. XMA is also available via OS upgrade for existing systems. XMA provides consolidated NonStop security event auditing and monitoring, real-time alerting, audit reporting and integration with enterprise Security Incident and Event Management (SIEM) systems such as HPE ArcSight. About XYPRO Founded in 1983, XYPRO Technology Corporation is the market leader in HPE NonStop server security, audit, compliance assessment and FIPS-validated encryption solutions. XYPRO solutions meet the strict requirements of companies who manage, access and transport sensitive data using heterogeneous hardware platforms and multiple communications media. XYPRO helps mission critical businesses manage their security risks, protect assets and gain a competitive edge through compliance, while improving efficiency. https://xypro.com Contacts XYPRO Technology Corporation Kenneth Scudder, +1 (805) 583-2874 Email: kenneth.scudder@xypro.com #### XYPRO & HPE Partner to Provide ZERO Trust Security for HPE NonStop A recent industry phishing report showed that 4% of users are prone to click on anything sent to them. That is a scary statistic given that phishing is one of the primary methods ransomware attacks are carried out. Ransomware is extremely damaging for a business due to its relatively low cost to execute and high value rate of return. Four percent might seem like a low number, but just one user falling victim to a phishing attempt is one too many. We, as cybersecurity professionals, need to be right 100% of the time, whereas the attacker only has to be right once. With 4% of users clicking on just about anything and opening attachments, the odds are definitely stacked against us. Another alarming consideration: 24% of data breaches are still due to a malicious insider. This could be an employee, a contractor or some other trusted entity with access to your systems and data for legitimate business purposes, but in fact is misusing the level of access they have been granted. The Traditional Model - Trust But Verify We are all used to the traditional security model where we authenticate ourselves to an application or perimeter device - such as a VPN - then continue on carrying out our responsibilities. This model assumes everything inside an organization’s network is trusted, so once a user is authenticated to the VPN, they can move around to any resource to which they have access. The assumption is made that the user is who they say they are, the user’s account is not compromised and that the user will act responsibly.  According to Microsoft, 81% of data breaches occur because of weak, shared, default or stolen credentials. All it takes is one compromised account to one legacy application to cause a catastrophic breach and your  company is catapulted negatively into the headlines. Privileged access was implemented to solve the problem of “shared credentials''. BUT a pandemic-forced, remote work situation exacerbates a dissolving perimeter with more cloud based workloads as well as IT sprawl, making privileged access extremely vulnerable.  For an attacker, compromising credentials is key. Once they can walk through the front door, the objective is to lay low and move laterally across the network with the purpose of finding a way to elevate privileges - meaning attempting to gain more access than they currently have. In short, the traditional cybersecurity model leaves organizations vulnerable to external credential theft and malicious insiders.   Embracing a ZERO Trust mindset and operating a system geared towards ZERO Trust principles better positions your organization to secure sensitive data, devices, and applications ZERO Trust Security - Never Trust, Always Verify It's been well over a year since millions of businesses were forced to adopt a pandemic, work from home strategy. Most businesses are now actively planning on what a return  to the office could look like. Part of the challenges they face is the workforce has evolved and is no longer limited to the four walls of a company to perform their work. Organizations are now having to adapt to the modern workplace where the focus is on embracing technology and being less tied to physical locations.  Users, applications, devices and data are spread across multiple networks, servers, physical locations and in the cloud.  The priority now is to find the best way to provide efficient, fast, and secure access. Enter ZERO Trust Security Architecture  The traditional security model relies on a “Trust But Verify” strategy. Authenticated users are trusted on the network. Everything users do on the network, they are allowed to do since they have verified themselves by way of authenticated credentials. ZERO Trust is not a technology, it’s a methodology. You can’t simply go to a security vendor and say ‘I want to purchase  ZERO trust security ZERO Trust never trusts and always verifies. This means eliminating any trust that previously existed for users, credentials, network, permissions. Instead, ZERO trust continuously validates who is attempting to gain access to data, applications, servers, resources, etc. to ensure they are who they say they are. This is done by vetting of parameters or attributes such as: Identity Credentials Device Firmware System Integrity Location Policies Permissions User Behavior Applications And more... This validation and authentication is done on a continuous basis for every connection attempt, file access, data request, server access and command issued to ensure every user is who they say they are supposed to be. Real time monitoring encompasses this activity to immediately raise alerts if something is outside of normal behavior. ZERO Trust is not a technology, it’s a methodology.  You can’t simply go to a security vendor and say “I want to purchase  ZERO trust security”. A security methodology first described by John Kindervag of Forrester Research in 2010, its main goal is to reduce the uncertainty of enforcing access decisions. ZERO Trust  reduces the risk of presenting a username/password and gaining access to an application, then depending on the permissions granted to you by the application, you can move around the application and its data. With ZERO Trust, every time a user tries to access a new screen, a new data set, a SQL query, a combination of the parameters mentioned above will be interrogated and validated. Every time. The ZERO Trust combination of technologies laid out in a strategic architecture ensures the methodology is properly followed.  Benefits of ZERO Trust Embracing a ZERO Trust mindset and operating a system geared towards ZERO Trust principles better positions your organization to secure sensitive data, devices, and applications. ZERO Trust also provides the following benefits: Prevent the lateral movement of an attacker once a system or network is compromised. If we’re constantly interrogating and validating attempts to access a resource and if the parameters we interrogate don't match, they’re not gaining access to that system. Whatever or whomever is attempting to gain access will not be able to move around the network. This will give you a fighting chance to detect that an individual system has been compromised and a chance to mitigate it before they can do further damage.  It gives you greater visibility across the enterprise. It will ensure you have the proper real time monitoring and alerting in place to know that something is out of line. Securing your mobile workforce is paramount in today’s world. Zero trust allows users to connect from a variety of locations using different devices with minimal impact to their workload, while establishing the proper security controls for the organization. Simplify IT Management and Reduce Cost.  Most IT ecosystems have disparate systems that are not confined to just one location. Each system requires authentication, policies, roles, access permissions, configuration and more. Simplifying all this into a single identity where everything lives will ensure that IT management isn’t cumbersome. Consolidating simplifies IT management and simplifying management reduces cost. XYPRO and HPE Expand Partnership Recently, XYPRO announced the expansion of a decades-long partnership with Hewlett Packard Enterprise (HPE) to deliver XYPRO’s entire suite through HPE NonStop systems. HPE NonStop systems, which tackle mission critical environments requiring 100% fault tolerance, are now available with expanded XYPRO Zero Trust solutions for optimal threat detection and security management capabilities.  This expansion extends the availability of mission critical database management, security and integration solutions to help customers implement Zero Trust to protect their mission critical environment.  This expansion includes XYPRO’s flagship product - XYGATE SecurityOne, a patented security, compliance and threat detection platform and XYGATE Identity Connector, the first and only SailPoint and CyberArk integrations for HPE NonStop systems. Customers can now meet requirements to secure and monitor their mission critical investment with these solutions using HPE NonStop systems. ZERO Trust and HPE NonStop With the expanded HPE and XYPRO relationship, HPE customers can now implement full ZERO Trust security for their HPE NonStop environment. The goal is if an attacker compromises an area of the system, subsequent trust layers are purposefully set-up to slow down and narrow the field of attack. XYPRO deconstructed the layers for HPE NonStop servers to identify where the system or data is most at risk.  We apply the ZERO Trust strategy based on the risk involved, the type of data we are aiming to protect, and how different layers can interact with each other for risk mitigation. We ended up with the trust layers illustrated below.  The Network Layer The Network layer is  the outermost layer of the system and most  likely to be targeted first.  This layer is essentially your system’s perimeter, where applications are exposed and data is in motion, communicating with other systems and endpoints. Unlike subsequent layers, the system does not necessarily need to be compromised for an attack to be successful at this layer. Therefore, it’s critical to ensure all data flowing in and out of the system at this layer is properly protected using secure protocols such as TLS, SSH, SFTP etc… and ensuring no suspicious ports or services are available for external fingerprinting or other reconnaissance activity. Implementing security at this layer will cause a potential attacker to look elsewhere. The System Layer The system layer controls who is allowed to have access into your system. This is where logon controls are set up, credentials are validated and additional integrations, such as Multi-factor Authentication provided by XYGATE User Authentication (XUA) are implemented. An often overlooked but equally important understanding is that access isn’t only for users or logging into the system. Processes, objects and subsystems also need to properly authenticate themselves to access system resources and data. Think of this layer as the front door to your house. A thief would typically need valid credentials, or keys, to proceed any further. Although hardening your defenses here is a must, assume a motivated and patient adversary will bide their time and eventually get the keys they are looking for. And not to mention those pesky insider threats who may already have validated access to the system.  The User Layer The user layer approach takes the position that users should not have unchecked permissions on a system, even after they’ve been granted access.  Assume an attacker was road blocked at the Network Layer, but was able to compromise a user’s credentials at the system layer and logged on to the system. Deploying a proper ZERO Trust strategy at these next two layers will ensure access to the “Data in Use” is properly controlled and managed. Once granted access to a system, users shouldn’t have free reign to browse and run applications and utilities as they please (although I have seen this happen more than I’m comfortable admitting). Controlling what a user can access in terms of utilities and system locations based on their role, job responsibilities and other factors is a critical approach to executing a proper security strategy. Privileged Access Management (PAM) and Role Based Access Control (RBAC) is provided by XYGATE Access Control (XAC)  at this layer. XAC takes traditional RBAC a step further, by restricting control to the subcommand level within utilities and programs. Unless a user is explicitly granted access to a utility or program, or even a subcommand within a utility, they will be denied. Further controlling what a malicious user may or may not do if they manage to get down to this layer. The Object Layer The object layer  ensures access to resources is granted only to authorized users. Resources may include files, volumes, subvolumes, databases and other objects. Building on the previous trust layer that restricted access based on actions, protection at the object layer will ensure an authorized user, running an authorized application can only access authorized objects. XYGATE Object Security (XOS) provides full coverage for all of your NonStop file, system, application and database resources. The Data Layer The data layer is data stored within files, databases and other data repositories containing critical business data, payment card data, customer data and other critical data necessary for your operations. This is typically referenced as “Data at Rest”. If an attacker made it this far, your last line of defense would be to make the data completely unrecognizable. Solutions to tokenize or encrypt data at rest make sure that even if the data was exfiltrated, it would be of no use to the thief. The Volume Layer To protect the volume layer, HPE offers solutions that protect data at the disk level. One solution is Volume Level Encryption (VLE).  VLE protects against physical threats. If someone were to walk into your data center and walk out with a hard drive containing critical data, using VLE, that drive would be unusable to them. VLE does not protect application access to the data once the system is on and running. This concept differs slightly in the virtual NonStop world, but the objective is still the same. Audit and Real Time Monitoring Implementing controls without auditing and monitoring is ineffective and can ultimately be the Achilles heel that sinks a ZERO Trust strategy. Generating audit records at every layer for critical activities and reviewing those in a timely fashion will help gain insight into a security strategy. Security intelligence and analytics are no longer buzzwords. Solutions like XYGATE SecurityOne® (XS1) give you views into your systems and the data  like never before.  Tilt the scales in your favor with modern analytics solutions to slow down or even stop a costly breach. You can add defenses at every layer, but without the ability to analyse what is happening at those layers, you’re flying blind and cannot ensure your defenses are working the way you intended. ZERO Trust is a modernized and intelligent approach to the layered security concept. It's based on the understanding that IT assets live in a variety of environments hosted by multiple providers. Workers access IT assets from multiple locations from a variety of devices, therefore a security strategy must be adopted that can keep up with today’s workforce. ZERO Trust eliminates any assumed trust based on network or permission levels.  In XYPRO’s long history of delivering risk management solutions for HPE NonStop systems customers longer than anyone, we strive for meaningful and strategic business relationships while providing great support and leading edge security solutions. Our strong relationship with HPE is why several XYPRO solutions have shipped with the HPE NonStop operating system for more than a decade. Making the rest of the XYPRO’s solution suite available through HPE provides customers with required ZERO Trust security and consistency at significant value. XYPRO also presented “What is ZERO Trust Security” at HPE Discover 2021. Click below to watch  #### XYPRO 2023 Cybersecurity Predictions: What to Expect in the Coming Year As we enter 2023, the cybersecurity threat landscape evolves and expands. From the rise of IoT cloud-based attacks to an increased focus on edge computing and IoT devices, organizations must stay vigilant in their efforts to protect against cyber threats. As technology continues to advance and becomes smarter and more automated, it is important to stay ahead of potential threats and understand the latest trends in cybersecurity. In this article, we will examine the top predictions for the 2023 cybersecurity landscape. 1 . Cybersecurity Consolidation Over the last decade, the cybersecurity market has become a crowded space with solutions for just about every vulnerability or threat. Over time we created a boundless sprawl of technology; shelfware, overlapping functionality, gaps in vendor’s offerings, manual effort, and lack of training and resources has resulted in more of a problem rather than solving one. The need for consolidation is long overdue. Cybersecurity consolidation refers to the integration and centralization of multiple cybersecurity tools and solutions into a single, unified platform or suite. The goal is to improve the efficiency and effectiveness of cybersecurity operations by streamlining the management of security technologies and reducing the complexity of security architecture. This is achieved by integrating a range of tools and solutions, such as firewalls, intrusion detection and prevention systems, security information and event management (SIEM) solutions, and vulnerability management tools. Cybersecurity consolidation has numerous benefits. Firstly, it reduces costs and minimizes duplication of effort, as organizations no longer have to manage disparate systems. Secondly, it can improve security visibility, as all security data is aggregated and analyzed in a single location. This helps organizations identify and respond to security threats more quickly and effectively. Consolidation also improves the efficiency of security operations, as security teams can manage and respond to incidents from a single console, reducing the need for manual intervention and streamlining security workflows. Finally, all those benefits of cybersecurity consolidation mean the money spent on cybersecurity is more effectively applied. 2. API Security In 2021, as part of their lawsuit settlement, T-Mobile committed to a $150 million initiative to improve its cyber security. In January, they disclosed another mega breach of 37 MILLION customer records, including addresses, emails, phone numbers, dates of birth, and more. You're probably one of the victims. This particular breach was not discovered for more than a month. The threat actor was taking advantage of flaws in T-Mobile's APIs. This suggests that T-Mobile is not using widely available, modern security monitoring and detection methods. “Real-time security monitoring and alerting on anomalies is a must. There is no excuse not to know what is happening in your IT systems in real-time.” APIs are used everywhere, especially by Cloud Service Providers, to access and manage "as a service" offerings. As more workloads migrate to the cloud, API security becomes paramount. API security weaknesses lead to unauthorized access to data and resources, or to malicious attacks, such as data manipulation or injection attacks. API abuse will continue to be a challenge in 2023. Solving one problem with technology and modernization can reveal another. If you're not yet securing and monitoring your APIs, start with the basics Real-time security monitoring and alerting on anomalies is a must. It's 2023 and the technology exists. There is no excuse not to know what is happening in your IT systems in real time. Use token-based authentication to ensure that only authorized users and systems have access. Implement rate limiting to protect against brute force and denial of service attacks. Use the OWASP API Security Top 10 to test and monitor your APIs for vulnerabilities on a regular basis. Maintain the most recent security patches and updates for your APIs and underlying infrastructure. Encrypt data in transit and at rest to prevent eavesdropping. 3. Increased ZERO Trust Adoption We are all accustomed to the traditional security model of authenticating to a perimeter VPN or a cloud application before proceeding with our work. This "Trust but Verify" strategy assumes that everything within an organization's network is trustworthy and has not been compromised. After authenticating to the VPN, a user can navigate to any resource to which they have access. The assumption is that the user is who  they say they are, that their account is secure, and that they will act responsibly. With this traditional (out of date!) model, organizations are vulnerable to credential theft, low and slow attacks, and malicious insiders. On the network, all authenticated users are essentially trusted. Danger, Will Robinson - big time! Introducing ZERO Trust. ZERO Trust is a methodology, not a single product or technology. ZERO Trust access methodologies never trust and always verify. This removes any previous trust for users, credentials, networks, and permissions. Instead, ZERO trust continuously checks and authenticates all attempts to access data, applications, servers, and resources to ensure they are who they claim to be. Under new guidance issued in 2021 by the Office of Management and Budget's Cybersecurity and Infrastructure Security Agency, the US Federal government is also urging its agencies to adopt this model. This year, organizations of all sizes, federal agencies, and security vendors will place a strong emphasis on ZERO Trust strategies. 4. Rise of Quantum Computing By now, you’ve likely heard of quantum computing, but most people don't know what it means or it's potential as a cybersecurity threat. Quantum computing is a type of technology that uses quantum mechanics laws to solve problems that traditional computers cannot solve. One of the main concerns about quantum computing in cybersecurity is the potential threat it poses to traditional encryption methods. Most encryption methods currently rely on the difficulty of factoring large prime numbers, a task that quantum computers make significantly easier. If quantum computers become widely available, they may be able to break the encryption used to protect sensitive information such as financial transactions or government communications. To address the potential threat to encryption, researchers are developing quantum-resistant cryptographic methods. These methods of post-quantum cryptography are intended to provide the same level of security against quantum computers as traditional encryption methods do against classical computers. However, widespread adoption of post-quantum cryptography will take time and resources, leaving a very large security gap until it is widely used. Another concern is the possibility of using quantum computers as a weapon in cyber attacks. Quantum computers, due to their increased computational power, could be used to launch devastating attacks by cracking encryption or simulating complex systems to identify vulnerabilities. Furthermore, the development of quantum-resistant encryption may spark an arms race in which nations compete to build the most powerful quantum computers for military use. As a result, international cooperation and regulation are required to ensure that quantum computing is used for peaceful purposes and does not endanger global cybersecurity. 5. Crypto Cryptocurrency exchanges have become a primary target for cybercriminals. How did that happen?  We were led to believe that Cryptocurrency was safer.  I mean it’s got crypto in the name! The threat to crypto exchanges is expected to increase in 2023 as cybercriminals continue to use sophisticated tactics to gain access to sensitive information and steal funds. Because of the decentralized nature of cryptocurrencies and the lack of regulation, cybercriminals can carry out their attacks without being detected. “Cyberattacks on crypto exchanges will remain a constant threat, necessitating vigilance and cutting-edge security measures” To protect their platforms and user assets, crypto exchanges must implement much more stringent security measures. Multi-factor authentication, cold storage for crypto assets, and regular security audits to detect and address vulnerabilities are all part of this, at a minimum. Exchanges must also educate their users about the importance of fundamental secure practices like using strong passwords and enabling two-factor authentication. Despite these efforts, because of the massive potential payouts, cyberattacks on crypto exchanges will remain a constant threat, necessitating vigilance, and cutting-edge security measures. 6. Emergence of 5G Networks We’re all loving 5G technology's increased speed and connectivity, but that technological advancement also raises the risk of cyber attacks. Because of their larger attack surface, 5G networks are more vulnerable, and the use of software-defined networking (SDN) and network function virtualization (NFV) technologies provides cyber criminals with more vulnerabilities to exploit. The deployment of 5G technology extends beyond consumer devices to critical global infrastructure such as power grids, healthcare systems, and transportation networks. This critical infrastructure is a prime target for cybercriminals looking to disrupt systems or steal sensitive data. The global supply chain for 5G technology is complex, involving numerous countries and businesses. This raises the possibility of malicious actors interfering with the supply chain and introducing security flaws into the 5G network. Furthermore, the complexity of 5G networks makes cyber threats more difficult to detect and respond to, increasing the risk of a successful attack. Organizations must implement strong security measures such as network segmentation, encryption, and regular software updates to address these cybersecurity concerns. 7. Growth of Edge Computing Edge computing is a decentralized computing architecture where data processing and management occur at the network’s edge, close to the source of where the data is generated, rather than the data being sent to a central server or data center. Unauthorized access to sensitive data, network vulnerabilities, and inadequate security measures can all pose security risks for edge computing. We all use Edge devices, such as mobile phones, cars, sensors, and refrigerators that keep track of our groceries.  These IoT devices are especially vulnerable to these threats because they are frequently located in remote or insecure environments. As a result, strong security measures, such as encryption and authentication protocols, are critical to preventing unauthorized access to sensitive data and systems. Another security risk for edge computing is network infrastructure attacks. Wireless connections are frequently used in edge computing networks, making them vulnerable to hacking and eavesdropping. Furthermore, edge devices may lack the same level of security as traditional computing devices, making them easy targets for attackers. To address these risks, network security measures such as firewalls, intrusion detection and prevention systems, and secure communication protocols must be implemented. Edge computing systems are also susceptible to software and hardware flaws, as well as supply chain attacks because of known security vulnerabilities in software or hardware, or from the introduction of malicious code or hardware into the supply chain. To reduce these risks, organizations should implement stringent security measures throughout their supply chain, such as secure software development practices and regular security audits of suppliers. Organizations must also stay up to date on software and hardware vulnerabilities and apply patches as soon as possible to reduce the risk of exploitation. 8. Increased Regulation:  Global privacy regulations are expected to tighten in 2023 as consumers become more aware of the value and sensitivity of their personal information. New laws and amendments to existing laws, such as the payment card industry’s new PCI DSS 4.0, the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), are likely to be enacted to strengthen privacy rights and protections. These regulations may require companies to obtain explicit consent before collecting data, to provide consumers with the right to access, delete, and control their data, and to implement stronger data security measures. Noncompliance penalties will become more severe, with data gathering companies facing significant fines and reputational damage. The growing public concern about data misuse and privacy violations is driving this trend toward increased privacy regulation. New regulations, such as the California Privacy Rights Act, will be introduced in 2023, requiring companies to take a more proactive approach to data privacy and security. 9. ChatGPT and ML/AI Every day users of ChatGPT are pushing the envelope of the platform’s capabilities. For example, application developers use the platform to simplify their lives by having the platform write code or look like geniuses in front of their unsuspecting co-workers. All this power is mostly used for fun, automation, and productivity. For now. That doesn’t mean the same technology cannot be used maliciously. The threat is real. In early 2023, researchers from CyberArk used ChatGPT to create polymorphic malware. This is code that can evade antivirus and anti-malware. In the CyberArk example, they demonstrated how to inject code into explorer.exe using Python. The request could be run and re-run to mutate the code and give it a unique result. This makes creating new forms of malware much simpler for amateur hackers and script kiddies. The threat is real. As cybersecurity intrusion detection systems get increasingly sophisticated, it becomes more difficult for hackers to move around undetected. The more they mimic user behavior, the less chance of them being noticed.   When an account is compromised, an attacker will try imitating a user and hide in the noise. At some point, the activity pattern may not be identical to the real user. A Machine Learning/Artificial Intelligence (ML/AI) based cybersecurity system will detect this usual activity and take corrective action by raising alarms and locking the compromised account. This is where it gets interesting. Hackers have started to use ML/AI to their advantage showing how Machine Learning and Artificial intelligence can be a double-edged sword. Machines are highly effective in learning to model and automating user behavior. The same can be said when using ML/AI for bad. Using machine learning, hackers can more effectively model user behavior, making it increasingly difficult for intrusion detection systems to pick out anomalies.  With AI-based phishing, ransomware, and password-cracking algorithms, the same logic used to make a computer play chess and become smarter with each game can be used to guess passwords to websites. Consumers don’t stand a chance. One way to slow down the impact of such threats is to implement 2-factor authentication. At least when a password is correctly guessed, it's useless without a token, OTP, or fingerprint. We’re turning the corner on how machine learning and artificial intelligence will be used. Thirty years ago, this was just a fantasy, but unfortunately, that is becoming more and more the reality. AI algorithms can adjust themselves and become smarter with more data they can evaluate. Over the next few years, we’re going to see this area really take off and it’s exciting to be a part of it. We are literally marching toward the Terminator movies and Skynet. Machine vs Machine. 2023 will be another challenging year for cybersecurity professionals, as new technologies, regulations, and threats emerge. To stay ahead of these challenges, companies will need to adopt a multi-layered security approach that incorporates the latest technologies and best practices for protecting their networks, data, and users. #### XYPRO 2023 Roadmap Webinar is now available On-Demand On Tuesday, February 7th, and Wednesday, February 8th - XYPRO’s Chief Product Officer, Steve Tcherchian presented XYPRO’s 2023 Product Roadmap Update which included new solutions, features, and functionality that maximize your investment in XYPRO security solutions.  This Roadmap Update covered XYPRO’s latest advances in Ransomware protection, PCI DSS 4.0 Compliance, Multi-Factor Authentication (MFA),  Cloud Enablement,  SAP HANA, and Linux operating system security automation.   Learn how to crush your 2023 ZERO Trust goals and cybersecurity objectives by employing the latest HPE NonStop integrations with Splunk, SailPoint, CyberArk, and ServiceNow! Download the whitepaper that Steve refers to in the webinar; PCI DSS Version 3.2.1 to 4.0  Summary of Changes for HPE NonStop™ Systems  Visit the webinar page to watch this webinar and our entire library. #### XYPRO Acquires SAP HANA SECURITY Solution from Hewlett Packard Enterprise Los Angeles – August 31, 2021 –XYPRO Technology Corporation (XYPRO), a leader in cybersecurity, announced it has acquired Workload Aware Security (WASL), a critical security and compliance monitoring platform for Linux and SAP HANA environments from Hewlett Packard Enterprise (HPE).   This acquisition brings XYPRO’s mission critical security expertise to the Open Systems and SAP HANA market and customers. With the acquisition, HPE will continue to sell and distribute WASL, with XYPRO supporting existing WASL deployments along with ongoing renewals, as well as innovate the platform to ensure SAP HANA customers remain secure and compliant. The hardest part of becoming Security Technical Implementation Guide (STIG) compliant is going through controls and figuring out which ones are not compatible with your application. WASL simplifies SAP HANA deployments by providing a single click assessment and remediation of Linux workloads and HANA environments, reducing time to achieve compliance from WEEKS to MINUTES, translating to significant cost and time savings. “This acquisition further solidifies the strong partnership between XYPRO and Hewlett Packard Enterprise and positions XYPRO for even greater growth into new market segments. Just like NonStop customers have for over 35 years,  SAP HANA customers now benefit from XYPRO’s cybersecurity experience, secure development practices and strategic business relationships while enjoying great support and leading edge security solutions.” said Steve Tcherchian, Chief Product Officer, XYPRO. “We are committed to making cybersecurity a critical component to our mission critical solutions to ensure reliable security monitoring and management of always-on activity,” said Jeff Kyle, Vice President and General Manager, Data Solutions at HPE. “Our long-standing collaboration with XYPRO addresses these essential security needs and joint customers will further benefit from XYPRO’s upcoming plans to integrate the Workload Aware Security (WASL) platform with its existing capabilities to target SAP HANA workloads. As a leader in delivering solutions for SAP HANA workloads, HPE will further strengthen security features in mission critical solutions such as in the HPE Superdome Flex server, which is an ideally suited platform for a range of industries leveraging SAP.” About XYPRO Technology Corporation XYPRO offers over 35 years of expertise, experience and success in providing Mission Critical HPE NonStop information systems Risk Management & Real Time Threat Detection, Security, Patented Analytics and Secure Database solutions.  Mission Critical computing allows us to securely shop, bank, manage our finances and stock portfolios, wire money and transact with credit cards, mobile phones and all types of newer tech innovations. XYPRO offerings are innovative, modern, trusted, and backed by a team of seriously experienced security and software experts that sets us apart. We take advantage of all the latest technology, methodologies and secure development practices, as well as our strategic partnerships with the industry’s top cybersecurity companies.  No one has been doing this longer than XYPRO. For more information, visit www.xypro.com. About Hewlett Packard Enterprise Hewlett Packard Enterprise is the global edge-to-cloud platform-as-a-service company that helps organizations accelerate outcomes by unlocking value from all of their data, everywhere. Built on decades of reimagining the future and innovating to advance the way people live and work, HPE delivers unique, open and intelligent technology solutions, with a consistent experience across all clouds and edges, to help customers develop new business models, engage in new ways, and increase operational performance. For more information, visit www.hpe.com. Reprinted from PRWeb. Click here. #### XYPRO and ACI Worldwide offer PCI DSS 4.0 Compliance for BASE24 Most banking applications are built on earlier architectures and technologies and pose significant security challenges, especially under the new Payment Card Industry Data Security Standards 4.0 (PCI DSS). These applications face greater risk due to coding practices at development time and the absence of modern security features like Multi-Factor Authentication (MFA). Enhancing these applications with MFA is a necessity to protect against unauthorized access and data breaches. PCI DSS v4.0 Requirement 8.4.2 mandates at least two forms of user authentication into the CDE, such as a password and a generated passcode. This significantly reduces the risk of unauthorized access, as the compromise of one factor alone is not enough to breach the system. For banking applications, incorporating MFA provides layers of security, aligning mature systems with new compliance standards. On HPE NonStop systems, you meet this requirement with XYGATE User Authentication (XUA). XUA seamlessly integrates MFA with your RSA SecurID, Microsoft Authenticator, Active Directory, Google Authenticator, RADIUS, and more making your systems and users secure and compliant. For BASE24 customers looking to achieve PCI DSS 4.0 compliance, ACI Worldwide and XYPRO have partnered to extend this same capability to BASE24. This integration strengthens the security of your HPE NonStop applications, such as BASE24 through industry-leading multi-factor authentication. User access to the BASE24 CDE is currently provided by way of the BASE24 AFT screens. With this XYPRO MFA update, users are presented with additional screen(s) to enter authentication details with MFA Authorization provided by XYPRO. XYPRO and ACI Worldwide empower you for PCI DSS 4.0 Compliance According to Microsoft, 81% of data breaches occur because of weak, default, or stolen credentials. BUT, 99% of these attacks can be blocked by implementing Multi-Factor Authentication (MFA). ACI and XYPRO help ensure your BASE24 workloads are not part of this statistic. XUA MFA provides: Enhanced Security Posture: MFA adds an additional layer of security by ensuring that the likelihood of unauthorized access through compromised credentials is drastically reduced. Regulatory Compliance: PCI DSS 4.0 has placed a greater emphasis on authentication measures. Implementing MFA helps in meeting these requirements, thereby avoiding potential penalties. Adaptability and Future-Proofing: By upgrading your banking systems with MFA, you not only comply with current standards but also prepare for future regulations, which are likely to emphasize even stronger security measures. The XUA BASE24 MFA add-on requires an additional license to enable the feature and installs in minutes. XYPRO professional services ensure your MFA solution is properly installed, configured, and secured to address this PCI DSS 4.0 requirement without disruption. For more information, please contact XYPRO or HPE. Enhancing legacy applications with Multi-Factor Authentication is not just about achieving compliance with PCI DSS 4.0; it's about taking a proactive stance against emerging security threats. As cyber risks evolve, so too must your approaches to securing sensitive payment card information. By integrating MFA, you significantly fortify your defenses, meeting and exceeding the stringent PCI DSS 4.0 requirements. Safeguard your customer data and maintain trust. #### XYPRO and CAIL Announce Partnership and Deliver First-of-Its-Kind Multi-Factor Authentication Integration for HPE Nonstop SIMI VALLEY, Calif., Dec. 11, 2025 /PRNewswire/ -- XYPRO, a leading provider of mission critical cybersecurity, compliance and enterprise integration solutions, and CAIL, the standard for enterprise emulation, have completed the first and only integration that enables OpenID Connect (OIDC) multifactor authentication directly from CAIL emulator sessions for HPE Nonstop systems. This gives organizations the ability to authenticate Nonstop users using their existing enterprise identity providers—such as Ping Identity, Okta, Duo, Microsoft Entra ID and more—without adding new passwords, changing login workflows, or modifying applications. By centralizing identity and MFA, Nonstop environments now meet modern regulatory and audit expectations for privileged access control, identity verification, and credential lifecycle management. Organizations can now demonstrate controls for PCI DSS, FFIEC, ISO 27001, and NIST without adding operational overhead or retraining teams. No application code changes are required, and existing workflows remain intact. When a user signs in through CAIL, XYPRO's XYGATE User Authentication (XUA) initiates a standard OIDC login sequence. The user completes MFA using the same method as the rest of the organization - such as mobile prompt, token, biometric, or passkey. Once validated, XUA securely maps the identity to the appropriate Nonstop user, and the terminal session begins. The experience for the user remains unchanged: sign in once, no extra screens, no terminal scripts, and no local credential management. "Enterprise grade identity and MFA are now built directly into the Nonstop login workflow," said Steve Tcherchian, CEO of XYPRO. "This integration eliminates password sprawl, strengthens compliance, and simplifies the user experience for customers who rely on CAIL. It's a great example of the value our partnership brings to the Nonstop community." "Partnering with XYPRO was a clear decision," said Ron Thompson, CEO of CAIL. "They are THE cybersecurity leader in the HPE Nonstop ecosystem, and their platform provides the right foundation for modern innovation. This integration strengthens security without disrupting how people work, which is exactly what our customers expect." The integration is available now for customers using XUA with supported CAIL versions. For deployment guidance or to schedule a demonstration, contact info@xypro.com or info@cail.com. About XYPRO : Founded in 1983, XYPRO is a recognized leader in cybersecurity, protecting the world's most critical data. Trusted by global enterprises, XYPRO delivers industry-leading risk management and compliance solutions for mission critical workloads—helping organizations prevent data breaches, reduce risk exposure, and ensure operational resilience. From regulatory compliance to ransomware protection, we partner with customers to secure what matters most - their data. About CAIL: CAIL successfully enables organizations to leverage the considerable investment in current systems and services with solutions that provide an evolutionary strategy to evolve and improve information services. CAIL is a private company with Customers around the world who are improving business outcomes by better managing change associated with modernizing information services and business innovation. #### XYPRO and SailPoint Partner to Provide Identity Management for HPE NonStop XYPRO and SailPoint Partner to Provide Identity Management for HPE NonStop   XYPRO is thrilled to announce our Identity+ Alliance partnership with SailPoint, a proven leader in enterprise Identity Management. Working closely with our customers and SailPoint, we are also excited to announce the general availability release of XYPRO’s newest solution, NonStop Identity Connector for SailPoint (XIC). XIC is the first and only SailPoint Certified Integration for the HPE Integrity NonStop server. Using XIC, HPE NonStop customers can now integrate their NonStop servers with their SailPoint IdentityIQ, enabling seamless participation within the enterprise. Controlling access to a company’s servers and applications are critical to security. Without centralized identity management, onboarding and off-boarding activities become a manual process, which is not only time consuming but introduces security risk and compliance concerns. NonStop Identity Connector provides you with complete control over who has access to your NonStop servers from a single enterprise location. Whether you need to provision users on one or multiple HPE NonStop servers, XIC elegantly integrates your NonStop servers with your SailPoint Identity & Access Management (IAM) enterprise solution.  Achieve complete user governance, provisioning and reconciliation of HPE NonStop user accounts directly from SailPoint. SailPoint’s industry-leading, powerful access certifications, governance controls and logical workflows allow NonStop customers to take full advantage of the capabilities provided by SailPoint that have long been available for other platforms. XYPRO’s XIC solution simplifies requirements and compliance activities. When an identity is disabled through SailPoint IdentityIQ, the corresponding account is immediately disabled on all NonStop servers on which the identity was provisioned. When that identity is removed using IdentityIQ, the account is immediately removed from all NonStop servers, ensuring the removal of stale accounts, improving your relationship with your auditors and strengthening your security procedures at the same time. XIC comes packaged as a lightweight, easy to deploy, executable using a micro service framework. Simply configure the service XML with the specific HPE NonStop server properties and run the deployer. XYPRO’s NonStop Identity Connector deploys quickly in a JAVA Virtual Machine (JVM) on OSS. No other software is required. Installation is simple, quick and secure. We are excited to bring this new partnership and solution to you.  We welcome your feedback and as always, thank you for your business. To learn more about XIC, please contact your XYPRO Account Executive or visit www.xypro.com/identity. About XYPRO Technology Corporation XYPRO Technology offers 35 years of knowledge, experience and success in providing HPE NonStop information systems tools and services. Businesses that manage and transport business-critical data on a large scale turn to XYPRO for the very best solutions in Security, Risk Management, and Compliance. XYPRO’s software solutions ultimately enable businesses to protect information assets and gain a competitive edge through improved efficiency. Steve Tcherchian CISO and Director of Product XYPRO Technology www.xypro.com @SteveTcherchian @XYPROTechnology #### XYPRO at HPE NonStop TBC 2022 This year’s NonStop Technical Boot Camp (TBC) returned live and in-person! As a key HPE Partner, XYPRO is always grateful to Connect and HPE for pulling out all the stops to make the TBC a wonderful experience. With many sessions from which to choose, it was gratifying to have so many attendees join XYPRO’s Chief Product Officer Steve Tcherchian’s presentation, PCI DSS 4.0 Simplify Compliance in a NonStop World.  We received a lot of positive feedback and this presentation is an upcoming webinar!  Don’t miss our always-updated content on LinkedIn, YouTube, and Twitter. The other topic that received a great deal of interest was our FREE  Rapid Security Assessment.  Our multi-pronged approach provides a detailed view of threats found across your HPE NonStop environment. Reach out to your HPE or XYPRO Account Executive for more information.  XYPRO Account Executives USA East and Canada        Dale Van Stratten - dalevs@xypro.com USA West Jeff Boyer - jeff.boyer@xypro.com Europe, Middle East, and Africa    Steve Roy - steve.roy@xypro.com Asia Pacific and Japan                 Feng Lin - feng.lin@xypro.com Latin America                           Gabriel Alvarez-Rivera - gabriel.alvarez@xypro.com We will see you at BITUG’s Little SIG in December and look forward to many more in-person events in 2023! #### XYPRO at HPE NonStop Technical Boot Camp 2022 NonStop Technical Boot Camp 2022 (TBC) is back in person at the Hyatt Regency SFO in Burlingame, CA.  There is still time to Register!    Steve Tcherchian, XYPRO’s CISO and Chief Product Officer is presenting “PCI DSS 4.0  Simplify Compliance in a NonStop World”  - November 8th at 3:35 PM in Regency B.  Working with the PCI Security Standards Council, XYPRO has dedicated extensive time and resources to evaluate how PCI DSS 4.0 affects your HPE NonStop Server environment. Let XYPRO take out the guesswork and show you step-by-step how to address compliance in an automated way. A ZERO-Trust strategy was considered when creating the new PCI standard. Authentication, behavior analysis, and real-time monitoring now have new requirements. Additionally, there are new specifications that closely follow NIST best practices for increased account security. This presentation will educate you on the new standard to ensure your company has enough time and knowledge to implement everything needed for data protection and help you become compliant before the mandatory deadline. Click here to watch the video. In case you missed it, here are some recent XYPRO news items: HPE NonStop SQL and XYPRO - Where Manageability and Security Meet for a Common Goal   Servicenow Integration for HPE NonStop Servers   XYPRO Product News As part of XYPRO’s ongoing commitment to customer success, we regularly release updated versions of our security software. We are pleased to announce the release of the Fall 2022 XYGATE Suite and XYGATE SecurityOne 2.0 which includes exciting new features and updates. Don’t miss our always-updated content on LinkedIn, YouTube, and Twitter.  Follow and Subscribe!   #### XYPRO Cybersecurity Predictions for 2022 Well, we made it. 2021 is finally in the books. The gift of LOG4J and the onslaught of vendor emails made for an eventful end to 2021. Take a minute (and I only mean a minute) to catch your breath before we jump headfirst into 2022. It’s time to look forward to what the cybersecurity landscape will give us this year. Obviously, I could continue to scare you with increased COVID-19 related attacks, the lack of cybersecurity progress in the healthcare industry and mega breaches in the cloud, but there is already enough written and rewritten on those topics. The cloud continues to be a technology accelerator - and a risk to businesses going forward. Most of our office perimeters have dissolved and clouds enable a mobile workforce. Hyper-connectivity of systems and applications, and everything automatically talking to everything else is a must. This translates to a lot of risk in 2022. A recent report by Cybersecurity Ventures outlined that global cybercrime costs1 will reach nearly $7 trillion USD annually in 2022. To put this figure in perspective, if cyber-crime was a country, this figure would represent the world’s third-largest economy after the U.S. and China. There is an entire industry that has popped up around cybercrime in a way we’ve never seen before. With so much at stake, what are the things to watch out for to make sure you are as prepared as you can be? Back in 2019, and 2020….AND 2021, I said the best way to combat these types of attacks was to use multi-factor authentication (MFA). Use it for everything! Steve Tcherchian, CISO Looking back, a lot of the risks we called out at the beginning of 2021 were never properly addressed and therefore remain risks today. For example, credential theft and attacks targeting privileged users continue to dominate the headlines. Although, the targets and sophistication of attacks have evolved. Back in 2019, and 2020….AND 2021, I said the best way to combat these types of attacks was to use multi-factor authentication (MFA). Use it for everything! There is no simpler way to say it – but three years later, this is still not being done. Until we require MFA for access, making it the standard, risk will continue to increase. I cover this past advice and other cybersecurity predictions for 2022. 1. Embrace ZERO Trust Security We are all used to the traditional security model of authenticating to the perimeter VPN or to a cloud application, then carrying on with our tasks. This “Trust but Verify” strategy assumes everything within an organization’s network is trusted and not already breached. Once a user is authenticated to the VPN, they can move around to any resource to which they have access. The assumption is the user is who they say they are, the user’s account is not compromised, and that the user will act responsibly. This model leaves organizations vulnerable to credential theft, low and slow attacks, and malicious insiders. Essentially all authenticated users are trusted on the network.  That’s a risk.  A big one. Enter ZERO Trust. ZERO Trust is not a single product or technology, it’s a methodology. ZERO Trust access methodologies never trust and always verifies. This eliminates any trust that previously existed for users, credentials, network, permissions. Instead, ZERO trust continuously checks and authenticates all attempts to gain access to data, applications, servers, resources, etc. to ensure they are who they say they are. Even the U.S. Federal government is pushing hard for agencies to adopt this model under new guidance released last year by the Office of Management and Budget’s Cybersecurity and Infrastructure Security Agency. There will be a heavy emphasis this year by organizations both large and small, federal agencies and security vendors towards ZERO Trust strategies. 2. Cryptocurrency becomes a target With interest rates (currently) at all time lows, hyper-inflation and the U.S. stock market at all time highs, investors are looking at better returns on their money. Apps like CoinBase, Robinhood, eToro and others can make investing available to even the most technologically novice user. This could potentially be a recipe for disaster. As novice investors move funds around into these apps, they become popular and draw attention. Late last year, we saw what Robinhood calls a “data security incident” which compromised data from 7 million accounts by using simple social engineering techniques. Although this incident wasn't as bad as it could have been, this shows that no app is off limits. This was the toe in the water. We are going to see larger attacks focused on targets where the money is. Take steps to protect yourself: Practice good security hygiene Do not respond to unsolicited messages (These are almost always scams) Do not divulge information Monitor the activity on your investments Turn on two factor authentication 3. Ransomware as a Service Yes, this is really a thing now. Ransomware as a Service is a subscription based model that lets anyone use ready made ransomware tools to launch an attack. There is no need to develop your own ransomware or even be technically proficient. Using the platform, someone can launch the attack and share the profits. An entire industry has cropped up to support ransomware as a legitimate business model - including crypto exchanges and “cyber security” companies. Most of these crypto exchanges are fronts to launder money, and the “cyber security” companies who “negotiate” with the malicious actors on a customer’s behalf are also part of the ploy. There is currently no technology that eliminates or completely blocks ransomware. If that were the case, ransomware wouldn’t be profitable and would not exist. Disturbingly, it’s growing faster than ever. Ransomware is here to stay - because most industries make it so easy to become targets. The best way to combat ransomware is to implement security best practices, verify and reverify that there are working backups, and real time monitoring. In the event the ransomware is successful, unfortunately most of the time, the only way to get data back is to pay the ransom. This is a hard pill to swallow. Even the FBI strongly recommends not paying ransoms, but in a time of crisis all options are on the table and the number of victims paying the ransom is increasing year over year. According to Sophos, 32% of companies hit with ransomware paid a ransom in 2021, up from 26% in 2020. These stats are high mainly due to the decrease in properly performed and verified backups and other responsible methods used to recover from ransomware and other data-compromising disasters.  Because backups aren't verified to be working,  either due to technology failures or not being set up properly in the first place, this leaves the company with few options. Unfortunately in these cases, paying the ransom, although not encouraged, may be the shortest route to get data back. Of the 32% that paid the ransom, 96% of them were able to get some of their data back. But recovered data is inherently compromised going forward. There are steps you can take now to avoid paying a ransom and becoming a statistic. Ensure you have implemented security best practices Verify your backups Train your staff Implement real time monitoring. BE PREPARED! 4. The Great Resignation Anyone else tired of hearing this phrase on a daily basis? The cybersecurity industry was already in the precarious position of not having enough people to fill open positions. This crisis hit an all time high of 3.5 million unfilled cybersecurity jobs in 2021. Resignations pose new types of threats: unhappy or disgruntled employees abusing their access for malicious purposes or intentionally stealing data to take to their next job. There is also a disturbing new trend of cyber criminal groups attempting to recruit dissatisfied insiders. A recent study by the Harvard Business Review showed employees between 30 and 45 years old had the greatest increase in resignation rate between 2020 and 2021; over 20%! These resignations, coupled with an enormous workforce gap means cybersecurity as a whole, especially monitoring and response times, will suffer in 2022, leading to more mega breaches, spanning longer periods of time. Now is the time to automate as much as possible. Privileged account abuse is the most common way for hackers to compromise a system. Steve Tcherchian, CISO 5. Exploiting Insecure Authentication The biggest risk to any organization are passwords, especially default passwords and passwords to privileged accounts, which have elevated access to perform special functions. These can be administrator accounts, service accounts, database connection accounts, application accounts and others. Most of these accounts were set up years ago when an application or system was initially deployed. They have multiple integration points and because of the risk of “breaking something,” the passwords for these accounts are rarely rotated, likely shared and often improperly stored. Privileged account abuse is the most common way for hackers to compromise a system.  But it starts with authentication. Proper credential storage and visibility to authentication events is paramount for risk mitigation. Relying on manual methods is resource-intensive, error-prone and leaves gaps. According to a Varonis report, nearly 40% of all users sampled have passwords that have never been rotated! These passwords have a higher likelihood of showing up in online password dumps and being used to infiltrate networks. Simply put – they’re a cyber criminal’s best friend. This is how hackers walk in right through the front door. Not because they’re clever, rather because it's easy! Last year’s Kaseya incident showed us the types of multifaceted attacks being used. It’s not a matter of if but when they’re going to get into your network. They’re going to get in and they will attempt to exploit authentication controls first. In the Kaseya attack, once the attackers circumvented insecure authentication controls, they captured an authenticated session and were able to move laterally using multiple, different, insecure credentials until they could upload a malicious payload and execute commands through SQL injection which distributed and executed the ransomware. Our efforts should focus on proper authentication controls and shoring up systems to limit their ability to move around your network using insecure credentials. Proper authentication controls, password management, ZERO trust, and multi-factor authentication could have prevented this from happening. I’ve said it before, and I'm forced to say it again - turn on Multi-Factor Authentication for EVERYTHING! 6. Log4J (and others) Continues Log4J is still here and continues to be an important target for attackers. According to Microsoft “Exploitation attempts and testing have remained high during the last weeks of December. We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks. Organizations don’t realize their environments may already be compromised. Microsoft recommends customers do an additional review of devices where vulnerable installations are discovered. At this juncture, customers should assume broad availability of exploit code and scanning capabilities to be a clear and present danger to their environments. Due to the many software and services that are impacted and given the pace of updates, this is expected to have a long tail for remediation, requiring ongoing, sustainable vigilance.” Nation-states and other threat actors will continue exploiting this vulnerability, adding new exploits that take advantage of security gaps. Expect more of these highly impactful vulnerabilities.  Another fun fact? They have a tendency to happen in cycles. Remember in 2014, once the HeartBleed vulnerability became publicized, it opened the floodgates for Shellshock, POODLE, WinShock, Ghost and more. In 2017, the cycle repeated with Struts2, KRACK, CryptoAPI and others. In Conclusion In 2022, expect more of these mega vulnerabilities now that attention is being paid in this area. The best preparation is to establish a ZERO trust strategy from the outset, so the fallout from damage is minimized. Attackers exploit the weakest link and walk right through the front door. If we continue to make it easy, these types of attacks will only continue. Passwords are archaic. You must introduce a second factor for authentication. This added layer of complexity to the authentication process provides immense value in terms of addressing the risk. MFA is the biggest bang for your security buck. MFA should be turned on for everything. Unless we shift our mindset and follow through, attacks will only continue to increase in 2022 and beyond.   1 Includes damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm. #### XYPRO Expands Collaboration with Hewlett Packard Enterprise to Offer Full Suite of Security Solutions on HPE NonStop Systems XYPRO's Entire Cybersecurity Product Line including XYGATE SecurityOne (XS1) and Integrations for SailPoint, CyberArk, RSA and ServiceNow Are Now Available Through HPE. LOS ANGELES, July 7, 2021 /PRNewswire/ -- XYPRO Technology Corporation (XYPRO), a leader in delivering software solutions in cybersecurity, analytics, identity management, and secure database management, today announced the expansion of a decades-long partnership with Hewlett Packard Enterprise (HPE) to deliver its entire suite through HPE NonStop systems. HPE NonStop systems, which tackle mission critical environments requiring 100% fault tolerance, are now available with expanded XYPRO solutions for optimal threat detection and security management capabilities. This expansion supports XYPRO's growth strategy and extends the availability of mission critical database management, security and integration solutions into new markets within HPE's customer base. These solutions help customers protect their mission critical environment, and, include XYPRO's flagship product - XYGATE SecurityOne, a patented security, compliance and threat detection platform and XYGATE Identity Connector, the first and only Sailpoint and CyberArk integrations for HPE NonStop systems. Customers can now meet requirements to secure and monitor their mission critical investment with these solutions using HPE NonStop systems. "In our history of delivering risk management solutions for HPE NonStop systems customers longer than anyone has, we strive for meaningful and strategic business relationships while providing great support and leading edge security solutions. Our strong relationship with HPE is why several XYPRO solutions have shipped with the HPE NonStop operating system for more than a decade," said Lisa Partridge, CEO, XYPRO. "Making the rest of the XYPRO's solution suite available through HPE further strengthens security within the HPE NonStop system ecosystem, providing customers security and consistency at significant value." "Ensuring reliable cybersecurity and management capabilities is critical for customers running always-on, 100% fault-tolerant environments with sensitive data exchange," said Jeff Kyle, vice president and general manager, Mission Critical Solutions, HPE. "By building on our long-standing partnership with XYPRO to expand security capabilities with new analytics and automation features on our HPE NonStop systems, we are furthering our ability to deliver trusted platforms for mission critical needs that are easy to manage while meeting strict data governance requirements." About XYPRO Technology CorporationXYPRO offers over 35 years of expertise, experience and success in providing Mission Critical HPE NonStop information systems Risk Management & Real Time Threat Detection, Security, Patented Analytics and Secure Database solutions.  Mission Critical computing allows us to securely shop, bank, manage our finances and stock portfolios, wire money and transact with credit cards, mobile phones and all types of newer tech innovations. XYPRO offerings are innovative, modern, trusted, and backed by a team of seriously experienced security and software experts that sets us apart. We take advantage of all the latest technology, methodologies and secure development practices, as well as our strategic partnerships with the industry's top cybersecurity companies.  No one has been doing this longer than XYPRO. For more information, visit www.xypro.com. About Hewlett Packard EnterpriseHewlett Packard Enterprise is the global edge-to-cloud platform-as-a-service company that helps organizations accelerate outcomes by unlocking value from all of their data, everywhere. Built on decades of reimagining the future and innovating to advance the way people live and work, HPE delivers unique, open and intelligent technology solutions, with a consistent experience across all clouds and edges, to help customers develop new business models, engage in new ways, and increase operational performance. For more information, visit www.hpe.com. #### XYPRO NonStop Security Fundamentals Top 10 List – #10 Because high-availability and fault-tolerant systems need strong security Does it make sense to have high-availability and fault-tolerance without strong security? We at XYPRO don’t think so. We recognize that companies run their most important business applications and processes on the NonStop server platform and keeping those assets safe from data loss, tampering and inadvertent harm is mission critical. XYPRO has been providing NonStop security solutions for over 30 years—we’ve literally written the books on NonStop security—and we’ve assembled an informal “Top 10” list of NonStop security fundamentals. Over the next couple months, we’ll count down our list of Top 10 NonStop security fundamentals—your discussion, feedback and debate are welcome. Here’s #10 on our list. #10: Secure the default system access settings To facilitate initial configuration and set-up, HPE NonStop servers come with a number of default security settings. To have a well-protected NonStop system many of these default settings need to be addressed. Protect or Delete NULL.NULL. NonStop servers are shipped with the default userid NULL.NULL (0,0). NULL.NULL is an out-of-the-box userid that is not password protected and gives non-privileged system access. With unprotected NULL.NULL, there is a risk that unauthorized users will be able to gain access to the system and explore system settings, users and files and potentially discover and exploit system vulnerabilities. To protect the system, the NULL.NULL userid should be deleted or, if that’s not possible, the risk should be mitigated by renaming the 0,0 userid to something other than “NULL.NULL”, assigning a strong password, and expiring or “freezing” the 0,0 userid so that it can’t be used to logon to the system. Remove compilers from production systems. Compilers are dangerous because code can be inserted or deleted to circumvent previously implemented controls. Additionally, language compilers might be used to develop test or hacking programs to access sensitive data. To protect applications from inadvertent or malicious changes or outages, compilers and related utilities should be removed or very tightly locked down on secure systems. Configure Safeguard auditing in order to meet PCI requirements. The Payment Card Industry Data Security Standard (PCI DSS) is an important industry security standard developed to protect sensitive cardholder data and a key requirement for PCI DSS compliance is to “track and monitor all access to network resources and cardholder data”. Within NonStop, the Safeguard utility on NonStop provides the capability to monitor and audit security-related events. While some Safeguard events are always audited, most need to be configured to enable auditing. Properly configuring Safeguard to audit all PCI DSS-related security events is an important step in setting up a new NonStop system (or in ensuring PCI compliance for an existing system). Add and configure Safeguard security groups. There are six valid Safeguard security groups but they do not exist on the shipped system and must be added. Using these security groups, specific users can be delegated the authority to execute certain restricted Safeguard commands. Until these groups are created, the restricted commands can be executed by any SUPER group member. Add and configure Safeguard OBJECTTYPE records. Safeguard uses OBJECTTYPEs to control who can create protection records for a particular type of object or device. Without OBJECTTYPE records, any local member of the SUPER group can add a protection record for an object or device name and thereby gain control of that object or device. To protect objects and reduce possibility of misuse, add all the necessary OBJECTTYPEs and assign these to a non-super group security administrator. Secure sensitive objects. As shipped, there are several sensitive objects in Guardian that must be protected: TANDUMP, DIVER, USERID, and USERIDAK. Each of these objects has power capabilities within Guardian and should be secured to have SUPER only access. To follow along with the rest of this blog series on the NonStop Security Fundamentals Top 10 List go to xypro.com/blog More in-depth information and guidance on these security subjects are available in XYPRO’s NonStop security handbooks: HPE NonStop Server Security: A Practical Handbook and Securing HPE NonStop Servers in an Open Systems World: TCP/IP, OSS and SQL. You may also contact XYPRO for assistance. For over 30 years, XYPRO has provided NonStop security solutions and services that help companies protect their NonStop systems and comply with industry regulations (such as PCI DSS, HIPAA, and SOX). #### XYPRO NonStop Security Fundamentals Top 10 List – #4 Because high-availability and fault-tolerant systems need strong security Alright, we’ve reached #4 on our list of Top 10 NonStop Security Fundamentals— items #5 to #10 are posted on XYPRO’s website and LinkedIn page. Previously, in the #5 entry, we discussed how to strengthen access management using Role-based Access Control (RBAC). RBAC was about managing users’ access rights—now let’s take the discussion a step further and talk about securing NonStop system resource objects, such as volumes, subvolumes, files, devices, subdevices, processes and subprocesses. How to protect those objects takes us to the #4 item in our Top 10 List: #4: Dynamically secure all NonStop system resource objects Safeguard provides the ability to tightly restrict access to Guardian operating system objects, but can become a major management challenge to administer. OSS operating system objects can be secured with standard UNIX “rwx” security or with POSIX ACLs, but these approaches also create a lot of management overhead, have signifi¬cant shortcomings and do not result in a totally secure system.   To fully secure NonStop system resource objects and reduce administrative workload, we recommend these steps:   1. Use wildcarding to reduce the number of ACLs needed and proactively protect objects. Rather than trying to manage with static, reactive Safeguard mechanisms, use dynamic rules with wildcarding that can vary based on the characteristics of each access attempt. Wildcarding greatly increases the flexibility of ACL rules and reduces the number of ACL rules needed.   Third-party solutions, like XYGATE Object Security (XOS), can deliver this type of wildcarding and dynamic rule functionality. XOS provides grouped object access records that contain wildcard security rule specifications which are applied consistently to objects in the group. Importantly, the security rules apply even to objects that may not yet even exist when you set your security policy—thus enabling the proactive protection of new objects (as opposed to retroactively applying security rules to objects after they’ve been created).   One North American credit card company manages their entire network of HPE NonStop servers with XOS with less than 300 XOS access control rules. Previously, when using Safeguard, over a million Safeguard ACLs were required.   2. Secure objects with any object attribute. Traditional security ACLs are applied against objects based on the object name alone. This is a limiting approach and ignores many other factors of an object that may be relevant to applying security, such as object age or object type. However, third-party solutions like XOS allow for objects to be secured not only by name, but by any other object attribute (alone or in conjunction with others). For example, using XOS, authorization to purge saveabend files could be given to users based on multiple criteria (OBJECT name, OBJECT age, and OBJECT type). A similar rule using Safeguard, Guardian, or OSS would not be possible or practical. With this approach, a single XOS rule can take the place of tens, hundreds, and even thousands of Safeguard ACLs.   3. Use the OSS SEEP to increase security protection for OSS.As of February 2013, with the H06.26/J06.15 release of the NonStop operating system, HPE now includes a Security Event Exit Process (SEEP) within the OSS environment. The OSS SEEP can be used by third-party solutions, like XOS, to provide NonStop OSS security that is more flexible and granular than previously available. Now, OSS subsystems can take advantage of the same levels of security and configurability that have been used for many years on the Guardian subsystem. In fact, with XOS, Guardian and OSS object security can be maintained together in a single file.   While we’re on OSS, let’s quickly talk about auditing. OSS object access auditing can be done in Safeguard if “audit-client-oss” is turned on. However, that Safeguard function is unnecessarily broad (it’s really an all or nothing type of capability) and using it creates a massive amount of audit data—access to all OSS objects is audited. A better option is to use a third-party solution, such as XOS, that allows for very granular auditing of OSS object access.   4. Unify NonStop security management across different nodes and operating systems. Effectively maintaining common security rules across homogenous production systems is very important but can be very difficult to manage with just Safeguard. Maintaining consistency using Safeguard requires keeping ACLs consistent across every node and the same ACL change must be made separately to every node. Furthermore, with Safeguard there is no good way to make sure that the ACLs across nodes are consistent. However, with a NonStop security solution like XOS, all the rules are in a single file; that file can be easily maintained on one node and then moved to all the other nodes when a change is required. Also, if a new node is brought up, instead of having to create thousands of Safeguard ACLs to properly secure the new node, the single XOS file can be installed and the new node is instantly (and consistently) protected.   It’s worth emphasizing the need for unified security management in NonStop. To properly secure the NonStop system without a third-party solution, security admins have to deal with Guardian file security, Safeguard ACLs, OSS standard security, and OSS POSIX ACLs—that’s a lot of complexity to manage and increases costs and security risks. On the other hand, with solutions like XOS, security admins can secure both Guardian and OSS from a single point.   So, that’s #4: Dynamically secure all NonStop system objects.Obviously, resource objects are key parts of your NonStop system and must be fully secured. While Safeguard provides some capabilities to do this, a best practice approach is to use a third-party tool that enables rule flexibility, expands security attributes and provides strong security to not just the Guardian subsystem but OSS, as well.   Stay tuned to the XYPRO blog site up on our list is NonStop Security Fundamental #4. Also, get notified automatically when new XYPRO blogs come out by following XYPRO on LinkedIn or Twitter.   For more information or help: More in-depth information and guidance on these security subjects are available in XYPRO’s NonStop security handbooks: HPE NonStop Server Security: A Practical Handbook and Securing HPE NonStop Servers in an Open Systems World: TCP/IP, OSS and SQL.   You may also contact XYPRO for assistance. For over 30 years, XYPRO has provided NonStop security solutions and services that help companies protect their NonStop systems and comply with industry regulations (such as PCI DSS, HIPAA, and SOX).   #### XYPRO NonStop Security Fundamentals Top 10 List – #5 Because high-availability and fault-tolerant systems need strong security Okay, so now we’re to the top five items on our list—items #6 to #10 are posted on XYPRO’s website and LinkedIn page. Throughout the earlier items on our Top 10 List, the concept of access control came up rather frequently (either directly or indirectly), so let’s focus a bit more on it. As described in XYPRO’s HPE NonStop Server Security Handbook, “Access Control is the whole array of tools and procedures used to limit, control, and monitor access to information and utilities. Access control is based on a user’s identity and membership in predefined groups. Access control makes it possible to control the use, availability, integrity, and confidentiality of objects and information on the HPE NonStop Server.”   Clearly, access management is very important. However, it can be a daunting challenge to individually manage all the various access privileges for every user. The effectiveness of even an excellent security access management plan can be weakened when its corresponding administrative overhead is too high. With this in mind, we come to the #5 NonStop Security Fundamental: #5: Strengthen access management with role-based access control (RBAC) Role-based access control (RBAC) is a security approach in which system access and permission rights are grouped according to user roles and then individual users are assigned to a role. The security system then makes access decisions according to the user’s role.   The idea here is quite simple: using role-based access can reduce management overhead and facilitate the implementation and enforcement of standardized access rules—all of which strengthens security access management.   While possible, setting up RBAC with Safeguard requires extensive administration. Third-party solutions, like XYGATE Access Control (XAC), provide a more manageable method of implementing RBAC. The single, major difference between XAC and Safeguard RBAC is the ability to define control by job function in XAC. Safeguard simply isn’t architected for role-based control whereas a solution like XAC is designed for it.   Using ACLGROUPs for RBAC. As with all XYPRO products, XAC is developed around the concept of ACLGROUPs. ACLGROUPs allow you to define control based on job function (database administrator, systems administrator, security administrator, etc.). You start by defining roles THEN you add users to those roles. Users can have zero or more roles. Access is granted based on the role as opposed to the user.   For example, ACLGROUPS can be used to provide different access rights, based on role, to SQLCI functions. Let’s say all database administrators are assigned to the “DBA” group and need full access to SQLCI functions. To enable this, a rule is written in the DBA ACLGROUP to allow this role unfettered access to SQLCI and all other database manipulation functions and utilities. However, system administrators may only need read-only access to SQLCI; therefore, their ACLGROUP (let’s call it “SYSADMIN”) is written to allow just read-only access to SQLCI (with PURGE, UPDATE, DROP, ALTER and CREATE disabled) . Now, managing individual users’ access is as simple as assigning them the appropriate roles—ACLGROUP rules will then correctly determine access rights.   The RBAC in this example requires only a small number of rules in XAC that can be applied to zero or more users using wildcards/regular expressions—and that can be extended to aliases. Once the rules are in place, you can add or remove users’ access to functions at any time.   Doing this in Safeguard requires a unique rule per user per subsystem/binary/program. Safeguard does NOT have the ability to limit access to specific commands within a subsystem as XAC does. So, while possible, RBAC in Safeguard, requires extensive manual intervention and an enormous amounts of rules—and every change introduces an opportunity for human error that could lead to stability issues.   Don’t forget auditing! Using XAC for RBAC provides another important benefit: XAC auditing can also be done at a much lower level. Safeguard can record what userid accessed what object at what time, but little else. With XAC, exact commands and output can be logged with non-repudiation (XAC can be configured to prompt for the users password before allowing sensitive commands).   A major note for alias users: Safeguard auditing and protection are always based on the underlying userid. Safeguard does not treat aliases as unique, only the underlying userid. XAC (and all XYGATE modules) can differentiate between aliases and grant/revoke access and audit based on userid and/or alias.   Alright, well that’s #5: Strengthen access management with role-based access control (RBAC). RBAC simplifies security administration and can enable a greater degree of security and control for your HPE NonStop systems.   Stay tuned to the XYPRO blog site—next up on our list is NonStop Security Fundamental #4. Also, get notified automatically when new XYPRO blogs come out by following XYPRO on LinkedIn or Twitter.   For more information or help: More in-depth information and guidance on these security subjects are available in XYPRO’s NonStop security handbooks: HPE NonStop Server Security: A Practical Handbook and Securing HPE NonStop Servers in an Open Systems World: TCP/IP, OSS and SQL.   You may also contact XYPRO for assistance. For over 30 years, XYPRO has provided NonStop security solutions and services that help companies protect their NonStop systems and comply with industry regulations (such as PCI DSS, HIPAA, and SOX).   #### XYPRO NonStop Security Fundamentals Top 10 List – #6 Because high-availability and fault-tolerant systems need strong security Over the past few months XYPRO has begun counting down our Top 10 NonStop Security Fundamentals and now we’ve reached the halfway point on our list. Before we get to the #6 item though, let’s recap the list to-date: #10 Secure the default system access settings #9 Set-up strong Safeguard authentication and password controls #8 Ensure individual accountability (no shared IDs!) #7 Establish granular control of user activity   As you can see from these first four items, we think it’s essential to have strong NonStop security for access, authentication, and activity—all with individual accountability, of course. While these are solid security fundamentals for any corporate system, they are especially important for HPE NonStop systems that, typically, run some of a company’s most mission critical processes.   So now, with those first four items covered, let’s move on to #6 which is about keeping track of what individuals are actually doing when they are logged on as a privileged user (such as SUPER.SUPER) or as an application owner. #6: Audit all actions of privileged access users As the name implies, privileged access users have system rights and capabilities that are greater than those of typical users and that pose a greater risk to the system if misused, either intentionally or unintentionally. Therefore, it is very important to closely track and audit all actions of privileged access users to ensure compliance, deter fraud, and enable troubleshooting. Here are three key steps to do this:   Enable keystroke logging. Recording the activity of privileged access users (even within utilities or the progress of obey files and macros) enables the necessary auditability and oversight of what these key users are doing. On the NonStop, this is only possible with a third-party solution like XYGATE Access Control (XAC), which can provide keystroke logging in which the characters of every command are recorded to an audit file.   Audit all privileged user actions. In addition to recording activities through keystroke logging, it’s important to review the audit file on a regular basis, usually daily, to detect unexplained, unauthorized or otherwise suspicious activity. Audit all actions taken by any individual performing activities as a privileged ID (such as SUPER.SUPER) or an application owner. One way to ensure this audit information is reviewed is to use XYGATE Merged Audit (XMA) to send NonStop security information to an enterprise SIEM (such as HPE ArcSight). XMA, which is bundled with the HPE NonStop OS, collects the keystroke audit data and normalizes and merges it with other NonStop security event data. XMA then makes the consolidated data available for local review and/or sends to a SIEM.   Ensure tamper-proof audit trails. Editing or deleting audit files, or modifying the audit process itself, could be a way to cover up inappropriate actions on the system. So, clearly, protecting the audit process and audit files from tampering is essential. There are many different ways to do this. For example: 1) XYGATE Object Security (XOS) can ensure that only the authorized application is able to write to the keystroke logging database in use, 2) archived audit files can be sent off box and, 3) the security information can be sent by XMA to a SIEM.   So that’s #6: Audit all actions of privileged access users. A thorough logging and auditing program for privileged users establishes the means for strong oversight over users with the greatest security access rights and who, therefore, may pose the greatest potential risk to the system.   Stay tuned to the XYPRO blog site—next up on our list is NonStop Security Fundamental #5. Also, get notified automatically when new XYPRO blogs come out by following XYPRO on LinkedIn or Twitter.   For more information or help: More in-depth information and guidance on these security subjects are available in XYPRO’s NonStop security handbooks: HPE NonStop Server Security: A Practical Handbook and Securing HPE NonStop Servers in an Open Systems World: TCP/IP, OSS and SQL. PCI information can be found at:https://www.pcisecuritystandards.org/index.php   You may also contact XYPRO for assistance. For over 30 years, XYPRO has provided NonStop security solutions and services that help companies protect their NonStop systems and comply with industry regulations (such as PCI DSS, HIPAA, and SOX).   #### XYPRO NonStop Security Fundamentals Top 10 List – #7 Because high-availability and fault-tolerant systems need strong security Recent studies have shown that hackers (both internal and external) often use relatively simple attack methods and that it’s as important as ever to follow basic security best practices. Therefore, it makes sense that the first three items in our Top 10 list were about establishing a base level of security within the NonStop system: #10 Secure the default system access settings #9 Set-up strong Safeguard authentication and password controls #8 Ensure individual accountability (no shared IDs!)   Now that we’ve covered those broader fundamentals, this week we’ll get into a more “granular” security topic—controlling user activity at different levels within the NonStop system. #7: Establish granular control of user activity A fundamental IT security challenge is to provide users with only the system access and privileges they need to do their jobs (least privilege or Role Based Access Control RBAC).  Allowing users to have system access and privileges greater than their job requires presents a significant security risk—particularly on the NonStop which typically has mission critical applications running and sensitive information being processed or stored.  The risk is not only from intentionally malicious activity but also from the possibility of an unsophisticated (or stressed or rushed) user, when given too much power, not realizing the ramifications of their actions.   So, to protect the NonStop, it’s important to establish more granular control of what users can do within multiple areas within the system.  Let’s specifically look at four areas: user, process, CMON, and spooler.   User. The system access a user may have, and actions a user may take, are determined by their identity and their membership in predefined groups. When a user attempts to access an object, Safeguard checks the object’s Access Control List (ACL) to either grant or deny specific access privileges to the underlying object. Third-party solutions are available to improve the NonStop’s access management and increase the granularity of control (to the sub-command level, for instance). For example, XYGATE Access Control (XAC) acts as a sentry between users and programs or utilities and, based on configuration settings defined in XAC’s Access Control List (ACACL), user requests to programs or utilities are granted or denied. Furthermore, XAC’s “allow” and “deny” features restrict commands within programs and utilities to the sub-command level for separation of duties and efficient job performance. An example of this would be giving a user privileged access to FUP running as SUPER.SUPER in order to perform their job duties but specifically denying any use of the LICENSE command.   Process. Processes are a type of Safeguard object and, obviously, they need to be managed closely. As with the “User” area discussed above, Safeguard manages access to processes with ACLs. Again, third party solutions can assist with process security and management; XYGATE Process Control (XPC) behaves similarly to XAC in that it sits between the user and the process they wish to manage. The difference lies in that the object is a process and privileges such as the ability to stop, suspend, alter priority, activate and debug the process can be granted to the user ID, whether or not they are the owner of that process. The benefit of this is that if the owner of a process is not present and an action must be taken for the good of the system (stop a runaway process for example), other authorized users can take these actions under their own logon, without having to share userids.   $CMON. The NonStop server has an interface to a user-supplied Command Monitoring Process named $CMON. While the $CMON program is not HP-supplied, it’s recommended that every NonStop system use a $CMON either written by the customer or supplied by a third-party (such as the XYGATE supported $CMON module). When a $CMON is present, messages are sent to the $CMON to verify logon requests and process start requests. The $CMON process can provide many functions for both security and performance reasons: Control the CPU and the priority of the request Control who can logon to a specific ports Verify a userid’s request to run a requested program Audit the request Ensure that the location and priority of all processes is only controlled via $CMON   Note that not having a $CMON presents a serious risk because, if a $CMON is not present, an unauthorized $CMON could be added to the system.  The unauthorized $CMON might be used simply to monitor the system or it could be designed with malicious intent (such as stopping, denying or slowing services). Spooler.   The HPE NonStop server spooler subsystem is a set of utilities that provides an interface to the system’s print facilities.  The spooler receives output from applications and stores it on disk where it can be viewed or sent to a print location for printing.  Clearly, access to the spooler needs to be managed to protect sensitive data on disk and to keep it from being printed (print outs being one way to extract stolen data).  Furthermore, users with PERUSE access to a job can access the job output’s contents.  To protect this area, limit access to spooler utilities to only those users requiring it for their job function.  Third-party solutions, such as XYGATE Spoolcom Peruse (XSP), are available to improve security of the spooler, simplify task management and administration and allow for delegation of authority.   So that’s #7: Establish granular control of user activity. Increasing the granularity of control builds on security concepts discussed in earlier blog posts and goes deeper into specific system areas which need closer security management.   For more information or help: More in-depth information and guidance on these security subjects are available in XYPRO’s NonStop security handbooks: HPE NonStop Server Security: A Practical Handbook and Securing HPE NonStop Servers in an Open Systems World: TCP/IP, OSS and SQL. PCI information can be found at:https://www.pcisecuritystandards.org/index.php   You may also contact XYPRO for assistance. For over 30 years, XYPRO has provided NonStop security solutions and services that help companies protect their NonStop systems and comply with industry regulations (such as PCI DSS, HIPAA, and SOX). #### XYPRO NonStop Security Fundamentals Top 10 List – #8 This week we’re moving to a simple yet critical fundamental of NonStop security—ensuring individual accountability. While aspects of this were touched upon in both the #10 and #9 NonStop Security Fundamentals, we feel individual accountability is an important enough concept to rate its own entry on the list. #8: Ensure individual accountability (no shared IDs!) The NonStop system is shipped with certain shared userids that can be used for privileged or non-privileged access (like SUPER.SUPER or NULL.NULL). However, security best practices and industry regulations, like PCI DSS, require users to have unique userids so that there is clear accountability. This also facilitates effective auditing, remediation and management of individual user rights and access. These are some areas that must be addressed: Eliminate shared userids. In the #9 blog we talked about PCI DSS Requirement 8.1 which required all users to have unique userids in order to ensure individual accountability—eliminating the use of shared userids is an extension of that concept. Shared userids, particularly for privileged userids, provide too much access and too little accountability.   Eliminate aliases to privileged userids. Aliases are only available in Safeguard environments and are used to provide alternate user names that can be used to log on to the system. Aliases should not be assigned to privileged userids (like SUPER.SUPER) because the alias gains all the underlying userid’s privileges and Safeguard provides limited auditing of the alias activity. Third-party products like XYGATE Access Control (XAC) can eliminate the need for aliases and provide more extensive auditing. Note, if a company wishes to continue using aliases, any XYGATE module can be configured to restrict the alias’s privileges separately from those of the underlying userid.   While we’re on the topic of userids, let’s cover two additional points about managing personal userids in order to have effective NonStop security with clear accountability: No personal userids in the SUPER group. Anyone with a personal ID in the group number 255 is a SUPER group member. SUPER group members can set and reset the system time, manage all jobs in the SPOOLER or in PERUSE (regardless of who owns them), and perform all commands within SCF, FUP and several other powerful utilities.   No personal userids assigned to the 255 member of any group. The group member number 255 is the Group Manager ID and should never be assigned as a personal userid. Some of the risks associated with the Group Manager ID are: Group Managers can ADD, Alter, Delete userids in their own group if Safeguard is not present or is not configured to prevent it. Group Managers can “log down” to the userid of any member of the same group without a password unless prevented by Safeguard. Group Managers can PROGID any program owned by a group member. In Safeguard, the group manager of the Primary Owner of any object’s Protection Record can also modify any Safeguard Protection Records owned by members of the same group Well, that’s #8: Ensuring individual accountability (no shared IDs!).It’s not just an important security best practice but also a PCI DSS requirement. Stay tuned to the XYPRO blog site—next up on our list is NonStop Security Fundamental #7 For more information or help: More in-depth information and guidance on these security subjects are available in XYPRO’s NonStop security handbooks: HPE NonStop Server Security: A Practical Handbook and Securing HPE NonStop Servers in an Open Systems World: TCP/IP, OSS and SQL. PCI information can be found at:https://www.pcisecuritystandards.org/index.php You may also contact XYPRO for assistance. For over 30 years, XYPRO has provided NonStop security solutions and services that help companies protect their NonStop systems and comply with industry regulations (such as PCI DSS, HIPAA, and SOX). #### XYPRO NonStop Security Fundamentals Top 10 List – #9 Previously, we started our countdown of the top 10 NonStop Security Fundamentals with “Secure the default system access settings” in the #10 spot. This week we’ll continue on to #9 on our list. #9: Set-up strong user authentication and password controls Establishing strong user authentication and password management controls are critical aspects of any security program and are a major requirement for meeting PCI DSS compliance. Safeguard provides the core functionality necessary to do this and there are additional tools available for extended capabilities and advanced requirements. Requirement 8 of PCI DSS deals with user identification and password management and is a useful guide even if you’re not subject to PCI compliance—let’s use it as framework for discussion. PCI DSS 8.1: Assign all users a unique ID before allowing them to access system components or cardholder data. Providing each user with a unique userid establishes individual accountability within the system. While Safeguard provides the ability to add new users with unique userids, it also has certain privileged userids (e.g., SUPER.SUPER) that by default allow shared access (i.e., no individual accountability). To fully meet this PCI requirement and ensure individual accountability for all users, consider an add-on security solution. For example XYGATE Access Control (XAC) can be deployed to grant users role based access via their own, unique userids while granting and auditing privileged access. Furthermore, XAC can be used to allow an individual user to perform only a restricted subset of what SUPER.SUPER is allowed to do. PCI DSS 8.2: In addition to assigning a unique ID, employ at least one of the following methods to authenticate all users: Something you know, such as a password or passphrase Something you have, such as a token device or smart card Something you are, such as a biometric Passwords are the most common method for authenticating a user, and Safeguard has standard support for them and also has password management controls (more on that later). To simplify user management or improve user experience, many companies choose to integrate aspects of NonStop user authentication with an enterprise-service such as Active Directory. One way to do this is through XYGATE User Authentication (XUA) which has an LDAP interface for the NonStop. XUA enables companies to use enterprise services and reduce password management overhead and improve users’ experience by reducing password management overhead. PCI DSS 8.3: Incorporate two-factor authentication for remote access (network-level access originating from outside the network) to the network by employees, administrators, and third parties. It is widely accepted that usernames and passwords alone do not provide sufficiently strong authentication—and this is particularly true when it comes to authenticating users from outside the network. To address this security concern, two-factor (a.k.a., multi-factor) authentication has been developed and is required by PCI for remote access. A common approach for second-factor authentication is the use of a token device, like RSA SecurID. Support for this capability is available through add-on solutions such as XUA. XUA provides additional logon controls beyond what is available through Safeguard, and supports authentication using RSA SecurID. PCI DSS 8.4: Render all passwords unreadable during transmission and storage on all system components using strong cryptography. Protecting passwords during transmission is accomplished by using the secure communications capabilities that are part of the NonStop operating system (SSL or SSH). To protect stored passwords, Safeguard should be configured to encrypt passwords using the most secure algorithm: PASSWORD-ENCRYPT = ON PASSWORD-ALGORITHM = HMAC256 PCI DSS 8.5: Ensure proper user identification and authentication management for non-consumer users and administrators on all system components as follows: (subparts 8.5.1 – 8.5.16) Requirement 8.5 actually has 16 sub-parts relating to different aspects of user identification, authentication and password management. Generally, Safeguard provides the necessary tools to control userids and manage passwords but there are a couple key gaps that need to be addressed. Firstly, the password reset process must be strengthened. While Safeguard allows the reset of user passwords (or this might be done through an enterprise service), PCI 8.5.2 requires that a user’s identity be verified before the reset. To meet this requirement, a company must implement some process or mechanism to confirm identity when a reset is requested. One way to achieve this verification is through XYPRO solutions which can present a user-specific challenge question to the Help Desk along with the expected answer that the user requesting the reset should provide. Furthermore, Safeguard password changes are always local. To do network password changes, NonStop customers will need an add-on product like XYGATE Password Quality (XPQ). Secondly, the session timeout process must be hardened. PCI 8.5.15 requires re-authentication if a session has been idle for more than 15 minutes. However, NonStop’s native timeout mechanism (TACL configuration) can only timeout a session if the user is at a TACL prompt and users can easily bypass this. XYPRO’s XAC solution solves this problem by forcing timeout of XAC-controlled sessions whether at a TACL prompt or within a utility. Lastly, many of the aspects of PCI DSS 8.5 fall into the general area of user and password administration—ensuring a strong password format, enforcing password changes, removing inactive/terminated users, failed attempt lockout and duration, etc.—and Safeguard has the ability to do this. However, depending on the number of users, the management overhead for this administration may be high and tools have been developed to assist. For example, XPQ provides password management capabilities which strengthen security while easing administrative effort. So that’s #9 on our list—set-up strong user authentication and password controls. Do you agree/disagree? Let us know what you think. In our next post, we’ll discuss NonStop Security Fundamental #8. For more information or help: More in-depth information and guidance on these security subjects are available in XYPRO’s NonStop security handbooks: HPE NonStop Server Security: A Practical Handbook and Securing HPE NonStop Servers in an Open Systems World: TCP/IP, OSS and SQL. PCI information can be found at:https://www.pcisecuritystandards.org/index.php You may also contact XYPRO for assistance. For over 30 years, XYPRO has provided NonStop security solutions and services that help companies protect their NonStop systems and comply with industry regulations (such as PCI DSS, HIPAA, and SOX).   #### XYPRO partners with CyberArk and SailPoint to maximize enterprise identity governance and security investments for HPE NonStop servers XYPRO partners with CyberArk and SailPoint to maximize enterprise identity governance and security investments for HPE NonStop servers. Integrate HPE NonStop servers with CyberArk Privileged Access Security Solution Expanding on the recent strategic SailPoint partnership and integration for the HPE NonStop Server, XYPRO is thrilled to announce our partnership with CyberArk, the leader in privileged access security. One of the most severe security risks to any organization is stale privileged accounts or the misuse, compromise or sharing of those accounts. Privileged accounts have elevated access to perform administrative functions. They can be administrator accounts, service accounts, firecall or emergency accounts, database connection accounts and applications accounts among others. Most of these accounts were set up ages ago when an application or system was deployed. They typically have multiple integration points and because of the risk of “breaking something,” the passwords for these accounts are rarely rotated, and likely shared and improperly stored. According to the Varonis 2018 Global Data Risk Report - 65 percent of companies have over 500 accounts with passwords that are never rotated. Passwords that are never rotated - or only rotated on an infrequent basis - have a higher likelihood of showing up in online password dumps and being used to infiltrate networks. Simply put – they’re a cyber criminal’s best friend. Ensuring privileged account passwords are stored properly, changed regularly, meet complexity and compliance requirements, and are audited can be overwhelming to implement and manage. Current solutions for requesting and managing access to privileged accounts are manual, complex and frequently do not map to the core business initiatives. Unfortunately, governance is often an afterthought, leaving many enterprises vulnerable to increased security risks and potential non-compliance with external regulations or internal corporate mandates. Why integrate your HPE NonStop servers with CyberArk? To address this need, XYPRO has worked closely with CyberArk and our mutual customer base to deliver the only CyberArk integration for the HPE NonStop server. XYPRO’s  XYGATE Identity Connector for CyberArk bridges the existing gap on HPE NonStop servers between identity governance and enterprise password management. In today’s ecosystem where privileged account abuse is the most common way for hackers to compromise a system, proper credential storage and accountability is paramount in risk mitigation. Relying on manual methods is resource intensive, error prone and leaves gaps. A password vault is the ideal way to automate these activities and address compliance needs. Using XYGATE Identity Connector (XIC), your HPE NonStop servers can now seamlessly integrate with the CyberArk Privileged Access Security Solution, the most used and trusted privileged access security solution,  allowing end-to-end password management of NonStop privileged accounts, such as SUPER.SUPER. An organization typically stores privileged accounts and passwords, including NonStop account credentials, within the CyberArk Privileged Access Security Solution password vault. A user then requests access to a privileged NonStop account for a specified amount of time; for example, they may be granted access to the SUPER.SUPER account for two hours. Once approved, CyberArk securely releases the password to the user. When that two-hour time window expires, CyberArk automatically expires the current password within the vault and assigns the account a new password. CyberArk would contain the new password for the account while the NonStop would still have the old password.  The NonStop administrator must specifically be told to update the NonStop password to keep it in sync with the CyberArk Privileged Access Security Solution password vault. This manual process is typically executed via insecure methods such as email, SMS or simply writing it down in a text file stored on someone’s desktop. What is even riskier is that until this manual process is completed, which can be hours, days or more, the NonStop user originally granted access for only two hours has access to the privileged account the entire time; much longer than was originally authorized. This time-consuming process creates a serious security risk and compliance issue on the NonStop. Using XYGATE Identity Connector for CyberArk, this process becomes automated, updating the NonStop server’s account password as soon as the password is rotated in the CyberArk Privileged Access Security Solution password vault, ensuring the user who was approved for access to the privileged account for two hours cannot log on to that account after the authorized time window has expired. Most organizations already have active projects to extend their existing CyberArk and SailPoint investments into the rest of the enterprise platforms, processes and applications, of which the HPE NonStop can now be included with those integrations. XYGATE Identity Connector for CyberArk comes packaged as a lightweight, easy to deploy, executable using a micro service framework that runs on your existing NonStop servers. Simply configure the service XML with the specific HPE NonStop server properties and run the deployer. XYGATE Identity Connector deploys quickly in a JAVA Virtual Machine (JVM) on OSS. No other software is required. Installation is simple, quick and secure. XYGATE Identity Connector for CyberArk supports both HPE NonStop user accounts and aliases. Configuration from the CyberArk side is just as easy. Configure your IP address, port and credentials to connect to XIC and immediately begin vaulting your passwords and taking advantage of your already established corporate policies within the CyberArk Privileged Access Security Solution. Why integrate your HPE NonStop with SailPoint IdentityIQ? Complementing our new CyberArk partnership and integration is our HPE NonStop integration with SailPoint that we announced in March 2018. Without centralized identity management, onboarding and off-boarding activities become a manual process, which is not only time consuming but introduces unnecessary security risk and compliance concerns. XYGATE Identity Connector for SailPoint provides complete control over who has access to your NonStop servers from a single enterprise location. XYPRO’s XIC solution simplifies requirements and compliance activities. When an identity is disabled through SailPoint IdentityIQ, the corresponding account is immediately disabled on all NonStop servers on which the identity was provisioned. When that identity is removed using IdentityIQ, the account is immediately removed from all NonStop servers, ensuring the removal of stale accounts, improving your relationship with your auditors and strengthening your security procedures at the same time. Using XYGATE Identity Connector for SailPoint, HPE NonStop customers can now integrate their NonStop servers with their SailPoint IdentityIQ, enabling seamless participation within the enterprise. SailPoint’s industry-leading, powerful access certifications, governance controls and logical workflows allow NonStop customers to take full advantage of the capabilities provided by SailPoint that have long been available for other platforms. To learn more about XYGATE Identity Connector, please contact your XYPRO Account Executive or visit www.xypro.com/identity. #### XYPRO presents "What is Zero Trust Security?" for HPE DISCOVER 2021: ON DEMAND Traditional security relies on a “trust but verify” model. Authenticated users are trusted within the enterprise network. This leaves the network vulnerable to malicious activity. Zero trust is a “never trust, always verify” model. Steve Tcherchian, CPO at XYPRO, explains what zero trust is and how it can reduce your vulnerability footprint. Click here to view the presentation #### XYPRO presents at CTUG, BITUG and HPE DISCOVER 2021 It’s been a busy and exciting time for the HPE Community with virtual events by CTUG, BITUG and HPE Discover. XYPRO Account Executive Steve Roy presented “Multi-Factor Authentication for HPE NonStop” at BITUG covering how XYGATE User Authentication (XUA) – included with your HPE NonStop server – provides multi-factor authentication to strengthen the security of your servers AND applications. XUA enables regulatory compliance with PCI-DSS, GDPR, HIPAA and more. This enables you to secure your environment against authentication attacks using the tools you already have. Click here to watch the presentation In addition to our participation at BITUG, XYPRO’s Chief Product Officer Steve Tcherchian  presented an informative talk on” Enterprise Integration of Your HPE NonStop Ecosystem” at the CTUG Virtual Conference. You can watch the video by clicking here. Rounding out a very busy week, Steve Tcherchian also created an on-demand presentation for HPE Discover 2021 entitled “What is Zero Trust Security". Zero trust is a “never trust, always verify” model and Steve explains how it can reduce your vulnerability footprint. Click here to view the presentation. #### XYPRO Presents Zero-Trust Security, Enterprise Integration, at HPE India’s BCD It was an honor to be invited to speak at this year’s Hewlett Packard Enterprise Business Critical Dialogue (BCD) event in Chennai, India. What an unforgettable 3 days.  It was a very welcome re-introduction to in-person business gatherings after 2 long years.  The HPE India team always produces an event that forges deep connections. This time was no different. Integrating HPE NonStop with Enterprise Security Solutions HPE NonStop Servers and Applications can be a challenge to integrate with enterprise processes. Without enterprise integration, User, Identity, and Access Management rely on manual processes. XYGATE security, compliance, and risk management solutions modernize NonStop applications and integrate your HPE NonStop servers with the latest enterprise solutions like Sailpoint IdentityIQ, CyberArk, ServiceNow, and others. XYGATE integration means visibility and governance of your NonStop processes – saving time and money while greatly reducing risk. It has never been so easy to be a seamless part of the enterprise! Zero-Trust Security with HPE and XYPRO: Reduce the Cost of Security and Compliance by 80% The probability that an organization will experience a breach in the next 24 months is high and the current time to identify and contain a breach is still 280 days. XYPRO security solutions reduce the meantime to detect, and the resources required to respond to potential breaches by up to 80%, dramatically reducing the impact of a breach on your enterprise. HPE and XYPRO have expanded our decades-long partnership and XYPRO’s entire suite of mission-critical security and integration solutions is available through HPE. This unique partnership removes complexity and reduces cost by delivering fully integrated, ZERO Trust solutions to secure and manage the HPE NonStop technology stack. “We are looking forward to the success of our ever-expanded partnership with HPE.  In addition to our NonStop security solutions, we also now offer #missioncritical security solutions for Linux and SAP Hana workloads.” HPE and XYPRO solutions integrate into your company’s existing security infrastructure, for a zero-trust security model.  Contact your HPE or XYPRO representative for a free rapid security assessment of your systems. Don’t miss XYPRO at one of these upcoming events! BITUG Big Sig - London - London, UK - June 8-9 HPE DISCOVER 2022 -  Las Vegas, NV - June 28-30 NonStop Technical Boot Camp 2022 - Burlingame, CA - November 8-10 Please visit our website for further event details and registration at https://xypro.com/events Visit our webinars page after the event to watch it on-demand. #### XYPRO SQLXPress Now Included in HPE’s Database Bundle A Major Step Forward for NonStop SQL Management XYPRO’s secure database management solution, SQLXPress, is now included in HPE’s Database bundle. This expanded partnership with HPE ensures that every HPE NonStop SQL customer has access to the most powerful and user-friendly integrated development environment (IDE) for NonStop SQL. SQLXPress provides an intuitive, modern SQL management experience, comparable to SQL Server Management Studio (SSMS) for Microsoft SQL. This marks a significant step in simplifying and securing database management for enterprises running critical workloads. Whether you’re a database administrator, developer, or security professional, SQLXPress delivers everything you need to manage, optimize, and protect mission-critical applications and HPE NonStop SQL databases—all within a single, comprehensive platform. "Including SQLXPress in HPE’s Database offering strengthens our partnership and ensures NonStop users get a best-in-class database management solution right out of the box. This is a major step in simplifying database operations while enhancing security and compliance." – Steve Tcherchian, Chief Product Officer, XYPRO SQLXPress - The Natural Choice For too long, managing and querying NonStop SQL databases required command-line expertise, multiple third party tools, or custom-built scripts. SQLXPress changes that by providing a feature-rich, Windows application that makes interacting with NonStop SQL databases seamless and efficient. SQLXPress provides: Intuitive SQL Querying & Editing – A modern, user-friendly interface for querying, editing, and managing NonStop SQL databases. Comprehensive Database Management – Easily browse, update, and analyze database structures, tables, indexes, stored procedures, and more. Advanced Performance Monitoring – Identify bottlenecks, optimize query performance, and gain insights into database activity. Robust Security & Compliance – Built-in access controls, auditing, and security mechanisms protect sensitive data and ensure compliance with industry regulations. Seamless HPE NonStop Integration – Optimized specifically for NonStop SQL, ensuring high availability and reliability. Security and Compliance: SQLXPress for PCI DSS 4.0.1 Database security is more critical than ever, especially for organizations handling payments data and sensitive customer information. SQLXPress security features align with PCI DSS 4.0.1 requirements, ensuring enterprises maintain compliance, while minimizing risk. Key security and compliance benefits include: Role-Based Access Controls – Enforce least privilege access and prevent unauthorized database changes. Comprehensive Auditing & Logging – Track all database access and modifications with detailed logs for compliance reporting. Encryption & Secure Connections – Support for secure communication protocols to protect sensitive data at rest and in transit. Automated Compliance Reporting – Simplify audits and regulatory reporting with pre-built compliance reports and real-time monitoring. Multi-Factor Authentication (MFA) – Enforce strong authentication controls to protect database access and meet regulatory requirements. “Security and manageability must go hand in hand to create a seamless product experience. Our customers operate in fast-paced environments where complexity is a liability, and security can't be an afterthought. They need solutions that are intuitive, efficient, and secure from the start—without the burden of steep learning curves or manual processes. By integrating the robust security capabilities of XYPRO with the streamlined manageability of NonStop SQL, we provide a simplified, resilient solution that our customers urgently need. “ – Roland Lemoine, Product Manager, HPE Real-World Use Cases With SQLXPress now part of HPE’s Database bundle, customers gain immediate access to a tool that makes database management more efficient, secure, and compliant. Here’s how organizations are leveraging SQLXPress in their environments: Financial Services & Payments: NonStop SQL databases power mission-critical payment processing platforms. SQLXPress enables faster query execution, real-time monitoring, and PCI DSS compliance for secure transactions. Retail & E-Commerce: Retailers rely on NonStop SQL for high-volume transactions and inventory management. SQLXPress helps teams quickly analyze sales data and optimize performance. Manufacturing & Supply Chain: Organizations running complex supply chain applications on NonStop SQL use SQLXPress for data integrity, automation, and streamlined database maintenance. A New Era for NonStop SQL Management The growing partnership between HPE and XYPRO ensures that organizations have the right tools to manage, optimize, and secure their databases. For those already leveraging NonStop SQL, SQLXPress is a powerful, easy-to-use solution to streamline database operations. And for organizations considering NonStop SQL, the enhanced capabilities of SQLXPress make it an even more compelling choice. "This expanded partnership between XYPRO and HPE is all about delivering value to the NonStop community. SQLXPress transforms how organizations manage their NonStop SQL databases, making it easier, faster, and more secure than ever before. By simplifying database management, improving security, and ensuring compliance with industry standards like PCI DSS, we’re enabling businesses to focus on what matters most—driving innovation and growth. We’re excited to see how our customers leverage SQLXPress to optimize their operations and enhance their cybersecurity posture." – Steve Tcherchian, Chief Product Officer, XYPRO To learn more about SQLXPress and how it transforms your NonStop SQL database management experience, contact XYPRO or HPE today.   #### XYPRO Team Profiles: Support Guru Leads Layer8 to CCDC Nationals As XYPRO continues to grow as a company, so does the team of outstanding individuals that support us. For many members of our team security is much more than a job, it is a passion. Sepand Hormozdiary of the XYPRO support team is no exception.  Sepand has been around computers his entire life and this year he was chosen to be the captain of his team, Layer8, in one of the nation's most prestigious cybersecurity competitions, the National Collegiate Cyber Defense Competition (CCDC).  After the competition I was able to chat with Sepand about his experience. Sepand Hormozdiary Hey Sepand, tell everyone a little bit about yourself: I am a senior at California State University Northridge (CSUN), majoring in computer information technology. I am part of the XYPRO Technical Customer Support department, where I started as an intern before being offered a permanent position.  I graduate from CSUN in May, 2017. Computer technology has always been my passion and I have been working in this field more than a decade. I returned to school because I felt the need to an academic degree to complement my professional experience. Why are you passionate about your major? My father introduced me to my first consumer computer the “Commodore 64” at a very young age and I felt this is something that I can do for the rest of my life. Later, I was introduced to Windows NT 4.0 and networking. Eventually, I obtained my CCNA and MCP degree while I was working in one of the largest petrochemical companies in the middle-east. What is Layer 8? CSUN’s Layer8 Computer Security Club is an educational student club that focuses on cyber security at different levels. They work on various security projects during the semester that include lectures on how to attack physical locks or lock picking, decompiling programs, reverse engineering, pen testing Wi-Fi, and ethical hacking. Club members participate in different online cybersecurity competitions such as CTF (Capture the Flag) and qualified members eventually become part of the WRCCDC (Western Regional Collegiate Cyber Defense Competition). Why are you involved? I love the challenge and I am also nominated by the Layer 8 Club board to serve as the team leader due to my 10+ years of experience in Network engineering and System Administration in the telecom and oil industries. What is the CCDC (Collegiate Cyber Defense Competition)? The CCDC is a competition between a Blue Team (Service Providers) and a Red Team (Professional Pen Tester). The blue teams have to respond to administrative tasks that are dictated by a fictitious company. The blue team also has to respond to threats coming from live opponents (Red Team). The 2017 Western Regional Collegiate Cyber Defense Competition (WRCCDC) was won by the CSUN Layer8 (blue) team against very tough competition that included Stanford University, University of California, Berkeley, Cal Poly Pomona, University of California, Riverside, Arizona State University, California State University, San Bernardino and University of Advancing Technology. More about the competition from the WRCCDC website: “CCDC competitions ask student teams to assume administrative and protective duties for an existing "commercial" network - typically a small company with 50+ users, 7 to 10 servers, and common Internet services such as a web server, a mail server, and an e-commerce site. Each team begins the competition with an identical set of hardware and software for their fictitious business and teams are scored on their ability to detect and respond to outside threats, maintain availability of existing services such as mail servers and web servers, respond to business requests such as the addition or removal of additional services, and balance security needs against business needs. Throughout the competition, an automated scoring engine is used to verify the functionality and availability of each team's services on a periodic basis while traffic generators continuously feed simulated user traffic into the competition network. A volunteer red team provides the "external threat" that all Internet-based services face and allows the teams to match their defensive skills against live opponents.” Why does Layer 8 participate in CCDC? Layer 8 is a student club focused on cyber security and IT. To fill the gap between academia and real world challenges, Layer 8 is focusing on the areas that academia does not provide enough coverage due to legal or other resource limitations. CCDC is the best way to put the material students practiced in the Layer 8 lab into an action. Who is on the team? Each school can send a list of 12 students to WRCCDC and 8 students can play in the competition. Since competition is covering a different area of cyber security, each team consist of 3 specialized teams (Windows, Linux, and Networking) and one person to accept\submit business inquiries submitted from a fictitious company. CSUN’s reputation at the event In the past, the team reached as high as 3rd place, but in WRCCDC 2017 for the first time, CSUN Layer8 placed first. A word from Sepand’s Manager, Robert Massa It’s a pleasure to work with Sepand and utilize his security skills to help solve technical customer issues reported by customers, as well as internal corporate security concerns. He is an enthusiastic individual who works relentlessly to find answers to the often complex support issues that he has to deal with on a daily basis. XYPRO is a proud sponsor of CSUN’s Layer8 Computer Security Club and congratulates the team on their achievements. Casey Krasner Marketing Coordinator XYPRO Technology #### XYPRO Technology – 25 days into Quarantine 2020 Melodie Bond-Hillman, Ph.D. Sr. Manager, Human Resources & Administration XYPRO Technology “A smooth sea never made a skilled sailor.” ― Franklin D. Roosevelt Day 25 of the quarantine and we are still adjusting to our new normal as a temporarily 100% remote workforce. For the first 2 weeks, there was adrenaline and lots of activity around getting settled in, while transitioning our homes into modern tech workspaces.   Many people dream of working from home, but that’s usually on their own terms. For some of us, working from home is already the norm, but for others, the transition has been more difficult and the reality of working exclusively at home can be somewhat disenchanting. Many of our employees also had to adjust to this instant work from home situation combined with the challenges of multiple people working in one household, no private workspace, homeschooling, childcare, trying to follow CDC guidelines and perhaps take care of a relative or neighbor - all at the same time. In a previous article, I described preparing our employees and company for a work from home scenario from a tactical perspective and although we anticipated the challenge would lie in keeping employees motivated, engaged, happy and productive during our “Safer at Home” compliance, we learned some valuable lessons through the process: Stay Connected – We hold optional, daily “all-staff” office chats via video conference -  a casual forum where employees can jump on with their coffee, socialize and connect. Provide Ways to Keep Moving – Virtual Yoga is conducted live, twice a week, by our usual in-house yoga instructor to help employees relax, get some exercise and maintain some of their normal routine. Celebrate Successes –  XYPRO’s weekly, virtual happy hour, provides an opportunity to casually connect online and celebrate the week’s successes. Solicit Frequent Feedback – We have sought feedback multiple times (via online survey) in these first 25 days to see how our employees are adjusting.  We will continue to survey and make improvements. Provide Resources – We’ve made a point to share Financial, Healthcare, Mental Health and Retirement Planning information - so the employees know all the benefits available to them. Ask Employees for Advice – Our ”seasoned” remote workers help by providing tips on working from home to our “rookies”.  It’s a chance for collaboration and unity. Additionally, it helps the usual remote worker understand “what is the big deal”. Find What Works Best for Your Team – Video conference fatigue is a real thing. We use video conferencing for scheduled meetings and encourage the use of our internal chat programs and phone calls for quick questions. Just like in the office, not everything requires a formal meeting. Be flexible – We support flexible work schedules to accommodate homeschooling, childcare, grocery shopping, making time to exercise and taking care of others. Give Back –  XYPRO employees have been gifted additional volunteer hours, allowing them to give to others during and after this crisis.  Expressing gratitude and helping others is proven to reduce stress and improve mental health. Be Generous Where It Matters – We decided to be extremely flexible with sick time through this extraordinary circumstance. Even though we’re working from home, if you’re sick - please take the time you need to get better. Provide Encouragement – Encourage employees to get exercise, take frequent breaks and provide “stand up and stretch” reminders. Transparency in Communication – Continue to keep employees and customers updated as the situation changes or doesn’t, requiring this unusual arrangement to last longer.   This crisis will be a defining moment for many companies and a true test of the strength of their culture. At XYPRO, we realize the importance of how we handle this.  The impact of the way companies treat their employees during times like these will have lasting effects on employee trust, morale, loyalty, and satisfaction. We take that into consideration with every decision we make. We’re in an enviable position having the luxury of “decisions” about how we’re going to handle this situation.  We haven’t had to furlough or lay off anyone. This stability is not lost on us and we are consciously making the effort to do what we can to support our local businesses and communities by continuing to order goods and services we will need when things begin returning to normal. #### XYPRO Technology Corporation Acquires Merlon Software Corporation Simi Valley, CA March 21, 2017 Mississauga, ON 21 March, 2017   XYPRO® Technology Corporation, the leading provider of security software for HPE NonStop™ server environments, today announced that it has completed the acquisition of Merlon Software Corporation, the leading provider of database management software for HPE NonStop™ servers.   In business for over 20 years, Merlon is a Toronto-based company that offers an integrated set of database management tools for HPE NonStop servers, which are fully-integrated, fault-tolerant systems delivering the highest availability, massive scalability and operational efficiency.  Many of the world’s leading companies in payments, financial services, retail, telecommunications, manufacturing, and healthcare use Merlon software to manage and optimize their HPE NonStop server databases (HPE NonStop SQL and Enscribe).   “Having partnered as the distribution channel for Merlon NonStop Database products for over eight years, this new, integrated company is a natural evolution of that relationship. Merlon products provide companies who rely on NonStop servers for storing and processing vast amounts of data with the means to efficiently administer even the largest, most complex database environments,” said XYPRO’s Kenneth Scudder, Senior Director of Business Development and Merlon’s President post-acquisition.   Merlon customers trust its solutions to manage the mission critical data in their NonStop SQL and Enscribe databases. Together with XYPRO’s NonStop security products, the combined solutions of XYPRO and Merlon provide essential protection and management for mission critical data.   “Trust is the foundation of any successful relationship, whether business or personal, and our trust in XYPRO has given Merlon confidence in knowing that we will continue to be successful and will grow together as a single organization. The natural fit of our two companies’ philosophies, culture and technologies will provide an even greater customer experience for our mutual clients and help deliver a more integrated solution set to manage and protect mission critical data for the HPE NonStop marketplace”, said Rick Pettifer, Director, Merlon Software Corporation   About XYPRO Technology Corporation XYPRO Technology offers 35 years of knowledge, experience and success in providing HPE NonStop information systems tools and services. Businesses that manage and transport business-critical data on a large scale turn to XYPRO for the very best solutions in Security, Risk Management, and Compliance. XYPRO’s software solutions ultimately enable businesses to protect information assets and gain a competitive edge through improved efficiency. About Merlon Corporation Merlon Software is a Toronto-based software vendor specializing in modern, functional Database Management software for the HPE Integrity NonStop line of servers.  Merlon products increase availability, reduce complexity and maximize the investment of the highly available, fault-tolerant NonStop servers. Press Contact Casey Krasner XYPRO Technology Corporation +1 (805) 583-2874 casey.krasner@xypro.com #### XYPRO Technology Corporation Named 2013 HPE AllianceOne Partner of the Year Simi Valley, CA (June 13, 2013) – XYPRO Technology Corporation, the market leader in HPE NonStop Server security, audit, compliance, and FIPS-validated encryption solutions, today announced that it has been recognized with an HPE AllianceOne Partner of the Year Award in the Security category at HPE Discover in Las Vegas. The HPE AllianceOne Partner of the Year Award for Security honors XYPRO for delivering comprehensive system, user and data security to protect mission critical applications and supporting infrastructure. XYPRO’s solutions provide role-based access control, single sign-on and multi-factor authentication, discretionary and dynamic object security, state-of-the-art encryption (FIPS 140-2), innovative encryption key management, automated system vulnerability and compliance assessment, and consolidated security event monitoring and auditing. “XYPRO is very pleased to be recognized by HPE as a distinguished and valued partner,” said Kenneth Scudder, Senior Director, Business Development and Strategic Alliances at XYPRO. “XYPRO’s solutions are specifically designed to protect HPE NonStop Server systems and provide customers strong security and compliance for their critical business applications. "Congratulations to XYPRO on their HPE AllianceOne Partner of the Year award for Security,” said Doug Oathout, vice president, Channel and Alliances, Enterprise Marketing, HP. “XYPRO has demonstrated outstanding dedication and expertise in addressing the business and technology needs of its customers by helping them reduce risk with comprehensive system and application security, achieve regulatory compliance, and reduce costs of security administration." Additional information on HPE Discover 2013 is available at http://h30614.www3.hp.com/discover/home . About XYPRO Founded in 1983, XYPRO Technology Corporation is the market leader in HPE NonStop server security, audit, compliance assessment and FIPS-validated encryption solutions. XYPRO solutions meet the strict requirements of companies who manage, access and transport sensitive data using heterogeneous hardware platforms and multiple communications media. XYPRO helps mission critical businesses manage their security risks, protect assets and gain a competitive edge through compliance, while improving efficiency. https://xypro.com Media Contact: Kenneth Scudder XYPRO Technology Corporation +1 (805) 583-2874 Email: kenneth.scudder@xypro.com   #### XYPRO to Present at HPE NonStop Technical Bootcamp 2021 XYPRO is proud to announce our participation as a Gold Sponsor at the HPE NonStop Technical Boot Camp 2021. This year’s program will feature both live, on-site activities, hands on demos, training as well as virtual programs. The 2021 NonStop TBC will be held in Denver, Colorado on October 5-7. HPE and XYPRO will be providing a pre-conference education session on XYPRO’s flagship XYGATE SecurityOne™ Security Analytics software. Described as “A single pane of glass to monitor security across your system”, this 4-hour training session will provide an in-depth look at utilizing SecurityOne to protect your NonStop environment. As an HPE Partner expert, XYPRO’s Chief Product Officer and CISO, Steve Tcherchian will provide his expertise as part of the event’s Security Panel Discussion on Tuesday, October 5th. The Boot Camp event will be recorded and registrants will have access to a large on-demand library where users can play or replay talks at their leisure. For more information, and to register, visit https://www.nonstoptbc.com/ #### XYPRO Welcomes Stephen Hahn as Vice President of Sales Los Angeles - October 29th,2021 - XYPRO Technology is pleased to announce Stephen Hahn has joined our team as Vice President of Sales.  Stephen is responsible for running XYPRO’s global sales organization and developing new business opportunities. Stephen comes to XYPRO from Proofpoint, a large, publicly traded cybersecurity company where he led a team of sellers who looked after Proofpoint's Fortune 100 customers. Prior to that, Stephen spent nearly 20 years leading sellers as the VP of Strategic Accounts at Avocent, 6 years running a global security organization with LANDesk/Ivanti and Code42. He's led teams in publicly traded companies, startups, and everything in between.  “Stephen has a proven record of facilitating long term business relationships with both customers and partners.  His business approach and personality are assets that will complement and enhance XYPRO’s ability to meet the needs of our customers as we continue to provide quality, innovative security solutions” says XYPRO CRO, Barry Forbes.  XYPRO Sales Account Executives, Sales Operations and Business Development will all be reporting to Stephen. Stephen’s knowledge, skills, and industry experience will enhance the overall effectiveness of our sales organization and help us reach new customers. About XYPRO Technology Corporation XYPRO offers over 35 years of expertise, experience and success in providing Mission Critical HPE NonStop information systems Risk Management & Real Time Threat Detection, Security, Patented Analytics and Secure Database solutions.  Mission Critical computing allows us to securely shop, bank, manage our finances and stock portfolios, wire money and transact with credit cards, mobile phones and all types of newer tech innovations. XYPRO offerings are innovative, modern, trusted, and backed by a team of seriously experienced security and software experts that sets us apart. We take advantage of all the latest technology, methodologies and secure development practices, as well as our strategic partnerships with the industry’s top cybersecurity companies.   For more information, visit www.xypro.com. #### XYPRO XYGATE® Identity Connector for HPE NonStop, Certified for CyberArk® XYPRO XYGATE® Identity Connector for HPE NonStop, Certified for CyberArk® One of the largest security risks to any organization is stale privileged accounts or the misuse, compromise or sharing of those accounts. Privileged accounts have elevated access to perform administrative type functions. They can be administrator accounts, service accounts, firecall or emergency accounts, database connection accounts, application accounts among others. Most of these accounts were set up ages ago when an application or system was deployed. They typically have multiple integration points. Because of the risk of “breaking something”, the passwords for these accounts are rarely rotated, likely shared and improperly stored. According to the Varonis 2018 Global Data Risk Report - 65 percent of companies have over 500 accounts with passwords that are never rotated. These accounts have a higher likelihood of showing up in online password dumps with valid passwords. Privileged and service accounts with non-expiring passwords are a cyber criminal’s best friend. Ensuring these passwords are stored properly, changed regularly, meet complexity and compliance requirements, and are audited can be overwhelming to manage. Current processes for requesting and managing access to privileged accounts are manual, complex, and frequently do not map to the core business initiatives. Governance is often an afterthought, leaving many enterprises vulnerable to increased security risks and potential non-compliance with external regulations or internal corporate mandates. To address this need, XYPRO has partnered closely with CyberArk and our customer base to deliver the only supported CyberArk integration for the HPE NonStop server. XYPRO’s XYGATE Identity Connector, certified by CyberArk, bridges the gap between identity governance and enterprise privileged credentials management for the HPE NonStop server. CyberArk’s Enterprise Central Policy Manager (CPM) enables organizations to secure, manage, automate and log all activities associated with privileged accounts. In today’s ecosystem where privileged account abuse is the most common way to compromise a system, proper credential storage and accountability is paramount in risk mitigation. Relying on manual methods is resource intensive, error prone and leaves gaps. A password vault is an ideal solution for automating these activities and addressing compliance needs. Using CyberArk’s CPM, you will gain additional benefits such as: Leveraging existing IT infrastructure Policy enforcement at an enterprise level Automatic password rotation Full auditing of who accessed credentials Integration with SIEMs CyberArk CPM allows you to take advantage of robust workflows that help enforce and streamline password policies and maintenance. Using XYGATE Identity Connector (XIC), your HPE NonStop servers can now seamlessly integrate with your CyberArk® Central Policy Manager (CPM), allowing end-to-end password management of NonStop privileged accounts, such as SUPER.SUPER. Why Integrate your HPE NonStop servers with CyberArk? An organization typically stores privileged accounts and passwords, including NonStop credentials, within the CyberArk CPM. A user then requests and is given access to a privileged NonStop account for a specified amount of time - for example they are granted SUPER.SUPER access for four hours to complete a certain task. Once approved, CyberArk releases the password to the user. When that four-hour time window expires, CyberArk expires the current password within the vault and assigns a new one. Without XYGATE Identity Connector (XIC) for CyberArk, the new password in CyberArk and the one on the NonStop server fall out of sync. It is then incumbent upon the CyberArk administrator to communicate to the NonStop administrator and ask them to update the password via a manual process to keep it in sync with CyberArk CPM. This manual process is typically via insecure methods such as email, SMS or simply writing it down in a text file stored on someone’s desktop. What is even riskier is that until this manual process is completed, which can be hours or days, the NonStop user originally granted access for only four hours has access to the privileged account the entire time, much longer than was authorized. This time-consuming process is also a huge security risk and compliance issue. Using XYGATE Identity Connector for CyberArk, this process becomes automated, updating the NonStop server as soon as the password is rotated in the CyberArk CPM, ensuring the user who was approved for access to the privileged account for four hours cannot log on to that account after the authorized time window has expired. XYGATE Identity Connector for CyberArk comes packaged as a lightweight, easy to deploy, executable using a micro service framework that runs on your existing NonStop servers. Simply configure the service XML with the specific HPE NonStop server properties and run the deployer. XYGATE Identity Connector deploys quickly in a JAVA Virtual Machine (JVM) on OSS. No other software is required. Installation is simple, quick and secure. XYGATE Identity Connector for CyberArk supports both HPE NonStop user accounts and aliases. To learn more about XIC, please contact your XYPRO Account Executive or visit www.xypro.com/identity. #### XYPRO's 2024 CyberSecurity Predictions 2024 Top 5 Cybersecurity Predictions 2024 promises to be a year marked by unprecedented challenges and innovations. Picture this: a bustling metropolis, where the heartbeat of daily life synchronizes with the hum of digital connectivity. Now, imagine the sudden jolt when schools, utilities, critical infrastructure, entertainment giants, financial institutions and your vacation destination all find themselves under siege by malicious hackers, disrupting the rhythm of normalcy. Teachers cannot take attendance and record grades, students cannot access homework, schools are shut down, tourists are locked out of their hotel rooms, transportation stops working - this isn't something out of an H.G Wells novel. This was the reality of the last few years. The colossal attacks on LAUSD, MGM Resorts, Boeing, Mr. Cooper and more, sent shockwaves through our daily lives, thrusting the importance of digital resilience into the spotlight. We can no longer focus solely on the prevention of cyberattacks; we must fortify our ability to endure them and rebound quickly.  Unplugging everything is not a solution. We saw how poorly that worked in the attacks on MGM and LAUSD. The interconnected nature of our modern world demands a strategic shift. As we delve into  cyber resilience, ransomware threats, AI-based scams, and the looming shadow of quantum computing, it becomes clear that the digital realm is no longer just a virtual space—it's the infrastructure of our reality, and its protection is a shared responsibility. This article explores the 2024 cybersecurity terrain - where the challenges are real, the threats are dynamic, and our commitment to not only safeguarding the integrity, availability, and confidentiality of information but also the recovery from an attack (our resilience), must be paramount. 1.  Cyber Resilience  The massive 2023 attacks catapulted the importance of digital resilience to new levels. Everyone is now paying attention. With the escalating sophistication of cyber threats and the persistent ingenuity of threat actors, organizations must shift their focus from preventing attacks to fortifying their ability to withstand and quickly recover from them. The interconnected nature of modern technology means that no company is immune to breaches. “Unplugging everything” is not a realistic strategy. Resilience must be a primary concern. Introducing Digital Resilience. If you haven't heard of this term - you will. Think of digital resilience as giving your computer, devices and company the ability to keep working after a problem. It's a bit like having a superhero for your digital world - but at the global infrastructure level! So, imagine if your computer faces a problem, like a sudden glitch or the operating system crashes. Digital resilience is the superpower that quickly figures out what went wrong, stops the problem from becoming worse and finds a way to fix itself, so you can get back to playing games, doing homework, or whatever you were doing without interruption. It's all about making sure your devices bounce back from hiccups and stay strong. Now we have to apply this concept to quickly recover from ransomware. The increasing interdependence on global digital infrastructure and the proliferation of emerging technologies like AI and modern payments underscore the urgency for a robust cyber resilience strategy. Beyond the traditional firewalls and antivirus software, embracing a holistic approach that encompasses best practices, reducing the attack surface, proactive threat detection, rapid incident response, and comprehensive recovery plans is a must. The ability to adapt and recover swiftly from cyber incidents will minimize the impact of breaches AND ensure the continuity of operations. In 2024, cyber resilience is not just a goal; it's a strategic imperative for safeguarding the integrity, availability, and confidentiality of sensitive information of our companies and our customers. 2.  Ransomware 2.0 Ransomware will continue to loom as a large, formidable and persistent threat – because we make it too easy!  As technology advances, so do ransomware attacks, with cybercriminals adopting more insidious tactics and leveraging technologies to maximize their impact. While the tactics used to infiltrate companies are still elementary. Phishing, fake phone calls, and credential stuffing are all still very lucrative methods to deploy ransomware, It's the damage done afterwards that keeps increasing.  The evolution of ransomware from mere data encryption to sophisticated strategies, such as double extortion and the targeting of critical infrastructure, signals a dark turn. 2024 is poised for an alarming surge in ransomware incidents, fueled by the increasing connectivity of devices, Ransomware as a service, the proliferation of cryptocurrencies facilitating anonymous transactions, the lack of qualified cybersecurity professionals, and a shocking continuing failure to follow best practices.  Organizations across all industries must brace themselves for more targeted and sophisticated ransomware campaigns, requiring a proactive and adaptive cybersecurity posture. Defending against ransomware goes beyond conventional measures; it demands a comprehensive strategy that includes robust backup and recovery, consistent and frequent employee training to recognize phishing attempts, and the implementation of advanced threat detection technologies, as well as mandatory processes that ensure best practices are being followed.  3.  AI Based Deep Fakes The specter of AI-based deep fake scams looms large as a pervasive and sophisticated threat to everyone -  individuals and organizations alike. Rapid advancements in AI have empowered malicious actors to create highly convincing and manipulative content, such as deepfake videos and audio impersonations. These deceptive creations can be employed for myriad  malicious purposes, from spreading disinformation to impersonating trusted figures for financial gain or political influence to launching kidnapping scams. The authenticity of individuals in videos can be manipulated seamlessly, making it increasingly challenging to discern between genuine and fabricated content. As these deepfake technologies become more accessible, the potential for their use in scams continues to rise, necessitating the development of robust detection tools and heightened awareness to counteract. We willingly share too much of our information online and on social media, making these deep fakes more and more realistic. 4.  Encryption and Quantum Computing Quantum computing leverages the principles of quantum mechanics to tackle problems that traditional computers find insurmountable. Many current encryption techniques hinge on the complexity of factoring large prime numbers—a task easily handled by these very powerful quantum computers. Should quantum computers become widely accessible, there's a greater risk of them being used to break the encryption that safeguards critical information, such as financial transactions or governmental communications. To counter this threat, researchers are actively crafting quantum-resistant cryptographic methods. These post-quantum cryptography techniques aim to provide a quantum-comparable level of security. However, the extensive adoption of post-quantum cryptography demands time and resources, leaving a considerable security void until it becomes commonplace. Another worry involves the weaponization of quantum computers in cyber attacks. Quantum computers could unleash devastating assaults by breaching encryption or simulating intricate systems to pinpoint vulnerabilities. Moreover, the race to develop quantum-resistant encryption could incite a global competition among nations striving to construct quantum computers for military purposes. International collaboration and regulatory frameworks become imperative to ensure the peaceful application of quantum computing and  reduce the risks to global cybersecurity. The National Institute of Standards and Technology (NIST) has announced its initiative to standardize encryption algorithms capable of withstanding potential attacks from quantum computers. Recognizing the imminent threat posed by quantum computing to current cryptographic systems, NIST aims to develop robust encryption methods that can resist quantum attacks. This effort is crucial for ensuring the security and integrity of sensitive data in the face of advancements in quantum computing technology, which could compromise the effectiveness of existing encryption techniques. NIST's commitment to establishing standardized quantum-resistant encryption algorithms underscores the agency's dedication to maintaining cybersecurity standards in an evolving technological landscape. 5. AI and the CISO While AI has often been a buzzword used by cybersecurity vendors, CISOs need to understand the actual implications and applications to their business plans and be able to effectively communicate the advantages and the risks.  The ever present challenge of balancing business objectives and quick results versus security.  In 2023, CyberArk researchers showed that they could make sneaky computer viruses using ChatGPT. These viruses are tricky because they can evade traditional antivirus and anti-malware software.  CyberArk used an example that showed how code injection into explorer.exe using Python could be used to sneak past antivirus, making it easier for less skilled hackers to create new viruses. This highlights the real danger of AI in the hands of the wrong people. CISOs will have to deal with this growing threat in 2024.  As intrusion detection systems become more sophisticated, hackers mimic user behavior to avoid detection. Machine Learning (ML) and Artificial Intelligence (AI) play a crucial role in identifying anomalies and taking corrective actions – a key component to any CISOs tool chest. However, hackers have turned this technology to their advantage, using ML/AI to model user behavior effectively and evade intrusion detection systems. The emergence of AI-based phishing, ransomware, and password-cracking algorithms makes things even more challenging. The same principles that enable computers to learn and improve in activities like chess can also be maliciously used to guess passwords. In this context, implementing 2-factor authentication becomes a vital defense mechanism, ensuring if a password is guessed, it remains ineffective without a secondary authentication factor. The evolving landscape of AI presents a double-edged sword. AI algorithms self-adjust and become more skillful with access to more data from which they learn.  The bad guys are already doing this. 2024 promises significant developments in this area.   Be Proactive, Take Action! As we start 2024 - one thing is clear: we cannot continue using traditional approaches to security and hope we will make it through. My father always said “Hope is not a strategy.” For businesses to survive, proactive planning, careful consideration of potential challenges, and the implementation of concrete actions are required to achieve goals, especially against the threats mentioned above. The tales of cyber resilience, the relentless evolution of ransomware, AI-based scams, and the quantum revolution paint a vivid canvas of the challenges. The cybersecurity landscape is a living, breathing entity, shaped by the actions we take today and the innovations we forge tomorrow. What strategies will emerge, what technologies will rise to the occasion, which companies will thrive, which will implode and how will the dance between security and innovation unfold? The journey continues, and the next chapter awaits those curious enough to venture into this next chapter of cybersecurity. If you're looking to be proactive and take action to safeguard your digital assets and improve your security posture, XYPRO and HPE can help.  We specialize in providing comprehensive ransomware protection and digital resilience solutions, leveraging cutting-edge technologies and industry standard strategies to fortify your defenses. Our expertise and commitment to staying ahead of threats make us the ideal partner to help with your cybersecurity journey. Don't wait until it's too late. Reach out and Talk to us! #### XYPRO's Resilience on Display at VNUG: A Reunion at Ranas Slott In the realm of cybersecurity and data protection, the HPE NonStop customer community recently gathered for a momentous occasion, marking their return to the Nordic stage after a seven-year hiatus. VNUG, the venerable gathering of HPE NonStop enthusiasts from Sweden, Finland, Norway and Denmark, held its 14th event at the picturesque Ranas Slott. XYPRO, a renowned cybersecurity and analytics solutions provider, made a significant impact at the event, with their representative, Steve Roy, shining a spotlight on the pivotal theme of resiliency while presenting "Zero Trust Security, Compliance, and Ransomware Protection." Ranas Slott, an enchanting 17th-century castle located in Sweden, provided the perfect backdrop for this long-awaited reunion. The event was a welcome opportunity for professionals in the HPE NonStop ecosystem to come together, share their experiences, and discuss the latest developments in the field. Resiliency was the focal point of the VNUG event, a theme that resonated strongly with XYPRO. Steve Roy, the esteemed representative of XYPRO, brought to the fore the importance of resiliency in the context of "Zero Trust Security, Compliance, and Ransomware Protection." His presentation offered invaluable insights into the critical need for resilience in the face of evolving cybersecurity threats. Ransomware attacks have become increasingly prevalent, causing significant disruptions and financial losses to organizations. XYPRO’s approach to protecting against ransomware revolves around robust cybersecurity practices. By implementing these strategies, organizations can significantly reduce the risk of falling victim to ransomware attacks. Resilience, in the context of cybersecurity, is the ability to adapt, respond, and recover from adverse events, such as cyberattacks, with minimal disruption. Steve Roy's presentation underscored the fact that cybersecurity threats are constantly evolving, and businesses need to be prepared for these challenges. A resilient security strategy is paramount. Ransomware attacks have become increasingly prevalent, causing significant disruptions and financial losses to organizations. XYPRO's approach to protecting against ransomware revolves around robust cybersecurity practices. By implementing these strategies, organizations can significantly reduce the risk of falling victim to ransomware attacks. Steve Roy's presentation on "Zero Trust Security, Compliance, and Ransomware Protection" encapsulated the essence of what it takes to protect critical data in today's cybersecurity landscape. #### XYPRO’s 2020 Cybersecurity Predictions - Add 2 Factor Authentication and Machine Learning to Your Plans! As 2020 approaches, it’s time to discuss cybersecurity predictions that will impact the industry in the upcoming year. As a CISSP and Chief Information Security Officer for XYPRO, I thought long and hard about what I could say that would be impactful and hasn’t been said before – that’s a tall order! The reality is, what we predicted would be important in 2019, 2018 and even 2017 – is still applicable. A lot of what we predicted back then was never properly addressed and remains a risk today – credential theft and attacks targeting privileged user logins are more prevalent than ever. Currently, the best way to combat these types of attacks is to use 2-factor authentication. Use it for everything. There is no simpler way to state it – but this is still not being done.  Risk will continue to increase in 2020. I cover this and other cybersecurity predictions for 2020 in the list below. Machine Learning (ML) and Artificial Intelligence (AI) Will be Key to Combating Threats We’ve all heard security vendors discuss ML and AI as features within their products for years. Up until recently, this wasn’t much more than a marketing gimmick. We have not begun to scratch the surface of the capabilities of ML and AI to combat threats. There is a lot of skepticism that has existed for years, but in 2020 we will have no choice. The amount of data being generated is increasing exponentially and the only way to keep up and identify threats is to allow machines to churn through data and trust they will detect the right concerns – then take appropriate action to combat the threat. We are going to see a lot of research, funding and effort invested in these methods. We need to get comfortable with the technology so it can be adopted on a wider scale and evolve. We have no choice. It’s the only way to monitor security going forward. Attacks on the Edge will Increase The proliferation of IoT devices, sensors, endpoints and a remote workforce is fulfilling our need for faster information in a mobile method. Edge computing enables us to generate and analyze data for decision making faster than ever before.  Research firm IDC estimates at least 40% of IoT-created data is now stored, processed and analyzed close to or at the edge of the network. As we become more reliant on this data and the value it provides, we can’t lose sight of the security concerns that come along with it.  Protecting the integrity of data at the source becomes vital. As attacks on edge devices and sensors become commonplace, we’ll see more focus on the security protections necessary to ensure the integrity of the data. The Cloud Continues to be a Blessing and a Curse As companies migrate their critical workloads and storage to the cloud, protections offered from the data center dissolve as the perimeter disappears. Aside from all the benefits, scalability and flexibility the cloud provides, it also introduces a new set of security challenges for CIOs and CISOs who are responsible for creating secure environments and keeping company and customer data safe. New technology requires new skill sets and there is a shortage of resources who truly understand how to build secure cloud environments. This risk is compounded by adversaries with unlimited resources at their disposal and the strategy that a hacker needs to only be right once, but a company protecting their data in the cloud needs to be right 100% of the time. Were going to see a lot more breaches similar to the CapitalOne breach as the technology, knowledge and resource gaps widen between hackers and companies who are trying to keep their data safe. Data Privacy Legislation will Continue to Strengthen Government agencies have started to take notice how consumer data is collected, used and protected. We saw this with the adoption of GDPR in 2018. California has adopted its own version of GDPR called CCPA. Other states and municipalities are also adopting their own versions of consumer data privacy laws. As this becomes normal, this also creates a fragmented set of local privacy legislation that will make it onerous to conduct business. At some point we will likely see the federal government provide overarching legislation. But in the meantime, as governments get more involved, these types of laws will continue to evolve and strengthen to punish those who are misusing and misrepresenting the usage of consumer data.  Is the threat of punishment an effective deterrent? Election Fraud and Foreign Government Interference is Real The aftermath of the 2016 elections shined a spotlight on our need for better cybersecurity regulations and controls for the entire U.S. Election System. Specifically, when the Federal Bureau of Investigation (FBI) announced that some state and local election jurisdictions had been the targets of Russian cyberattacks, this jeopardized one of the key tenets of our democracy – free and fair elections. In January 2017, the United States Department of Homeland Security (DHS) federally designated the election infrastructure used in federal elections as a component of the U.S critical infrastructure. Critical Infrastructure (CI) refers to systems and assets for which “incapacity or destruction would have a debilitating impact on security, national economic security, national public health or safety, or any combination”. Other CI sections include the U.S. energy infrastructure, the Emergency and Financial Services sectors, Food and Agriculture, Transportation Systems, Water and Wastewater, and others. This federal designation allows DHS to provide security assistance and brings the election infrastructure under a 2015 United Nations agreement stating that “nations should not conduct or support cyber-activity that intentionally damages or impairs the operation of CI in providing services to the public” as well as other benefits and controls from the designations. Naturally, this designation provoked some concern by state and local officials with regards to federal overreach and autonomy of states to secure their own elections. Some of those concerns have since been mitigated by the federal government’s ability to provide cyber-security funding, assistance, and relief. This will be at the forefront of discussions and controversy heading into the 2020 elections. Password Attacks Will Continue  65 percent of companies have over 500 accounts with passwords that are never rotated. One of the largest security risks to any organization is the misuse, compromise or sharing of privileged accounts. Privileged accounts provide elevated access for the purpose of performing administrative type functions. They can be administrator accounts, service accounts, firecall or emergency accounts, database connection accounts and applications. Most of these accounts were set up years ago when an application or system was deployed. They typically have multiple integration points. Because of the risk of “breaking something”, the passwords for these accounts are rarely rotated, likely shared and undoubtedly they are improperly stored/protected. According to the Varonis 2018 Global Data Risk Report – 65 percent of companies have over 500 accounts with passwords that are never rotated. These accounts have a higher risk of showing up in online password dumps with valid passwords. Privileged and service accounts with non-expiring passwords are a cyber criminal’s best friend. Ensuring these passwords are stored properly, changed regularly, meet complexity and compliance requirements and are audited can be overwhelming to implement and manage. We have seen too many breaches lately targeting privileged accounts and we’ll see these types of attacks increase in 2020. Passwords are archaic. One true way to combat this risk is introducing a second factor for authentication. A second factor does add a layer of complexity to the authentication process, but provides immense value in terms of addressing the risk. We’ve heard for years that 2 factor authentication should be turned on for everything, yet it’s rarely implemented. Until we shift our mindset and sacrifice a little bit of convenience for a massive amount of security – attacks on privileged credentials will continue and increase in 2020. #### XYPRO’s 2021 Cybersecurity Predictions - Passwords are Archaic Introduce a Second Factor Authentication With 2020 finally in the books, it’s time to look forward and discuss our cybersecurity predictions that will most affect the industry in 2021. I thought long and hard about what I could say that would be impactful and hasn’t been said before.  Obviously, COVID-19 and it’s security ramifications will continue to stay with us for 2021 and well beyond. What we previously predicted and planned for in 2020 was flipped on its head, turned around and flipped over again several times. Even the best laid plans had to be adapted this past year. Looking back, a lot of what we predicted back at the beginning of 2020 was never properly addressed and remains a risk today. For example, credential theft and attacks targeting privileged user logins continue to dominate in the headlines, though the targets of the attacks broadened to include coronavirus vaccine research. Back in November of 2019, I said the best way to combat these attacks is to use multi-factor authentication (MFA). Use it for everything. There is no simpler way to say it – but this is still not being done.  Until we demand and implement multi-factor authentication for access, making it the standard, risk will continue to increase in 2021. I cover this past advice and other cybersecurity predictions for 2021 in the list below. Multi-Factor Authentication Goes Mainstream Experts have been preaching for years about the benefits of multi factor authentication. Yet I’m still shocked by the lack of adoption throughout the industry. It's one of the biggest bangs for your buck in terms of cyber protection, yet the excuses for why it's not implemented, never end. According to Microsoft, 81% of data breaches occur because of weak, default or stolen credentials and 99% of these attacks can be blocked by implementing MFA. MFA is an authentication method where a user is granted access only after successfully presenting two or more of the following pieces of information: Something you know (password) Something you have (security token) Something you are (biometrics) All it takes is one compromised account to one legacy application to cause a catastrophic breach and catapult a company negatively into the headlines. With the unfortunate increase in COVID-19 phishing scams targeting remote workers isolated from their day-to-day environments, there is no better time to implement multi-factor authentication across your critical applications, servers and services. If we continue to delay, that time will pass and there will be no excuses left, only breaches that could have been prevented. CyberSecurity will be More Automated We’ve all heard about machine learning (ML) and artificial intelligence as a way to bridge the skills gap in cybersecurity.  Until recently, ML and AI weren't much more than a technology solution you purchase but do not really use. We have not begun to scratch the surface of the capabilities of ML and AI to combat security threats. There is a lot of skepticism about its efficacy that has existed for years, but in 2021 we will have no choice. The amount of data being generated is increasing exponentially and the only way to keep up and identify threats is to allow machines to churn through data and trust they will detect the right concerns – then take appropriate action to combat the threat. We are going to see a lot of research, funding and effort invested in these methods. We need to get comfortable with the technology so it can be adopted on a larger scale and evolve. We have no choice. It’s the only way to monitor security going forward. It’s going to augment overworked and understaffed security teams and give us a fighting chance against a dynamic and very evasive adversary. IoT Devices will be a Threat to The Remote Workforce (and Everyone Else) The proliferation of Internet of Things (IoT) devices, an expanding remote workforce due to the pandemic and the need for automation has put “smart devices” into the spotlight. We’ve all heard the stories of attacks on IoT devices. Remote attackers viewing baby monitors and home security cameras. Estranged couples trying to annoy each other by remotely adjusting the thermostat. Even instances where a smart switch was hacked and all the attacker did was turn the switch on and off rapidly where it generated a spark and started a house fire. These are extreme examples but IoT security is a real problem. The functionality and simplicity of IoT devices is great. I can wake up and tell my smart speaker to open my window shades, brew my coffee and start my shower without getting out of bed. These conveniences come at a steep price. The tradeoff is often security and personal data. For an IoT device to be quick to market, affordable, easy to setup and useful– usually important, non valuable functions like security are cast aside. Off the shelf IoT devices usually have hardcoded default passwords. These passwords can be located by a simple Google search. Manufacturers often post their device passwords online to aid in the setup of their device.  Some of these devices have passwords like admin/admin. Multiple devices from the same provider or chip maker may all share the same password. Some devices have hard coded passwords that cannot be changed. I've even seen devices with no passwords. Securing these devices needs to start at the source. This vulnerability, connected to the internet via the same WiFi we’re all using to do remote school, play video games and work from home during a pandemic creates a big threat to the remote workforce. These insecure devices provided an easy entry point into home networks and given time will allow attackers to move laterally into corporate networks. I don't see this risk going away. In fact, as the remote workforce gets more comfortable working from home and the market continues to be flooded with smart devices and automation, this problem will get much worse. Unfortunately, unless required by compliance or by government legislation, I predict that we will see very little from the business community in this regard. That is not to say there aren't software vendors and IoT manufacturers who want to do the right thing, but unfortunately without external pressure, most won't. On September 28, 2018, California Governor Jerry Brown signed SB-327 making California the first state to expressly regulate the security of connective devices, commonly known as IoT devices. The new law took effect on January 1, 2020. The law aims to protect the security of both IoT devices and any information contained on them. This puts the onus on device manufacturers and software vendors to ensure that they comply with the legislation or face steep consequences. This law and others like it are much needed because of the integration of IoT devices into our daily lives and the proliferation of insecure devices. We will see more and more legislation similar to SB-327 in the future. What can you do? Install updates. Check your device app and install any available updates. Change default passwords. Most smart devices ship with an embedded default username and password to allow for quick configuration. Change these right away. Use multi-factor authentication. A second factor adds complexity to the authentication process and provides immense value in terms of addressing the risk. We’ve heard for years that multi-factor authentication should be turned on for everything, yet it’s rarely implemented. Turn it on for everything now, including your NEST thermostat, your iCloud account, your email. Turn it on everywhere possible. Attacks on the Healthcare Industry will Increase The 4 trillion dollar a year Healthcare Industry has always been a target. Now Healthcare data is worth more than credit card numbers. Because of the COVID-19 pandemic, this industry has not only seen a sharp uptick in the amount of large, widely publicized data breaches, but also in the value of the data stolen. The average price of a single stolen credit card has dropped from $35 to under $1 because of flooded supply, causing thieves to look for other more profitable products. The Healthcare Industry, with its aging infrastructure, slow adoption of security and need to complete its move to electronic medical records, has turned out to be a treasure trove of valuable data for cyber criminals. The impact of medical data breaches now rival that of the largest retail breaches. Today’s cyber-attacks make payment data leaks look like petty theft. Our transition to this new era has been sudden; our medical records, social security information and personal data are all at risk. Because medical records are worth ten times more than credit cards, they have become a high value target. With so many players in the Healthcare Industry as well as government agencies being compromised, it is difficult to trust anybody with your information. With the vaccine rollout finally starting, but not very smoothly, I predict that ransomware attacks will also increase. Criminals love panic and chaos and they’ll use every opportunity to exploit the situation. What better opportunity than a pandemic? Criminals love that. The bad guys are preying on security ignorance as much as they are exploiting the lack of controls and people’s desire to get a notification that they can get the vaccine.  We’re going to see more ransomware attacks on the healthcare system that will delay and disrupt the pandemic response. Why would they do this?  Because they can.  Following best practices and good security hygiene will provide much needed relief, but it’s not so easy for an industry already playing security catchup pre-pandemic and now visibly stretched beyond its breaking point. Passwords will Change Your Business Strategy One of the most critical security risks to any organization are passwords, especially default passwords and passwords to privileged accounts, which have elevated access to perform administrative functions. These can be administrator accounts, service accounts, database connection accounts, application accounts and others. Most of these accounts were set up ages ago when an application or system was initially deployed. They have multiple integration points and because of the risk of “breaking something,” the passwords for these accounts are rarely rotated, likely shared and often improperly stored. Privileged account abuse is the most common way for hackers to compromise a system. Proper credential storage and accountability is paramount to risk mitigation. Relying on manual methods is resource-intensive, error-prone and leaves gaps. According to a Varonis report, nearly 40% of all users sampled have passwords that have never been rotated! These passwords have a higher likelihood of showing up in online password dumps and being used to infiltrate networks. Simply put – they’re a cyber criminal’s best friend. This is how hackers walk in right through the front door. Not because they’re clever, rather because we make it too easy for them.  The recent SolarWinds incident showed us what types of multifaceted attacks are being used. It's not a matter of if they're going to get into your network. They're going to get in. In the SolarWinds attack, once the attackers gained access to the network with compromised credentials, they moved laterally by capturing and using multiple, different, insecure credentials. Our efforts should focus on shoring up internal systems to limit their ability to move laterally using insecure credentials and passwords once they're in. Proper password management and multi-factor authentication would have prevented this from happening. This is counterintuitive to traditional methods of security where locking the front door was once considered to be good enough. But time after time we've seen that is no longer sustainable. Defense in depth is required. We need to treat locking up all of the valuable systems and information inside of our network just as important as being just as important as hardening our perimeter. In Summary Even though we’ve already seen too many breaches lately targeting privileged accounts, we will see these types of attacks continue in 2021. Passwords are archaic. One true way to combat this risk is introducing a second factor for authentication. A second factor adds a layer of complexity to the authentication process but provides immense value in terms of addressing the risk. We’ve heard for years that multi-factor authentication should be turned on for everything, yet it’s rarely implemented. Until we shift our mindset and sacrifice a little bit of convenience for a massive amount of security – these types of massive, high profile attacks will only continue to increase in 2021. #### XYPRO’s XYGATE® User Authentication adds integration for RSA Cloud Authentication Service for HPE NonStop servers XYPRO Technology is a certified RSA Ready Technology partner. XYGATE User Authentication (XUA) now supports the RSA Cloud Authentication Service as a second factor of authentication for HPE NonStop servers. RSA is one of the world’s most widely deployed two-factor authentication solutions. Their certification program assures the solution customers are deploying has been verified interoperable based on RSA’s strict guidelines. This ensures quality, achieves faster time to value and lowers the overall cost of ownership. Account compromise due to stolen and/or weak credentials is among the most common methods attackers use to gain unauthorized access to privileged accounts -  administrative users that have the power to take action with the highest authority in the most sensitive areas of your HPE NonStop server. To ensure no damage is inflicted (maliciously or inadvertently), PCI DSS Requirement 8.3 and other compliance frameworks require multi-factor authentication (MFA) for all personnel with non-console administrative access and all personnel with remote access to the Card Data Environment. MFA is an authentication method by which a user is granted access only after successfully presenting two or more pieces of information to an authentication mechanism. This must be: Something the user knows (password) Something the user has (security token) and/or Something the user is (biometrics) The goal of MFA is to create a layered defense strategy that makes it difficult for an unauthorized user to gain access by using stolen credentials. A second factor is required before granting access. One of the largest security risks to any organization is the misuse, compromise or sharing of privileged account credentials. Privileged accounts have elevated access to perform administrative-type functions. They can be administrator accounts, service accounts, firecall or emergency accounts, among others. Most of these accounts were set up long ago when an application or system was initially deployed and have multiple integration points. Because of the risk or simply fear of “breaking something, ”the passwords for these accounts are rarely rotated, likely shared and improperly stored. According to the Varonis 2018 Global Data Risk Report,65 percent of companies have over 500 accounts with passwords that are never rotated. These accounts have a higher likelihood of showing up in online password dumps with valid passwords. These password dumps are a cyber criminal’s best friend. Ensuring these passwords are stored properly, changed regularly, meet complexity and compliance requirements and audited can not only be overwhelming to manage, it’s also a user experience nightmare. These challenges leave many enterprises vulnerable to increased security risks and potential non-compliance with external regulations and internal corporate mandates. To address this need for HPE NonStop servers, XYPRO partnered closely with HPE, RSA and our customer base to deliver a certified RSA Cloud Authentication Service integration that comes packaged as part of the HPE NonStop operating system. XYPRO’s XYGATE User Authentication (XUA) simplifies the user experience and reduces time to value while delivering strong, multi-factor authentication based on industry standards. XYGATE User Authentication comes with every HPE NonStop server, ready to turn on, out of the box. XUA extends NonStop server security capabilities by integrating with authentication providers such as Microsoft Active Directory, RSA SecurID, Google Authenticator and many others, making it easy to protect your NonStop servers with regulatory compliant multi-factor authentication. In addition, XYGATE User Authentication audit logs are forwarded to an enterprise Security Event Information Manager (SIEM) through XYGATE Merged Audit for analysis, threat detection and reporting of authentication events and for compliance with PCI DSS Requirement 10.2.2. XYGATE Merged Audit also comes packaged with every HPE NonStop server. To learn more about XUA, please contact your XYPRO Account Executive or visit www.xypro.com Steve Tcherchian Chief Product Officer and CISO XYPRO Technology Corporation https://xypro.com/ https://www.linkedin.com/in/stevetcherchian/ @XYPROTechnology @SteveTcherchian Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. Steve is on the ISSA CISO Advisory Board, the NonStop Under 40 executive board and part of the ANSI X9 Security Standards Committee.  With over 20 years in the cybersecurity field, Steve is responsible for strategy and innovation of XYPRO’s security product line as well as overseeing XYPRO’s risk, compliance and security to ensure the best experience for customers in the mission critical computing marketplace.  Steve is an engaging and dynamic speaker who regularly presents on cybersecurity topics at conferences around the world. #### Your VPN May Be Your Greatest Security Risk During COVID-19 Forbes, June 17, 2020-- Your VPN May Be Your Greatest Security Risk During COVID-19 ...“We had to buy equipment and licenses,” said Steve Tcherchian, CISO of XYPRO, explaining the steps his company took to get prepared. “We started off with education and awareness,” he said. The need for licenses and equipment to support a Tier 1 VPN provider is something that is frequently overlooked... ...There’s a good chance that your rush to make working from home function also introduced some risks due to poor choices or the lack of availability. But that doesn’t mean you can’t fix things now. “There’s always an opportunity to catch up as long as there’s support from the top down,” Tcherchian said, “you can do it.” Click here to read the full article. #### Zoom Hacks and Cybersecurity While Working From Home! XYPRO CISO Steve Tcherchian was recently interviewed by BoldTV about ways to securely work from home.  Prev 1 of 1 Next Tips to Protect Yourself From Zoom Hacking & Much More! Prev 1 of 1 Next ### Pages #### Account Signup URL: https://xypro.com/account-signup/ #### Careers [et_pb_section fb_built="1" next_background_color="#ffffff" admin_label="Hero Section" _builder_version="4.16" use_background_color_gradient="on" background_color_gradient_stops="rgba(0,93,164,0.8) 0%|rgba(29,53,87,0.78) 100%" background_color_gradient_start="rgba(0,93,164,0.8)" background_color_gradient_end="rgba(29,53,87,0.78)" background_image="https://xypro.com/wp-content/uploads/2020/04/XYPRO-Team.jpg" background_blend="overlay" custom_margin="||||false|false" custom_padding="0px||||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x" global_colors_info="{}"][et_pb_row _builder_version="4.16" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" custom_padding="40px|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text admin_label="Text" _builder_version="4.16" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" text_orientation="center" background_layout="dark" max_width="700px" module_alignment="center" custom_margin="||||false|false" custom_padding="50px||50px||false|false" global_colors_info="{}"]Careers at XYPRO XYPRO offers attractive career opportunities for people who thrive in a fast-paced, team-oriented environment, providing state-of-the-art security software solutions and excellent customer service to very large customers across the globe.   [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="Blog" _builder_version="4.16" background_color="#ffffff" custom_padding="25px||4px||false|false" global_colors_info="{}"][et_pb_row _builder_version="4.16" custom_margin="|auto||auto|false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.16" global_colors_info="{}"]Join the XYPRO Team Today! A leader in protecting mission critical systems for the banking, financial services, retail and payments processing industries, XYPRO closely partners with HPE who bundles XYPRO solutions with their high end server HPE NonStop Operating System. XYPRO’s XYGATE suite of security solutions provides Patented Security Analytics & Contextualization for Risk Management, PCI Compliance, Audit Reporting, Integrity Checking, Access Control, User Authentication, Authorization and Identity Management. XYPRO also provides Security Implementation & Configuration Assessment services. Many of the world’s largest payments and credit card companies use XYPRO to secure their systems. Technology leaders and corporate decision makers at companies processing large volumes of mission critical data use XYPRO security solutions to protect against catastrophic data loss, financial loss, reputation damage and regulatory intervention. At XYPRO we believe that no data is as important as your data.[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" custom_padding_last_edited="on|tablet" admin_label="Feature" _builder_version="4.16" background_color="rgba(0,0,0,0)" use_background_color_gradient="on" background_color_gradient_type="circular" background_color_gradient_stops="rgba(0,31,45,0.03) 16%|rgba(30,34,38,0.15) 100%" background_color_gradient_start="rgba(0,31,45,0.03)" background_color_gradient_start_position="16%" background_color_gradient_end="rgba(30,34,38,0.15)" parallax="on" custom_padding="1vw||||false|false" custom_padding_tablet="||10vw" custom_padding_phone="" bottom_divider_color="#ffffff" bottom_divider_height="10vw" bottom_divider_repeat="2x" bottom_divider_flip="horizontal" bottom_divider_height_tablet="90px" bottom_divider_height_phone="" bottom_divider_height_last_edited="on|tablet" bottom_divider_repeat_tablet="0x" bottom_divider_repeat_phone="" bottom_divider_repeat_last_edited="on|desktop" custom_width_px__hover="1080px" custom_width_px__hover_enabled="1080px" custom_width_percent__hover="80%" custom_width_percent__hover_enabled="80%" collapsed="off" global_colors_info="{}" gutter_width__hover="3" gutter_width__hover_enabled="3" parallax_1__hover="off" parallax_1__hover_enabled="off" parallax_2__hover="off" parallax_2__hover_enabled="off" parallax_3__hover="off" parallax_3__hover_enabled="off" parallax_method_1__hover="on" parallax_method_1__hover_enabled="on" parallax_method_2__hover="on" parallax_method_2__hover_enabled="on" parallax_method_3__hover="on" parallax_method_3__hover_enabled="on" use_background_color_gradient__hover="off" use_background_color_gradient__hover_enabled="off" background_color_gradient_start__hover="#2b87da" background_color_gradient_start__hover_enabled="#2b87da" background_color_gradient_end__hover="#29c4a9" background_color_gradient_end__hover_enabled="#29c4a9" background_color_gradient_direction__hover="180deg" background_color_gradient_direction__hover_enabled="180deg" background_color_gradient_type__hover="linear" background_color_gradient_type__hover_enabled="linear" background_color_gradient_direction_radial__hover="center" background_color_gradient_direction_radial__hover_enabled="center" background_color_gradient_start_position__hover="0%" background_color_gradient_start_position__hover_enabled="0%" background_color_gradient_end_position__hover="100%" background_color_gradient_end_position__hover_enabled="100%" background_color_gradient_overlays_image__hover="off" background_color_gradient_overlays_image__hover_enabled="off" parallax__hover="off" parallax__hover_enabled="off" parallax_method__hover="on" parallax_method__hover_enabled="on" background_size__hover="cover" background_size__hover_enabled="cover" background_position__hover="center" background_position__hover_enabled="center" background_repeat__hover="no-repeat" background_repeat__hover_enabled="no-repeat" background_blend__hover="normal" background_blend__hover_enabled="normal" allow_player_pause__hover="off" allow_player_pause__hover_enabled="off" background_video_pause_outside_viewport__hover="on" background_video_pause_outside_viewport__hover_enabled="on" inner_shadow__hover="off" inner_shadow__hover_enabled="off" make_fullwidth__hover="off" make_fullwidth__hover_enabled="off" use_custom_width__hover="off" use_custom_width__hover_enabled="off" width_unit__hover="on" width_unit__hover_enabled="on" make_equal__hover="off" make_equal__hover_enabled="off" use_custom_gutter__hover="off" use_custom_gutter__hover_enabled="off" border_radii__hover="on||||" border_radii__hover_enabled="on||||" box_shadow_style__hover="none" box_shadow_style__hover_enabled="none" box_shadow_color__hover="rgba(0,0,0,0.3)" box_shadow_color__hover_enabled="rgba(0,0,0,0.3)" max_width__hover="100%" max_width__hover_enabled="100%" filter_hue_rotate__hover="0deg" filter_hue_rotate__hover_enabled="0deg" filter_saturate__hover="100%" filter_saturate__hover_enabled="100%" filter_brightness__hover="100%" filter_brightness__hover_enabled="100%" filter_contrast__hover="100%" filter_contrast__hover_enabled="100%" filter_invert__hover="0%" filter_invert__hover_enabled="0%" filter_sepia__hover="0%" filter_sepia__hover_enabled="0%" filter_opacity__hover="100%" filter_opacity__hover_enabled="100%" filter_blur__hover="0px" filter_blur__hover_enabled="0px" mix_blend_mode__hover="normal" mix_blend_mode__hover_enabled="normal" animation_style__hover="none" animation_style__hover_enabled="none" animation_repeat__hover="once" animation_repeat__hover_enabled="once" animation_direction__hover="center" animation_direction__hover_enabled="center" animation_duration__hover="1000ms" animation_duration__hover_enabled="1000ms" animation_delay__hover="0ms" animation_delay__hover_enabled="0ms" animation_intensity_slide__hover="50%" animation_intensity_slide__hover_enabled="50%" animation_intensity_zoom__hover="50%" animation_intensity_zoom__hover_enabled="50%" animation_intensity_flip__hover="50%" animation_intensity_flip__hover_enabled="50%" animation_intensity_fold__hover="50%" animation_intensity_fold__hover_enabled="50%" animation_intensity_roll__hover="50%" animation_intensity_roll__hover_enabled="50%" animation_starting_opacity__hover="0%" animation_starting_opacity__hover_enabled="0%" animation_speed_curve__hover="ease-in-out" animation_speed_curve__hover_enabled="ease-in-out" hover_transition_duration__hover="300ms" hover_transition_duration__hover_enabled="300ms" hover_transition_delay__hover="0ms" hover_transition_delay__hover_enabled="0ms" hover_transition_speed_curve__hover="ease" hover_transition_speed_curve__hover_enabled="ease" background_color_gradient_stops__hover="#2b87da 0%|#29c4a9 100%"][et_pb_row _builder_version="4.16" custom_margin="||||false|false" custom_padding="||10px||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.16" global_colors_info="{}"]Open Positions [/et_pb_text][et_pb_code disabled_on="off|off|off" _builder_version="4.19.2" global_colors_info="{}"] Internship Posted on February 12, 2024XYPRO Technology XYPRO is a Simi Valley-based provider of Mission Critical Security software solutions. The XYPRO Internship Program provides motivated students an opportunity to gain first-hand experience, receive valuable on-the-job training, and learn about the... READ MORE [/et_pb_code][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_row column_structure="1_2,1_2" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_column type="1_2" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.16" _module_preset="default" global_colors_info="{}"]XYPRO is a tight-knit group of motivated individuals and we aim to provide some of the best benefits in the business. Our responsibility to a high-profile, international customer-base means you’ll participate in a fast-paced, results-driven environment meeting deadlines and celebrating exciting wins! Full-time, U.S. based employees enjoy excellent Healthcare, Dental, Vision, 401K, paid parental leave, summer Fridays, regular company celebrations and teambuilding and are encouraged to take their birthday off![/et_pb_text][/et_pb_column][et_pb_column type="1_2" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_video src="https://xypro.com/wp-content/uploads/2020/06/VIDEO-1-XYPRO-RECRUITMENT-VIDEO-CUT-2.mp4" image_src="https://xypro.com/wp-content/uploads/2020/06/2020-06-29_10h57_03.png" thumbnail_overlay_color="rgba(0,0,0,0.6)" src_webm_tablet="" src_webm_phone="" src_webm_last_edited="on|desktop" _builder_version="4.16" width="100%" module_alignment="center" box_shadow_style="preset3" global_colors_info="{}" src_webm__hover_enabled="on|desktop"][/et_pb_video][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" custom_padding_last_edited="on|tablet" admin_label="Feature" _builder_version="4.16" background_color="rgba(0,0,0,0)" use_background_color_gradient="on" background_color_gradient_type="circular" background_color_gradient_stops="rgba(0,0,0,0) 16%|rgba(0,0,0,0) 100%" background_color_gradient_start="rgba(0,0,0,0)" background_color_gradient_start_position="16%" background_color_gradient_end="rgba(0,0,0,0)" parallax="on" custom_padding="0vw||0px||false|false" custom_padding_tablet="||10vw" custom_padding_phone="" top_divider_height="150px" top_divider_repeat="0.75x" bottom_divider_color="#ffffff" bottom_divider_height="10vw" bottom_divider_repeat="2x" bottom_divider_flip="horizontal" bottom_divider_height_tablet="90px" bottom_divider_height_phone="" bottom_divider_height_last_edited="on|tablet" bottom_divider_repeat_tablet="0x" bottom_divider_repeat_phone="" bottom_divider_repeat_last_edited="on|desktop" background_color_gradient_stops_tablet="rgba(0,0,0,0) 16%|rgba(0,0,0,0) 100%" background_color_gradient_stops_phone="rgba(0,0,0,0) 16%|rgba(0,0,0,0) 100%" custom_width_px__hover="1080px" custom_width_px__hover_enabled="1080px" custom_width_percent__hover="80%" custom_width_percent__hover_enabled="80%" global_module="219222" collapsed="off" global_colors_info="{}" gutter_width__hover="3" gutter_width__hover_enabled="3" parallax_1__hover="off" parallax_1__hover_enabled="off" parallax_2__hover="off" parallax_2__hover_enabled="off" parallax_3__hover="off" parallax_3__hover_enabled="off" parallax_method_1__hover="on" parallax_method_1__hover_enabled="on" parallax_method_2__hover="on" parallax_method_2__hover_enabled="on" parallax_method_3__hover="on" parallax_method_3__hover_enabled="on" use_background_color_gradient__hover="off" use_background_color_gradient__hover_enabled="off" background_color_gradient_start__hover="#2b87da" background_color_gradient_start__hover_enabled="#2b87da" background_color_gradient_end__hover="#29c4a9" background_color_gradient_end__hover_enabled="#29c4a9" background_color_gradient_direction__hover="180deg" background_color_gradient_direction__hover_enabled="180deg" background_color_gradient_type__hover="linear" background_color_gradient_type__hover_enabled="linear" background_color_gradient_direction_radial__hover="center" background_color_gradient_direction_radial__hover_enabled="center" background_color_gradient_start_position__hover="0%" background_color_gradient_start_position__hover_enabled="0%" background_color_gradient_end_position__hover="100%" background_color_gradient_end_position__hover_enabled="100%" background_color_gradient_overlays_image__hover="off" background_color_gradient_overlays_image__hover_enabled="off" parallax__hover="off" parallax__hover_enabled="off" parallax_method__hover="on" parallax_method__hover_enabled="on" background_size__hover="cover" background_size__hover_enabled="cover" background_position__hover="center" background_position__hover_enabled="center" background_repeat__hover="no-repeat" background_repeat__hover_enabled="no-repeat" background_blend__hover="normal" background_blend__hover_enabled="normal" allow_player_pause__hover="off" allow_player_pause__hover_enabled="off" background_video_pause_outside_viewport__hover="on" background_video_pause_outside_viewport__hover_enabled="on" inner_shadow__hover="off" inner_shadow__hover_enabled="off" make_fullwidth__hover="off" make_fullwidth__hover_enabled="off" use_custom_width__hover="off" use_custom_width__hover_enabled="off" width_unit__hover="on" width_unit__hover_enabled="on" make_equal__hover="off" make_equal__hover_enabled="off" use_custom_gutter__hover="off" use_custom_gutter__hover_enabled="off" border_radii__hover="on||||" border_radii__hover_enabled="on||||" box_shadow_style__hover="none" box_shadow_style__hover_enabled="none" box_shadow_color__hover="rgba(0,0,0,0.3)" box_shadow_color__hover_enabled="rgba(0,0,0,0.3)" max_width__hover="100%" max_width__hover_enabled="100%" filter_hue_rotate__hover="0deg" filter_hue_rotate__hover_enabled="0deg" filter_saturate__hover="100%" filter_saturate__hover_enabled="100%" filter_brightness__hover="100%" filter_brightness__hover_enabled="100%" filter_contrast__hover="100%" filter_contrast__hover_enabled="100%" filter_invert__hover="0%" filter_invert__hover_enabled="0%" filter_sepia__hover="0%" filter_sepia__hover_enabled="0%" filter_opacity__hover="100%" filter_opacity__hover_enabled="100%" filter_blur__hover="0px" filter_blur__hover_enabled="0px" mix_blend_mode__hover="normal" mix_blend_mode__hover_enabled="normal" animation_style__hover="none" animation_style__hover_enabled="none" animation_repeat__hover="once" animation_repeat__hover_enabled="once" animation_direction__hover="center" animation_direction__hover_enabled="center" animation_duration__hover="1000ms" animation_duration__hover_enabled="1000ms" animation_delay__hover="0ms" animation_delay__hover_enabled="0ms" animation_intensity_slide__hover="50%" animation_intensity_slide__hover_enabled="50%" animation_intensity_zoom__hover="50%" animation_intensity_zoom__hover_enabled="50%" animation_intensity_flip__hover="50%" animation_intensity_flip__hover_enabled="50%" animation_intensity_fold__hover="50%" animation_intensity_fold__hover_enabled="50%" animation_intensity_roll__hover="50%" animation_intensity_roll__hover_enabled="50%" animation_starting_opacity__hover="0%" animation_starting_opacity__hover_enabled="0%" animation_speed_curve__hover="ease-in-out" animation_speed_curve__hover_enabled="ease-in-out" hover_transition_duration__hover="300ms" hover_transition_duration__hover_enabled="300ms" hover_transition_delay__hover="0ms" hover_transition_delay__hover_enabled="0ms" hover_transition_speed_curve__hover="ease" hover_transition_speed_curve__hover_enabled="ease" background_color_gradient_stops__hover="#2b87da 0%|#29c4a9 100%"][et_pb_row column_structure="3_5,2_5" _builder_version="4.16" custom_padding="||||false|false" global_colors_info="{}"][et_pb_column type="3_5" _builder_version="4.16" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text _builder_version="4.16" custom_margin="35px||||false|false" animation_style="zoom" border_radii="on|15px|15px|15px|15px" box_shadow_style="preset3" global_colors_info="{}" content__hover_enabled="off|desktop"][/et_pb_text][/et_pb_column][et_pb_column type="2_5" _builder_version="4.16" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text _builder_version="4.16" text_font="||||||||" text_line_height="2em" max_width="700px" custom_padding="3vh||||false|false" header_2_font_size_tablet="26px" header_2_font_size_phone="20px" header_2_font_size_last_edited="on|desktop" global_colors_info="{}"]XYPRO Team Member Qualities: Interest in cybersecurity Analytical thinking and problem solving Good communications skills Attention to detail and consistent follow-up Eagerness to learn new skills and technologies Love what you do [/et_pb_text][et_pb_button button_url="@ET-DC@eyJkeW5hbWljIjp0cnVlLCJjb250ZW50IjoicG9zdF9saW5rX3VybF9wYWdlIiwic2V0dGluZ3MiOnsicG9zdF9pZCI6IjYxMjIifX0=@" button_text="Learn About the XYPRO Way" button_alignment="center" _builder_version="4.16" _dynamic_attributes="button_url" custom_button="on" button_text_size="16px" button_text_color="#ffffff" button_bg_color="#1d3557" button_border_color="rgba(0,0,0,0)" button_border_radius="100px" button_letter_spacing="2px" button_font="|600|||||||" button_icon="E||divi||400" button_icon_color="#ffffff" custom_padding="16px|32px|16px|32px|true|true" box_shadow_style="preset3" box_shadow_color="#091c4f" locked="off" global_colors_info="{}" button_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_bg_color__hover_enabled="off" button_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_letter_spacing__hover="3px" button_letter_spacing__hover_enabled="on|hover" button_border_width__hover_enabled="off"][/et_pb_button][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" custom_padding_last_edited="on|tablet" disabled_on="on|on|on" admin_label="Testimonials" _builder_version="4.4.6" custom_margin="||||false|false" custom_padding="0|0%|0|0px|false|false" custom_padding_tablet="|0%||" custom_padding_phone="" custom_css_main_element="z-index: 1;" disabled="on" global_module="219326" collapsed="off" global_colors_info="{}"][et_pb_row custom_padding_last_edited="off|desktop" _builder_version="4.16" background_color="rgba(239,103,40,0.96)" use_background_color_gradient="on" background_color_gradient_direction="148deg" background_color_gradient_stops="#d6545b 19%|#ff915e 100%" background_color_gradient_start="#d6545b" background_color_gradient_start_position="19%" background_color_gradient_end="#ff915e" background_image="https://xtranetdev.xypro.com/wp-content/uploads/2019/08/quote.png" background_size="initial" background_position="top_right" width="100%" max_width="100%" module_alignment="left" custom_margin="|auto||auto|false|false" custom_padding="0px||0px||false|false" custom_padding_tablet="|0%||0%" animation_style="slide" animation_direction="left" animation_intensity_slide="5%" use_custom_width="on" width_unit="off" custom_width_percent="100%" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_slider module_id="careers-quote" _builder_version="4.16" header_level="h6" header_font="|500|||||||" header_text_color="#ffffff" header_font_size="20px" header_line_height="1.6em" body_font="||||||||" body_text_color="rgba(255,255,255,0.53)" body_line_height="2em" background_color="rgba(255,255,255,0)" text_orientation="left" custom_margin="-21px|||||" custom_padding="71px||80px|||" animation_style="fade" auto="on" auto_speed="5000" header_font_size_tablet="18px" header_font_size_phone="14px" header_font_size_last_edited="on|phone" custom_css_slide_description="font-size: 12px !important;" custom_css_slide_title="font-size: 12px !important;" custom_css_slide_button="font-size: 12px !important;" header_text_shadow_style="preset1" header_text_shadow_color="rgba(0,0,0,0)" body_text_shadow_style="preset1" body_text_shadow_color="rgba(0,0,0,0)" border_radii="on|10px|10px|10px|10px" locked="off" global_colors_info="{}" button_text_size__hover_enabled="off" button_one_text_size__hover_enabled="off" button_two_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_one_text_color__hover_enabled="off" button_two_text_color__hover_enabled="off" button_border_width__hover_enabled="off" button_one_border_width__hover_enabled="off" button_two_border_width__hover_enabled="off" button_border_color__hover_enabled="off" button_one_border_color__hover_enabled="off" button_two_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_one_border_radius__hover_enabled="off" button_two_border_radius__hover_enabled="off" button_letter_spacing__hover_enabled="off" button_one_letter_spacing__hover_enabled="off" button_two_letter_spacing__hover_enabled="off" button_bg_color__hover_enabled="off" button_one_bg_color__hover_enabled="off" button_two_bg_color__hover_enabled="off"][et_pb_slide heading="%22Given the extenuating circumstances around the need to work from home, the added concern of the COVID-19 virus, and for many, the addition of homeschooling makes it challenging to compare ideal competencies to a traditional working from home scenario. For working from home due to COVID-19, patience, trust, adaptability, strong communication, stress management, organizational skills, and the ability to multitask are going to help set up an employee for success in this environment.%22" button_text="blog.mettl.com - %22Remote Work Skills%22" button_link="https://blog.mettl.com/remote-work-skills/" _builder_version="4.16" header_level="h6" header_font="|500|||||||" header_font_size="18px" link_option_url_new_window="on" locked="off" global_colors_info="{}" sticky_transition="on"]Melodie Bond-Hillman, Ph.D. Senior Manager - Human Resources & Administration, XYPRO Technology Corporation[/et_pb_slide][et_pb_slide heading="%22To develop a successful return to work plan, a company must assess employee readiness multiple times. Organizations must realize that each employee is going to have a different experience and reaction to the virus and will be at different levels of readiness and willingness to return to the office. Creating and sharing a standardized, agreed-upon, decision matrix and set of protocols to help employers know if and when to reissue a work from home mandate will help ensure everyone feels prepared from a change management perspective should round 2 or 3 of the virus occur and escalate. These protocols will help manage and mitigate the feelings of uncertainty associated with these types of events.%22" button_text="blog.mettl.com - %22Gauging Remote Work Readiness Through Remote Work Survey & Assessment%22" button_link="https://blog.mettl.com/guide/remote-work-assessment/" _builder_version="4.16" header_font="|500|||||||" link_option_url_new_window="on" locked="off" global_colors_info="{}" alignment__hover="center" alignment__hover_enabled="center" custom_button__hover="off" custom_button__hover_enabled="off" allow_player_pause__hover="off" allow_player_pause__hover_enabled="off" background_color__hover="#7EBEC5" background_color__hover_enabled="#7EBEC5" use_background_color_gradient__hover="off" use_background_color_gradient__hover_enabled="off" background_color_gradient_start__hover="#2b87da" background_color_gradient_start__hover_enabled="#2b87da" background_color_gradient_end__hover="#29c4a9" background_color_gradient_end__hover_enabled="#29c4a9" background_color_gradient_type__hover="linear" background_color_gradient_type__hover_enabled="linear" background_color_gradient_direction__hover="180deg" background_color_gradient_direction__hover_enabled="180deg" background_color_gradient_direction_radial__hover="center" background_color_gradient_direction_radial__hover_enabled="center" background_color_gradient_start_position__hover="0%" background_color_gradient_start_position__hover_enabled="0%" background_color_gradient_end_position__hover="100%" background_color_gradient_end_position__hover_enabled="100%" background_color_gradient_overlays_image__hover="off" background_color_gradient_overlays_image__hover_enabled="off" parallax__hover="off" parallax__hover_enabled="off" parallax_method__hover="on" parallax_method__hover_enabled="on" background_size__hover="cover" background_size__hover_enabled="cover" background_position__hover="center" background_position__hover_enabled="center" background_repeat__hover="no-repeat" background_repeat__hover_enabled="no-repeat" background_blend__hover="normal" background_blend__hover_enabled="normal" background_video_pause_outside_viewport__hover="on" background_video_pause_outside_viewport__hover_enabled="on" header_text_shadow_style__hover="none" header_text_shadow_style__hover_enabled="none" header_text_shadow_color__hover="rgba(0,0,0,0.4)" header_text_shadow_color__hover_enabled="rgba(0,0,0,0.4)" body_text_shadow_style__hover="none" body_text_shadow_style__hover_enabled="none" body_text_shadow_color__hover="rgba(0,0,0,0.4)" body_text_shadow_color__hover_enabled="rgba(0,0,0,0.4)" button_bg_use_color_gradient__hover="off" button_bg_use_color_gradient__hover_enabled="off" button_bg_color_gradient_start__hover="#2b87da" button_bg_color_gradient_start__hover_enabled="#2b87da" button_bg_color_gradient_end__hover="#29c4a9" button_bg_color_gradient_end__hover_enabled="#29c4a9" button_bg_color_gradient_type__hover="linear" button_bg_color_gradient_type__hover_enabled="linear" button_bg_color_gradient_direction__hover="180deg" button_bg_color_gradient_direction__hover_enabled="180deg" button_bg_color_gradient_direction_radial__hover="center" button_bg_color_gradient_direction_radial__hover_enabled="center" button_bg_color_gradient_start_position__hover="0%" button_bg_color_gradient_start_position__hover_enabled="0%" button_bg_color_gradient_end_position__hover="100%" button_bg_color_gradient_end_position__hover_enabled="100%" button_bg_color_gradient_overlays_image__hover="off" button_bg_color_gradient_overlays_image__hover_enabled="off" button_bg_parallax__hover="off" button_bg_parallax__hover_enabled="off" button_bg_parallax_method__hover="on" button_bg_parallax_method__hover_enabled="on" button_bg_size__hover="cover" button_bg_size__hover_enabled="cover" button_bg_position__hover="center" button_bg_position__hover_enabled="center" button_bg_repeat__hover="no-repeat" button_bg_repeat__hover_enabled="no-repeat" button_bg_blend__hover="normal" button_bg_blend__hover_enabled="normal" button_bg_allow_player_pause__hover="off" button_bg_allow_player_pause__hover_enabled="off" button_bg_video_pause_outside_viewport__hover="on" button_bg_video_pause_outside_viewport__hover_enabled="on" button_text_shadow_style__hover="none" button_text_shadow_style__hover_enabled="none" button_text_shadow_color__hover="rgba(0,0,0,0.4)" button_text_shadow_color__hover_enabled="rgba(0,0,0,0.4)" box_shadow_style_button__hover="none" box_shadow_style_button__hover_enabled="none" box_shadow_color_button__hover="rgba(0,0,0,0.3)" box_shadow_color_button__hover_enabled="rgba(0,0,0,0.3)" background_layout__hover="dark" background_layout__hover_enabled="dark" filter_hue_rotate__hover="0deg" filter_hue_rotate__hover_enabled="0deg" filter_saturate__hover="100%" filter_saturate__hover_enabled="100%" filter_brightness__hover="100%" filter_brightness__hover_enabled="100%" filter_contrast__hover="100%" filter_contrast__hover_enabled="100%" filter_invert__hover="0%" filter_invert__hover_enabled="0%" filter_sepia__hover="0%" filter_sepia__hover_enabled="0%" filter_opacity__hover="100%" filter_opacity__hover_enabled="100%" filter_blur__hover="0px" filter_blur__hover_enabled="0px" mix_blend_mode__hover="normal" mix_blend_mode__hover_enabled="normal" child_filter_hue_rotate__hover="0deg" child_filter_hue_rotate__hover_enabled="0deg" child_filter_saturate__hover="100%" child_filter_saturate__hover_enabled="100%" child_filter_brightness__hover="100%" child_filter_brightness__hover_enabled="100%" child_filter_contrast__hover="100%" child_filter_contrast__hover_enabled="100%" child_filter_invert__hover="0%" child_filter_invert__hover_enabled="0%" child_filter_sepia__hover="0%" child_filter_sepia__hover_enabled="0%" child_filter_opacity__hover="100%" child_filter_opacity__hover_enabled="100%" child_filter_blur__hover="0px" child_filter_blur__hover_enabled="0px" child_mix_blend_mode__hover="normal" child_mix_blend_mode__hover_enabled="normal" text_shadow_style__hover="none" text_shadow_style__hover_enabled="none" text_shadow_color__hover="rgba(0,0,0,0.4)" text_shadow_color__hover_enabled="rgba(0,0,0,0.4)" hover_transition_duration__hover="300ms" hover_transition_duration__hover_enabled="300ms" hover_transition_delay__hover="0ms" hover_transition_delay__hover_enabled="0ms" hover_transition_speed_curve__hover="ease" hover_transition_speed_curve__hover_enabled="ease" background_color_gradient_stops__hover="#2b87da 0%|#29c4a9 100%" button_bg_color_gradient_stops__hover="#2b87da 0%|#29c4a9 100%" sticky_transition="on"]Melodie Bond-Hillman, Ph.D. Senior Manager - Human Resources & Administration, XYPRO Technology Corporation[/et_pb_slide][et_pb_slide heading="%22Regardless of company size, the real key in attracting and retaining employees in this new environment is the ability on the part of the employer to demonstrate flexibility and stability,%22 Bond-Hillman said. %22The degree of flexibility can mean a lot of different things, including flexible hours, work from home arrangements, flexibility with benefits, PTO and sick policies.%22" button_text="shrm.org - %22Smaller Employers Add a Personal Touch to Well-Being Benefits%22" button_link="https://www.shrm.org/resourcesandtools/hr-topics/benefits/pages/smaller-employers-add-personal-touch-to-well-being-benefits.aspx?_ga=2.219953561.1813968281.1592124872-1738684333.1592124872" _builder_version="4.16" header_font="|500|||||||" link_option_url_new_window="on" locked="off" global_colors_info="{}" sticky_transition="on"]Melodie Bond-Hillman, Ph.D. Senior Manager - Human Resources & Administration, XYPRO Technology Corporation[/et_pb_slide][/et_pb_slider][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.16" global_colors_info="{}"][et_pb_row _builder_version="4.16" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" global_colors_info="{}"][et_pb_code _builder_version="4.16" global_colors_info="{}"]Life at XYPRO[instagram-feed][/et_pb_code][et_pb_code _builder_version="4.16" global_colors_info="{}"][/et_pb_code][/et_pb_column][/et_pb_row][/et_pb_section] #### Case Studies [et_pb_section fb_built="1" next_background_color="#ffffff" admin_label="Hero Section" _builder_version="4.0.4" use_background_color_gradient="on" background_color_gradient_start="#1d3557" background_color_gradient_end="#0e2242" background_image="/wp-content/uploads/slider4/fullwidthslide2.jpeg" background_blend="soft-light" custom_padding="0px||||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x" bottom_divider_arrangement="above_content" global_colors_info="{}"][et_pb_row column_structure="1_4,3_4" _builder_version="3.29.3" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="1_4" _builder_version="3.25" custom_padding="40px|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_image src="https://xypro.com/wp-content/uploads/2019/11/sec-intelligence.png" align="right" _builder_version="4.3" max_width="200px" max_width_tablet="" max_width_phone="160px" max_width_last_edited="on|phone" module_alignment="center" custom_margin="||||false|false" custom_padding="||||false|false" animation_style="none" module_alignment_tablet="" module_alignment_phone="center" module_alignment_last_edited="on|phone" border_radii="on|0px|0px|0px|0px" border_color_all="rgba(0,0,0,0)" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="3_4" _builder_version="3.25" custom_padding="40px|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text _builder_version="4.11.4" header_text_align="left" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" background_layout="dark" max_width="700px" max_width_tablet="" max_width_phone="" max_width_last_edited="on|desktop" module_alignment="left" custom_margin="||22px|auto|false|false" custom_padding="50px||50px||false|false" custom_padding_tablet="0px||50px||false|false" custom_padding_phone="" custom_padding_last_edited="on|phone" header_text_align_tablet="" header_text_align_phone="center" header_text_align_last_edited="on|phone" text_orientation_tablet="" text_orientation_phone="center" text_orientation_last_edited="on|phone" module_alignment_tablet="" module_alignment_phone="center" module_alignment_last_edited="on|phone" global_colors_info="{}"]Customer Use Cases Real-world implementations of XYPRO Security Solutions that illustrate the immediate impact XYPRO can have for your business.[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="XS1" module_id="XS1" _builder_version="4.0.8" background_color="#ffffff" custom_margin="0px||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_row _builder_version="4.13.0" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.13.0" _module_preset="default" global_colors_info="{}"][et_pb_code _builder_version="4.13.0" _module_preset="default" global_colors_info="{}"] Strict Adherence to Global Security Standards is Essential HPE Integrity NonStop help Seven Bank ensure compliance with international security regulations, such as Payment Card Industry (PCI) Data Security Standard, with support for XYGATE products. This ensures that any content and access credentials transmitted across the bank’s network are kept private. READ MORE #### Compliance [et_pb_section fb_built="1" module_class="hero-banner" _builder_version="4.27.4" _module_preset="default" background_enable_color="off" background_image="https://xypro.com/wp-content/uploads/2026/06/compliance-banner-scaled-1.webp" background_enable_video_mp4="off" background_enable_video_webm="off" width="100%" global_colors_info="{}"][et_pb_row module_class="banner-section" _builder_version="4.27.4" _module_preset="default" width="100%" custom_css_free_form=".et_pb_gutters3 .et_pb_column_4_4 .et_pb_module, .et_pb_gutters3.et_pb_row .et_pb_column_4_4 .et_pb_module {|| margin-bottom: 0% !important;|| }||||.custom-divider .et_pb_gallery_item{|| margin-bottom: 20px !important;||margin-top: 20px !important;||}" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.27.4" _module_preset="default" background_enable_video_mp4="off" global_colors_info="{}"][et_pb_heading title="HPE Nonstop Security &" _builder_version="4.27.4" _module_preset="default" title_font="Figtree|600|||||||" title_text_color="#FFFFFF" title_font_size="45px" custom_padding="0px|0px|0px|0px|false|false" global_colors_info="{}"][/et_pb_heading][et_pb_heading title="Compliance: Always Audit-" _builder_version="4.27.4" _module_preset="default" title_font="Figtree|600|||||||" title_text_color="#FFFFFF" title_font_size="45px" custom_padding="0px|0px|0px|0px|false|false" locked="off" global_colors_info="{}"][/et_pb_heading][et_pb_heading title="Ready. Always Resilient. " _builder_version="4.27.4" _module_preset="default" title_font="Figtree|600|||||||" title_text_color="#FFFFFF" title_font_size="45px" custom_padding="0px|0px|0px|0px|false|false" locked="off" global_colors_info="{}"][/et_pb_heading][et_pb_gallery gallery_ids="245348" show_title_and_caption="off" module_class="custom-divider" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][/et_pb_gallery][et_pb_text _builder_version="4.27.4" _module_preset="default" text_text_color="#FFFFFF" text_font_size="24px" width="45%" global_colors_info="{}"]XYPRO keeps your HPE Nonstop environment continuously compliant, across DORA, PCI DSS, and beyond. [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_row _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_heading title="A Security Partner Built on Trust and" _builder_version="4.27.4" _module_preset="default" title_level="h2" title_font="Figtree|700|||||||" title_text_align="center" title_text_color="#091c4f" title_font_size="36px" locked="off" global_colors_info="{}"][/et_pb_heading][et_pb_heading title="Customer Satisfaction" _builder_version="4.27.4" _module_preset="default" title_level="h2" title_font="Figtree|700|||||||" title_text_align="center" title_text_color="#091c4f" title_font_size="36px" locked="off" global_colors_info="{}"][/et_pb_heading][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_3,1_3,1_3" module_class="section2 security-partner-box" _builder_version="4.27.4" _module_preset="default" custom_margin="||||false|false" custom_padding="||||false|false" custom_css_free_form=".section2 .et_pb_column{|| padding-left:50px;||}||.section2-box::before{|| content: %22%22;|| position: absolute;|| left: 0;|| top: 12px;|| bottom: 12px;|| width: 2px;|| height:100%;|| background: linear-gradient(180deg, #091C4F 0%, #005DA4 100%);||}||.security-partner-box .et_pb_text_inner p{|| font-size: 25px;|| line-height: 1.3em;||}||.security-partner-box .et_pb_text_inner {|| font-size: 25px;|| line-height: normal;||}" global_colors_info="{}"][et_pb_column type="1_3" module_class="section2-box" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/security-company-built-icon1.webp" title_text="security-company-built-icon1" align="left" _builder_version="4.27.4" _module_preset="_initial" width="100%" max_width="100%" module_alignment="left" min_height="80px" height="80px" custom_css_free_form=".et_pb_image_0 .et_pb_image_wrap img, .et_pb_image_1 .et_pb_image_wrap img, .et_pb_image_2 .et_pb_image_wrap img{|| object-fit:contain;|| object-position:left;||}" border_radii="on|0px|0px|0px|0px" global_colors_info="{}"][/et_pb_image][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree|600|||||||" text_text_color="#000000" text_font_size="28px" text_line_height="1.3em" header_font="Figtree||||||||" header_line_height="1.3em" global_colors_info="{}"]40+ Years Securing Mission-Critical Environments [/et_pb_text][/et_pb_column][et_pb_column type="1_3" module_class="section2-box" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/security-company-built-icon-2.webp" title_text="security-company-built-icon 2" align="left" _builder_version="4.27.4" _module_preset="_initial" width="100%" min_height="80px" height="80px" border_radii="on|0px|0px|0px|0px" locked="off" global_colors_info="{}"][/et_pb_image][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree|600|||||||" text_text_color="#000000" text_font_size="28px" text_line_height="1.3em" global_colors_info="{}"]Trusted by 9 of the World’s Top 15 banks & Leading Payment Processors. [/et_pb_text][/et_pb_column][et_pb_column type="1_3" module_class="section2-box" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/security-company-built-icon3.webp" title_text="security-company-built-icon3" align="left" _builder_version="4.27.4" _module_preset="_initial" width="100%" min_height="80px" height="80px" border_radii="on|0px|0px|0px|0px" locked="off" global_colors_info="{}"][/et_pb_image][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree|600|||||||" text_text_color="#000000" text_font_size="28px" text_line_height="1.3em" global_colors_info="{}"]Built for DORA, PCI DSS, NIST, SOX & ISO 27001 [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.27.4" _module_preset="default" background_enable_color="off" global_colors_info="{}"][et_pb_row column_structure="1_2,1_2" module_class="compliance-mission-box" _builder_version="4.27.4" _module_preset="default" custom_css_free_form=".compliance-mission-box{|| background: #f3faff;|| padding: 60px 40px;|| vertical-align: middle;||}" global_colors_info="{}"][et_pb_column type="1_2" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree|700|||||||" text_text_color="#091c4f" text_font_size="36px" text_line_height="48px" custom_margin="0px|0px|20px|0px|false|false" global_colors_info="{}"]Your Auditors Want Evidence. [/et_pb_text][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree|700|||||||" text_text_color="#091c4f" text_font_size="36px" text_line_height="48px" custom_margin="0px|0px|20px|0px|false|false" global_colors_info="{}"]Your Board Wants Assurance. [/et_pb_text][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree|700|||||||" text_text_color="#091c4f" text_font_size="36px" text_line_height="48px" custom_margin="0px|0px|20px|0px|false|false" global_colors_info="{}"]Your Team Wants Relief. [/et_pb_text][/et_pb_column][et_pb_column type="1_2" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree|500|||||||" text_text_color="#000000" text_font_size="22px" text_line_height="30px" global_colors_info="{}"]Compliance in mission-critical environments isn't a one-time project, it is a continuous operational discipline. XYPRO automates the hard parts, so your team stays ahead of auditors, regulators, and threats simultaneously. [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.27.4" _module_preset="default" custom_css_free_form=".et_pb_column_8, .et_pb_column_9, .et_pb_column_10 {|| background-image: url(https://xypro.com/wp-content/uploads/2026/06/why-choose-b1.webp);|| padding-top: 50px;|| padding-right: 30px;|| padding-bottom: 120px !important;|| padding-left: 30px;||}||.business-case .et_pb_heading_container h1.et_pb_module_heading{|| padding-bottom:10px !important;||}||.business-impact-row{|| flex-direction: row;|| display: flex;|| flex-wrap: wrap;|| align-items: stretch;|| gap: 10px;||}||.et_pb_column.et_pb_column_1_3.business-case {|| padding-top: 30px;|| padding-bottom: 30px !important;|| flex: 1 1 160px;|| display: flex;|| flex-direction: column;||}" global_colors_info="{}"][et_pb_row _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_heading title="The Business Impact for Getting Compliance Right" _builder_version="4.27.4" _module_preset="default" title_font="Figtree|700|||||||" title_text_align="center" title_text_color="#000000" title_font_size="36px" locked="off" global_colors_info="{}"][/et_pb_heading][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_3,1_3,1_3" module_class="business-impact-row" _builder_version="4.27.4" _module_preset="default" custom_margin="8px||||false|false" custom_padding="20px|0px|20px|0px|false|false" global_colors_info="{}"][et_pb_column type="1_3" module_class="business-case" _builder_version="4.27.4" _module_preset="default" background_image="https://xypro.com/wp-content/uploads/2026/06/why-choose-b1.webp" custom_padding="20px|30px|20px|30px|false|false" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/continuous-compliance.webp" title_text="continuous-compliance" align="left" _builder_version="4.27.4" _module_preset="_initial" width="56px" height="56px" global_colors_info="{}"][/et_pb_image][et_pb_heading title="Continuous Compliance" _builder_version="4.27.4" _module_preset="default" title_font="Figtree|700|||||||" title_text_color="#FFFFFF" title_font_size="21px" custom_margin="||0px||false|false" global_colors_info="{}"][/et_pb_heading][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree||||||||" text_text_color="#FFFFFF" header_font_size="18px" header_line_height="27px" custom_margin="8px||||false|false" custom_css_free_form=".et_pb_text_inner{|| line-height:27px;||}" global_colors_info="{}"]Know your compliance posture in real time, not just at time of an audit. [/et_pb_text][/et_pb_column][et_pb_column type="1_3" module_class="business-case" _builder_version="4.27.4" _module_preset="default" background_image="https://xypro.com/wp-content/uploads/2026/06/why-choose-b1.webp" custom_padding="20px|30px|20px|30px|false|false" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/Real-Time-Threat-Visibility.webp" title_text="Real-Time Threat Visibility" align="left" _builder_version="4.27.4" _module_preset="_initial" width="56px" height="56px" locked="off" global_colors_info="{}"][/et_pb_image][et_pb_heading title="Real-Time Threat Visibility" _builder_version="4.27.4" _module_preset="default" title_font="Figtree|700|||||||" title_text_color="#FFFFFF" title_font_size="21px" custom_margin="||0px||false|false" locked="off" global_colors_info="{}"][/et_pb_heading][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree||||||||" text_text_color="#FFFFFF" header_font_size="18px" header_line_height="27px" custom_margin="8px||||false|false" locked="off" global_colors_info="{}"]Monitor critical user activity and system events in real time to quickly identify suspicious behavior and reduce operational risk. [/et_pb_text][/et_pb_column][et_pb_column type="1_3" module_class="business-case" _builder_version="4.27.4" _module_preset="default" background_image="https://xypro.com/wp-content/uploads/2026/06/why-choose-b1.webp" custom_padding="20px|30px|20px|30px|false|false" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/Audit-Ready-Evidence.webp" title_text="Audit-Ready Evidence" align="left" _builder_version="4.27.4" _module_preset="_initial" width="56px" height="56px" locked="off" global_colors_info="{}"][/et_pb_image][et_pb_heading title="Audit-Ready Evidence" _builder_version="4.27.4" _module_preset="default" title_font="Figtree|700|||||||" title_text_color="#FFFFFF" title_font_size="21px" custom_margin="||0px||false|false" locked="off" global_colors_info="{}"][/et_pb_heading][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree||||||||" text_text_color="#FFFFFF" header_font_size="18px" header_line_height="27px" locked="off" global_colors_info="{}"]Automated reporting delivers the documentation auditors need, on demand. [/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_3,1_3,1_3" module_class="business-impact-row" _builder_version="4.27.4" _module_preset="default" custom_margin="8px||||false|false" custom_padding="20px|0px|20px|0px|false|false" global_colors_info="{}"][et_pb_column type="1_3" module_class="business-case" _builder_version="4.27.4" _module_preset="default" background_image="https://xypro.com/wp-content/uploads/2026/06/why-choose-b1.webp" custom_padding="20px|30px|20px|30px|false|false" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/Compliance-Drift-Detection.webp" title_text="Compliance Drift Detection" align="left" _builder_version="4.27.4" _module_preset="_initial" width="56px" height="56px" global_colors_info="{}"][/et_pb_image][et_pb_heading title="Compliance Drift Detection" _builder_version="4.27.4" _module_preset="default" title_font="Figtree|700|||||||" title_text_color="#FFFFFF" title_font_size="21px" custom_margin="||0px||false|false" global_colors_info="{}"][/et_pb_heading][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree||||||||" text_text_color="#FFFFFF" header_font_size="18px" header_line_height="27px" custom_margin="8px||||false|false" global_colors_info="{}"]Get alerted the moment your environment drifts out of policy, before it becomes a finding. [/et_pb_text][/et_pb_column][et_pb_column type="1_3" module_class="business-case" _builder_version="4.27.4" _module_preset="default" background_image="https://xypro.com/wp-content/uploads/2026/06/why-choose-b1.webp" custom_padding="20px|30px|20px|30px|false|false" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/Reduced-Audit-Effort.webp" title_text="Reduced Audit Effort" align="left" _builder_version="4.27.4" _module_preset="_initial" width="56px" height="56px" locked="off" global_colors_info="{}"][/et_pb_image][et_pb_heading title="Reduced Audit Effort" _builder_version="4.27.4" _module_preset="default" title_font="Figtree|700|||||||" title_text_color="#FFFFFF" title_font_size="21px" custom_margin="||0px||false|false" locked="off" global_colors_info="{}"][/et_pb_heading][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree||||||||" text_text_color="#FFFFFF" header_font_size="18px" header_line_height="27px" custom_margin="8px||||false|false" locked="off" global_colors_info="{}"]Cut the manual work of audit prep with continuous scanning and pre-mapped compliance reports. [/et_pb_text][/et_pb_column][et_pb_column type="1_3" module_class="business-case" _builder_version="4.27.4" _module_preset="default" background_image="https://xypro.com/wp-content/uploads/2026/06/why-choose-b1.webp" custom_padding="20px|30px|20px|30px|false|false" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/Operational-Resilience.webp" title_text="Operational Resilience" align="left" _builder_version="4.27.4" _module_preset="_initial" width="56px" height="56px" locked="off" global_colors_info="{}"][/et_pb_image][et_pb_heading title="Operational Resilience" _builder_version="4.27.4" _module_preset="default" title_font="Figtree|700|||||||" title_text_color="#FFFFFF" title_font_size="21px" custom_margin="||0px||false|false" locked="off" global_colors_info="{}"][/et_pb_heading][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree||||||||" text_text_color="#FFFFFF" header_font_size="18px" header_line_height="27px" locked="off" global_colors_info="{}"]Maintain the uptime, integrity, and resilience mission-critical environments demand, with security designed for systems requiring 99.9999% availability. [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" module_class="custom-banner" _builder_version="4.27.4" _module_preset="default" background_image="https://xypro.com/wp-content/uploads/2026/06/Playbook-banner-scaled-1.webp" background_position="top_center" module_alignment="center" min_height="100%" height="100%" custom_padding="50px|50px|50px|50px|false|false" custom_css_free_form=".custom-banner{|| display: flex;|| align-items: center;||}" global_colors_info="{}"][et_pb_row column_structure="1_2,1_2" _builder_version="4.27.4" _module_preset="default" custom_margin="|198px||auto||" custom_padding="10px|0px|||false|false" global_colors_info="{}"][et_pb_column type="1_2" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][/et_pb_column][et_pb_column type="1_2" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree|600|||||||" text_text_color="#FFFFFF" text_font_size="30px" background_layout="dark" width="100%" custom_margin="|0px|20px||false|false" custom_padding="|||0px||" global_colors_info="{}"]The NonStop PCI DSS 4.0.1 Playbook [/et_pb_text][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree|500|||||||" text_text_color="#FFFFFF" text_font_size="20px" background_layout="dark" width="100%" custom_margin="|-9px||||" custom_padding="|||0px||" global_colors_info="{}"]Unsure how PCI DSS 4.0.1 maps to your HPE Nonstop environment? Our whitepaper breaks down every requirement, and shows exactly how to meet them. Written by XYPRO's Nonstop security experts. [/et_pb_text][et_pb_button button_url="https://xypro.com/resources/whitepaper/pci-dss-for-nonstop/" button_text="Download Now" _builder_version="4.27.4" _module_preset="default" custom_button="on" button_text_color="#FFFFFF" button_bg_color="#50bc95" button_border_width="0px" button_border_color="#50bc95" button_border_radius="0px" button_font="Figtree|600|||||||" button_use_icon="off" custom_padding="10px|25px|10px|25px|false|false" box_shadow_style="preset2" box_shadow_horizontal="0px" box_shadow_vertical="4px" box_shadow_blur="4px" global_colors_info="{}"][/et_pb_button][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.27.4" _module_preset="default" custom_padding="80px||50px||false|false" custom_css_free_form=".one-platform .et_pb_text .et_pb_text_inner {|| font-size: 23px;|| line-height: normal;||}" global_colors_info="{}"][et_pb_row _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_heading title="One Platform. Every Layer of Your Environment." _builder_version="4.27.4" _module_preset="default" title_level="h2" title_font="Figtree|700|||||||" title_text_align="center" title_text_color="#091c4f" title_font_size="36px" title_line_height="48px" global_colors_info="{}"][/et_pb_heading][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree||||||||" text_text_color="#000000" text_font_size="22px" text_line_height="30px" header_font="Figtree||||||||" text_orientation="center" custom_padding="20px||10px||false|false" global_colors_info="{}"]XYPRO's integrated security platform covers every layer of your environment, from HPE Nonstop servers and appliances to enterprise identity systems and databases. Every capability maps directly to your regulatory obligations.[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_3,1_3,1_3" module_class="one-platform" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="1_3" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/Analytics.webp" title_text="Analytics" _builder_version="4.27.4" _module_preset="_initial" width="85px" height="85px" custom_margin="||10px||false|false" global_colors_info="{}"][/et_pb_image][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree|700|||||||" text_text_color="#091c4f" text_font_size="25px" text_line_height="1.3em" text_orientation="center" global_colors_info="{}"]Threat Detection & Behavioral Analytics [/et_pb_text][/et_pb_column][et_pb_column type="1_3" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/Governance.webp" title_text="Governance" _builder_version="4.27.4" _module_preset="_initial" width="85px" height="85px" custom_margin="||10px||false|false" global_colors_info="{}"][/et_pb_image][et_pb_text admin_label="Text" _builder_version="4.27.4" _module_preset="default" text_font="Figtree|700|||||||" text_text_color="#091c4f" text_font_size="25px" text_line_height="1.3em" text_orientation="center" global_colors_info="{}"]Privileged Access & Identity Governance [/et_pb_text][/et_pb_column][et_pb_column type="1_3" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/Monitoring.webp" title_text="Monitoring" _builder_version="4.27.4" _module_preset="_initial" width="85px" height="85px" custom_margin="||10px||false|false" global_colors_info="{}"][/et_pb_image][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree|700|||||||" text_text_color="#091c4f" text_font_size="25px" text_line_height="1.3em" text_orientation="center" global_colors_info="{}"]File & System Integrity Monitoring [/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_3,1_3,1_3" module_class="one-platform" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="1_3" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/Appliance.webp" title_text="Appliance" _builder_version="4.27.4" _module_preset="_initial" width="85px" height="85px" custom_margin="||10px||false|false" global_colors_info="{}"][/et_pb_image][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree|700|||||||" text_text_color="#091c4f" text_font_size="28px" text_orientation="center" global_colors_info="{}"]Appliance & Configuration Security [/et_pb_text][/et_pb_column][et_pb_column type="1_3" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/Reporting.webp" title_text="Reporting" _builder_version="4.27.4" _module_preset="_initial" width="85px" height="85px" custom_margin="||10px||false|false" global_colors_info="{}"][/et_pb_image][et_pb_text admin_label="Text" _builder_version="4.27.4" _module_preset="default" text_font="Figtree|700|||||||" text_text_color="#091c4f" text_font_size="28px" text_orientation="center" global_colors_info="{}"]Automated Compliance Reporting [/et_pb_text][/et_pb_column][et_pb_column type="1_3" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/Database.webp" title_text="Database" _builder_version="4.27.4" _module_preset="_initial" width="85px" height="85px" custom_margin="||10px||false|false" global_colors_info="{}"][/et_pb_image][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree|700|||||||" text_text_color="#091c4f" text_font_size="28px" text_orientation="center" global_colors_info="{}"]Secure Database Management [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" fullwidth="on" _builder_version="4.27.4" _module_preset="default" custom_css_free_form=".slick-current.slick-active.slick-center .testimonial-card{|| color:#fff;||}||" global_colors_info="{}"][et_pb_fullwidth_code admin_label="Fullwidth Code" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"]Here’s What People Who Trusted XYPRO Have Said Protecting customer data is paramount, and with the increased payment processing expected during the 2020 Olympics, HPE NonStop with XYPRO security modules gives us confidence that we can handle the added workload while maintaining compliance with PCI DSS regulations.”  Spokesperson Large Japanese Enterprise The relay server that supports our core business must run nonstop while also enabling us to grow as demand increases. Only HPE Integrity Nonstop BladeSystem NB54000c servers have both high availability and scalability to support all our ATM services today and into the future.” Masaaki Matsuhashi Executive Officer and Director, ATM Solution Department, Seven Bank  Protecting customer data is paramount, and with the increased payment processing expected during the 2020 Olympics, HPE NonStop with XYPRO security modules gives us confidence that we can handle the added workload while maintaining compliance with PCI DSS regulations.”  Spokesperson Large Japanese Enterprise [/et_pb_fullwidth_code][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_row _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_heading title="Compliance Coverage" _builder_version="4.27.4" _module_preset="default" title_level="h2" title_font="Figtree|700|||||||" title_text_align="center" title_text_color="#091c4f" title_font_size="36px" title_line_height="48px" locked="off" global_colors_info="{}"][/et_pb_heading][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree||||||||" text_text_color="#000000" text_font_size="22px" text_line_height="30px" text_orientation="center" custom_padding="10px||10px||false|false" global_colors_info="{}"]Comprehensive Coverage Across Every Framework You Answer To [/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_code _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"] Business NeedCompliance Obligation Detect and respond to ICT incidents fastDORA · PCI DSS Prove who accessed what and whenDORA · PCI DSS · SOX Monitor for unauthorized system changesDORA · PCI DSS · ISO 27001 Maintain audit-ready compliance evidenceDORA · PCI DSS · NIST Secure and audit sensitive financial dataPCI DSS · SOX Harden appliances and infrastructure configsDORA · NIST · PCI DSS[/et_pb_code][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" disabled_on="off|off|off" module_class="custom-banner" _builder_version="4.27.4" _module_preset="default" background_image="https://xypro.com/wp-content/uploads/2026/06/compliance-footer-banner-scaled-1.webp" background_position="top_center" module_alignment="center" min_height="400px" height="400px" custom_padding="50px|50px|50px|50px|false|false" custom_css_free_form=".custom-banner{|| display: flex;|| align-items: center;||}" global_colors_info="{}"][et_pb_row column_structure="1_2,1_2" _builder_version="4.27.4" _module_preset="default" custom_margin="|198px||auto||" custom_padding="10px|0px|||false|false" global_colors_info="{}"][et_pb_column type="1_2" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][/et_pb_column][et_pb_column type="1_2" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree|600|||||||" text_text_color="#FFFFFF" text_font_size="30px" background_layout="dark" width="100%" custom_margin="|0px|20px||false|false" custom_padding="|||0px||" global_colors_info="{}"]Start Your Compliance Journey Today [/et_pb_text][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree|500|||||||" text_text_color="#FFFFFF" text_font_size="20px" background_layout="dark" width="100%" custom_margin="|-9px||||" custom_padding="|||0px||" global_colors_info="{}"]Compliance isn't just about passing an audit, it's about protecting the systems and data your customers depend on. Let XYPRO show you exactly where you stand and what it takes to get there. [/et_pb_text][et_pb_button button_url="https://xypro.com/contact/" button_text="Book a Demo" _builder_version="4.27.4" _module_preset="default" custom_button="on" button_text_color="#FFFFFF" button_bg_color="#50bc95" button_border_width="0px" button_border_color="#50bc95" button_border_radius="0px" button_font="Figtree|600|||||||" button_use_icon="off" custom_padding="10px|25px|10px|25px|false|false" hover_enabled="0" box_shadow_style="preset2" box_shadow_horizontal="0px" box_shadow_vertical="4px" box_shadow_blur="4px" global_colors_info="{}" sticky_enabled="0"][/et_pb_button][/et_pb_column][/et_pb_row][/et_pb_section] #### Contact [et_pb_section fb_built="1" next_background_color="#ffffff" admin_label="Hero Section" _builder_version="4.16" use_background_color_gradient="on" background_color_gradient_stops="#005DA4 0%|#1D3557 100%" background_color_gradient_start="#005DA4" background_color_gradient_end="#1D3557" custom_padding="0px||||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x" global_colors_info="{}"][et_pb_row _builder_version="4.16" module_alignment="center" custom_margin="||0px||false|false" custom_padding="||0px||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.16" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" text_orientation="center" background_layout="dark" max_width="700px" module_alignment="center" custom_margin="||||false|false" custom_padding="50px||50px||false|false" global_colors_info="{}"]How Can We Help? Find contact information and answers to your questions here.[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="Blog" _builder_version="4.16" background_color="#ffffff" custom_margin="||||false|false" custom_padding="||||false|false" global_colors_info="{}"][et_pb_row column_structure="1_2,1_2" _builder_version="4.16" background_size="initial" background_position="top_left" background_repeat="repeat" module_alignment="center" custom_margin="0px||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="1_2" _builder_version="4.16" custom_padding="40px|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text _builder_version="4.16" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" max_width="700px" module_alignment="center" custom_margin="||||false|false" custom_padding="||||false|false" global_colors_info="{}"]Customer Support For Technical Support, log into the XYPRO Customer Center.[/et_pb_text][et_pb_button button_url="@ET-DC@eyJkeW5hbWljIjp0cnVlLCJjb250ZW50IjoicG9zdF9saW5rX3VybF9wYWdlIiwic2V0dGluZ3MiOnsicG9zdF9pZCI6IjIxNzY3OSJ9fQ==@" button_text="Support Log In" button_alignment="left" admin_label="Log In" _builder_version="4.16" _dynamic_attributes="button_url" custom_button="on" button_text_size="16px" button_text_color="#ffffff" button_bg_color="#1d3557" button_border_color="rgba(0,0,0,0)" button_border_radius="100px" button_letter_spacing="2px" button_font="|600|||||||" button_icon="E||divi||400" button_icon_color="#ffffff" custom_margin="0px||||false|false" custom_padding="16px|32px|16px|32px|true|true" box_shadow_style="preset3" locked="off" global_colors_info="{}" button_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_bg_color__hover_enabled="off" button_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_letter_spacing__hover="3px" button_letter_spacing__hover_enabled="on|hover" button_border_width__hover_enabled="off"][/et_pb_button][/et_pb_column][et_pb_column type="1_2" _builder_version="4.16" custom_padding="40px|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text _builder_version="4.16" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" max_width="700px" module_alignment="center" custom_margin="||||false|false" custom_padding="||||false|false" global_colors_info="{}"]Contact Sales Contact us to discuss your environment, learn more about services or set up a demo of XYPRO Solutions.[/et_pb_text][et_pb_contact_form use_spam_service="on" recaptcha_list="Contact Sales|Contact Sales-0" email="marketing@xypro.com" custom_message="This message comes from the 'Contact Sales' form on the Contact page.||et_pb_line_break_holder||---------------||et_pb_line_break_holder||Name: %%Name%%||et_pb_line_break_holder||Email: %%Email%%||et_pb_line_break_holder||||et_pb_line_break_holder||Message:||et_pb_line_break_holder||%%Message%%" success_message="Thank you for your message. Someone will be in contact with you shortly." submit_button_text="Send Message" admin_label="Contact Form" _builder_version="4.27.4" _unique_id="f5b7e96c-0e5c-4999-b3ce-773c7d40d143" form_field_background_color="#f2f2f2" form_field_focus_background_color="#ffffff" background_color="rgba(0,0,0,0)" custom_button="on" button_text_size="16px" button_text_color="#ffffff" button_bg_color="#f17050" button_border_color="#f17050" button_border_radius="100px" button_letter_spacing="2px" button_use_icon="off" border_radii="on|3px|3px|3px|3px" box_shadow_style="preset3" box_shadow_style_button="preset3" global_colors_info="{}"][et_pb_contact_field field_id="Name" field_title="Name" _builder_version="4.16" global_colors_info="{}" button_text_size__hover_enabled="off" button_one_text_size__hover_enabled="off" button_two_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_one_text_color__hover_enabled="off" button_two_text_color__hover_enabled="off" button_border_width__hover_enabled="off" button_one_border_width__hover_enabled="off" button_two_border_width__hover_enabled="off" button_border_color__hover_enabled="off" button_one_border_color__hover_enabled="off" button_two_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_one_border_radius__hover_enabled="off" button_two_border_radius__hover_enabled="off" button_letter_spacing__hover_enabled="off" button_one_letter_spacing__hover_enabled="off" button_two_letter_spacing__hover_enabled="off" button_bg_color__hover_enabled="off" button_one_bg_color__hover_enabled="off" button_two_bg_color__hover_enabled="off"][/et_pb_contact_field][et_pb_contact_field field_id="Email" field_title="Email Address" field_type="email" _builder_version="4.16" global_colors_info="{}" button_text_size__hover_enabled="off" button_one_text_size__hover_enabled="off" button_two_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_one_text_color__hover_enabled="off" button_two_text_color__hover_enabled="off" button_border_width__hover_enabled="off" button_one_border_width__hover_enabled="off" button_two_border_width__hover_enabled="off" button_border_color__hover_enabled="off" button_one_border_color__hover_enabled="off" button_two_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_one_border_radius__hover_enabled="off" button_two_border_radius__hover_enabled="off" button_letter_spacing__hover_enabled="off" button_one_letter_spacing__hover_enabled="off" button_two_letter_spacing__hover_enabled="off" button_bg_color__hover_enabled="off" button_one_bg_color__hover_enabled="off" button_two_bg_color__hover_enabled="off"][/et_pb_contact_field][et_pb_contact_field field_id="Message" field_title="Message" field_type="text" fullwidth_field="on" _builder_version="4.16" global_colors_info="{}" button_text_size__hover_enabled="off" button_one_text_size__hover_enabled="off" button_two_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_one_text_color__hover_enabled="off" button_two_text_color__hover_enabled="off" button_border_width__hover_enabled="off" button_one_border_width__hover_enabled="off" button_two_border_width__hover_enabled="off" button_border_color__hover_enabled="off" button_one_border_color__hover_enabled="off" button_two_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_one_border_radius__hover_enabled="off" button_two_border_radius__hover_enabled="off" button_letter_spacing__hover_enabled="off" button_one_letter_spacing__hover_enabled="off" button_two_letter_spacing__hover_enabled="off" button_bg_color__hover_enabled="off" button_one_bg_color__hover_enabled="off" button_two_bg_color__hover_enabled="off"][/et_pb_contact_field][/et_pb_contact_form][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" custom_padding_last_edited="on|tablet" admin_label="Feature" _builder_version="4.16" background_color="rgba(0,0,0,0)" use_background_color_gradient="on" background_color_gradient_type="circular" background_color_gradient_stops="rgba(0,31,45,0.11) 16%|rgba(30,34,38,0.4) 100%" background_color_gradient_start="rgba(0,31,45,0.11)" background_color_gradient_start_position="16%" background_color_gradient_end="rgba(30,34,38,0.4)" parallax="on" custom_padding="||||false|false" custom_padding_tablet="||10vw" custom_padding_phone="" bottom_divider_color="#ffffff" bottom_divider_height="10vw" bottom_divider_repeat="2x" bottom_divider_flip="horizontal" bottom_divider_height_tablet="90px" bottom_divider_height_phone="" bottom_divider_height_last_edited="on|tablet" bottom_divider_repeat_tablet="0x" bottom_divider_repeat_phone="" bottom_divider_repeat_last_edited="on|desktop" custom_width_px__hover="1080px" custom_width_px__hover_enabled="1080px" custom_width_percent__hover="80%" custom_width_percent__hover_enabled="80%" locked="off" collapsed="off" global_colors_info="{}" gutter_width__hover="3" gutter_width__hover_enabled="3" parallax_1__hover="off" parallax_1__hover_enabled="off" parallax_2__hover="off" parallax_2__hover_enabled="off" parallax_3__hover="off" parallax_3__hover_enabled="off" parallax_method_1__hover="on" parallax_method_1__hover_enabled="on" parallax_method_2__hover="on" parallax_method_2__hover_enabled="on" parallax_method_3__hover="on" parallax_method_3__hover_enabled="on" use_background_color_gradient__hover="off" use_background_color_gradient__hover_enabled="off" background_color_gradient_start__hover="#2b87da" background_color_gradient_start__hover_enabled="#2b87da" background_color_gradient_end__hover="#29c4a9" background_color_gradient_end__hover_enabled="#29c4a9" background_color_gradient_direction__hover="180deg" background_color_gradient_direction__hover_enabled="180deg" background_color_gradient_type__hover="linear" background_color_gradient_type__hover_enabled="linear" background_color_gradient_direction_radial__hover="center" background_color_gradient_direction_radial__hover_enabled="center" background_color_gradient_start_position__hover="0%" background_color_gradient_start_position__hover_enabled="0%" background_color_gradient_end_position__hover="100%" background_color_gradient_end_position__hover_enabled="100%" background_color_gradient_overlays_image__hover="off" background_color_gradient_overlays_image__hover_enabled="off" parallax__hover="off" parallax__hover_enabled="off" parallax_method__hover="on" parallax_method__hover_enabled="on" background_size__hover="cover" background_size__hover_enabled="cover" background_position__hover="center" background_position__hover_enabled="center" background_repeat__hover="no-repeat" background_repeat__hover_enabled="no-repeat" background_blend__hover="normal" background_blend__hover_enabled="normal" allow_player_pause__hover="off" allow_player_pause__hover_enabled="off" background_video_pause_outside_viewport__hover="on" background_video_pause_outside_viewport__hover_enabled="on" inner_shadow__hover="off" inner_shadow__hover_enabled="off" make_fullwidth__hover="off" make_fullwidth__hover_enabled="off" use_custom_width__hover="off" use_custom_width__hover_enabled="off" width_unit__hover="on" width_unit__hover_enabled="on" make_equal__hover="off" make_equal__hover_enabled="off" use_custom_gutter__hover="off" use_custom_gutter__hover_enabled="off" border_radii__hover="on||||" border_radii__hover_enabled="on||||" box_shadow_style__hover="none" box_shadow_style__hover_enabled="none" box_shadow_color__hover="rgba(0,0,0,0.3)" box_shadow_color__hover_enabled="rgba(0,0,0,0.3)" max_width__hover="100%" max_width__hover_enabled="100%" filter_hue_rotate__hover="0deg" filter_hue_rotate__hover_enabled="0deg" filter_saturate__hover="100%" filter_saturate__hover_enabled="100%" filter_brightness__hover="100%" filter_brightness__hover_enabled="100%" filter_contrast__hover="100%" filter_contrast__hover_enabled="100%" filter_invert__hover="0%" filter_invert__hover_enabled="0%" filter_sepia__hover="0%" filter_sepia__hover_enabled="0%" filter_opacity__hover="100%" filter_opacity__hover_enabled="100%" filter_blur__hover="0px" filter_blur__hover_enabled="0px" mix_blend_mode__hover="normal" mix_blend_mode__hover_enabled="normal" animation_style__hover="none" animation_style__hover_enabled="none" animation_repeat__hover="once" animation_repeat__hover_enabled="once" animation_direction__hover="center" animation_direction__hover_enabled="center" animation_duration__hover="1000ms" animation_duration__hover_enabled="1000ms" animation_delay__hover="0ms" animation_delay__hover_enabled="0ms" animation_intensity_slide__hover="50%" animation_intensity_slide__hover_enabled="50%" animation_intensity_zoom__hover="50%" animation_intensity_zoom__hover_enabled="50%" animation_intensity_flip__hover="50%" animation_intensity_flip__hover_enabled="50%" animation_intensity_fold__hover="50%" animation_intensity_fold__hover_enabled="50%" animation_intensity_roll__hover="50%" animation_intensity_roll__hover_enabled="50%" animation_starting_opacity__hover="0%" animation_starting_opacity__hover_enabled="0%" animation_speed_curve__hover="ease-in-out" animation_speed_curve__hover_enabled="ease-in-out" hover_transition_duration__hover="300ms" hover_transition_duration__hover_enabled="300ms" hover_transition_delay__hover="0ms" hover_transition_delay__hover_enabled="0ms" hover_transition_speed_curve__hover="ease" hover_transition_speed_curve__hover_enabled="ease" background_color_gradient_stops__hover="#2b87da 0%|#29c4a9 100%"][et_pb_row column_structure="1_2,1_2" _builder_version="4.16" global_colors_info="{}"][et_pb_column type="1_2" _builder_version="4.16" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text _builder_version="4.27.0" global_colors_info="{}"]Corporate Headquarters XYPRO Headquarters 2655 First St., Suite 210 Simi Valley, CA 93065 Phone: +1 805-583-2874 Email: sales@xypro.com[/et_pb_text][et_pb_button button_url="mailto:info@xypro.com" url_new_window="on" button_text="Email Us" admin_label="email us" _builder_version="4.16" custom_button="on" button_text_size="16px" button_text_color="#ffffff" button_bg_color="#1d3557" button_border_color="rgba(0,0,0,0)" button_border_radius="100px" button_letter_spacing="2px" button_font="|600|||||||" button_icon="E||divi||400" button_icon_color="#ffffff" custom_padding="16px|32px|16px|32px|true|true" box_shadow_style="preset3" box_shadow_color="#091c4f" locked="off" global_colors_info="{}" button_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_bg_color__hover_enabled="off" button_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_letter_spacing__hover="3px" button_letter_spacing__hover_enabled="on|hover" button_border_width__hover_enabled="off"][/et_pb_button][/et_pb_column][et_pb_column type="1_2" _builder_version="4.16" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_image src="https://xypro.com/wp-content/uploads/2019/10/xypro-company-building.jpg" show_in_lightbox="on" module_class="foobox" _builder_version="4.16" animation_direction="right" animation_duration="500ms" scroll_scaling_enable="on" box_shadow_style="preset3" global_colors_info="{}"][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row _builder_version="4.16" custom_margin="||||false|false" custom_padding="||0px||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" custom_padding="||||false|false" global_colors_info="{}"][et_pb_text _builder_version="4.16" global_colors_info="{}"]International Sales & Support Offices[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_5,3_5,1_5" _builder_version="4.16" global_colors_info="{}"][et_pb_column type="1_5" _builder_version="4.16" global_colors_info="{}"][/et_pb_column][et_pb_column type="3_5" _builder_version="4.16" global_colors_info="{}"][et_pb_blurb title="Worldwide Sales" _builder_version="4.27.4" header_level="h3" text_orientation="center" hover_enabled="0" border_radii_image="on|15px|15px|15px|15px" box_shadow_style_image="preset3" global_colors_info="{}" sticky_enabled="0"]+1 805-583-2874sales@xypro.com[/et_pb_blurb][/et_pb_column][et_pb_column type="1_5" _builder_version="4.16" global_colors_info="{}"][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.16" global_colors_info="{}"][et_pb_row module_id="partners" _builder_version="4.16" custom_margin="||0px||false|false" custom_padding="||0px||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" custom_padding="||0px||false|false" global_colors_info="{}"][et_pb_text _builder_version="4.16" custom_margin="||0px||false|false" custom_padding="||0px||false|false" global_colors_info="{}"]Technology Partners [/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_5,1_5,1_5,1_5,1_5" _builder_version="4.16" width="100%" custom_margin="0px||0px||false|false" custom_padding="0px||0px||false|false" global_colors_info="{}"][et_pb_column type="1_5" _builder_version="4.16" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2022/05/saphana.png" title_text="saphana" admin_label="SAP HANA" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="1_5" _builder_version="4.16" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2022/05/hewlettpackardenterprise.png" title_text="hewlettpackardenterprise" admin_label="hewletpacardenterprise" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="1_5" _builder_version="4.16" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2022/05/cyberark.png" alt="CyberArk" title_text="cyberark" admin_label="cyberark" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="1_5" _builder_version="4.16" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2022/05/sailpoint.png" title_text="sailpoint" admin_label="sailpoint" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="1_5" _builder_version="4.16" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2022/05/servicenow.png" title_text="servicenow" admin_label="servicenow" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_5,1_5,1_5,1_5,1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_column type="1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2022/05/hpe-pointnext.png" alt="HPE PointNext" title_text="hpe-pointnext" admin_label="hpepointnext" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2022/05/ibm.png" alt="IBM" title_text="ibm" admin_label="IBM" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2022/05/gravic.png" alt="Gravic" title_text="gravic" admin_label="gravic" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2022/05/rsa.png" title_text="rsa" admin_label="RSA" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2022/05/idelji.png" title_text="idelji" admin_label="idelji" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_5,1_5,1_5,1_5,1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_column type="1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2022/05/gcc.png" title_text="gcc" admin_label="GCC" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2022/05/continuous.png" alt="Proud partner with Continuous NonStop IT Solutions" title_text="continuous" admin_label="continuous" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2023/11/ETI-NET-LOGO.png" alt="DXC Technology" title_text="ETI-NET LOGO" admin_label="DXC" _builder_version="4.23.1" _module_preset="default" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2022/05/dxc.png" alt="DXC Technology" title_text="dxc" admin_label="DXC" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_column][/et_pb_row][et_pb_row module_id="partners" _builder_version="4.16" custom_margin="||0px||false|false" custom_padding="||0px||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" custom_padding="||0px||false|false" global_colors_info="{}"][et_pb_text _builder_version="4.16" custom_margin="||0px||false|false" custom_padding="||0px||false|false" global_colors_info="{}"]Channel Partners [/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_6,1_6,1_6,1_6,1_6,1_6" make_equal="on" _builder_version="4.16" global_colors_info="{}"][et_pb_column type="1_6" _builder_version="4.16" custom_css_main_element="margin: auto;" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2020/01/HPE.png" url="https://www.hpe.com/us/en/servers/nonstop.html%20" url_new_window="on" admin_label="hpe" _builder_version="4.16" border_radii="on|0px|0px|0px|0px" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="1_6" _builder_version="4.16" custom_css_main_element="margin: auto;" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2020/01/HPE-PointNext.png" url="https://www.hpe.com/us/en/services.html" url_new_window="on" admin_label="pointnext" _builder_version="4.16" border_radii="on|0px|0px|0px|0px" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="1_6" _builder_version="4.16" custom_css_main_element="margin: auto;" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2020/01/DXC-Technology.png" url="https://www.dxc.technology" url_new_window="on" admin_label="dxc" _builder_version="4.16" border_radii="on|0px|0px|0px|0px" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="1_6" _builder_version="4.16" custom_css_main_element="margin: auto;" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2021/01/gcclogo.png" title_text="gcclogo" url="https://www.gcc.com.cy/" url_new_window="on" admin_label="gcc" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="1_6" _builder_version="4.16" custom_css_main_element="margin: auto;" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2020/01/datacare.png" url="https://en.datacare.hu" url_new_window="on" admin_label="datacare" _builder_version="4.16" border_radii="on|0px|0px|0px|0px" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="1_6" _builder_version="4.16" custom_css_main_element="margin: auto;" global_colors_info="{}"][/et_pb_column][/et_pb_row][et_pb_row module_id="partners" _builder_version="4.16" custom_margin="||0px||false|false" custom_padding="||0px||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" custom_padding="||0px||false|false" global_colors_info="{}"][et_pb_text _builder_version="4.16" custom_margin="||0px||false|false" custom_padding="||0px||false|false" global_colors_info="{}"]Organizational Affiliations [/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_3,1_3,1_3" make_equal="on" _builder_version="4.16" module_alignment="center" global_colors_info="{}"][et_pb_column type="1_3" _builder_version="4.16" custom_css_main_element="margin: auto;" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2020/01/pci-security-standards-council.jpg" url="https://www.pcisecuritystandards.org" url_new_window="on" _builder_version="4.16" border_radii="on|0px|0px|0px|0px" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="1_3" _builder_version="4.16" custom_css_main_element="margin: auto;" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2020/01/Connect-Worldwide-e1579641187601.png" url="https://www.connect-community.org" _builder_version="4.16" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="1_3" _builder_version="4.16" custom_css_main_element="margin: auto;" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2020/01/ISSA.png" url="https://www.issa.org" url_new_window="on" _builder_version="4.16" border_radii="on|0px|0px|0px|0px" global_colors_info="{}"][/et_pb_image][/et_pb_column][/et_pb_row][/et_pb_section] #### Covid-19 (Coronavirus) Business Continuity Statement Update December 1, 2021 Following our advance preparation procedures, on Friday, March 13, 2020, XYPRO employees began working from home. This working arrangement has proven to be effective and successful, allowing us to continue to fulfil our responsibilities to our clients, while offering a variety of flexible working options to XYPRO employees. Please do not hesitate to reach out to your Account Executive with any questions or clarification requests, or submit a question via our technical Support Portal where you can also view your case history anytime. March 15, 2020 Following our advance preparation procedures, on Friday, March 13, 2020, 100% of XYPRO employees began working from home until further notice. During this temporary arrangement, we are committed to fulfilling our responsibilities to our clients. We will continue to serve you. It is an unprecedented situation for all of us and we value your understanding and partnership. As always, please do not hesitate to reach out to your sales representative with any questions or clarification requests, or submit a question via our technical Support Portal where you can also view your case history anytime. February 25, 2020 We continue to closely monitor developments with respect to the Coronavirus. First and most importantly, we are monitoring the situation and taking the appropriate actions to continue providing our employees with a safe work environment. The situation is dynamic and we will continue to provide updates as we learn more. XYPRO has a Business Continuity Plan, a global footprint and if necessary, company-wide telecommuting protocols that can be implemented without disruption to our normal business operations.  We have exercised these protocols multiple times in the last several years due to the devastating California wildfires.  We are confident in our ability to support our customers and employees and we remain committed to providing the superior service and support that our customers have come to expect of our company throughout this situation. #### cPortal Form [et_pb_section fb_built="1" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_row _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"] Create Support Ticket Untitled [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section] #### Enterprise Identity & Access Management [et_pb_section fb_built="1" next_background_color="#ffffff" admin_label="Hero Section" _builder_version="4.16" use_background_color_gradient="on" background_color_gradient_stops="#1d3557 0%|#132547 100%" background_color_gradient_start="#1d3557" background_color_gradient_end="#132547" background_image="/wp-content/uploads/slider4/fullwidthslide2.jpeg" background_blend="soft-light" custom_padding="0px||||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x" bottom_divider_arrangement="above_content" global_colors_info="{}"][et_pb_row column_structure="1_4,3_4" _builder_version="4.16" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="1_4" _builder_version="4.16" custom_padding="40px|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_image src="https://xypro.com/wp-content/uploads/2019/10/Identity-Access_white.png" align="right" _builder_version="4.16" max_width="200px" max_width_tablet="" max_width_phone="180px" max_width_last_edited="on|desktop" custom_margin="||||false|false" custom_padding="||||false|false" animation_style="none" module_alignment_tablet="" module_alignment_phone="center" module_alignment_last_edited="on|phone" border_radii="on|0px|0px|0px|0px" border_color_all="rgba(0,0,0,0)" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="3_4" _builder_version="4.16" custom_padding="40px|||" global_colors_info="{}" custom_padding__hover="|||"][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="XIC" module_id="XIC" _builder_version="4.16" background_color="#ffffff" custom_margin="0px||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_row _builder_version="4.16" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.16" header_4_text_color="#5694c4" global_colors_info="{}"]XYGATE Identity Connector (XIC) Connectors for HPE NonStop Servers Managing strong passwords and credentials is often a challenge. Ensuring they are stored properly, changed regularly, meet complexity and compliance requirements and are auditable can be overwhelming to implement and manage. Current solutions for requesting and managing user access are outdated and inefficient. Processes are manual, complex and don’t map to the core business initiatives driving change within the enterprise. Governance is often an afterthought, leaving many enterprises vulnerable to increased security risks and potential non-compliance with external regulations or internal corporate mandates.[/et_pb_text][et_pb_text _builder_version="4.16" global_colors_info="{}"]XIC was the easiest software implementation I've ever seen.[/et_pb_text][et_pb_text _builder_version="4.16" global_colors_info="{}"]Key Benefits[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_2,1_2" _builder_version="4.16" custom_margin="0px||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="1_2" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.16" global_colors_info="{}"] Visibility and Control of NonStop user data directly from SailPoint IdentityIQ Quickly detect risks and entitlement issues Automate the provisioning process Address account compliance concerns SailPoint Certified Integration CyberArk Certified Integration Integrated with XYGATE Suite [/et_pb_text][/et_pb_column][et_pb_column type="1_2" _builder_version="4.16" global_colors_info="{}"][/et_pb_column][/et_pb_row][et_pb_row make_equal="on" _builder_version="4.16" module_alignment="center" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.16" global_colors_info="{}"]Datasheet Downloads[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_2,1_2" make_equal="on" _builder_version="4.16" module_alignment="center" global_colors_info="{}"][et_pb_column type="1_2" _builder_version="4.16" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/01/XIC-for-SailPoint-Datasheet-Image.webp" alt="XYGATE Identity Connector for SailPoint Data Sheet (PDF)" title_text="XIC for SailPoint Datasheet Image" url="/wp-content/uploads/2026/01/XIC-for-SailPoint-Datasheet.pdf" url_new_window="on" module_class="pdf-download" _builder_version="4.27.4" width="200px" hover_enabled="0" border_radii="on|5px|5px|5px|5px" box_shadow_style="preset3" global_colors_info="{}" sticky_enabled="0"][/et_pb_image][et_pb_text _builder_version="4.27.4" hover_enabled="0" global_colors_info="{}" sticky_enabled="0"]XYGATE Identity Connector for SailPoint Data Sheet (PDF)[/et_pb_text][/et_pb_column][et_pb_column type="1_2" _builder_version="4.16" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/01/XIC-for-CyberArk-Datasheet-Image.webp" alt="XYGATE Identity Connector for CyberArk Data Sheet (PDF)" title_text="XIC for CyberArk Datasheet Image" url="/wp-content/uploads/2026/01/XIC-for-CyberArk-Datasheet.pdf" url_new_window="on" module_class="pdf-download" _builder_version="4.27.4" width="200px" hover_enabled="0" border_radii="on|5px|5px|5px|5px" box_shadow_style="preset3" global_colors_info="{}" sticky_enabled="0"][/et_pb_image][et_pb_text _builder_version="4.27.4" hover_enabled="0" global_colors_info="{}" sticky_enabled="0"]XYGATE Identity Connector for CyberArk Data Sheet (PDF)[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section] #### Events [et_pb_section fb_built="1" next_background_color="#ffffff" admin_label="Hero Section" _builder_version="3.29.3" use_background_color_gradient="on" background_color_gradient_start="#005DA4" background_color_gradient_end="#1D3557" custom_padding="0px||||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x"][et_pb_row _builder_version="3.29.3" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="||||false|false" custom_padding="0px||||false|false"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="40px|||" custom_padding__hover="|||"][et_pb_text _builder_version="4.0.2" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" text_orientation="center" background_layout="dark" max_width="700px" module_alignment="center" custom_margin="||||false|false" custom_padding="50px||50px||false|false"]Events XYPRO is represented at industry events worldwide. Visit this space to learn about upcoming XYPRO engagements in your area.[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="EVENTS" _builder_version="3.29.3" background_color="#ffffff" custom_margin="0px||||false|false" custom_padding="0px||||false|false"][et_pb_row _builder_version="3.29.3" width="90%" module_alignment="center" custom_margin="0px||||false|false" custom_padding="0px||||false|false"][et_pb_column type="4_4" _builder_version="3.29.3"][et_pb_text _builder_version="3.29.3" custom_padding="||||false|false"] Select MonthJanuaryFebruaryMarchAprilMayJuneJulyAugustSeptemberOctoberNovemberDecemberSelect Year20192020202120222023202420252026 Monthly Weekly Daily List Grid Tile September 2026 Nonstop Technology & Business Conference 2026 Join us for the CTUG 2026 Conference as members of the Canadian Nonstop community come together for collaboration, technical learning, and knowledge sharing. The CTUG conference provides valuable opportunities to connect with users, partners, and industry experts focused on HPE Nonstop and mission-critical environments. 15 - 17 Sep All Day The Rosen Plaza The Rosen Plaza 9700 International Drive, Orlando, Florida FacebookTwitterLinkedinEmail View Detail No event found! [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="Newsletter Subscribe Section" _builder_version="4.0.2" background_color="#ffffff" use_background_color_gradient="on" background_color_gradient_start="rgba(0,31,45,0.11)" background_color_gradient_end="rgba(30,34,38,0.4)" background_color_gradient_type="radial"][et_pb_row column_structure="1_2,1_2" _builder_version="3.25" custom_margin="|||"][et_pb_column type="1_2" _builder_version="3.25" custom_padding="40px|||" custom_padding__hover="|||"][et_pb_text _builder_version="4.0.9" header_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" max_width="700px" module_alignment="center" locked="off"]Get Notified About Upcoming Events Don't miss out on any conferences, meetings, or other events with XYPRO by adding your email to our list here.[/et_pb_text][/et_pb_column][et_pb_column type="1_2" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_contact_form captcha="off" email="marketing@xypro.com" custom_message="This message comes from the 'Subscribe' form on the Events page.||et_pb_line_break_holder||---------------||et_pb_line_break_holder||Name: %%Name%%||et_pb_line_break_holder||Email: %%Email%%" success_message="Thank you for subscribing!" submit_button_text="Subscribe" module_id="subscribe_form" _builder_version="4.2.2" form_field_background_color="#ffffff" form_field_focus_background_color="#ffffff" background_color="#ffffff" custom_button="on" button_text_size="16px" button_text_color="#ffffff" button_bg_color="#005da4" button_border_color="#005da4" button_border_radius="100px" button_letter_spacing="2px" button_use_icon="off" module_alignment="center" custom_padding="50px|30px|50px|30px|false|false" box_shadow_style_button="preset3"][et_pb_contact_field field_id="Name" field_title="Name" _builder_version="4.2.2" form_field_background_color="#ffffff" border_width_all="1px" border_color_all="rgba(0,0,0,0.1)" button_text_size__hover_enabled="off" button_one_text_size__hover_enabled="off" button_two_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_one_text_color__hover_enabled="off" button_two_text_color__hover_enabled="off" button_border_width__hover_enabled="off" button_one_border_width__hover_enabled="off" button_two_border_width__hover_enabled="off" button_border_color__hover_enabled="off" button_one_border_color__hover_enabled="off" button_two_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_one_border_radius__hover_enabled="off" button_two_border_radius__hover_enabled="off" button_letter_spacing__hover_enabled="off" button_one_letter_spacing__hover_enabled="off" button_two_letter_spacing__hover_enabled="off" button_bg_color__hover_enabled="off" button_one_bg_color__hover_enabled="off" button_two_bg_color__hover_enabled="off"][/et_pb_contact_field][et_pb_contact_field field_id="Email" field_title="Email Address" field_type="email" _builder_version="4.2.2" form_field_background_color="#ffffff" border_width_all="1px" border_color_all="rgba(0,0,0,0.1)" button_text_size__hover_enabled="off" button_one_text_size__hover_enabled="off" button_two_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_one_text_color__hover_enabled="off" button_two_text_color__hover_enabled="off" button_border_width__hover_enabled="off" button_one_border_width__hover_enabled="off" button_two_border_width__hover_enabled="off" button_border_color__hover_enabled="off" button_one_border_color__hover_enabled="off" button_two_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_one_border_radius__hover_enabled="off" button_two_border_radius__hover_enabled="off" button_letter_spacing__hover_enabled="off" button_one_letter_spacing__hover_enabled="off" button_two_letter_spacing__hover_enabled="off" button_bg_color__hover_enabled="off" button_one_bg_color__hover_enabled="off" button_two_bg_color__hover_enabled="off"][/et_pb_contact_field][/et_pb_contact_form][/et_pb_column][/et_pb_row][/et_pb_section] #### Forgot Password [et_pb_section fb_built="1" admin_label="section" _builder_version="3.22"][et_pb_row admin_label="row" _builder_version="3.25" background_size="initial" background_position="top_left" background_repeat="repeat"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text admin_label="Text" _builder_version="4.4.6" header_font_size="40px" background_size="initial" background_position="top_left" background_repeat="repeat"]Welcome to the XYPRO Customer Care Center If you've forgotten your password, just enter your email address you registered with and you will receive an email with instructions for resetting your Password. [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section] #### Free Rapid Security Assessment [et_pb_section fb_built="1" next_background_color="#ffffff" admin_label="Hero Section" _builder_version="4.17.4" use_background_color_gradient="on" background_color_gradient_stops="rgba(0,93,164,0.8) 0%|rgba(29,53,87,0.78) 100%" background_color_gradient_start="rgba(0,93,164,0.8)" background_color_gradient_end="rgba(29,53,87,0.78)" background_image="https://xypro.com/wp-content/uploads/2021/08/software-bg.jpg" parallax="on" background_blend="overlay" custom_margin="||||false|false" custom_padding="0px||||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x" global_colors_info="{}"][et_pb_row _builder_version="4.16" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" custom_padding="40px|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text admin_label="Text" _builder_version="4.17.4" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" text_orientation="center" background_layout="dark" max_width="700px" module_alignment="center" custom_margin="||||false|false" custom_padding="50px||50px||false|false" global_colors_info="{}"]Rapid Security Assessment[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.17.4" _module_preset="default" custom_margin="||0px||false|false" custom_padding="||0px||false|false" global_colors_info="{}"][et_pb_row column_structure="1_2,1_2" _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="1_2" _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][et_pb_text admin_label="Text" _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"]Free Rapid Security Assessment To receive your free rapid security assessment, please fill out the following form. Free Rapid Security Assessment Name(Required) First Last Company(Required)Title(Required)Phone(Required)Email(Required) Checkbox(Required) I agree I give my consent to XYPRO to communicate with me via email at the above entered email address for the purposes of the Rapid Security Assessment and additional security topics.NameThis field is for validation purposes and should be left unchanged. [/et_pb_text][/et_pb_column][et_pb_column type="1_2" _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.19.2" _module_preset="default" global_colors_info="{}"]Your Cybersecurity Score in Minutes The probability that an organization will experience a breach in the next 24 months is 27.9% and the current time to identify and contain a breach is 280 days. XYPRO helps organizations reduce the mean time to detect and respond to potential breaches by up to 80%. Our FREE Rapid Security Assessment is essential to understanding your organization's security posture. Our multi-pronged approach evaluates your HPE NonStop system security in six key categories and highlights immediate risks that can be detrimental to your systems, users, and data. Our quick and easy-to-run security assessment provides a detailed view of threats found across your HPE NonStop environment. This Assessment includes a FREE review with a security expert to discuss findings and recommendations and ensure you have implemented industry best practices and are protected against advanced threats impacting organizations today. 120+ different security vectors evaluated in 6 key categories Single executable, nothing to install, easy to run No sensitive data Report and recommendations provided Completely FREE [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.17.4" _module_preset="default" custom_margin="0px||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][/et_pb_section] #### Giving Back [et_pb_section fb_built="1" next_background_color="#ffffff" admin_label="Hero Section" _builder_version="4.16" use_background_color_gradient="on" background_color_gradient_stops="rgba(0,93,164,0.76) 0%|rgba(29,53,87,0.64) 100%" background_color_gradient_start="rgba(0,93,164,0.76)" background_color_gradient_end="rgba(29,53,87,0.64)" background_image="https://xypro.com/wp-content/uploads/2021/02/pexels-pixabay-207896-scaled.jpg" background_blend="soft-light" custom_margin="||||false|false" custom_padding="60px||||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x" global_colors_info="{}"][et_pb_row _builder_version="4.16" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" custom_padding="40px|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text _builder_version="4.16" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" text_orientation="center" background_layout="dark" max_width="700px" module_alignment="center" custom_margin="||||false|false" custom_padding="50px||50px||false|false" global_colors_info="{}"]Community Connection[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.16" custom_padding="30px||30px||false|false" global_colors_info="{}"][et_pb_row admin_label="MISSION" _builder_version="4.16" custom_padding="0px||7px||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" global_colors_info="{}"][et_pb_text admin_label="Text" _builder_version="4.16" global_colors_info="{}"]XYPRO Technology is dedicated to serving our communities. Giving back and empowering each other is at the core of our culture.    All XYPRO employees are encouraged to use an additional 16 hours of paid leave per year to volunteer their time, talent, and passion. Since we implemented our Covid19 work from home policy, XYPRO has donated to several charities focused on testing and providing immediate assistance to those who are the most impacted. We continue to support organizations such as Meals on Wheels, Red Cross, Senior Concerns, Boys and Girls Clubs, Project Angel Food, Core Response and many more in various cities in Ventura and Los Angeles Counties, Omaha, NE, Australia, UK, Mexico, and Canada. In addition to our charitable team building activities, we continue our ongoing support for organizations such as Meals on Wheels, Red Cross, Senior Concerns, Boys and Girls Clubs, Free Clinic of Simi Valley, and The Samaritan Center of Simi Valley.[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.16" _module_preset="default" custom_padding="0px||0px|||" global_colors_info="{}"][et_pb_row _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_divider admin_label="Divider" _builder_version="4.16" _module_preset="default" width="25%" module_alignment="center" min_height="25px" global_colors_info="{}"][/et_pb_divider][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_4,1_4,1_4,1_4" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_column type="1_4" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_blurb url="https://www.mealsonwheelsamerica.org/" url_new_window="on" image="https://xypro.com/wp-content/uploads/2020/08/Meals-on-Wheels.png" alt="Meals on Wheels America" _builder_version="4.16" _module_preset="cc814535-707e-402e-954f-98e9a8f1a413" custom_margin="||||false|false" custom_padding="30%|10px||10px|false|false" link_option_url="https://www.mealsonwheelsamerica.org/" link_option_url_new_window="on" global_colors_info="{}"][/et_pb_blurb][/et_pb_column][et_pb_column type="1_4" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_blurb url="https://www.seniorconcerns.org/" url_new_window="on" image="https://xypro.com/wp-content/uploads/2020/08/Senior-Concerns-Logo-v2.png" alt="Senior Concerns" _builder_version="4.16" _module_preset="cc814535-707e-402e-954f-98e9a8f1a413" custom_padding="15%|10px||10px|false|false" link_option_url="https://www.seniorconcerns.org/" link_option_url_new_window="on" global_colors_info="{}"][/et_pb_blurb][/et_pb_column][et_pb_column type="1_4" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_blurb url="https://www.freeclinicsv.com/" url_new_window="on" image="https://xypro.com/wp-content/uploads/2020/08/1428771424.png" alt="Free Clinic of Simi Valley" _builder_version="4.16" _module_preset="cc814535-707e-402e-954f-98e9a8f1a413" custom_padding="25%|10px||10px|false|false" link_option_url="https://www.freeclinicsv.com/" link_option_url_new_window="on" global_colors_info="{}"][/et_pb_blurb][/et_pb_column][et_pb_column type="1_4" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_blurb url="https://www.angelfood.org/" url_new_window="on" image="https://xypro.com/wp-content/uploads/2020/08/Homepage___Project_Angel_Food.jpg" alt="Project Angel Food" _builder_version="4.16" _module_preset="cc814535-707e-402e-954f-98e9a8f1a413" custom_padding="18%|10px||10px|false|false" link_option_url="https://www.angelfood.org/" link_option_url_new_window="on" global_colors_info="{}"][/et_pb_blurb][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_4,1_4,1_4,1_4" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_column type="1_4" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_blurb url="https://www.coreresponse.org/" url_new_window="on" image="https://xypro.com/wp-content/uploads/2020/08/Core-Logo-Final-side-tag.png" alt="CORE - Community Organized Relief Effort" _builder_version="4.16" _module_preset="cc814535-707e-402e-954f-98e9a8f1a413" custom_padding="30%|10px||10px|false|false" link_option_url="https://www.coreresponse.org/" link_option_url_new_window="on" global_colors_info="{}"][/et_pb_blurb][/et_pb_column][et_pb_column type="1_4" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_blurb url="https://www.redcross.org" url_new_window="on" image="https://xypro.com/wp-content/uploads/2020/08/redcross-logo.png.img_.png" _builder_version="4.16" _module_preset="cc814535-707e-402e-954f-98e9a8f1a413" custom_padding="18%|10px||10px|false|false" link_option_url="https://www.redcross.org" link_option_url_new_window="on" global_colors_info="{}"][/et_pb_blurb][/et_pb_column][et_pb_column type="1_4" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_blurb url="https://redcross.org.au" url_new_window="on" image="https://xypro.com/wp-content/uploads/2020/08/1200px-Australian_Red_Cross_full_logo.svg_.png" _builder_version="4.16" _module_preset="cc814535-707e-402e-954f-98e9a8f1a413" custom_padding="15%|10px||10px|false|false" link_option_url="https://redcross.org.au" link_option_url_new_window="on" global_colors_info="{}"][/et_pb_blurb][/et_pb_column][et_pb_column type="1_4" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_blurb url="https://abc7.com/spark-of-love-2020-abc7-toy-drive-donate-toys-receive/5684558/" url_new_window="on" image="https://xypro.com/wp-content/uploads/2020/08/Spark-of-Love.jpg" _builder_version="4.16" _module_preset="cc814535-707e-402e-954f-98e9a8f1a413" custom_padding="15%|10px||10px|false|false" link_option_url="https://abc7.com/spark-of-love-2020-abc7-toy-drive-donate-toys-receive/5684558/" link_option_url_new_window="on" global_colors_info="{}"][/et_pb_blurb][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_5,1_5,1_5,1_5,1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_column type="1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_column][et_pb_column type="1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_blurb url="https://www.bgca.org" url_new_window="on" image="https://xypro.com/wp-content/uploads/2020/08/1200px-Boys__Girls_Clubs_of_America_logo.svg_.png" _builder_version="4.16" _module_preset="cc814535-707e-402e-954f-98e9a8f1a413" min_height="220px" custom_padding="25%|10px||10px|false|false" link_option_url="https://www.bgca.org" link_option_url_new_window="on" global_colors_info="{}"][/et_pb_blurb][/et_pb_column][et_pb_column type="1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_blurb url="https://komenlacounty.org/" url_new_window="on" image="https://xypro.com/wp-content/uploads/2020/08/Susan-G.-Komen-Breast-Cancer.png" _builder_version="4.16" _module_preset="cc814535-707e-402e-954f-98e9a8f1a413" min_height="220px" custom_padding="25%|10px||10px|false|false" link_option_url="https://komenlacounty.org/" link_option_url_new_window="on" global_colors_info="{}"][/et_pb_blurb][/et_pb_column][et_pb_column type="1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_blurb url="https://us.movember.com/" url_new_window="on" image="https://xypro.com/wp-content/uploads/2021/02/movember_800-300x253.jpg" _builder_version="4.16" _module_preset="cc814535-707e-402e-954f-98e9a8f1a413" min_height="220px" custom_padding="15%|10px||10px|false|false" link_option_url="https://us.movember.com/" link_option_url_new_window="on" global_colors_info="{}"][/et_pb_blurb][/et_pb_column][et_pb_column type="1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_column][/et_pb_row][et_pb_row _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_divider _builder_version="4.16" _module_preset="default" width="25%" module_alignment="center" global_colors_info="{}"][/et_pb_divider][/et_pb_column][/et_pb_row][et_pb_row _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2022/04/ukraine-flag.png" title_text="ukraine flag" _builder_version="4.16" _module_preset="default" max_width="400px" global_colors_info="{}"][/et_pb_image][et_pb_text admin_label="Text" _builder_version="4.16" _module_preset="default" global_colors_info="{}"]XYPRO Leadership matched employee donations to provide relief to Ukrainian refugees. Below are of some of the organizations that XYPRO and its employees have selected to help. Click on a logo to learn more.[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_5,1_5,1_5,1_5,1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_column type="1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_blurb url="https://www.airbnb.org/help-ukraine" url_new_window="on" image="https://xypro.com/wp-content/uploads/2022/04/Airbnb.org-logo-1.png" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_blurb][/et_pb_column][et_pb_column type="1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_blurb url="https://give.wearealight.org/give/393657/#!/donation/checkout" url_new_window="on" image="https://xypro.com/wp-content/uploads/2022/04/alight-logo-1.jpg" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_blurb][/et_pb_column][et_pb_column type="1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_blurb url="https://donate.jdc.org/give/393030/?gclid=Cj0KCQjw3IqSBhCoARIsAMBkTb3t3Us98jlrIc3lYj7kqxuh4XOYdRNGhDQNjH5AsUJcQTE_5ob410saAsnrEALw_wcB#!/donation/checkout?c_src=GSUkraine&c_src2=Feb2022C" image="https://xypro.com/wp-content/uploads/2022/04/American-Jewish-Joint-Distribution-Committee-1.jpg" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_blurb][/et_pb_column][et_pb_column type="1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_blurb url="https://www.globalgiving.org/projects/ukraine-crisis-relief-fund/donate/" image="https://xypro.com/wp-content/uploads/2022/04/global-giving-1.jpg" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_blurb][/et_pb_column][et_pb_column type="1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_blurb url="https://www.americares.org/emergency-program/conflict-in-ukraine/" image="https://xypro.com/wp-content/uploads/2022/04/Americares-1-1.png" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_blurb][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_5,1_5,1_5,1_5,1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_column type="1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_blurb url="https://www.midwestfoodbank.org/donate/ukraine" image="https://xypro.com/wp-content/uploads/2022/04/Midwestfoodbank-org-logo-1.png" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_blurb][/et_pb_column][et_pb_column type="1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_blurb url="https://www.savethechildren.org/us/where-we-work/ukraine" image="https://xypro.com/wp-content/uploads/2022/04/Save-the-Children-1.jpg" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_blurb][/et_pb_column][et_pb_column type="1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_blurb url="https://www.unicef.org/ukraine/en" image="https://xypro.com/wp-content/uploads/2022/04/Unicef-1.jpg" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_blurb][/et_pb_column][et_pb_column type="1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_blurb url="https://wck.org/relief/activation-chefs-for-ukraine" image="https://xypro.com/wp-content/uploads/2022/04/World-Central-Kitchen-1.jpg" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_blurb][/et_pb_column][et_pb_column type="1_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_blurb url="https://www.worldvision.org/disaster-relief-news-stories/ukraine-crisis-facts-faqs-and-how-to-help" image="https://xypro.com/wp-content/uploads/2022/04/worldvision-logo-1.jpg" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_blurb][/et_pb_column][/et_pb_row][et_pb_row _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_divider _builder_version="4.16" _module_preset="default" width="25%" module_alignment="center" global_colors_info="{}"][/et_pb_divider][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_2,1_2" _builder_version="4.16" _module_preset="default" custom_margin="10px||10px||true|false" global_colors_info="{}"][et_pb_column type="1_2" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2022/04/fcosv-50logo-1.png" alt="Free Clinic of Simi Valley" title_text="fcosv-50logo" _builder_version="4.16" _module_preset="default" width="75%" module_alignment="center" global_colors_info="{}"][/et_pb_image][et_pb_text admin_label="Text" _builder_version="4.16" global_colors_info="{}"]The mission of the Free Clinic of Simi Valley is to provide medical care, counseling, dental and legal assistance to individuals and families in need, regardless of their ability to pay.   This includes those of all ages, ethnicities, religions, and socioeconomic backgrounds, who are unable to use traditional sources within the community.  Typically, the clients of the Clinic are the uninsured and the underserved. XYPRO is a proud sponsor of a Free Clinic Lab Room and appears on the Clinic Donor Wall, dedicated in 2022.[/et_pb_text][/et_pb_column][et_pb_column type="1_2" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_code _builder_version="4.16" _module_preset="default" global_colors_info="{}"] [/et_pb_code][et_pb_code _builder_version="4.16" _module_preset="default" global_colors_info="{}"] [/et_pb_code][/et_pb_column][/et_pb_row][et_pb_row _builder_version="4.16" _module_preset="default" custom_margin="10px||10px||true|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_divider _builder_version="4.16" _module_preset="default" width="25%" module_alignment="center" min_height="0px" height="0px" global_colors_info="{}"][/et_pb_divider][et_pb_text admin_label="Text" _builder_version="4.16" _module_preset="default" header_3_text_align="center" global_colors_info="{}"]XYPRO Team Building[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_2,1_2" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_column type="1_2" module_class="second-on-mobile" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_code disabled_on="off|off|off" _builder_version="4.19.2" _module_preset="default" module_alignment="center" custom_margin="||0px||false|false" custom_padding="||0px||false|false" global_colors_info="{}"] #### Home [et_pb_section fb_built="1" admin_label="Header" _builder_version="4.16" background_color="rgba(0,0,0,0)" background_color_gradient_direction="148deg" background_enable_image="off" background_blend="multiply" custom_margin="||||false" custom_padding="0px||0px||false|false" bottom_divider_height="20vw" bottom_divider_repeat="0.75x" hover_enabled="0" collapsed="off" global_colors_info="{}" sticky_enabled="0"][et_pb_row custom_padding_last_edited="on|desktop" admin_label="Row" _builder_version="4.16" max_width="80%" custom_padding="0px||||false|false" custom_padding_tablet="||||true|false" custom_padding_phone="" use_custom_width="on" width_unit="off" global_colors_info="{}" custom_padding__hover_enabled="off|desktop"][et_pb_column type="4_4" _builder_version="4.16" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_button button_url="https://xypro.com/?page_id=218494&preview=true" button_text="Covid-19 (Coronavirus) Business Continuity Statement" button_alignment="right" _builder_version="4.16" custom_button="on" button_text_size="12px" button_border_color="rgba(0,0,0,0)" custom_margin="||7px|||" hover_enabled="0" global_colors_info="{}" sticky_enabled="0"][/et_pb_button][et_pb_nextend_smart_slider_3 slider="5" module_id="home-slider" _builder_version="4.5.3" global_colors_info="{}" hover_enabled="0" sticky_enabled="0"][/et_pb_nextend_smart_slider_3][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.16" custom_padding="40px|||||" global_colors_info="{}"][et_pb_row column_structure="3_5,2_5" _builder_version="4.16" global_colors_info="{}"][et_pb_column type="3_5" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.16" global_colors_info="{}"]XYPRO Technology CoporationProblems We Solve As security professionals, we have to get it right 100% of the time. Criminals have to be right just once. By identifying, in real-time, security events driven by actual malicious activity and not bombarding you with every possible “incident”, XYPRO Solutions can free up your IT resources by up to 80%.[/et_pb_text][/et_pb_column][et_pb_column type="2_5" _builder_version="4.16" global_colors_info="{}"][et_pb_nextend_smart_slider_3 slider="10" _builder_version="4.2.2" global_colors_info="{}" hover_enabled="0" sticky_enabled="0"][/et_pb_nextend_smart_slider_3][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" custom_padding_last_edited="on|tablet" admin_label="Feature" _builder_version="4.16" background_color="rgba(0,0,0,0)" use_background_color_gradient="on" background_color_gradient_type="circular" background_color_gradient_stops="rgba(0,31,45,0.11) 16%|rgba(30,34,38,0.4) 100%" background_color_gradient_start="rgba(0,31,45,0.11)" background_color_gradient_start_position="16%" background_color_gradient_end="rgba(30,34,38,0.4)" parallax="on" custom_padding="0vw||||false|false" custom_padding_tablet="||10vw" custom_padding_phone="" bottom_divider_color="#ffffff" bottom_divider_height="10vw" bottom_divider_repeat="2x" bottom_divider_flip="horizontal" bottom_divider_height_tablet="90px" bottom_divider_height_phone="" bottom_divider_height_last_edited="on|tablet" bottom_divider_repeat_tablet="0x" bottom_divider_repeat_phone="" bottom_divider_repeat_last_edited="on|desktop" custom_width_px__hover="1080px" custom_width_px__hover_enabled="1080px" custom_width_percent__hover="80%" custom_width_percent__hover_enabled="80%" collapsed="off" global_colors_info="{}" gutter_width__hover="3" gutter_width__hover_enabled="3" parallax_1__hover="off" parallax_1__hover_enabled="off" parallax_2__hover="off" parallax_2__hover_enabled="off" parallax_3__hover="off" parallax_3__hover_enabled="off" parallax_method_1__hover="on" parallax_method_1__hover_enabled="on" parallax_method_2__hover="on" parallax_method_2__hover_enabled="on" parallax_method_3__hover="on" parallax_method_3__hover_enabled="on" use_background_color_gradient__hover="off" use_background_color_gradient__hover_enabled="off" background_color_gradient_start__hover="#2b87da" background_color_gradient_start__hover_enabled="#2b87da" background_color_gradient_end__hover="#29c4a9" background_color_gradient_end__hover_enabled="#29c4a9" background_color_gradient_direction__hover="180deg" background_color_gradient_direction__hover_enabled="180deg" background_color_gradient_type__hover="linear" background_color_gradient_type__hover_enabled="linear" background_color_gradient_direction_radial__hover="center" background_color_gradient_direction_radial__hover_enabled="center" background_color_gradient_start_position__hover="0%" background_color_gradient_start_position__hover_enabled="0%" background_color_gradient_end_position__hover="100%" background_color_gradient_end_position__hover_enabled="100%" background_color_gradient_overlays_image__hover="off" background_color_gradient_overlays_image__hover_enabled="off" parallax__hover="off" parallax__hover_enabled="off" parallax_method__hover="on" parallax_method__hover_enabled="on" background_size__hover="cover" background_size__hover_enabled="cover" background_position__hover="center" background_position__hover_enabled="center" background_repeat__hover="no-repeat" background_repeat__hover_enabled="no-repeat" background_blend__hover="normal" background_blend__hover_enabled="normal" allow_player_pause__hover="off" allow_player_pause__hover_enabled="off" background_video_pause_outside_viewport__hover="on" background_video_pause_outside_viewport__hover_enabled="on" inner_shadow__hover="off" inner_shadow__hover_enabled="off" make_fullwidth__hover="off" make_fullwidth__hover_enabled="off" use_custom_width__hover="off" use_custom_width__hover_enabled="off" width_unit__hover="on" width_unit__hover_enabled="on" make_equal__hover="off" make_equal__hover_enabled="off" use_custom_gutter__hover="off" use_custom_gutter__hover_enabled="off" border_radii__hover="on||||" border_radii__hover_enabled="on||||" box_shadow_style__hover="none" box_shadow_style__hover_enabled="none" box_shadow_color__hover="rgba(0,0,0,0.3)" box_shadow_color__hover_enabled="rgba(0,0,0,0.3)" max_width__hover="100%" max_width__hover_enabled="100%" filter_hue_rotate__hover="0deg" filter_hue_rotate__hover_enabled="0deg" filter_saturate__hover="100%" filter_saturate__hover_enabled="100%" filter_brightness__hover="100%" filter_brightness__hover_enabled="100%" filter_contrast__hover="100%" filter_contrast__hover_enabled="100%" filter_invert__hover="0%" filter_invert__hover_enabled="0%" filter_sepia__hover="0%" filter_sepia__hover_enabled="0%" filter_opacity__hover="100%" filter_opacity__hover_enabled="100%" filter_blur__hover="0px" filter_blur__hover_enabled="0px" mix_blend_mode__hover="normal" mix_blend_mode__hover_enabled="normal" animation_style__hover="none" animation_style__hover_enabled="none" animation_repeat__hover="once" animation_repeat__hover_enabled="once" animation_direction__hover="center" animation_direction__hover_enabled="center" animation_duration__hover="1000ms" animation_duration__hover_enabled="1000ms" animation_delay__hover="0ms" animation_delay__hover_enabled="0ms" animation_intensity_slide__hover="50%" animation_intensity_slide__hover_enabled="50%" animation_intensity_zoom__hover="50%" animation_intensity_zoom__hover_enabled="50%" animation_intensity_flip__hover="50%" animation_intensity_flip__hover_enabled="50%" animation_intensity_fold__hover="50%" animation_intensity_fold__hover_enabled="50%" animation_intensity_roll__hover="50%" animation_intensity_roll__hover_enabled="50%" animation_starting_opacity__hover="0%" animation_starting_opacity__hover_enabled="0%" animation_speed_curve__hover="ease-in-out" animation_speed_curve__hover_enabled="ease-in-out" hover_transition_duration__hover="300ms" hover_transition_duration__hover_enabled="300ms" hover_transition_delay__hover="0ms" hover_transition_delay__hover_enabled="0ms" hover_transition_speed_curve__hover="ease" hover_transition_speed_curve__hover_enabled="ease" background_color_gradient_stops__hover="#2b87da 0%|#29c4a9 100%"][et_pb_row _builder_version="4.16" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.16" text_orientation="right" global_colors_info="{}"]Know What is Happening in Real-Time[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="2_5,3_5" _builder_version="4.16" global_colors_info="{}"][et_pb_column type="2_5" _builder_version="4.16" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_image src="https://xypro.com/wp-content/uploads/2019/12/td1-e1580508813200.jpg" _builder_version="4.19.2" hover_enabled="0" border_radii="on||||" box_shadow_style="preset3" global_colors_info="{}" admin_label="Image" sticky_enabled="0"][/et_pb_image][/et_pb_column][et_pb_column type="3_5" _builder_version="4.16" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text _builder_version="4.16" text_font="||||||||" text_line_height="2em" max_width="700px" header_2_font_size_tablet="26px" header_2_font_size_phone="20px" header_2_font_size_last_edited="on|phone" global_colors_info="{}"]A centralized summary or detail view of the relevant activity from your servers, appliances and users.[/et_pb_text][et_pb_button button_url="@ET-DC@eyJkeW5hbWljIjp0cnVlLCJjb250ZW50IjoicG9zdF9saW5rX3VybF9wYWdlIiwic2V0dGluZ3MiOnsicG9zdF9pZCI6IjY1ODcifX0=@" button_text="View All Products" button_alignment="center" _builder_version="4.16" _dynamic_attributes="button_url" custom_button="on" button_text_size="16px" button_text_color="#ffffff" button_bg_color="#091c4f" button_border_color="rgba(0,0,0,0)" button_border_radius="100px" button_letter_spacing="2px" button_font="Poppins|600|||||||" button_use_icon="off" custom_padding="16px|32px|16px|32px|true|true" hover_enabled="0" box_shadow_style="preset1" box_shadow_vertical="20px" box_shadow_blur="71px" box_shadow_spread="-14px" box_shadow_color="#091c4f" locked="off" global_colors_info="{}" button_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_bg_color__hover_enabled="off" button_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_letter_spacing__hover="2px" button_letter_spacing__hover_enabled="on" button_border_width__hover_enabled="off" sticky_enabled="0"][/et_pb_button][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.16" custom_padding="40px|||||" global_colors_info="{}"][et_pb_row _builder_version="4.16" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.16" hover_enabled="0" global_colors_info="{}" sticky_enabled="0"]XYPRO Security Solutions Reduce Risk[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="3_5,2_5" _builder_version="4.16" global_colors_info="{}"][et_pb_column type="3_5" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.16" global_colors_info="{}"]XYPRO's Security Dashboard alerts you to potential security threats before they can become breaches.[/et_pb_text][/et_pb_column][et_pb_column type="2_5" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.16" global_colors_info="{}"] Integrity Monitoring Dashboard Illustrating Risk Management and Real-Time Threat DetectionReal-time threat detection dashboard for greater risk managementAppliance Sentry Dashboard illustrating the CLIM Risk Manager [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.16" custom_margin="||||false|false" global_colors_info="{}"][et_pb_row custom_padding_last_edited="off|desktop" _builder_version="4.16" background_color="rgba(239,103,40,0.96)" use_background_color_gradient="on" background_color_gradient_direction="148deg" background_color_gradient_stops="#d6545b 19%|#ff915e 100%" background_color_gradient_start="#d6545b" background_color_gradient_start_position="19%" background_color_gradient_end="#ff915e" background_image="https://xypro.com/wp-content/uploads/2019/10/quote.png" background_size="initial" background_position="top_right" width="100%" max_width="100%" module_alignment="left" custom_padding="4vw||2vw||false|false" custom_padding_tablet="|0%||0%" animation_direction="left" use_custom_width="on" width_unit="off" custom_width_percent="100%" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" global_colors_info="{}"][et_pb_slider _builder_version="4.16" header_font="Poppins|500|||||||" header_text_color="#ffffff" header_font_size="32px" header_line_height="1.6em" body_font="||||||||" body_text_color="rgba(255,255,255,0.53)" body_line_height="2em" background_color="rgba(255,255,255,0)" text_orientation="left" custom_margin="||||false|false" custom_padding="50px||80px||false|false" animation_style="fade" animation_delay="666ms" auto="on" auto_speed="5000" header_font_size_tablet="22px" header_font_size_phone="16px" header_font_size_last_edited="on|tablet" header_text_shadow_style="preset1" header_text_shadow_color="rgba(0,0,0,0)" body_text_shadow_style="preset1" body_text_shadow_color="rgba(0,0,0,0)" border_radii="on|10px|10px|10px|10px" locked="off" global_colors_info="{}" button_text_size__hover_enabled="off" button_one_text_size__hover_enabled="off" button_two_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_one_text_color__hover_enabled="off" button_two_text_color__hover_enabled="off" button_border_width__hover_enabled="off" button_one_border_width__hover_enabled="off" button_two_border_width__hover_enabled="off" button_border_color__hover_enabled="off" button_one_border_color__hover_enabled="off" button_two_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_one_border_radius__hover_enabled="off" button_two_border_radius__hover_enabled="off" button_letter_spacing__hover_enabled="off" button_one_letter_spacing__hover_enabled="off" button_two_letter_spacing__hover_enabled="off" button_bg_color__hover_enabled="off" button_one_bg_color__hover_enabled="off" button_two_bg_color__hover_enabled="off"][et_pb_slide heading="%22XYPRO is the best investment we ever made in NonStop security.%22" _builder_version="4.16" header_font="|500|||||||" locked="off" global_colors_info="{}" sticky_transition="on"]— CTO BankServ Africa [/et_pb_slide][/et_pb_slider][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="Post Carousel" _builder_version="4.16" custom_padding="29px|||||" global_colors_info="{}"][et_pb_row _builder_version="4.16" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.16" header_text_align="center" header_2_text_align="center" global_colors_info="{}"]Recent Articles and News Speed of Risk Reduction Is the New Standard for Vulnerability ManagementMay 14, 2026XYPRO Team Simplifying Security for HPE Nonstop Systems with XYGATE SecurityOne 2.4April 6, 2026XYPRO Team PartnerOne Continues Investment in AI with XYPRO Applied AI TechnologyMarch 3, 2026XYPRO Team XYPRO and CAIL Announce Partnership and Deliver First-of-Its-Kind Multi-Factor Authentication Integration for HPE NonstopMarch 3, 2026XYPRO Team From Visibility to Action: Bringing HPE Nonstop into Enterprise Risk ManagementFebruary 25, 2026XYPRO Team Quantum Computing and the Ticking Clock: Why Mission-Critical Workloads Can’t Ignore This RiskJuly 24, 2025XYPRO Team XYPRO SQLXPress Now Included in HPE’s Database BundleMarch 6, 2025XYPRO Team PCI DSS 4.0 Compliance : A Comprehensive Guide (XYPRO Education)August 23, 2024XYPRO Team The Cyber Shield: A Blueprint for Digital Security and ResilienceJuly 15, 2024Steve Tcherchian[/et_pb_text][et_pb_button button_url="@ET-DC@eyJkeW5hbWljIjp0cnVlLCJjb250ZW50IjoicG9zdF9saW5rX3VybF9wYWdlIiwic2V0dGluZ3MiOnsicG9zdF9pZCI6IjU3NDgifX0=@" button_text="Read More" button_alignment="center" _builder_version="4.16" _dynamic_attributes="button_url" custom_button="on" button_text_size="16px" button_text_color="#ffffff" button_bg_color="#1d3557" button_border_color="rgba(0,0,0,0)" button_border_radius="100px" button_letter_spacing="2px" button_font="|600|||||||" button_icon="E||divi||400" button_icon_color="#ffffff" custom_padding="16px|32px|16px|32px|true|true" box_shadow_style="preset3" box_shadow_color="#091c4f" locked="off" global_colors_info="{}" button_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_bg_color__hover_enabled="off" button_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_letter_spacing__hover="3px" button_letter_spacing__hover_enabled="on|hover" button_border_width__hover_enabled="off"][/et_pb_button][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="CTA" module_id="cta-section" _builder_version="4.16" background_color="rgba(0,0,0,0)" global_colors_info="{}"][et_pb_row module_id="cta-row" _builder_version="4.16" custom_margin="|auto|28px|auto||" custom_padding="33px||23px|||" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" global_colors_info="{}"][et_pb_code admin_label="CTA - Text and Code" _builder_version="4.16" global_colors_info="{}"]XYPRO Protects Your Data As if it Were Our Own Here at XYPRO, we're constantly researching, discovering, and investing in new ways to minimize your security risk. Contact us today to learn how XYPRO solutions protect your data. Contact Sales[/et_pb_code][/et_pb_column][/et_pb_row][/et_pb_section] #### Home [et_pb_section fb_built="1" admin_label="Header" _builder_version="4.22.1" background_color="rgba(0,0,0,0)" background_color_gradient_direction="148deg" background_enable_image="off" background_blend="multiply" custom_margin="||||false" custom_padding="0px||0px||false|false" bottom_divider_height="20vw" bottom_divider_repeat="0.75x" collapsed="off" global_colors_info="{}"][et_pb_row custom_padding_last_edited="on|desktop" _builder_version="4.16" max_width="80%" custom_padding="0px||||false|false" custom_padding_tablet="||||true|false" custom_padding_phone="" use_custom_width="on" width_unit="off" global_colors_info="{}" custom_padding__hover_enabled="off|desktop"][et_pb_column type="4_4" _builder_version="4.16" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_nextend_smart_slider_3 slider="5" module_id="home-slider" _builder_version="4.0.2" global_colors_info="{}"][/et_pb_nextend_smart_slider_3][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.16" custom_padding="40px|||||" global_colors_info="{}"][et_pb_row column_structure="3_5,2_5" _builder_version="4.16" global_colors_info="{}"][et_pb_column type="3_5" _builder_version="4.16" global_colors_info="{}"][et_pb_text admin_label="Text" _builder_version="4.16" global_colors_info="{}"]XYPRO Technology CoporationProblems We Solve As security professionals, we have to get it right 100% of the time. Criminals have to be right just once. By identifying, in real-time, security events driven by actual malicious activity and not bombarding you with every possible “incident”, XYPRO Solutions can free up your IT resources by up to 80%.[/et_pb_text][/et_pb_column][et_pb_column type="2_5" _builder_version="4.16" global_colors_info="{}"][et_pb_nextend_smart_slider_3 slider="10" _builder_version="4.13.1" global_colors_info="{}"][/et_pb_nextend_smart_slider_3][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" custom_padding_last_edited="on|tablet" admin_label="Feature" _builder_version="4.16" background_color="rgba(0,0,0,0)" use_background_color_gradient="on" background_color_gradient_type="circular" background_color_gradient_stops="rgba(0,31,45,0.11) 16%|rgba(30,34,38,0.4) 100%" background_color_gradient_start="rgba(0,31,45,0.11)" background_color_gradient_start_position="16%" background_color_gradient_end="rgba(30,34,38,0.4)" parallax="on" custom_padding="0vw||||false|false" custom_padding_tablet="||10vw" custom_padding_phone="" bottom_divider_color="#ffffff" bottom_divider_height="10vw" bottom_divider_repeat="2x" bottom_divider_flip="horizontal" bottom_divider_height_tablet="90px" bottom_divider_height_phone="" bottom_divider_height_last_edited="on|tablet" bottom_divider_repeat_tablet="0x" bottom_divider_repeat_phone="" bottom_divider_repeat_last_edited="on|desktop" custom_width_px__hover="1080px" custom_width_px__hover_enabled="1080px" custom_width_percent__hover="80%" custom_width_percent__hover_enabled="80%" collapsed="off" global_colors_info="{}" gutter_width__hover="3" gutter_width__hover_enabled="3" parallax_1__hover="off" parallax_1__hover_enabled="off" parallax_2__hover="off" parallax_2__hover_enabled="off" parallax_3__hover="off" parallax_3__hover_enabled="off" parallax_method_1__hover="on" parallax_method_1__hover_enabled="on" parallax_method_2__hover="on" parallax_method_2__hover_enabled="on" parallax_method_3__hover="on" parallax_method_3__hover_enabled="on" use_background_color_gradient__hover="off" use_background_color_gradient__hover_enabled="off" background_color_gradient_start__hover="#2b87da" background_color_gradient_start__hover_enabled="#2b87da" background_color_gradient_end__hover="#29c4a9" background_color_gradient_end__hover_enabled="#29c4a9" background_color_gradient_direction__hover="180deg" background_color_gradient_direction__hover_enabled="180deg" background_color_gradient_type__hover="linear" background_color_gradient_type__hover_enabled="linear" background_color_gradient_direction_radial__hover="center" background_color_gradient_direction_radial__hover_enabled="center" background_color_gradient_start_position__hover="0%" background_color_gradient_start_position__hover_enabled="0%" background_color_gradient_end_position__hover="100%" background_color_gradient_end_position__hover_enabled="100%" background_color_gradient_overlays_image__hover="off" background_color_gradient_overlays_image__hover_enabled="off" parallax__hover="off" parallax__hover_enabled="off" parallax_method__hover="on" parallax_method__hover_enabled="on" background_size__hover="cover" background_size__hover_enabled="cover" background_position__hover="center" background_position__hover_enabled="center" background_repeat__hover="no-repeat" background_repeat__hover_enabled="no-repeat" background_blend__hover="normal" background_blend__hover_enabled="normal" allow_player_pause__hover="off" allow_player_pause__hover_enabled="off" background_video_pause_outside_viewport__hover="on" background_video_pause_outside_viewport__hover_enabled="on" inner_shadow__hover="off" inner_shadow__hover_enabled="off" make_fullwidth__hover="off" make_fullwidth__hover_enabled="off" use_custom_width__hover="off" use_custom_width__hover_enabled="off" width_unit__hover="on" width_unit__hover_enabled="on" make_equal__hover="off" make_equal__hover_enabled="off" use_custom_gutter__hover="off" use_custom_gutter__hover_enabled="off" border_radii__hover="on||||" border_radii__hover_enabled="on||||" box_shadow_style__hover="none" box_shadow_style__hover_enabled="none" box_shadow_color__hover="rgba(0,0,0,0.3)" box_shadow_color__hover_enabled="rgba(0,0,0,0.3)" max_width__hover="100%" max_width__hover_enabled="100%" filter_hue_rotate__hover="0deg" filter_hue_rotate__hover_enabled="0deg" filter_saturate__hover="100%" filter_saturate__hover_enabled="100%" filter_brightness__hover="100%" filter_brightness__hover_enabled="100%" filter_contrast__hover="100%" filter_contrast__hover_enabled="100%" filter_invert__hover="0%" filter_invert__hover_enabled="0%" filter_sepia__hover="0%" filter_sepia__hover_enabled="0%" filter_opacity__hover="100%" filter_opacity__hover_enabled="100%" filter_blur__hover="0px" filter_blur__hover_enabled="0px" mix_blend_mode__hover="normal" mix_blend_mode__hover_enabled="normal" animation_style__hover="none" animation_style__hover_enabled="none" animation_repeat__hover="once" animation_repeat__hover_enabled="once" animation_direction__hover="center" animation_direction__hover_enabled="center" animation_duration__hover="1000ms" animation_duration__hover_enabled="1000ms" animation_delay__hover="0ms" animation_delay__hover_enabled="0ms" animation_intensity_slide__hover="50%" animation_intensity_slide__hover_enabled="50%" animation_intensity_zoom__hover="50%" animation_intensity_zoom__hover_enabled="50%" animation_intensity_flip__hover="50%" animation_intensity_flip__hover_enabled="50%" animation_intensity_fold__hover="50%" animation_intensity_fold__hover_enabled="50%" animation_intensity_roll__hover="50%" animation_intensity_roll__hover_enabled="50%" animation_starting_opacity__hover="0%" animation_starting_opacity__hover_enabled="0%" animation_speed_curve__hover="ease-in-out" animation_speed_curve__hover_enabled="ease-in-out" hover_transition_duration__hover="300ms" hover_transition_duration__hover_enabled="300ms" hover_transition_delay__hover="0ms" hover_transition_delay__hover_enabled="0ms" hover_transition_speed_curve__hover="ease" hover_transition_speed_curve__hover_enabled="ease" background_color_gradient_stops__hover="#2b87da 0%|#29c4a9 100%"][et_pb_row _builder_version="4.16" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.16" text_orientation="right" global_colors_info="{}"]Know What is Happening in Real-Time[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="2_5,3_5" _builder_version="4.16" hover_enabled="0" global_colors_info="{}" sticky_enabled="0"][et_pb_column type="2_5" _builder_version="4.16" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_image src="https://xypro.com/wp-content/uploads/2019/12/td1-e1580508813200.jpg" _builder_version="4.27.4" hover_enabled="0" border_radii="on||||" box_shadow_style="preset3" global_colors_info="{}" hover_transition_duration="0ms" sticky_enabled="0"][/et_pb_image][/et_pb_column][et_pb_column type="3_5" _builder_version="4.16" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text _builder_version="4.16" text_font="||||||||" text_line_height="2em" max_width="700px" header_2_font_size_tablet="26px" header_2_font_size_phone="20px" header_2_font_size_last_edited="on|phone" global_colors_info="{}"]A centralized summary or detail view of the relevant activity from your servers, appliances and users.[/et_pb_text][et_pb_button button_url="@ET-DC@eyJkeW5hbWljIjp0cnVlLCJjb250ZW50IjoicG9zdF9saW5rX3VybF9wYWdlIiwic2V0dGluZ3MiOnsicG9zdF9pZCI6IjY1ODcifX0=@" button_text="View All Products" button_alignment="center" _builder_version="4.16" _dynamic_attributes="button_url" custom_button="on" button_text_size="16px" button_text_color="#ffffff" button_bg_color="#091c4f" button_border_color="rgba(0,0,0,0)" button_border_radius="100px" button_letter_spacing="2px" button_font="Poppins|600|||||||" button_use_icon="off" custom_padding="16px|32px|16px|32px|true|true" box_shadow_style="preset1" box_shadow_vertical="20px" box_shadow_blur="71px" box_shadow_spread="-14px" box_shadow_color="#091c4f" locked="off" global_colors_info="{}" button_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_bg_color__hover_enabled="off" button_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_letter_spacing__hover="2px" button_letter_spacing__hover_enabled="on" button_border_width__hover_enabled="off"][/et_pb_button][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.16" custom_padding="40px|||||" global_colors_info="{}"][et_pb_row _builder_version="4.16" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.16" global_colors_info="{}"]XYPRO Security Solutions Reduce Risk[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="3_5,2_5" _builder_version="4.16" global_colors_info="{}"][et_pb_column type="3_5" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.16" global_colors_info="{}"]XYPRO's Security Dashboard alerts you to potential security threats before they can become breaches.[/et_pb_text][/et_pb_column][et_pb_column type="2_5" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.16" global_colors_info="{}"] Integrity Monitoring Dashboard Illustrating Risk Management and Real-Time Threat DetectionReal-time threat detection dashboard for greater risk managementAppliance Sentry Dashboard illustrating the CLIM Risk Manager [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.16" custom_margin="||||false|false" global_colors_info="{}"][et_pb_row custom_padding_last_edited="off|desktop" _builder_version="4.16" background_color="rgba(239,103,40,0.96)" use_background_color_gradient="on" background_color_gradient_direction="148deg" background_color_gradient_stops="#d6545b 19%|#ff915e 100%" background_color_gradient_start="#d6545b" background_color_gradient_start_position="19%" background_color_gradient_end="#ff915e" background_image="https://xypro.com/wp-content/uploads/2019/10/quote.png" background_size="initial" background_position="top_right" width="100%" max_width="100%" module_alignment="left" custom_padding="4vw||2vw||false|false" custom_padding_tablet="|0%||0%" animation_direction="left" use_custom_width="on" width_unit="off" custom_width_percent="100%" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" global_colors_info="{}"][et_pb_slider _builder_version="4.16" header_font="Poppins|500|||||||" header_text_color="#ffffff" header_font_size="32px" header_line_height="1.6em" body_font="||||||||" body_text_color="rgba(255,255,255,0.53)" body_line_height="2em" background_color="rgba(255,255,255,0)" text_orientation="left" custom_margin="||||false|false" custom_padding="50px||80px||false|false" animation_style="fade" animation_delay="666ms" auto="on" auto_speed="5000" header_font_size_tablet="22px" header_font_size_phone="16px" header_font_size_last_edited="on|tablet" header_text_shadow_style="preset1" header_text_shadow_color="rgba(0,0,0,0)" body_text_shadow_style="preset1" body_text_shadow_color="rgba(0,0,0,0)" border_radii="on|10px|10px|10px|10px" locked="off" global_colors_info="{}" button_text_size__hover_enabled="off" button_one_text_size__hover_enabled="off" button_two_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_one_text_color__hover_enabled="off" button_two_text_color__hover_enabled="off" button_border_width__hover_enabled="off" button_one_border_width__hover_enabled="off" button_two_border_width__hover_enabled="off" button_border_color__hover_enabled="off" button_one_border_color__hover_enabled="off" button_two_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_one_border_radius__hover_enabled="off" button_two_border_radius__hover_enabled="off" button_letter_spacing__hover_enabled="off" button_one_letter_spacing__hover_enabled="off" button_two_letter_spacing__hover_enabled="off" button_bg_color__hover_enabled="off" button_one_bg_color__hover_enabled="off" button_two_bg_color__hover_enabled="off"][et_pb_slide heading="%22XYPRO is the best investment we ever made in NonStop security.%22" _builder_version="4.16" header_font="|500|||||||" locked="off" global_colors_info="{}" sticky_transition="on"]— CTO BankServ Africa [/et_pb_slide][/et_pb_slider][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="Post Carousel" _builder_version="4.16" custom_padding="29px|||||" global_colors_info="{}"][et_pb_row _builder_version="4.16" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.16" header_text_align="center" header_2_text_align="center" global_colors_info="{}"]Recent Articles and News Speed of Risk Reduction Is the New Standard for Vulnerability ManagementMay 14, 2026XYPRO Team Simplifying Security for HPE Nonstop Systems with XYGATE SecurityOne 2.4April 6, 2026XYPRO Team PartnerOne Continues Investment in AI with XYPRO Applied AI TechnologyMarch 3, 2026XYPRO Team XYPRO and CAIL Announce Partnership and Deliver First-of-Its-Kind Multi-Factor Authentication Integration for HPE NonstopMarch 3, 2026XYPRO Team From Visibility to Action: Bringing HPE Nonstop into Enterprise Risk ManagementFebruary 25, 2026XYPRO Team Quantum Computing and the Ticking Clock: Why Mission-Critical Workloads Can’t Ignore This RiskJuly 24, 2025XYPRO Team XYPRO SQLXPress Now Included in HPE’s Database BundleMarch 6, 2025XYPRO Team PCI DSS 4.0 Compliance : A Comprehensive Guide (XYPRO Education)August 23, 2024XYPRO Team The Cyber Shield: A Blueprint for Digital Security and ResilienceJuly 15, 2024Steve Tcherchian[/et_pb_text][et_pb_button button_url="@ET-DC@eyJkeW5hbWljIjp0cnVlLCJjb250ZW50IjoicG9zdF9saW5rX3VybF9wYWdlIiwic2V0dGluZ3MiOnsicG9zdF9pZCI6IjU3NDgifX0=@" button_text="Read More" button_alignment="center" _builder_version="4.16" _dynamic_attributes="button_url" custom_button="on" button_text_size="16px" button_text_color="#ffffff" button_bg_color="#1d3557" button_border_color="rgba(0,0,0,0)" button_border_radius="100px" button_letter_spacing="2px" button_font="|600|||||||" button_icon="E||divi||400" button_icon_color="#ffffff" custom_padding="16px|32px|16px|32px|true|true" box_shadow_style="preset3" box_shadow_color="#091c4f" locked="off" global_colors_info="{}" button_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_bg_color__hover_enabled="off" button_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_letter_spacing__hover="3px" button_letter_spacing__hover_enabled="on|hover" button_border_width__hover_enabled="off"][/et_pb_button][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="CTA" module_id="cta-section" _builder_version="4.16" background_color="rgba(0,0,0,0)" global_colors_info="{}"][et_pb_row module_id="cta-row" _builder_version="4.16" custom_margin="|auto|28px|auto||" custom_padding="33px||23px|||" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" global_colors_info="{}"][et_pb_code admin_label="CTA JS Code" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_code][et_pb_code admin_label="CTA - Text and Code" _builder_version="4.16" global_colors_info="{}"]XYPRO Protects Your Data As if it Were Our Own Here at XYPRO, we're constantly researching, discovering, and investing in new ways to minimize your security risk. Contact us today to learn how XYPRO solutions protect your data. Contact Sales[/et_pb_code][/et_pb_column][/et_pb_row][/et_pb_section] #### How-to Videos [et_pb_section fb_built="1" next_background_color="#ffffff" admin_label="Hero Section" _builder_version="4.0" use_background_color_gradient="on" background_color_gradient_start="#005DA4" background_color_gradient_end="#1D3557" custom_padding="0px||||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x" bottom_divider_arrangement="above_content" global_colors_info="{}"][et_pb_row _builder_version="3.29.3" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="40px|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text _builder_version="4.0.5" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" text_orientation="center" background_layout="dark" max_width="700px" module_alignment="center" custom_margin="||||false|false" custom_padding="50px||50px||false|false" global_colors_info="{}"]Videos[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="Videos" module_id="xyprohowto" _builder_version="4.0.5" background_color="#ffffff" custom_margin="0px||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_row column_structure="1_2,1_2" admin_label="SECTION MENU" _builder_version="4.0.5" global_colors_info="{}"][et_pb_column type="1_2" _builder_version="4.0.5" global_colors_info="{}"][et_pb_button button_url="#xyprohowto" button_text="Security How To" button_alignment="right" admin_label="XYPRO How To" _builder_version="4.0.9" custom_button="on" button_text_size="16px" button_text_color="#ffffff" button_bg_color="#f17050" button_border_color="rgba(0,0,0,0)" button_border_radius="100px" button_letter_spacing="2px" button_font="|600|||||||" button_icon="%%34%%" button_icon_color="#ffffff" button_on_hover="off" custom_margin="0px||||false|false" custom_padding="16px|32px|16px|32px|true|true" box_shadow_style="preset3" locked="off" global_colors_info="{}" button_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_bg_color__hover_enabled="off" button_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_letter_spacing__hover="3px" button_letter_spacing__hover_enabled="on|hover" button_border_width__hover_enabled="off"][/et_pb_button][/et_pb_column][et_pb_column type="1_2" _builder_version="4.0.5" global_colors_info="{}"][et_pb_button button_url="#merlonhowto" button_text="Database How To" button_alignment="left" admin_label="Merlon How To" _builder_version="4.0.9" custom_button="on" button_text_size="16px" button_text_color="#ffffff" button_bg_color="#1d3557" button_border_color="rgba(0,0,0,0)" button_border_radius="100px" button_letter_spacing="2px" button_font="|600|||||||" button_icon="%%34%%" button_icon_color="#ffffff" button_on_hover="off" custom_padding="16px|32px|16px|32px|true|true" box_shadow_style="preset3" box_shadow_color="#091c4f" locked="off" global_colors_info="{}" button_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_bg_color__hover_enabled="off" button_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_letter_spacing__hover="3px" button_letter_spacing__hover_enabled="on|hover" button_border_width__hover_enabled="off"][/et_pb_button][/et_pb_column][/et_pb_row][et_pb_row admin_label="HOW TO VIDEOS" _builder_version="4.0.5" width="90%" module_alignment="center" custom_margin="0px||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="3.29.3" global_colors_info="{}"][et_pb_text admin_label="HowTo" _builder_version="4.0.9" global_colors_info="{}"]Security How To Videos[/et_pb_text][et_pb_text _builder_version="4.0.5" custom_padding="||||false|false" global_colors_info="{}"] Prev 1 of 1 Next XYGATE Merged Audit (XMA) & XYGATE Transaction Router (XTR) XYGATE Access Control (XAC) - Keystroke Logging XYGATE Merged Audit (XMA) Manager - Pathway Management Menu Locating and Installing the XYGATE GUI Clients Installing XYGATE user Authentication (XUA) & XYGATE Transaction Router (XTR) 5 Best Practices for HPE NonStop File Integrity Monitoring NonStop Education Day - HPE NonStop Security with XYPRO XUA and XMA Proactive Risk Management HDFC, India’s Largest Private Bank, modernizes CyberSecurity KeyStroke Logging for HPE NonStop Servers Prev 1 of 1 Next [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="Videos" module_id="merlonhowto" _builder_version="4.0.5" background_color="#ffffff" custom_margin="0px||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_row admin_label="HOW TO VIDEOS" module_id="howto" _builder_version="4.0.5" width="90%" module_alignment="center" custom_margin="0px||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="3.29.3" global_colors_info="{}"][et_pb_text admin_label="HowTo" _builder_version="4.0.9" global_colors_info="{}"]Database How To Videos[/et_pb_text][et_pb_text _builder_version="4.0.5" custom_padding="||||false|false" global_colors_info="{}"] Prev 1 of 1 Next Merlon Discover Categorizing your Database using Worksheets Merlon SQLXPress Finding and Tuning a Poorly Performing Query Merlon SQLXPress Query Builder Merlon SQLXPress Building a Database Merlon Discover Automated File Error and Growth Monitoring Merlon MARS Reload Load Balancing and Throttles Merlon MARS Finding and Reloading Files Merlon SQLXPress Executing SQL Statements Prev 1 of 1 Next [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section] #### HPE NonStop PCI DSS Download [et_pb_section fb_built="1" next_background_color="#ffffff" admin_label="Hero Section" _builder_version="4.17.4" use_background_color_gradient="on" background_color_gradient_stops="rgba(0,93,164,0.8) 0%|rgba(29,53,87,0.78) 100%" background_color_gradient_start="rgba(0,93,164,0.8)" background_color_gradient_end="rgba(29,53,87,0.78)" background_image="https://xypro.com/wp-content/uploads/2021/08/software-bg.jpg" parallax="on" background_blend="overlay" custom_margin="||||false|false" custom_padding="0px||||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x" global_colors_info="{}"][et_pb_row _builder_version="4.16" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" custom_padding="40px|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text admin_label="Text" _builder_version="4.27.4" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" text_orientation="center" background_layout="dark" max_width="700px" module_alignment="center" custom_margin="||||false|false" custom_padding="50px||50px||false|false" global_colors_info="{}"]HPE Nonstop PCI DSS Download[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][et_pb_row _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][et_pb_text admin_label="Text" _builder_version="4.27.4" _module_preset="default" hover_enabled="0" global_colors_info="{}" sticky_enabled="0"]Congratulations! You've taken the first step to securing your data. Click the button below to download your free PCI DSS 4.0.1 FOR NONSTOP WHITEPAPER. PCI DSS 4.0.1 FOR NONSTOP WHITEPAPERSize: 758 KBVersion: v4.0.1Download Now! The XYPRO Team.[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section] #### HPE Software from XYPRO [et_pb_section fb_built="1" next_background_color="#ffffff" admin_label="Hero Section" _builder_version="4.16" use_background_color_gradient="on" background_color_gradient_stops="#1d3557 0%|#132547 100%" background_color_gradient_start="#1d3557" background_color_gradient_end="#132547" background_image="/wp-content/uploads/slider4/fullwidthslide2.jpeg" background_blend="soft-light" custom_padding="0px||||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x" bottom_divider_arrangement="above_content" global_colors_info="{}"][et_pb_row column_structure="1_3,2_3" _builder_version="4.16" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="1_3" _builder_version="4.16" custom_padding="40px||30px||false|false" global_colors_info="{}" custom_padding__hover="|||"][et_pb_image src="https://xypro.com/wp-content/uploads/2020/09/hpe-logo-white.png" title_text="hpe logo white" _builder_version="4.16" _module_preset="default" width="80%" module_alignment="right" custom_margin="||||false|false" custom_padding="||10%||false|false" border_radii="on|0px|0px|0px|0px" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="2_3" _builder_version="4.16" custom_padding="40px|||" global_colors_info="{}" custom_padding__hover="|||"][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="XIC" module_id="XIC" _builder_version="4.16" background_color="#ffffff" custom_margin="0px||||false|false" custom_padding="0px|||0px|false|false" global_colors_info="{}"][et_pb_row _builder_version="4.16" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" global_colors_info="{}"][et_pb_text admin_label="Text" _builder_version="4.16" header_4_text_color="#5694c4" global_colors_info="{}"]HPE Software from XYPRO Delivering HPE NonStop risk management solutions longer than anyone, we strive for meaningful and strategic business relationships while providing great support and delivering leading edge security solutions.  That strong relationship with HPE is why several XYPRO solutions ship with the HPE NonStop operating system and are there for you on day one, with nothing additional to purchase.   [/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_3,2_3" admin_label="Row" _builder_version="4.16" custom_margin="||||false|false" custom_padding="||||false|false" global_colors_info="{}"][et_pb_column type="1_3" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2020/09/XMA-Datasheet-HPE-pdf.jpg" alt="XMA Datasheet - HPE" title_text="XMA Datasheet - HPE" url="/wp-content/uploads/2020/09/XMA-Datasheet-HPE.pdf" url_new_window="on" _builder_version="4.16" _module_preset="default" width="200px" custom_margin="||||false|false" border_radii="on|0px|0px|0px|0px" box_shadow_style="preset2" box_shadow_horizontal="6px" box_shadow_vertical="6px" box_shadow_blur="18px" box_shadow_spread="0px" global_colors_info="{}"][/et_pb_image][et_pb_code _builder_version="4.16" _module_preset="default" global_colors_info="{}"]Download XMA Data Sheet (PDF)[/et_pb_code][/et_pb_column][et_pb_column type="2_3" _builder_version="4.16" global_colors_info="{}"][et_pb_text admin_label="Text" _builder_version="4.16" header_4_text_color="#5694c4" custom_padding="||0px|||" global_colors_info="{}"]XYGATE Merged Audit (XMA) XYGATE Merged Audit (XMA), included with every HPE NonStop server, is the HPE supported method for integrating your NonStop data with log management and analytics solutions, like Splunk, Arcsight and many more.  XMA collects audit data from all HPE NonStop and Application data sources and easily integrates with your enterprise SIEM or SOAR in real-time. XMA is your central repository for all NonStop security data. Once data is collected and enriched, it is utilized, by many applications, for indexing, alerting and reporting. XMA is a comprehensive data audit solution that enables businesses to meet security, audit and compliance requirements across the entire enterprise.[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.16" _module_preset="default" custom_margin="||0px||false|false" custom_padding="||||false|false" global_colors_info="{}"]Benefits and Features Collect Data from any HPE NonStop and Application Source Forward data to both on premise or cloud environments Integrate with Splunk, RSA Netwitness, ElasticSearch, Logrhythm, Arcsight and more Highly scalable, reliable and secure Nothing additional to purchase. You already own it! [/et_pb_text][et_pb_text _builder_version="4.16" _module_preset="default" custom_padding="2px||8px|||" global_colors_info="{}"]XMA installs in minutes.  Easy to use and flexible configuration options quickly focus on the most important data in your environment. Use predefined compliance templates, such as PCI DSS or define your own reports through its graphical user interface wizard. XMA provides event monitoring, alerting and automating response and remediation.  Easily extend capabilities to your critical business applications for the integration of data with analytics engines.  HPE NonStop Splunk Integration was our most popular webinar of 2020 – watch it here![/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="4.16" _module_preset="default" min_height="26px" custom_padding="||||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_code _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_code][/et_pb_column][/et_pb_row][et_pb_row _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_divider _builder_version="4.16" _module_preset="default" width="50%" module_alignment="center" global_colors_info="{}"][/et_pb_divider][/et_pb_column][/et_pb_row][et_pb_row column_structure="2_3,1_3" _builder_version="4.16" custom_margin="-23px|auto||auto||" global_colors_info="{}"][et_pb_column type="2_3" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.16" header_4_text_color="#5694c4" custom_margin="0px|||||" global_colors_info="{}"]XYGATE User Authentication (XUA) XYGATE User Authentication (XUA) is also included on your HPE NonStop servers and ready to turn on with no additional software or infrastructure investment. XUA delivers industry standard, multi-factor authentication (MFA) . Integrate your NonStop environment with enterprise authentication providers such as Microsoft Active Directory, RSA SecurID, Google Authenticator, and many others. This single sign-on functionality allows you to use your corporate credentials to log into your NonStop servers and applications. XUA extends Safeguard’s capabilities by providing granular logon controls, including restrictions based on IP address, port, time of day and requesting user or group. XUA integrates with XYGATE Merged Audit for reporting and alerting of authentication events, is forwarded to Splunk or other log management solutions for compliance. XYGATE Application MFA is an add-on to your standard XUA environment that strengthens the security of existing HPE NonStop applications with industry leading, multi-factor authentication.  Protect almost any application with MFA. XYGATE Application MFA offers multiple  implementations: Screen Cobol Applications, ACI’s BASE24 and more. It sets up in minutes and integrates with your existing XUA environment.   [/et_pb_text][/et_pb_column][et_pb_column type="1_3" _builder_version="4.16" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2020/09/XUA-Datasheet-HPE-pdf.jpg" alt="XUA Datasheet - HPE" title_text="XUA Datasheet - HPE" url="/wp-content/uploads/2020/09/XUA-Datasheet-HPE.pdf" url_new_window="on" _builder_version="4.16" _module_preset="default" width="200px" custom_margin="30px||||false|false" border_radii="on|0px|0px|0px|0px" box_shadow_style="preset2" box_shadow_horizontal="6px" box_shadow_vertical="6px" box_shadow_blur="18px" box_shadow_spread="0px" global_colors_info="{}"][/et_pb_image][et_pb_code _builder_version="4.16" _module_preset="default" global_colors_info="{}"]Download XYGATE User AuthenticationData Sheet (PDF)[/et_pb_code][et_pb_image src="https://xypro.com/wp-content/uploads/2021/09/MFA-datasheet-thumb-e1632433192170.jpg" title_text="MFA -datasheet-thumb" _builder_version="4.16" _module_preset="default" hover_enabled="0" border_radii="on|0px|0px|0px|0px" box_shadow_style="preset1" box_shadow_horizontal="0px" box_shadow_vertical="2px" box_shadow_blur="18px" box_shadow_spread="0px" global_colors_info="{}" sticky_enabled="0"][/et_pb_image][et_pb_code admin_label="Code" _builder_version="4.16" _module_preset="default" hover_enabled="0" global_colors_info="{}" sticky_enabled="0"]Download XYGATE User Application MFAData Sheet (PDF)[/et_pb_code][/et_pb_column][/et_pb_row][/et_pb_section] #### Insights [et_pb_section fb_built="1" next_background_color="#ffffff" admin_label="Hero Section" _builder_version="4.0" use_background_color_gradient="on" background_color_gradient_start="#005DA4" background_color_gradient_end="#1D3557" custom_padding="0px||||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x" bottom_divider_arrangement="above_content"][et_pb_row _builder_version="3.29.3" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="||||false|false" custom_padding="0px||||false|false"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="40px|||" custom_padding__hover="|||"][et_pb_text _builder_version="4.0.8" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" text_orientation="center" background_layout="dark" max_width="700px" module_alignment="center" custom_margin="||||false|false" custom_padding="50px||50px||false|false"]News & Insights[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="Blog" _builder_version="3.29.3" background_color="#ffffff" custom_margin="0px||||false|false" custom_padding="0px||||false|false"][et_pb_row _builder_version="3.29.3" width="90%" module_alignment="center" custom_margin="0px||||false|false" custom_padding="0px||||false|false"][et_pb_column type="4_4" _builder_version="3.29.3"][et_pb_text _builder_version="3.29.3" max_width="400px" module_alignment="right" custom_margin="||||false|false" custom_padding="30px||||false|false"] Search More results... Generic filters Exact matches only [/et_pb_text][et_pb_text _builder_version="4.0.8" custom_padding="||||false|false"]AllRisk ManagementSecure Database ManagementEnterprise Identity & Access ManagementNewsWebinarXYPROHuman Resources ManagementSpeed of Risk Reduction Is the New Standard for Vulnerability ManagementMay 14, 2026XYPRO TeamIntroduction  What happens when two enterprises discover the same critical vulnerability at the same time? One remediates it in a few hours. The other is still assessing it weeks later. How do they deal with it when an attacker finds it first?  The gap between them is not the tools; it is the speed of risk reduction. After all, for years, enterprise vulnerability management has been measured by coverage: how many systems are…Simplifying Security for HPE Nonstop Systems with XYGATE SecurityOne 2.4April 6, 2026XYPRO TeamOrganizations running mission-critical applications on HPE Nonstop systems require continuous visibility into system activity, configuration posture, and potential security risks. Security monitoring tools must provide that visibility while remaining straightforward to deploy and maintain.  XYGATE SecurityOne (XS1) was designed to give security and operations teams a centralized way to monitor their Nonstop environment, implement security best practices, evaluate security settings, and identify potential issues. …PartnerOne Continues Investment in AI with XYPRO Applied AI TechnologyMarch 3, 2026XYPRO TeamRIVERSIDE, Calif., Feb. 19, 2026 /PRNewswire/ -- XYPRO, a PartnerOne company and market leader of security and compliance solutions for mission-critical systems, introduces Lionel, an internal AI assistant designed to unlock institutional knowledge across the HPE Nonstop Compute ecosystem. This marks a major milestone in PartnerOne's applied artificial intelligence strategy. Over the past year, XYPRO has focused…XYPRO and CAIL Announce Partnership and Deliver First-of-Its-Kind Multi-Factor Authentication Integration for HPE NonstopMarch 3, 2026XYPRO TeamSIMI VALLEY, Calif., Dec. 11, 2025 /PRNewswire/ -- XYPRO, a leading provider of mission critical cybersecurity, compliance and enterprise integration solutions, and CAIL, the standard for enterprise emulation, have completed the first and only integration that enables OpenID Connect (OIDC) multifactor authentication directly from CAIL emulator sessions for HPE Nonstop systems. This gives organizations the ability…From Visibility to Action: Bringing HPE Nonstop into Enterprise Risk ManagementFebruary 25, 2026XYPRO TeamFor years, vulnerability management has been framed as a visibility problem. If you can see your vulnerabilities, the thinking goes, you can manage the risk. That assumption no longer holds. Most enterprises today aren’t struggling to collect vulnerability data. They’re struggling to operationalize it — to prioritize risk consistently across platforms, enforce remediation, and defend…Quantum Computing and the Ticking Clock: Why Mission-Critical Workloads Can’t Ignore This RiskJuly 24, 2025XYPRO TeamIf you’re responsible for mission-critical workloads—whether that’s processing payments, running a power grid, safeguarding patient records, or securing government communications—your world revolves around one concept - Trust.XYPRO SQLXPress Now Included in HPE’s Database BundleMarch 6, 2025XYPRO TeamFor those already leveraging NonStop SQL, SQLXPress is a powerful, easy-to-use solution to streamline database operations. And for organizations considering NonStop SQL, the enhanced capabilities of SQLXPress make it an even more compelling choice.Resilience and Adaptability – Evolving Your Security with Confidence!November 20, 2024Steve TcherchianWe’re not just securing systems—we’re securing the entire backbone of our organizations and in most cases, our economies. It's time to challenge what’s familiar and commit to a new era of security thinking that doesn’t just react but anticipates, adapts, and ensures resilience at every level.From Reactive to Preventive: How Real-Time Monitoring Powers Your Modern IT StrategySeptember 10, 2024Steve TcherchianContinuous, real-time monitoring plays an essential, though often underestimated, role in the success of modern IT strategies.[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" prev_background_color="#ffffff" admin_label="Newsletter Subscribe Section" _builder_version="3.29.3" background_color="#27c6a6" use_background_color_gradient="on" background_color_gradient_start="#1D3557" background_color_gradient_end="#005DA4" background_color_gradient_direction="90deg" custom_padding="111px|0px|111px|0px" top_divider_style="arrow" top_divider_height="160px" top_divider_repeat="0.75x"][et_pb_row column_structure="1_2,1_2" _builder_version="3.25" custom_margin="|||"][et_pb_column type="1_2" _builder_version="3.25" custom_padding="40px|||" custom_padding__hover="|||"][et_pb_text _builder_version="4.5.3" text_font="PT Sans||||||||" header_font="||||||||" header_2_font="Poppins|500|||||||" header_2_font_size="38px" header_2_line_height="1.3em" header_3_font="||||||||" header_4_font="||||||||" background_layout="dark" max_width="700px" module_alignment="center" locked="off"]Get Instant Access to Security News & Advice Sign up with your email address to be alerted whenever XYPRO insights or news are updated.[/et_pb_text][/et_pb_column][et_pb_column type="1_2" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_contact_form captcha="off" email="marketing@xypro.com" custom_message="This message comes from the 'Subscribe' form on the News & Insights page.||et_pb_line_break_holder||---------------||et_pb_line_break_holder||First Name: %%blogFirstName%%||et_pb_line_break_holder||Last Name: %%blogLastName%%||et_pb_line_break_holder||Email: %%blogEmail%%" success_message="Thank you for subscribing!" submit_button_text="Subscribe" module_id="subscribe_form" _builder_version="4.5.3" form_field_background_color="#ffffff" form_field_focus_background_color="#ffffff" background_color="#ffffff" custom_button="on" button_text_size="16px" button_text_color="#ffffff" button_bg_color="#005da4" button_border_color="#005da4" button_border_radius="100px" button_letter_spacing="2px" button_use_icon="off" module_alignment="center" custom_padding="50px|30px|50px|30px|false|false" box_shadow_style_button="preset3"][et_pb_contact_field field_id="blogFirstName" field_title="First Name" _builder_version="4.5.3" form_field_background_color="#ffffff" border_width_all="1px" border_color_all="rgba(0,0,0,0.1)" button_text_size__hover_enabled="off" button_one_text_size__hover_enabled="off" button_two_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_one_text_color__hover_enabled="off" button_two_text_color__hover_enabled="off" button_border_width__hover_enabled="off" button_one_border_width__hover_enabled="off" button_two_border_width__hover_enabled="off" button_border_color__hover_enabled="off" button_one_border_color__hover_enabled="off" button_two_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_one_border_radius__hover_enabled="off" button_two_border_radius__hover_enabled="off" button_letter_spacing__hover_enabled="off" button_one_letter_spacing__hover_enabled="off" button_two_letter_spacing__hover_enabled="off" button_bg_color__hover_enabled="off" button_one_bg_color__hover_enabled="off" button_two_bg_color__hover_enabled="off"][/et_pb_contact_field][et_pb_contact_field field_id="blogLastName" field_title="Last Name" _builder_version="4.5.3" form_field_background_color="#ffffff" border_width_all="1px" border_color_all="rgba(0,0,0,0.1)" button_text_size__hover_enabled="off" button_one_text_size__hover_enabled="off" button_two_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_one_text_color__hover_enabled="off" button_two_text_color__hover_enabled="off" button_border_width__hover_enabled="off" button_one_border_width__hover_enabled="off" button_two_border_width__hover_enabled="off" button_border_color__hover_enabled="off" button_one_border_color__hover_enabled="off" button_two_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_one_border_radius__hover_enabled="off" button_two_border_radius__hover_enabled="off" button_letter_spacing__hover_enabled="off" button_one_letter_spacing__hover_enabled="off" button_two_letter_spacing__hover_enabled="off" button_bg_color__hover_enabled="off" button_one_bg_color__hover_enabled="off" button_two_bg_color__hover_enabled="off"][/et_pb_contact_field][et_pb_contact_field field_id="blogEmail" field_title="Email Address" field_type="email" _builder_version="4.5.3" form_field_background_color="#ffffff" border_width_all="1px" border_color_all="rgba(0,0,0,0.1)" button_text_size__hover_enabled="off" button_one_text_size__hover_enabled="off" button_two_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_one_text_color__hover_enabled="off" button_two_text_color__hover_enabled="off" button_border_width__hover_enabled="off" button_one_border_width__hover_enabled="off" button_two_border_width__hover_enabled="off" button_border_color__hover_enabled="off" button_one_border_color__hover_enabled="off" button_two_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_one_border_radius__hover_enabled="off" button_two_border_radius__hover_enabled="off" button_letter_spacing__hover_enabled="off" button_one_letter_spacing__hover_enabled="off" button_two_letter_spacing__hover_enabled="off" button_bg_color__hover_enabled="off" button_one_bg_color__hover_enabled="off" button_two_bg_color__hover_enabled="off"][/et_pb_contact_field][/et_pb_contact_form][/et_pb_column][/et_pb_row][/et_pb_section] #### Internships [et_pb_section fb_built="1" next_background_color="#ffffff" admin_label="Hero Section" _builder_version="4.16" use_background_color_gradient="on" background_color_gradient_stops="#005DA4 0%|#1D3557 100%" background_color_gradient_start="#005DA4" background_color_gradient_end="#1D3557" custom_margin="||||false|false" custom_padding="0px||9px||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x" global_colors_info="{}"][et_pb_row _builder_version="4.16" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" custom_padding="40px|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text admin_label="Text" _builder_version="4.16" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" text_orientation="center" background_layout="dark" max_width="700px" module_alignment="center" custom_margin="||||false|false" custom_padding="50px||50px||false|false" global_colors_info="{}"]Internships The XYPRO Internship Program provides motivated students an opportunity to gain first-hand experience, receive valuable on-the-job training and learn about the variety of professions involved in running a software development company, particularity one that focuses on security.  [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="Blog" _builder_version="4.16" background_color="#ffffff" custom_padding="25px||||false|false" global_colors_info="{}"][et_pb_row _builder_version="4.16" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.16" global_colors_info="{}"]Join the XYPRO Team Today! We’re big enough to be the recognized leader in our global niche market but small enough for you to have an impact. So if you have a desire to expand your real-world work experience, we invite current students to apply. Our interns are viewed as a key source of future talent for entry-level careers within the company. Real assignments with real software products Hands-on experience with development, test automation, research & development, supporting existing and new product lines Genuine resume-building experience [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="Testimonials" _builder_version="4.16" background_color="rgba(0,0,0,0)" custom_padding="0|0px|54px|0px|false|false" collapsed="off" global_colors_info="{}"][et_pb_row column_structure="2_5,3_5" use_custom_gutter="on" gutter_width="2" _builder_version="4.16" custom_margin="-80px||" global_colors_info="{}"][et_pb_column type="2_5" _builder_version="4.16" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2019/10/quote-blue.png" show_bottom_space="off" align="left" _builder_version="4.16" background_color="rgba(0,0,0,0)" z_index="2" max_width="100px" module_alignment="left" animation_style="slide" animation_direction="right" border_radii="on|12px|12px|12px|12px" locked="off" global_colors_info="{}"][/et_pb_image][et_pb_text _builder_version="4.16" text_font="||||||||" background_color="#ffffff" z_index="1" max_width="700px" custom_padding="30px|30px|30px|30px|true|true" animation_style="zoom" animation_intensity_zoom="10%" header_2_font_size_tablet="26px" header_2_font_size_phone="20px" header_2_font_size_last_edited="on|phone" border_radii="on|10px|10px|10px|10px" box_shadow_style="preset3" box_shadow_vertical="10px" box_shadow_blur="80px" box_shadow_spread="-10px" box_shadow_color="rgba(44,54,92,0.2)" locked="off" global_colors_info="{}" box_shadow_vertical__hover="50px" box_shadow_vertical__hover_enabled="on" box_shadow_blur__hover="180px" box_shadow_blur__hover_enabled="on"]My experience at XYPRO truly sealed the deal in regards to my love for computer science.[/et_pb_text][/et_pb_column][et_pb_column type="3_5" _builder_version="4.16" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_image src="https://xypro.com/wp-content/uploads/2020/02/200205_0787_Crop.jpg" show_in_lightbox="on" _builder_version="4.16" z_index="1" box_shadow_style="preset3" global_colors_info="{}"][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row column_structure="3_5,2_5" use_custom_gutter="on" gutter_width="2" _builder_version="4.16" animation_direction="left" locked="off" global_colors_info="{}"][et_pb_column type="3_5" _builder_version="4.16" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2020/02/200205_0679_Crop.jpg" show_in_lightbox="on" _builder_version="4.16" z_index="1" box_shadow_style="preset3" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="2_5" _builder_version="4.16" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_image src="https://xypro.com/wp-content/uploads/2019/10/quote-blue.png" show_bottom_space="off" align="left" align_tablet="" align_phone="left" align_last_edited="on|phone" _builder_version="4.16" max_width="100px" module_alignment="right" animation_style="slide" animation_direction="right" border_color_all="#ffffff" locked="off" global_colors_info="{}" box_shadow_vertical__hover="50px" box_shadow_vertical__hover_enabled="on" box_shadow_blur__hover="180px" box_shadow_blur__hover_enabled="on"][/et_pb_image][et_pb_text _builder_version="4.16" text_font="||||||||" background_color="#ffffff" max_width="700px" custom_padding="30px|30px|30px|30px|true|true" animation_style="zoom" animation_intensity_zoom="10%" header_2_font_size_tablet="26px" header_2_font_size_phone="20px" header_2_font_size_last_edited="on|desktop" border_radii="on|10px|10px|10px|10px" box_shadow_style="preset3" box_shadow_vertical="10px" box_shadow_blur="80px" box_shadow_spread="-10px" box_shadow_color="rgba(44,54,92,0.2)" locked="off" global_colors_info="{}" box_shadow_vertical__hover="50px" box_shadow_vertical__hover_enabled="on" box_shadow_blur__hover="180px" box_shadow_blur__hover_enabled="on"]I came here to learn, but they gave me much more than that.[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="2_5,3_5" use_custom_gutter="on" gutter_width="2" _builder_version="4.16" custom_margin="||||false|false" global_colors_info="{}"][et_pb_column type="2_5" _builder_version="4.16" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2019/10/quote-blue.png" show_bottom_space="off" align="left" _builder_version="4.16" background_color="rgba(0,0,0,0)" z_index="2" max_width="100px" module_alignment="left" animation_style="slide" animation_direction="right" border_radii="on|12px|12px|12px|12px" locked="off" global_colors_info="{}"][/et_pb_image][et_pb_text _builder_version="4.16" text_font="||||||||" background_color="#ffffff" z_index="1" max_width="700px" custom_padding="30px|30px|30px|30px|true|true" animation_style="zoom" animation_intensity_zoom="10%" header_2_font_size_tablet="26px" header_2_font_size_phone="20px" header_2_font_size_last_edited="on|phone" border_radii="on|10px|10px|10px|10px" box_shadow_style="preset3" box_shadow_vertical="10px" box_shadow_blur="80px" box_shadow_spread="-10px" box_shadow_color="rgba(44,54,92,0.2)" locked="off" global_colors_info="{}" box_shadow_vertical__hover="50px" box_shadow_vertical__hover_enabled="on" box_shadow_blur__hover="180px" box_shadow_blur__hover_enabled="on"]Don’t get ready to do a project, get ready to do work in production (boom)![/et_pb_text][/et_pb_column][et_pb_column type="3_5" _builder_version="4.16" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_image src="https://xypro.com/wp-content/uploads/2020/02/200205_0704_Crop.jpg" show_in_lightbox="on" _builder_version="4.16" z_index="1" box_shadow_style="preset3" global_colors_info="{}"][/et_pb_image][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" custom_padding_last_edited="on|tablet" admin_label="Internships List" _builder_version="4.16" background_color="rgba(0,0,0,0)" use_background_color_gradient="on" background_color_gradient_type="circular" background_color_gradient_stops="rgba(0,31,45,0.11) 16%|rgba(30,34,38,0.4) 100%" background_color_gradient_start="rgba(0,31,45,0.11)" background_color_gradient_start_position="16%" background_color_gradient_end="rgba(30,34,38,0.4)" parallax="on" custom_padding="0vw||0px||false|false" custom_padding_tablet="||10vw" custom_padding_phone="" top_divider_height="150px" top_divider_repeat="0.75x" bottom_divider_color="#ffffff" bottom_divider_height="10vw" bottom_divider_repeat="2x" bottom_divider_flip="horizontal" bottom_divider_height_tablet="90px" bottom_divider_height_phone="" bottom_divider_height_last_edited="on|tablet" bottom_divider_repeat_tablet="0x" bottom_divider_repeat_phone="" bottom_divider_repeat_last_edited="on|desktop" custom_width_px__hover="1080px" custom_width_px__hover_enabled="1080px" custom_width_percent__hover="80%" custom_width_percent__hover_enabled="80%" collapsed="off" global_colors_info="{}" gutter_width__hover="3" gutter_width__hover_enabled="3" parallax_1__hover="off" parallax_1__hover_enabled="off" parallax_2__hover="off" parallax_2__hover_enabled="off" parallax_3__hover="off" parallax_3__hover_enabled="off" parallax_method_1__hover="on" parallax_method_1__hover_enabled="on" parallax_method_2__hover="on" parallax_method_2__hover_enabled="on" parallax_method_3__hover="on" parallax_method_3__hover_enabled="on" use_background_color_gradient__hover="off" use_background_color_gradient__hover_enabled="off" background_color_gradient_start__hover="#2b87da" background_color_gradient_start__hover_enabled="#2b87da" background_color_gradient_end__hover="#29c4a9" background_color_gradient_end__hover_enabled="#29c4a9" background_color_gradient_direction__hover="180deg" background_color_gradient_direction__hover_enabled="180deg" background_color_gradient_type__hover="linear" background_color_gradient_type__hover_enabled="linear" background_color_gradient_direction_radial__hover="center" background_color_gradient_direction_radial__hover_enabled="center" background_color_gradient_start_position__hover="0%" background_color_gradient_start_position__hover_enabled="0%" background_color_gradient_end_position__hover="100%" background_color_gradient_end_position__hover_enabled="100%" background_color_gradient_overlays_image__hover="off" background_color_gradient_overlays_image__hover_enabled="off" parallax__hover="off" parallax__hover_enabled="off" parallax_method__hover="on" parallax_method__hover_enabled="on" background_size__hover="cover" background_size__hover_enabled="cover" background_position__hover="center" background_position__hover_enabled="center" background_repeat__hover="no-repeat" background_repeat__hover_enabled="no-repeat" background_blend__hover="normal" background_blend__hover_enabled="normal" allow_player_pause__hover="off" allow_player_pause__hover_enabled="off" background_video_pause_outside_viewport__hover="on" background_video_pause_outside_viewport__hover_enabled="on" inner_shadow__hover="off" inner_shadow__hover_enabled="off" make_fullwidth__hover="off" make_fullwidth__hover_enabled="off" use_custom_width__hover="off" use_custom_width__hover_enabled="off" width_unit__hover="on" width_unit__hover_enabled="on" make_equal__hover="off" make_equal__hover_enabled="off" use_custom_gutter__hover="off" use_custom_gutter__hover_enabled="off" border_radii__hover="on||||" border_radii__hover_enabled="on||||" box_shadow_style__hover="none" box_shadow_style__hover_enabled="none" box_shadow_color__hover="rgba(0,0,0,0.3)" box_shadow_color__hover_enabled="rgba(0,0,0,0.3)" max_width__hover="100%" max_width__hover_enabled="100%" filter_hue_rotate__hover="0deg" filter_hue_rotate__hover_enabled="0deg" filter_saturate__hover="100%" filter_saturate__hover_enabled="100%" filter_brightness__hover="100%" filter_brightness__hover_enabled="100%" filter_contrast__hover="100%" filter_contrast__hover_enabled="100%" filter_invert__hover="0%" filter_invert__hover_enabled="0%" filter_sepia__hover="0%" filter_sepia__hover_enabled="0%" filter_opacity__hover="100%" filter_opacity__hover_enabled="100%" filter_blur__hover="0px" filter_blur__hover_enabled="0px" mix_blend_mode__hover="normal" mix_blend_mode__hover_enabled="normal" animation_style__hover="none" animation_style__hover_enabled="none" animation_repeat__hover="once" animation_repeat__hover_enabled="once" animation_direction__hover="center" animation_direction__hover_enabled="center" animation_duration__hover="1000ms" animation_duration__hover_enabled="1000ms" animation_delay__hover="0ms" animation_delay__hover_enabled="0ms" animation_intensity_slide__hover="50%" animation_intensity_slide__hover_enabled="50%" animation_intensity_zoom__hover="50%" animation_intensity_zoom__hover_enabled="50%" animation_intensity_flip__hover="50%" animation_intensity_flip__hover_enabled="50%" animation_intensity_fold__hover="50%" animation_intensity_fold__hover_enabled="50%" animation_intensity_roll__hover="50%" animation_intensity_roll__hover_enabled="50%" animation_starting_opacity__hover="0%" animation_starting_opacity__hover_enabled="0%" animation_speed_curve__hover="ease-in-out" animation_speed_curve__hover_enabled="ease-in-out" hover_transition_duration__hover="300ms" hover_transition_duration__hover_enabled="300ms" hover_transition_delay__hover="0ms" hover_transition_delay__hover_enabled="0ms" hover_transition_speed_curve__hover="ease" hover_transition_speed_curve__hover_enabled="ease" background_color_gradient_stops__hover="#2b87da 0%|#29c4a9 100%"][et_pb_row column_structure="3_5,2_5" _builder_version="4.16" custom_padding="||||false|false" global_colors_info="{}"][et_pb_column type="3_5" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.16" text_font="||||||||" text_line_height="2em" max_width="700px" custom_padding="3vh||||false|false" header_2_font_size_tablet="26px" header_2_font_size_phone="20px" header_2_font_size_last_edited="on|desktop" global_colors_info="{}"]We offer internships in: Software Engineering Test Automation Engineering Software Quality Assurance Business Analysis Project Management Technical Support Cryptography Data Science Marketing [/et_pb_text][/et_pb_column][et_pb_column type="2_5" _builder_version="4.16" custom_padding="3%||||false|false" global_colors_info="{}"][et_pb_text _builder_version="4.16" text_orientation="center" global_colors_info="{}"]Contact us if you are a student interested in contributing to and benefiting from XYPRO’s growing success.[/et_pb_text][et_pb_button button_url="https://xypro.bamboohr.com/jobs/view.php?id=13" url_new_window="on" button_text="Apply Now" button_alignment="center" admin_label="Apply Now" _builder_version="4.16" custom_button="on" button_text_size="16px" button_text_color="#ffffff" button_bg_color="#1d3557" button_border_color="rgba(0,0,0,0)" button_border_radius="100px" button_letter_spacing="2px" button_font="|600|||||||" button_icon="E||divi||400" button_icon_color="#ffffff" custom_padding="16px|32px|16px|32px|true|true" box_shadow_style="preset3" box_shadow_color="#091c4f" locked="off" global_colors_info="{}" button_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_bg_color__hover_enabled="off" button_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_letter_spacing__hover="3px" button_letter_spacing__hover_enabled="on|hover" button_border_width__hover_enabled="off"][/et_pb_button][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.16" global_colors_info="{}"][et_pb_row _builder_version="4.16" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.16" global_colors_info="{}"]Life at XYPRO[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="4.16" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.17.4" hover_enabled="0" global_colors_info="{}" sticky_enabled="0"][instagram-feed feed=1][/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section] #### Leadership [et_pb_section fb_built="1" next_background_color="#fafbfc" admin_label="Hero Section" _builder_version="4.16" use_background_color_gradient="on" background_color_gradient_stops="#005DA4 0%|#1D3557 100%" background_color_gradient_start="#005DA4" background_color_gradient_end="#1D3557" custom_padding="0px||||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x" global_colors_info="{}"][et_pb_row _builder_version="4.16" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" custom_padding="40px|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text _builder_version="4.16" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" text_orientation="center" background_layout="dark" max_width="700px" module_alignment="center" custom_margin="||||false|false" custom_padding="50px||50px||false|false" global_colors_info="{}"]XYPRO Leadership [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="Our Leaders Section" _builder_version="4.16" background_color="#fafbfc" custom_padding="30px||30px||false|false" global_colors_info="{}"][et_pb_row _builder_version="4.16" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.25.0" header_2_text_align="left" text_orientation="center" hover_enabled="0" global_colors_info="{}" sticky_enabled="0"]Leadership Team STEVE TCHERCHIAN Steve is a visionary cybersecurity leader with over 20 years of experience driving innovation and growth in the industry. As CEO of XYPRO, he leads the company’s global strategy and vision, ensuring it remains at the forefront of cybersecurity innovation that protects the digital infrastructure of enterprises worldwide. His strategic foresight, technical expertise, and focus on building lasting partnerships have been key to transforming XYPRO into a top-tier cybersecurity provider—achieving record growth and expanding adoption of its threat detection and compliance solutions across diverse industries. A passionate advocate for advancing cybersecurity awareness, Steve is a sought-after global speaker known for simplifying complex security challenges for businesses and leaders. Beyond his executive role, he has helped shape industry standards and innovation through his contributions to the ISSA CISO Advisory Council, X9 Security Standards Committee, Forbes Tech Council, and as a cybersecurity patent holder. STEVE TCHERCHIAN Chief Executive Officer - Board Member JORGE ALONZO JORGE ALONZO Chief Architect DMITRY ERMAN Dmitry is a development and technology veteran who brings a proven track record of managing large teams that deliver large scale enterprise applications. Dmitry joined XYPRO In 2019 from 20th Century Fox in the midst of the Disney acquisition. His extensive experience includes managing development organizations for brands such as FOX, Beachbody, NFL and Realtor.com. With more than 25 years of experience in development organizations, Dmitry has helped companies improve development environments through Rapid Application Delivery, Agile methodologies, DevOps, and integration of new and modern technologies across enterprise and software industries such as eCommerce, Media & Entertainment, and Real Estate. DMITRY ERMAN Vice President — Engineering ALIREZA MOVASSAGHI Alireza is a seasoned technology leader with 25 years of experience in the field of software engineering. He has leveraged his expertise to lead software engineering teams and drive large-scale technological innovation for industry giants like AWS, SONY PlayStation, 20th Century FOX, and IBM. Alireza joined XYPRO in 2023 from Amazon Web Services, where he led Cloud Transformation architectural projects, especially within the Media and Telecommunications areas. ALIREZA MOVASSAGHI Senior Manager — Software Engineering ZUHRA RAHYAB Zuhra Rahyab is an accomplished leader with over 15 years of experience in reporting, analytics, and process automation. Since joining XYPRO Technology in 2019, she has led initiatives that transform complex data into strategic insights and measurable business value. Her leadership has driven major modernization efforts—revamping legacy systems, automating workflows, and building performance-driven frameworks that have improved efficiency, collaboration, and customer satisfaction across the organization. Renowned for her analytical precision and business acumen, Zuhra’s expertise spans data modeling, dashboard development, governance, and process optimization. She excels at aligning analytical innovation with strategic goals, ensuring every initiative advances XYPRO’s mission of operational transparency and informed decision-making. Through her vision and dedication to data excellence, Zuhra continues to shape how the company leverages information to achieve sustainable growth and long-term success. ZUHRA RAHYAB Program Manager SANTHOSHI SUNKAM With over 12 years of software development experience, Santhoshi Sunkam joined XYPRO in 2016. As XYPRO’s Business Analysis Manager, she leads a team of skilled analysts and leverages her strategic thinking and data analysis skills to drive data-informed decision making and innovation at XYPRO. Santhoshi is adept at analyzing business processes and empowering her team to provide impactful recommendations that support organizational growth. Her expertise in both strategy and analytics makes Santhoshi a valued leader at XYPRO. SANTHOSHI SUNKAM Manager — Business Analysis [/et_pb_text][et_pb_text disabled_on="off|off|off" _builder_version="4.25.0" header_2_text_align="left" text_orientation="center" global_colors_info="{}"] [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section] #### Login [et_pb_section fb_built="1" admin_label="section" _builder_version="4.16" global_colors_info="{}"][et_pb_row admin_label="row" _builder_version="4.16" background_size="initial" background_position="top_left" background_repeat="repeat" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text admin_label="Text" _builder_version="4.16" background_size="initial" background_position="top_left" background_repeat="repeat" hover_enabled="0" global_colors_info="{}" sticky_enabled="0"]Welcome to the XYPRO Customer Care Center We offer support for customers that have registered an account with our Customer Center. If you haven’t already, please register to get access to our support library.[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.21.0" _module_preset="default" custom_margin="-75px||||false|false" global_colors_info="{}" disabled_on="on|on|on" disabled="on"][et_pb_row _builder_version="4.21.0" _module_preset="default" border_radii="on|1px|1px|1px|1px" border_width_all="1px" border_color_all="#005DA4" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.21.0" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.21.0" _module_preset="default" hover_enabled="0" global_colors_info="{}" sticky_enabled="0"]WEBSITE SCHEDULED MAINTENANCE NOTICEDate and Time: Friday July 28, 2023 6pm PDT – Saturday July 29, 2023 6pm PDTDuration: 24 Hours XYPRO will be conducting server maintenance on the XYPRO Customer Portal to ensure an improved and secure customer experience.Access to the Customer Portal and software downloads will be unavailable during this time.If you have any questions, please contact support@xypro.com or call +1 805 583 2874.We appreciate your patience.[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section] #### Logout URL: https://xypro.com/logout/ #### News [et_pb_section fb_built="1" next_background_color="#ffffff" admin_label="Hero Section" _builder_version="3.29.3" use_background_color_gradient="on" background_color_gradient_start="#005DA4" background_color_gradient_end="#1D3557" custom_padding="0px||||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x"][et_pb_row _builder_version="3.29.3" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="||||false|false" custom_padding="0px||||false|false"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="40px|||" custom_padding__hover="|||"][et_pb_code disabled_on="on|on|on" _builder_version="4.0.5" background_color="rgba(0,0,0,0)" text_orientation="center" custom_margin="-40px||50px||false|false" custom_padding="||||false|false" disabled="on"] Events News Blog[/et_pb_code][et_pb_text _builder_version="4.0.5" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" text_orientation="center" background_layout="dark" max_width="700px" module_alignment="center" custom_margin="||||false|false" custom_padding="50px||50px||false|false"]News & Case Studies Our expertise is sought out for insight in publications worldwide. Our subject matter experts regularly lend their viewpoint to the news of the day that affects organizations and consumers alike.[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="Blog" _builder_version="3.29.3" background_color="#ffffff" custom_margin="0px||||false|false" custom_padding="0px||||false|false"][et_pb_row _builder_version="3.29.3" width="90%" module_alignment="center" custom_margin="0px||||false|false" custom_padding="0px||||false|false"][et_pb_column type="4_4" _builder_version="3.29.3"][et_pb_text _builder_version="3.29.3" max_width="400px" module_alignment="right" custom_margin="||||false|false" custom_padding="30px||||false|false"] Search More results... Generic filters Exact matches only Filter by Categories[/et_pb_text][et_pb_text _builder_version="4.0.2" custom_padding="||||false|false"]Speed of Risk Reduction Is the New Standard for Vulnerability ManagementMay 14, 2026Introduction  What happens when two enterprises discover the same critical vulnerability at the same time? One remediates it in a few hours. The other is still assessing it weeks later. How do they deal with it when an attacker finds it first?  The gap between them is not the tools; it is the speed of risk reduction. After all, for years, enterprise vulnerability management has been measured by coverage: how many systems are…Simplifying Security for HPE Nonstop Systems with XYGATE SecurityOne 2.4April 6, 2026Organizations running mission-critical applications on HPE Nonstop systems require continuous visibility into system activity, configuration posture, and potential security risks. Security monitoring tools must provide that visibility while remaining straightforward to deploy and maintain.  XYGATE SecurityOne (XS1) was designed to give security and operations teams a centralized way to monitor their Nonstop environment, implement security best practices, evaluate security settings, and identify potential issues. …PartnerOne Continues Investment in AI with XYPRO Applied AI TechnologyMarch 3, 2026RIVERSIDE, Calif., Feb. 19, 2026 /PRNewswire/ -- XYPRO, a PartnerOne company and market leader of security and compliance solutions for mission-critical systems, introduces Lionel, an internal AI assistant designed to unlock institutional knowledge across the HPE Nonstop Compute ecosystem. This marks a major milestone in PartnerOne's applied artificial intelligence strategy. Over the past year, XYPRO has focused…XYPRO and CAIL Announce Partnership and Deliver First-of-Its-Kind Multi-Factor Authentication Integration for HPE NonstopMarch 3, 2026SIMI VALLEY, Calif., Dec. 11, 2025 /PRNewswire/ -- XYPRO, a leading provider of mission critical cybersecurity, compliance and enterprise integration solutions, and CAIL, the standard for enterprise emulation, have completed the first and only integration that enables OpenID Connect (OIDC) multifactor authentication directly from CAIL emulator sessions for HPE Nonstop systems. This gives organizations the ability…From Visibility to Action: Bringing HPE Nonstop into Enterprise Risk ManagementFebruary 25, 2026For years, vulnerability management has been framed as a visibility problem. If you can see your vulnerabilities, the thinking goes, you can manage the risk. That assumption no longer holds. Most enterprises today aren’t struggling to collect vulnerability data. They’re struggling to operationalize it — to prioritize risk consistently across platforms, enforce remediation, and defend…Quantum Computing and the Ticking Clock: Why Mission-Critical Workloads Can’t Ignore This RiskJuly 24, 2025If you’re responsible for mission-critical workloads—whether that’s processing payments, running a power grid, safeguarding patient records, or securing government communications—your world revolves around one concept - Trust.XYPRO SQLXPress Now Included in HPE’s Database BundleMarch 6, 2025For those already leveraging NonStop SQL, SQLXPress is a powerful, easy-to-use solution to streamline database operations. And for organizations considering NonStop SQL, the enhanced capabilities of SQLXPress make it an even more compelling choice.Resilience and Adaptability – Evolving Your Security with Confidence!November 20, 2024We’re not just securing systems—we’re securing the entire backbone of our organizations and in most cases, our economies. It's time to challenge what’s familiar and commit to a new era of security thinking that doesn’t just react but anticipates, adapts, and ensures resilience at every level.From Reactive to Preventive: How Real-Time Monitoring Powers Your Modern IT StrategySeptember 10, 2024Continuous, real-time monitoring plays an essential, though often underestimated, role in the success of modern IT strategies.12345›»[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="Newsletter Subscribe Section" _builder_version="4.0.2" background_color="#ffffff" use_background_color_gradient="on" background_color_gradient_start="rgba(0,31,45,0.11)" background_color_gradient_end="rgba(30,34,38,0.4)" background_color_gradient_type="radial" top_divider_height="160px" top_divider_repeat="0.75x"][et_pb_row column_structure="1_2,1_2" _builder_version="3.25" custom_margin="|||"][et_pb_column type="1_2" _builder_version="3.25" custom_padding="40px|||" custom_padding__hover="|||"][et_pb_text _builder_version="4.0.2" header_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" max_width="700px" module_alignment="center" locked="off"]Get Instant Access to Security News & Advice Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation[/et_pb_text][/et_pb_column][et_pb_column type="1_2" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_signup mailchimp_list="SlavaET|03dac884f0" name_field="on" _builder_version="3.29.3" header_font="Poppins|500|||||||" header_text_color="#4daaf2" header_font_size="24px" header_line_height="1.4em" body_font="PT Sans||||||||" body_font_size="17px" background_color="#ffffff" use_focus_border_color="on" custom_button="on" button_text_size="16px" button_text_color="#ffffff" button_bg_color="#005DA4" button_border_width="12px" button_border_color="#005DA4" button_border_radius="80px" button_font="Roboto|700|||||||" button_use_icon="off" text_orientation="center" background_layout="light" max_width="76%" module_alignment="center" custom_margin="|||" custom_padding="40px|40px|40px|40px" animation_style="flip" animation_intensity_flip="20%" border_radii="on|10px|10px|10px|10px" border_width_all_fields="1px" border_color_all_fields="rgba(51,51,51,0.2)" border_style_all_fields_focus="solid" box_shadow_style="preset1" box_shadow_style_button="preset3" box_shadow_color_button="rgba(77,170,242,0.37)" focus_border_color="#dadced" button_text_size__hover_enabled="off" button_one_text_size__hover_enabled="off" button_two_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_one_text_color__hover_enabled="off" button_two_text_color__hover_enabled="off" button_border_width__hover_enabled="off" button_one_border_width__hover_enabled="off" button_two_border_width__hover_enabled="off" button_border_color__hover_enabled="off" button_one_border_color__hover_enabled="off" button_two_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_one_border_radius__hover_enabled="off" button_two_border_radius__hover_enabled="off" button_letter_spacing__hover_enabled="off" button_one_letter_spacing__hover_enabled="off" button_two_letter_spacing__hover_enabled="off" button_bg_color__hover_enabled="off" button_one_bg_color__hover_enabled="off" button_two_bg_color__hover_enabled="off"][/et_pb_signup][/et_pb_column][/et_pb_row][/et_pb_section] #### PCI DSS FOR NONSTOP WHITEPAPER [et_pb_section fb_built="1" next_background_color="#ffffff" admin_label="Hero Section" _builder_version="4.17.4" use_background_color_gradient="on" background_color_gradient_stops="rgba(0,93,164,0.8) 0%|rgba(29,53,87,0.78) 100%" background_color_gradient_start="rgba(0,93,164,0.8)" background_color_gradient_end="rgba(29,53,87,0.78)" background_image="https://xypro.com/wp-content/uploads/2021/08/software-bg.jpg" parallax="on" background_blend="overlay" custom_margin="||||false|false" custom_padding="0px||||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x" global_colors_info="{}"][et_pb_row _builder_version="4.16" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" custom_padding="40px|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text admin_label="Text" _builder_version="4.27.4" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" text_orientation="center" background_layout="dark" max_width="700px" module_alignment="center" custom_margin="||||false|false" custom_padding="50px||50px||false|false" global_colors_info="{}"]HPE Nonstop PCI DSS 4.0.1 Whitepaper[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.17.4" _module_preset="default" custom_margin="||0px||false|false" custom_padding="||0px||false|false" global_colors_info="{}"][et_pb_row _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][et_pb_text admin_label="Text" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"]Complete the form below to get instant access to your PCI 4.0.1 for Nonstop white paper. HPE Nonstop PCI DSS WhitePaper "*" indicates required fields * First Name Last Name Company*Company Email* PhoneJob TitleOpt In* I agree to Xypro privacy policy and consent to sharing my information. CommentsThis field is for validation purposes and should be left unchanged. [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.17.4" _module_preset="default" custom_margin="0px||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][/et_pb_section] #### Privacy Policy [et_pb_section fb_built="1" next_background_color="#ffffff" admin_label="Hero Section" _builder_version="4.0" use_background_color_gradient="on" background_color_gradient_start="#005DA4" background_color_gradient_end="#1D3557" custom_padding="0px||||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x" bottom_divider_arrangement="above_content"][et_pb_row _builder_version="3.29.3" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="||||false|false" custom_padding="0px||||false|false"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="40px|||" custom_padding__hover="|||"][et_pb_text _builder_version="4.0.2" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" text_orientation="center" background_layout="dark" max_width="700px" module_alignment="center" custom_margin="||||false|false" custom_padding="50px||50px||false|false"]XYPRO Privacy Policy In order to provide our full range of services, XYPRO may collect the following types of information: [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="3.22"][et_pb_row _builder_version="3.25" background_size="initial" background_position="top_left" background_repeat="repeat"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text _builder_version="4.0.2" background_size="initial" background_position="top_left" background_repeat="repeat" hover_enabled="0"]XYPRO Privacy Policy Purpose The purpose of this Privacy Policy is to describe how XYPRO Technology Corporation. (“XYPRO”, “we”, “our” or “us”) collects, protects, uses and shares your information. Please read this notice carefully to understand how your information may be used. If you reside or are located in the European Economic Area (“EEA”), XYPRO is the data controller of all Personally Identifiable Information (as defined below) collected through XYPRO’s website or services provided. Information you Provide When you register an account on www.XYPRO.com or begin an evaluation of XYPRO Supplied software or other XYPRO service, we ask you for information (such as your name, email address, company, job title, telephone number and physical address. You will also be requested to choose an account password). Log Information When you use XYPRO Applications or HOST Info troubleshooting software or support services, our software collects configuration information from either or both your PC or Host. This collected data may include information such as your IP address, NonStop userids, XYGATE configuration files, NonStop system information, Expand and IP network configuration, Safeguard configuration and audit configuration information, TACLLOCL and TACLCSTM files, Pathway configuration, etc. User Communication When you send email or other communication to XYPRO, we may retain those communications in order to process your inquiries, respond to your requests and improve our software and services.This Privacy Policy applies to web sites, ftp sites, products and services that are owned and operated by XYPRO. XYPRO only processes confidential information for the purposes described in this Privacy Policy. Such purposes include: Providing our products, support services and notifications about those products and support services to users Auditing, research and analysis in order to maintain, protect and improve our products and support services; XYPRO will not collect or use confidential information for purposes other than those described in this Policy unless we have obtained your prior consent. You can decline to submit information, in which case XYPRO may not be able to provide software and/or support services to you through electronic channels. In this case, alternative methods will be offered. Information Sharing XYPRO only shares confidential information with other companies in the following limited circumstances: We have your consent. We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of XYPRO as required or permitted by law. Please contact us for any additional questions about the management or use of confidential data. Information Security XYPRO takes appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store data. We restrict access to confidential information to XYPRO employees, contractors and agents who need to know that information in order to operate, develop, troubleshoot or improve our products and services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations. Retention of Personally Identifiable Information If you reside or are located in the EEA, we keep your Personally Identifiable Information for no longer than necessary for the purposes for which the Personally Identifiable Information is processed. The length of time we retain this data depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights. Data Integrity XYPRO may process confidential information only for the purposes for which it was collected and in accordance with this Policy. We review our data collection, storage and processing practices to ensure that we only collect, store and process the information needed to provide or improve our products and support services. We take reasonable steps to ensure that the information we process is accurate, complete, and current, but we depend on our users to update or correct their information whenever necessary. You can access your Personally Identifiable Information and confirm that it remains correct and up-to-date and choose whether or not you wish to receive email notifications from us by logging into www.XYPRO.com and visiting the MY PROFILE page. You have the right to request access to any Personally Identifiable Information about you in our possession, update any incorrect information, restrict or delete information about yourself or prevent the processing or sharing of Personally Identifiable Information. Enforcement XYPRO regularly reviews its compliance with this Policy. Please feel free to direct any questions or concerns regarding this Policy by contacting us through this website, emailing privacy@xypro.com or writing to us at XYPRO Technology Corporation, 4100 Guardian Street, Suite 100, Simi Valley, CA 93063 USA. When we receive written inquiries, it is XYPRO’s policy to contact the customer regarding their concerns. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any issues regarding the transfer of confidential data that cannot be resolved between XYPRO and a client. [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section] #### Privileged Access Management [et_pb_section fb_built="1" next_background_color="#ffffff" admin_label="Hero Section" _builder_version="3.29.3" use_background_color_gradient="on" background_color_gradient_start="#005DA4" background_color_gradient_end="#1D3557" custom_padding="0px||||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x" global_colors_info="{}"][et_pb_row _builder_version="3.29.3" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="40px|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text admin_label="Text" _builder_version="4.10.8" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" text_orientation="center" background_layout="dark" max_width="700px" module_alignment="center" custom_margin="||||false|false" custom_padding="50px||50px||false|false" global_colors_info="{}"]Privileged Access Management[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.0.2" custom_padding="30px||30px||false|false" global_colors_info="{}"][et_pb_row admin_label="PAM" _builder_version="4.0.2" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.0.2" global_colors_info="{}"][et_pb_text admin_label="Text" _builder_version="4.10.8" global_colors_info="{}"]What Is Privileged Access Management? One of the most severe cybersecurity risks to any organization is privileged accounts. Privileged accounts have elevated access to perform administrative functions. They can be administrator accounts, service accounts, firecall or emergency accounts, database connection accounts and applications accounts. Most of these accounts were set up ages ago when an application or system was deployed. They typically have multiple integration points and because of the risk of “breaking something,” the passwords for these accounts are rarely rotated, and likely shared and improperly stored. Privileged Access Management (or PAM) is a strategy for providing control over accounts with “elevated access”. PAM is typically applied on a “need-to-know” or “principle of least privilege” (POLP) basis. Methods such as Role Based Access Control (RBAC) and Attribute Based Access Control (ABAC) allow these strategies and controls to be applied on roles or groups that share certain characteristics, for example departments, location or work duties. Privileged access management protects applications, data and hardware so only authorized users can access data as well as protects the privacy of sensitive information and critical infrastructure. Privileged Access Management and Zero Trust XYPRO’s privileged access management technology in conjunction with Zero Trust principles ensure that any access to data or infrastructure is granted only to authorized users that have passed multiple identity checks, and then only provides the minimum access required to complete the task. XYGATE Access Control (XAC), part of XYGATE SecurityOne, offers the flexibility necessary to properly configure privileged system access. XAC is powerful, granular access control, for easy configuration of access according to users’ roles and responsibilities and to the right set of system resources. Whether your organization chooses to define job functions down to individual sub-commands, or grant higher level access with fewer restrictions, XAC’s complete session and keystroke audits facilitate the creation and maintenance of this secure environment without compromising employee effectiveness and efficiency. HPE NonStop Connectors for  Cyberark, ServiceNow and SailPoint  Managing strong passwords and credentials is often a challenge. Ensuring they are stored properly, changed regularly, meet complexity and compliance requirements and are auditable can be overwhelming to implement and manage. Current solutions for requesting and managing user access are outdated and inefficient. Processes are manual, complex and don’t map to the core business initiatives driving change within the enterprise. Governance is often an afterthought, leaving many enterprises vulnerable to increased security risks and potential non-compliance with external regulations or internal corporate mandates. XYGATE Identity Connector (XIC) offers visibility and control of HPE NonStop data and processes directly within SailPoint IdentityIQ or Cyberark. Quickly detect risks and entitlement issues, automate provisioning processes, and address account compliance concerns without leaving the comfort of your chosen application.[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_3,1_3,1_3" _builder_version="4.10.8" _module_preset="default" global_colors_info="{}"][et_pb_column type="1_3" _builder_version="4.10.8" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2020/01/CyberArk.png" alt="CyberArk" title_text="CyberArk" url="https://xypro.com/enterprise-identity-access-management/xypro-xygate-identity-connector-for-hpe-nonstop-certified-for-cyberark/" admin_label="Image" _builder_version="4.10.8" _module_preset="default" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="1_3" _builder_version="4.10.8" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2020/01/SailPoint.png" url="https://xypro.com/products/enterprise-identity-access-management/" _builder_version="4.10.8" _module_preset="default" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="1_3" _builder_version="4.10.8" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2020/01/servicenow.png" title_text="servicenow" url="https://xypro.com/enterprise-identity-access-management/meeting-your-security-integration-objectives/" _builder_version="4.10.8" _module_preset="default" global_colors_info="{}"][/et_pb_image][/et_pb_column][/et_pb_row][/et_pb_section] #### Products [et_pb_section fb_built="1" next_background_color="#ffffff" admin_label="Hero Section" _builder_version="4.16" use_background_color_gradient="on" background_color_gradient_stops="#005DA4 0%|#1D3557 100%" background_color_gradient_start="#005DA4" background_color_gradient_end="#1D3557" custom_padding="0px||||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x" global_colors_info="{}"][et_pb_row _builder_version="4.16" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" custom_padding="40px|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text _builder_version="4.16" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" text_orientation="center" background_layout="dark" max_width="700px" module_alignment="center" custom_margin="||||false|false" custom_padding="50px||50px||false|false" global_colors_info="{}"]XYPRO Products[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="Our Products" _builder_version="4.16" background_color="#ffffff" custom_margin="0px||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_row column_structure="1_3,2_3" admin_label="SIRTTD" module_id="SIRTTD" _builder_version="4.16" width="90%" module_alignment="center" custom_margin="||||false|false" custom_padding="||||false|false" global_colors_info="{}"][et_pb_column type="1_3" _builder_version="4.16" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2019/11/sec-intelligence.png" _builder_version="4.16" max_width="300px" max_width_tablet="" max_width_phone="200px" max_width_last_edited="on|phone" module_alignment="center" global_colors_info="{}"][/et_pb_image][et_pb_button button_url="@ET-DC@eyJkeW5hbWljIjp0cnVlLCJjb250ZW50IjoicG9zdF9saW5rX3VybF9wYWdlIiwic2V0dGluZ3MiOnsicG9zdF9pZCI6IjY2NDgifX0=@" button_text="See Product Line" button_alignment="center" admin_label="XS1 Blue Button" _builder_version="4.16" _dynamic_attributes="button_url" custom_button="on" button_text_size="16px" button_text_color="#ffffff" button_bg_color="#1d3557" button_border_color="rgba(0,0,0,0)" button_border_radius="100px" button_letter_spacing="2px" button_font="|600|||||||" button_icon="E||divi||400" button_icon_color="#ffffff" custom_margin_tablet="" custom_margin_phone="" custom_margin_last_edited="on|phone" custom_padding="16px|32px|16px|32px|true|true" box_shadow_style="preset3" box_shadow_color="#091c4f" locked="off" global_colors_info="{}" button_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_bg_color__hover_enabled="off" button_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_letter_spacing__hover="3px" button_letter_spacing__hover_enabled="on|hover" button_border_width__hover_enabled="off"][/et_pb_button][/et_pb_column][et_pb_column type="2_3" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.16" global_colors_info="{}"]Risk Management & Real-Time Threat Detection NonStop Security Intelligence & Analytics Reduce Mean Time To Detection using NonStop Security Intelligence and Analytics[/et_pb_text][et_pb_text _builder_version="4.16" global_colors_info="{}"]Key Benefits Realtime File & System Integrity Monitoring Appliance Sentry for Linux CLIMs and Windows Console Realtime Security Intelligence & Analytics / Anomalies & Threat Detection Audit & Compliance Privileged Access Management, RBAC, Realtime Object Security [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="WASL" _builder_version="4.17.4" background_color="#ffffff" use_background_color_gradient="on" background_color_gradient_type="circular" background_color_gradient_stops="rgba(255,255,255,0) 0%|rgba(30,34,38,0.4) 100%" custom_margin="0px||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_row column_structure="2_3,1_3" admin_label="WASL" module_id="SDM" _builder_version="4.17.4" width="90%" module_alignment="center" custom_margin="||||false|false" custom_padding="||||false|false" global_colors_info="{}"][et_pb_column type="2_3" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.17.4" global_colors_info="{}"]SAP HANA and Linux Security WASL – Workload Aware Security Layer[/et_pb_text][et_pb_text admin_label="Text" _builder_version="4.17.4" global_colors_info="{}"]Key Benefits Evaluate  Linux OS compliance Reduce security compliance deployment from weeks to minutes Evaluate SAP HANA compliance Remediate Linux OS to industry standards Remediate SAP HANA to SAP security standards [/et_pb_text][/et_pb_column][et_pb_column type="1_3" _builder_version="4.16" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2022/07/wasl-badge.png" alt="XYGATE SecurityOne™ (XS1)" title_text="wasl-badge" url="/wasl/" _builder_version="4.17.4" max_width="300px" max_width_tablet="" max_width_phone="200px" max_width_last_edited="on|phone" module_alignment="center" hover_enabled="0" global_colors_info="{}" sticky_enabled="0"][/et_pb_image][et_pb_button button_url="@ET-DC@eyJkeW5hbWljIjp0cnVlLCJjb250ZW50IjoicG9zdF9saW5rX3VybF9wYWdlIiwic2V0dGluZ3MiOnsicG9zdF9pZCI6IjIyMTg0MyJ9fQ==@" button_text="Learn about WASL" button_alignment="center" admin_label="WASL Orange Button" _builder_version="4.17.4" _dynamic_attributes="button_url" custom_button="on" button_text_size="16px" button_text_color="#F17050" button_bg_color="#1d3557" button_border_color="rgba(0,0,0,0)" button_border_radius="100px" button_letter_spacing="2px" button_font="|600|||||||" button_icon="E||divi||400" button_icon_color="#ffffff" custom_margin_tablet="" custom_margin_phone="" custom_margin_last_edited="on|phone" custom_padding="16px|32px|16px|32px|true|true" box_shadow_style="preset3" box_shadow_color="#091c4f" locked="off" global_colors_info="{}" button_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_bg_color__hover_enabled="off" button_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_letter_spacing__hover="3px" button_letter_spacing__hover_enabled="on|hover" button_border_width__hover_enabled="off"][/et_pb_button][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="Enterprise Identity" _builder_version="4.17.4" global_colors_info="{}"][et_pb_row column_structure="1_3,2_3" admin_label="EIAM" module_id="EIAM" module_class="custom_row" _builder_version="4.16" width="90%" module_alignment="center" custom_margin="||||false|false" custom_padding="||||false|false" global_colors_info="{}"][et_pb_column type="1_3" module_class="second-on-mobile" _builder_version="4.16" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2019/11/identity-access.png" _builder_version="4.16" max_width="300px" max_width_tablet="" max_width_phone="200px" max_width_last_edited="on|phone" module_alignment="center" global_colors_info="{}"][/et_pb_image][et_pb_button button_url="@ET-DC@eyJkeW5hbWljIjp0cnVlLCJjb250ZW50IjoicG9zdF9saW5rX3VybF9wYWdlIiwic2V0dGluZ3MiOnsicG9zdF9pZCI6IjY0NjgifX0=@" button_text="See Product Line" button_alignment="center" admin_label="See Product Line" _builder_version="4.17.4" _dynamic_attributes="button_url" custom_button="on" button_text_size="16px" button_text_color="#ffffff" button_bg_color="#1d3557" button_border_color="rgba(0,0,0,0)" button_border_radius="100px" button_letter_spacing="2px" button_font="|600|||||||" button_icon="E||divi||400" button_icon_color="#ffffff" custom_margin="0px||30px||false|false" custom_padding="16px|32px|16px|32px|true|true" custom_padding_tablet="" custom_padding_phone="" custom_padding_last_edited="on|phone" box_shadow_style="preset3" locked="off" global_colors_info="{}" button_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_bg_color__hover_enabled="off" button_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_letter_spacing__hover="3px" button_letter_spacing__hover_enabled="on|hover" button_border_width__hover_enabled="off"][/et_pb_button][/et_pb_column][et_pb_column type="2_3" module_class="first-on-mobile" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.16" global_colors_info="{}"]Enterprise Identity & Access Management Addresses fundamental HPE NonStop security requirements and eliminates problematic issues.[/et_pb_text][et_pb_text _builder_version="4.16" text_text_color="#1d3557" global_colors_info="{}"]Key Benefits Automated Provisioning Encrypted Communications Simplified Audit & Compliance Multi-Factor Authentication Certified Integrations [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="Our Products" _builder_version="4.17.4" background_color="#ffffff" use_background_color_gradient="on" background_color_gradient_type="circular" background_color_gradient_stops="rgba(255,255,255,0) 0%|rgba(30,34,38,0.4) 100%" custom_margin="0px||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_row column_structure="2_3,1_3" admin_label="SDM" module_id="SDM" _builder_version="4.16" width="90%" module_alignment="center" custom_margin="||||false|false" custom_padding="||||false|false" global_colors_info="{}"][et_pb_column type="2_3" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.16" global_colors_info="{}"]Secure Database Management Modern, graphical-based solutions to manage NonStop SQL and Enscribe databases.[/et_pb_text][et_pb_text _builder_version="4.16" global_colors_info="{}"]Key Benefits Auditing subsystem records user activities, and provides summary and detailed audit reports Fully supports SQL/MX and SQL/MP Provides support for all DDL operations Includes support for execution plan capture, display and reporting The Visual Query Tuner supports tuning queries to improve query performance Tracks changes automatically in SQL modules execution plans [/et_pb_text][/et_pb_column][et_pb_column type="1_3" _builder_version="4.16" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2019/11/db-man.png" _builder_version="4.16" max_width="300px" max_width_tablet="" max_width_phone="200px" max_width_last_edited="on|phone" module_alignment="center" global_colors_info="{}"][/et_pb_image][et_pb_button button_url="@ET-DC@eyJkeW5hbWljIjp0cnVlLCJjb250ZW50IjoicG9zdF9saW5rX3VybF9wYWdlIiwic2V0dGluZ3MiOnsicG9zdF9pZCI6IjY3MTIifX0=@" button_text="See Product Line" button_alignment="center" admin_label="XS1 Orange Button" _builder_version="4.17.4" _dynamic_attributes="button_url" custom_button="on" button_text_size="16px" button_text_color="#ffffff" button_bg_color="#F17050" button_border_color="rgba(0,0,0,0)" button_border_radius="100px" button_letter_spacing="2px" button_font="|600|||||||" button_icon="E||divi||400" button_icon_color="#ffffff" custom_margin_tablet="" custom_margin_phone="" custom_margin_last_edited="on|phone" custom_padding="16px|32px|16px|32px|true|true" box_shadow_style="preset3" box_shadow_color="#091c4f" locked="off" global_colors_info="{}" button_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_bg_color__hover_enabled="off" button_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_letter_spacing__hover="3px" button_letter_spacing__hover_enabled="on|hover" button_border_width__hover_enabled="off"][/et_pb_button][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="Trusted Security" _builder_version="4.17.4" global_colors_info="{}"][et_pb_row column_structure="1_3,2_3" admin_label="TSIS" module_id="TSIS" module_class="custom_row" _builder_version="4.16" width="90%" module_alignment="center" custom_margin="||||false|false" custom_padding="||||false|false" global_colors_info="{}"][et_pb_column type="1_3" module_class="second-on-mobile" _builder_version="4.16" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2019/11/security-imp.png" align_tablet="" align_phone="" align_last_edited="on|phone" _builder_version="4.16" max_width="300px" max_width_tablet="" max_width_phone="200px" max_width_last_edited="on|phone" module_alignment="center" custom_margin="||0px||false|false" custom_margin_tablet="" custom_margin_phone="" custom_margin_last_edited="on|phone" global_colors_info="{}"][/et_pb_image][et_pb_button button_url="@ET-DC@eyJkeW5hbWljIjp0cnVlLCJjb250ZW50IjoicG9zdF9saW5rX3VybF9wYWdlIiwic2V0dGluZ3MiOnsicG9zdF9pZCI6IjY3MTMifX0=@" button_text="See Product Line" button_alignment="center" admin_label="See Product Line" _builder_version="4.17.4" _dynamic_attributes="button_url" custom_button="on" button_text_size="16px" button_text_color="#ffffff" button_bg_color="#1D3557" button_border_color="rgba(0,0,0,0)" button_border_radius="100px" button_letter_spacing="2px" button_font="|600|||||||" button_icon="E||divi||400" button_icon_color="#ffffff" custom_margin="0px||30px||false|false" custom_padding="16px|32px|16px|32px|true|true" custom_padding_tablet="" custom_padding_phone="16px||16px||true|true" custom_padding_last_edited="on|phone" box_shadow_style="preset3" locked="off" global_colors_info="{}" button_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_bg_color__hover_enabled="off" button_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_letter_spacing__hover="3px" button_letter_spacing__hover_enabled="on|hover" button_border_width__hover_enabled="off"][/et_pb_button][/et_pb_column][et_pb_column type="2_3" module_class="first-on-mobile" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.17.4" global_colors_info="{}"]Trusted Security & Implementation Services Efficient and fully implemented services.[/et_pb_text][et_pb_text _builder_version="4.16" text_text_color="#1d3557" global_colors_info="{}"]Key Benefits Experienced Security Professionals Identify Risks and Gaps Recommendations & Actionable Insights Faster ROI [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="HPE Products from XYPRO" _builder_version="4.17.4" background_color="#ffffff" use_background_color_gradient="on" background_color_gradient_type="circular" background_color_gradient_stops="rgba(255,255,255,0) 0%|rgba(30,34,38,0.4) 100%" custom_margin="0px||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_row column_structure="2_3,1_3" admin_label="SDM" module_id="SDM" _builder_version="4.17.4" width="90%" module_alignment="center" custom_margin="||||false|false" custom_padding="||||false|false" global_colors_info="{}"][et_pb_column type="2_3" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.17.4" global_colors_info="{}"]HPE Software from XYPRO XYGATE Merged Audit (XMA) and User Authentication (XUA)[/et_pb_text][et_pb_text admin_label="Text" _builder_version="4.16" global_colors_info="{}"]Key Benefits Collect Data from any HPE NonStop and Application Source Forward data to both on premise or cloud environments Integrate with Splunk, RSA Netwitness, ElasticSearch, Logrhythm, Arcsight and more Highly scalable, reliable and secure Nothing additional to purchase. You already own it! Tracks changes automatically in SQL modules execution plans [/et_pb_text][/et_pb_column][et_pb_column type="1_3" _builder_version="4.16" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2019/11/db-man.png" _builder_version="4.16" max_width="300px" max_width_tablet="" max_width_phone="200px" max_width_last_edited="on|phone" module_alignment="center" global_colors_info="{}"][/et_pb_image][et_pb_button button_url="@ET-DC@eyJkeW5hbWljIjp0cnVlLCJjb250ZW50IjoicG9zdF9saW5rX3VybF9wYWdlIiwic2V0dGluZ3MiOnsicG9zdF9pZCI6IjIxOTc1MSJ9fQ==@" button_text="See Product Line" button_alignment="center" admin_label="Product Line Button" _builder_version="4.17.4" _dynamic_attributes="button_url" custom_button="on" button_text_size="16px" button_text_color="#ffffff" button_bg_color="#F17050" button_border_color="rgba(0,0,0,0)" button_border_radius="100px" button_letter_spacing="2px" button_font="|600|||||||" button_icon="E||divi||400" button_icon_color="#ffffff" custom_margin_tablet="" custom_margin_phone="" custom_margin_last_edited="on|phone" custom_padding="16px|32px|16px|32px|true|true" box_shadow_style="preset3" box_shadow_color="#091c4f" locked="off" global_colors_info="{}" button_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_bg_color__hover_enabled="off" button_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_letter_spacing__hover="3px" button_letter_spacing__hover_enabled="on|hover" button_border_width__hover_enabled="off"][/et_pb_button][/et_pb_column][/et_pb_row][/et_pb_section] #### Rapid Security Assessment Download [et_pb_section fb_built="1" next_background_color="#ffffff" admin_label="Hero Section" _builder_version="4.17.4" use_background_color_gradient="on" background_color_gradient_stops="rgba(0,93,164,0.8) 0%|rgba(29,53,87,0.78) 100%" background_color_gradient_start="rgba(0,93,164,0.8)" background_color_gradient_end="rgba(29,53,87,0.78)" background_image="https://xypro.com/wp-content/uploads/2021/08/software-bg.jpg" parallax="on" background_blend="overlay" custom_margin="||||false|false" custom_padding="0px||||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x" global_colors_info="{}"][et_pb_row _builder_version="4.16" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" custom_padding="40px|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text admin_label="Text" _builder_version="4.17.4" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" text_orientation="center" background_layout="dark" max_width="700px" module_alignment="center" custom_margin="||||false|false" custom_padding="50px||50px||false|false" global_colors_info="{}"]Rapid Security Assessment[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][et_pb_row _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][et_pb_text admin_label="Text" _builder_version="4.17.4" _module_preset="default" hover_enabled="0" global_colors_info="{}" sticky_enabled="0"]Congratulations! You've taken the first step to securing your data. Click the button below to download your free Rapid Security Assessment. Free Rapid Security Assessment PackageSize: 278 KBVersion: v1.73Published: July 14, 2022Download Now! Our team will contact you shortly to provide you with the results of the assessment. We look forward to speaking with you. The XYPRO Team.[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section] #### Register [et_pb_section fb_built="1" admin_label="section" _builder_version="4.16" hover_enabled="0" global_colors_info="{}" sticky_enabled="0"][et_pb_row admin_label="row" _builder_version="4.16" background_size="initial" background_position="top_left" background_repeat="repeat" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text admin_label="Text" _builder_version="4.16" background_size="initial" background_position="top_left" background_repeat="repeat" hover_enabled="0" global_colors_info="{}" sticky_enabled="0"]Welcome to the XYPRO Customer Care Center Please register here to get access to our support library.  After submitting your information, you will receive a confirmation and approval email shortly.  [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section] #### Resources URL: https://xypro.com/resources/ #### Risk Management & Real-Time Threat Detection [et_pb_section fb_built="1" next_background_color="#ffffff" admin_label="Hero Section" _builder_version="4.16" _module_preset="default" use_background_color_gradient="on" background_color_gradient_stops="#1d3557 0%|#0e2242 100%" background_color_gradient_start="#1d3557" background_color_gradient_end="#0e2242" background_image="/wp-content/uploads/slider4/fullwidthslide2.jpeg" background_blend="soft-light" custom_padding="0px||||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x" bottom_divider_arrangement="above_content" global_colors_info="{}"][et_pb_row column_structure="1_4,3_4" _builder_version="4.16" _module_preset="default" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="1_4" _builder_version="4.16" _module_preset="default" custom_padding="40px|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_image src="/wp-content/uploads/2019/11/sec-intelligence.png" align="right" _builder_version="4.16" _module_preset="c2ed67be-282c-4a6a-9003-ed460ed7a8f0" max_width="200px" max_width_tablet="" max_width_phone="160px" max_width_last_edited="on|phone" module_alignment="center" custom_margin="||||false|false" custom_padding="||||false|false" animation_style="none" module_alignment_tablet="" module_alignment_phone="center" module_alignment_last_edited="on|phone" border_radii="on|0px|0px|0px|0px" border_color_all="rgba(0,0,0,0)" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="3_4" _builder_version="4.16" _module_preset="default" custom_padding="40px|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text _builder_version="4.16" _module_preset="default" header_text_align="left" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" background_layout="dark" max_width="700px" max_width_tablet="" max_width_phone="" max_width_last_edited="on|desktop" module_alignment="left" custom_margin="||22px|auto|false|false" custom_padding="50px||50px||false|false" custom_padding_tablet="0px||50px||false|false" custom_padding_phone="" custom_padding_last_edited="on|phone" header_text_align_tablet="" header_text_align_phone="center" header_text_align_last_edited="on|phone" text_orientation_tablet="" text_orientation_phone="center" text_orientation_last_edited="on|phone" module_alignment_tablet="" module_alignment_phone="center" module_alignment_last_edited="on|phone" global_colors_info="{}"]Risk Management & Real-Time Threat Detection Security Intelligence and Analytics for HPE NonStop™ Integrity Servers.[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="XS1" module_id="XS1" _builder_version="4.16" _module_preset="default" background_color="#ffffff" custom_margin="0px||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_row column_structure="3_5,2_5" make_equal="on" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_column type="3_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.16" _module_preset="default" header_4_text_color="#5694c4" custom_margin="||0px||false|false" global_colors_info="{}"]XYGATE SecurityOne™ (XS1) NonStop Security Analytics[/et_pb_text][et_pb_text _builder_version="4.16" _module_preset="default" global_colors_info="{}"]XYGATE SecurityOne is a next-generation risk management and security analytics platform with all the necessary components to ensure your team is ready to face security threats. SecurityOne combines patented contextualization technology, real-time threat detection, integrity monitoring, compliance, privileged access management and much more, through a unified browser based dashboard - deployable on premise or in the cloud. SecurityOne strengthens your team with real-time threat and compliance data to ensure they can respond to risks quickly all while saving time, increasing operational efficiency of your resources and maximizing the return on your security investment.[/et_pb_text][/et_pb_column][et_pb_column type="2_5" _builder_version="4.16" _module_preset="default" custom_padding="8%||||false|false" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/01/XYGATE-SecurityOne-Datasheet-Image.webp" alt="XYGATE SecurityOne Datasheet Download (PDF)" title_text="XYGATE SecurityOne Datasheet Image" url="/wp-content/uploads/2026/01/XYGATE-SecurityOne-Datasheet.pdf" url_new_window="on" module_class="pdf-download" _builder_version="4.27.4" _module_preset="c2ed67be-282c-4a6a-9003-ed460ed7a8f0" width="125px" custom_margin="-25px||||false|false" custom_margin_tablet="-25px||||false|false" custom_margin_phone="-25px||||false|false" custom_margin_last_edited="on|tablet" animation_style="none" hover_enabled="0" border_radii="on|5px|5px|5px|5px" box_shadow_style="preset3" global_colors_info="{}" sticky_enabled="0"][/et_pb_image][et_pb_text _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"]XYGATE SecurityOne Data Sheet (PDF)[/et_pb_text][et_pb_image src="https://xypro.com/wp-content/uploads/2021/12/XS1-Business-Benefits-and-Financial-Analysis.jpeg" alt="XYGATE SecurityOne Datasheet Download (PDF)" title_text="XS1-Business-Benefits-and-Financial-Analysis" url="/wp-content/uploads/2020/11/XS1-Business-Benefits-and-Financial-Analysis.pdf" url_new_window="on" module_class="pdf-download" _builder_version="4.19.2" _module_preset="c2ed67be-282c-4a6a-9003-ed460ed7a8f0" width="125px" animation_style="none" border_radii="on|5px|5px|5px|5px" box_shadow_style="preset3" global_colors_info="{}"][/et_pb_image][et_pb_text _builder_version="4.16" _module_preset="default" link_option_url="XS1 Business Benefits and Financial Analysis" global_colors_info="{}"]XS1 Business Benefits and Financial Analysis (PDF)[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row disabled_on="on|on|on" _builder_version="4.19.2" _module_preset="default" custom_margin="||||false|false" custom_padding="0px||||false|false" disabled="on" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_divider divider_position="center" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_divider][et_pb_text _builder_version="4.16" _module_preset="default" global_colors_info="{}"]Threat Detection  |   Integrity Monitoring  |   Compliance  |   Appliance Sentry  |   Privileged Access Management  |   Object Security[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label="XS1 - Table" _builder_version="4.19.2" _module_preset="default" width="100%" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.19.2" _module_preset="default" global_colors_info="{}"][et_pb_code admin_label="XS1 Table - HTML" _builder_version="4.19.2" _module_preset="default" global_colors_info="{}"] XYGATE SecurityOne PackagesWhat's IncludedIntegrity MonitoringComplianceSuite+Meets PCI DSS 4.0Requirements 10, 11, 12Meets PCI DSS 4.0Requirements 2, 5, 6, 8, 10, 11, 12Meets PCI DSS 4.0Requirements 1 - 12Real-time, intelligent file system and configuration integrity monitorReal-time compliance monitoring for PCI, GDPR, HPE Hardening Guide and moreConfiguration & Compliance Monitoring for NonStop Appliances (console and CLIM)Patented Security Intelligence, Threat Detection, and AppliancesRole-Based Access ControlPrivileged Access ManagementKeystroke LoggingDynamic Object SecurityWildcard and Regex Protection for Resources and Objects[/et_pb_code][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" custom_padding_last_edited="on|desktop" admin_label="Threat Detection" module_id="threat-detection" _builder_version="4.16" _module_preset="default" background_color="rgba(0,0,0,0)" use_background_color_gradient="on" background_color_gradient_type="circular" background_color_gradient_stops="rgba(0,31,45,0.11) 16%|rgba(30,34,38,0.4) 100%" background_color_gradient_start="rgba(0,31,45,0.11)" background_color_gradient_start_position="16%" background_color_gradient_end="rgba(30,34,38,0.4)" parallax="on" custom_padding_tablet="||||false|false" custom_padding_phone="" bottom_divider_color="#ffffff" bottom_divider_height="10vw" bottom_divider_repeat="2x" bottom_divider_flip="horizontal" bottom_divider_height_tablet="90px" bottom_divider_height_phone="" bottom_divider_height_last_edited="on|tablet" bottom_divider_repeat_tablet="0x" bottom_divider_repeat_phone="" bottom_divider_repeat_last_edited="on|desktop" custom_width_px__hover="1080px" custom_width_px__hover_enabled="1080px" custom_width_percent__hover="80%" custom_width_percent__hover_enabled="80%" collapsed="off" global_colors_info="{}" gutter_width__hover="3" gutter_width__hover_enabled="3" parallax_1__hover="off" parallax_1__hover_enabled="off" parallax_2__hover="off" parallax_2__hover_enabled="off" parallax_3__hover="off" parallax_3__hover_enabled="off" parallax_method_1__hover="on" parallax_method_1__hover_enabled="on" parallax_method_2__hover="on" parallax_method_2__hover_enabled="on" parallax_method_3__hover="on" parallax_method_3__hover_enabled="on" use_background_color_gradient__hover="off" use_background_color_gradient__hover_enabled="off" background_color_gradient_start__hover="#2b87da" background_color_gradient_start__hover_enabled="#2b87da" background_color_gradient_end__hover="#29c4a9" background_color_gradient_end__hover_enabled="#29c4a9" background_color_gradient_direction__hover="180deg" background_color_gradient_direction__hover_enabled="180deg" background_color_gradient_type__hover="linear" background_color_gradient_type__hover_enabled="linear" background_color_gradient_direction_radial__hover="center" background_color_gradient_direction_radial__hover_enabled="center" background_color_gradient_start_position__hover="0%" background_color_gradient_start_position__hover_enabled="0%" background_color_gradient_end_position__hover="100%" background_color_gradient_end_position__hover_enabled="100%" background_color_gradient_overlays_image__hover="off" background_color_gradient_overlays_image__hover_enabled="off" parallax__hover="off" parallax__hover_enabled="off" parallax_method__hover="on" parallax_method__hover_enabled="on" background_size__hover="cover" background_size__hover_enabled="cover" background_position__hover="center" background_position__hover_enabled="center" background_repeat__hover="no-repeat" background_repeat__hover_enabled="no-repeat" background_blend__hover="normal" background_blend__hover_enabled="normal" allow_player_pause__hover="off" allow_player_pause__hover_enabled="off" background_video_pause_outside_viewport__hover="on" background_video_pause_outside_viewport__hover_enabled="on" inner_shadow__hover="off" inner_shadow__hover_enabled="off" make_fullwidth__hover="off" make_fullwidth__hover_enabled="off" use_custom_width__hover="off" use_custom_width__hover_enabled="off" width_unit__hover="on" width_unit__hover_enabled="on" make_equal__hover="off" make_equal__hover_enabled="off" use_custom_gutter__hover="off" use_custom_gutter__hover_enabled="off" border_radii__hover="on||||" border_radii__hover_enabled="on||||" box_shadow_style__hover="none" box_shadow_style__hover_enabled="none" box_shadow_color__hover="rgba(0,0,0,0.3)" box_shadow_color__hover_enabled="rgba(0,0,0,0.3)" max_width__hover="100%" max_width__hover_enabled="100%" filter_hue_rotate__hover="0deg" filter_hue_rotate__hover_enabled="0deg" filter_saturate__hover="100%" filter_saturate__hover_enabled="100%" filter_brightness__hover="100%" filter_brightness__hover_enabled="100%" filter_contrast__hover="100%" filter_contrast__hover_enabled="100%" filter_invert__hover="0%" filter_invert__hover_enabled="0%" filter_sepia__hover="0%" filter_sepia__hover_enabled="0%" filter_opacity__hover="100%" filter_opacity__hover_enabled="100%" filter_blur__hover="0px" filter_blur__hover_enabled="0px" mix_blend_mode__hover="normal" mix_blend_mode__hover_enabled="normal" animation_style__hover="none" animation_style__hover_enabled="none" animation_repeat__hover="once" animation_repeat__hover_enabled="once" animation_direction__hover="center" animation_direction__hover_enabled="center" animation_duration__hover="1000ms" animation_duration__hover_enabled="1000ms" animation_delay__hover="0ms" animation_delay__hover_enabled="0ms" animation_intensity_slide__hover="50%" animation_intensity_slide__hover_enabled="50%" animation_intensity_zoom__hover="50%" animation_intensity_zoom__hover_enabled="50%" animation_intensity_flip__hover="50%" animation_intensity_flip__hover_enabled="50%" animation_intensity_fold__hover="50%" animation_intensity_fold__hover_enabled="50%" animation_intensity_roll__hover="50%" animation_intensity_roll__hover_enabled="50%" animation_starting_opacity__hover="0%" animation_starting_opacity__hover_enabled="0%" animation_speed_curve__hover="ease-in-out" animation_speed_curve__hover_enabled="ease-in-out" hover_transition_duration__hover="300ms" hover_transition_duration__hover_enabled="300ms" hover_transition_delay__hover="0ms" hover_transition_delay__hover_enabled="0ms" hover_transition_speed_curve__hover="ease" hover_transition_speed_curve__hover_enabled="ease" background_color_gradient_stops__hover="#2b87da 0%|#29c4a9 100%"][et_pb_row column_structure="1_2,1_2" _builder_version="4.16" _module_preset="default" custom_margin="||||false|false" custom_padding="||0px||false|false" global_colors_info="{}"][et_pb_column type="1_2" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_column][et_pb_column type="1_2" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.16" _module_preset="default" global_colors_info="{}"]Threat Detection[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_2,1_2" make_equal="on" _builder_version="4.16" _module_preset="default" custom_margin="||||false|false" custom_padding="10px||||false|false" global_colors_info="{}"][et_pb_column type="1_2" _builder_version="4.16" _module_preset="default" custom_css_main_element="margin: auto;" global_colors_info="{}"][et_pb_text _builder_version="4.16" _module_preset="default" box_shadow_style="preset3" global_colors_info="{}"][/et_pb_text][/et_pb_column][et_pb_column type="1_2" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.16" _module_preset="default" header_4_text_color="#5694c4" global_colors_info="{}"]XYGATE SecurityOne® provides real-time Security Intelligence and Analytics for the HPE Integrity NonStop Server. XYGATE SecurityOne is designed to actively detect NonStop specific Indicators of Compromise and alert on suspicious activity. Using patented technology, XYGATE SecurityOne gathers data from multiple disparate NonStop server sources including application and system data, subsystems, user behavior, file operations, network data, command input and other sources and uses specialized security intelligence algorithms to correlate, contextualize and analyze events to paint a detailed security incident picture in real-time for the NonStop. This enables security operators to hone in on and detect security events before they culminate into an incident or breach.[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" custom_padding_last_edited="on|desktop" admin_label="Integrity Monitoring" module_id="integrity-monitoring" _builder_version="4.16" _module_preset="default" custom_padding_tablet="||||false|false" custom_padding_phone="" bottom_divider_color="#ffffff" bottom_divider_height="10vw" bottom_divider_repeat="2x" bottom_divider_flip="horizontal" bottom_divider_height_tablet="90px" bottom_divider_height_phone="" bottom_divider_height_last_edited="on|tablet" bottom_divider_repeat_tablet="0x" bottom_divider_repeat_phone="" bottom_divider_repeat_last_edited="on|desktop" custom_width_px__hover="1080px" custom_width_px__hover_enabled="1080px" custom_width_percent__hover="80%" custom_width_percent__hover_enabled="80%" collapsed="off" global_colors_info="{}" gutter_width__hover="3" gutter_width__hover_enabled="3" parallax_1__hover="off" parallax_1__hover_enabled="off" parallax_2__hover="off" parallax_2__hover_enabled="off" parallax_3__hover="off" parallax_3__hover_enabled="off" parallax_method_1__hover="on" parallax_method_1__hover_enabled="on" parallax_method_2__hover="on" parallax_method_2__hover_enabled="on" parallax_method_3__hover="on" parallax_method_3__hover_enabled="on" use_background_color_gradient__hover="off" use_background_color_gradient__hover_enabled="off" background_color_gradient_start__hover="#2b87da" background_color_gradient_start__hover_enabled="#2b87da" background_color_gradient_end__hover="#29c4a9" background_color_gradient_end__hover_enabled="#29c4a9" background_color_gradient_direction__hover="180deg" background_color_gradient_direction__hover_enabled="180deg" background_color_gradient_type__hover="linear" background_color_gradient_type__hover_enabled="linear" background_color_gradient_direction_radial__hover="center" background_color_gradient_direction_radial__hover_enabled="center" background_color_gradient_start_position__hover="0%" background_color_gradient_start_position__hover_enabled="0%" background_color_gradient_end_position__hover="100%" background_color_gradient_end_position__hover_enabled="100%" background_color_gradient_overlays_image__hover="off" background_color_gradient_overlays_image__hover_enabled="off" parallax__hover="off" parallax__hover_enabled="off" parallax_method__hover="on" parallax_method__hover_enabled="on" background_size__hover="cover" background_size__hover_enabled="cover" background_position__hover="center" background_position__hover_enabled="center" background_repeat__hover="no-repeat" background_repeat__hover_enabled="no-repeat" background_blend__hover="normal" background_blend__hover_enabled="normal" allow_player_pause__hover="off" allow_player_pause__hover_enabled="off" background_video_pause_outside_viewport__hover="on" background_video_pause_outside_viewport__hover_enabled="on" inner_shadow__hover="off" inner_shadow__hover_enabled="off" make_fullwidth__hover="off" make_fullwidth__hover_enabled="off" use_custom_width__hover="off" use_custom_width__hover_enabled="off" width_unit__hover="on" width_unit__hover_enabled="on" make_equal__hover="off" make_equal__hover_enabled="off" use_custom_gutter__hover="off" use_custom_gutter__hover_enabled="off" border_radii__hover="on||||" border_radii__hover_enabled="on||||" box_shadow_style__hover="none" box_shadow_style__hover_enabled="none" box_shadow_color__hover="rgba(0,0,0,0.3)" box_shadow_color__hover_enabled="rgba(0,0,0,0.3)" max_width__hover="100%" max_width__hover_enabled="100%" filter_hue_rotate__hover="0deg" filter_hue_rotate__hover_enabled="0deg" filter_saturate__hover="100%" filter_saturate__hover_enabled="100%" filter_brightness__hover="100%" filter_brightness__hover_enabled="100%" filter_contrast__hover="100%" filter_contrast__hover_enabled="100%" filter_invert__hover="0%" filter_invert__hover_enabled="0%" filter_sepia__hover="0%" filter_sepia__hover_enabled="0%" filter_opacity__hover="100%" filter_opacity__hover_enabled="100%" filter_blur__hover="0px" filter_blur__hover_enabled="0px" mix_blend_mode__hover="normal" mix_blend_mode__hover_enabled="normal" animation_style__hover="none" animation_style__hover_enabled="none" animation_repeat__hover="once" animation_repeat__hover_enabled="once" animation_direction__hover="center" animation_direction__hover_enabled="center" animation_duration__hover="1000ms" animation_duration__hover_enabled="1000ms" animation_delay__hover="0ms" animation_delay__hover_enabled="0ms" animation_intensity_slide__hover="50%" animation_intensity_slide__hover_enabled="50%" animation_intensity_zoom__hover="50%" animation_intensity_zoom__hover_enabled="50%" animation_intensity_flip__hover="50%" animation_intensity_flip__hover_enabled="50%" animation_intensity_fold__hover="50%" animation_intensity_fold__hover_enabled="50%" animation_intensity_roll__hover="50%" animation_intensity_roll__hover_enabled="50%" animation_starting_opacity__hover="0%" animation_starting_opacity__hover_enabled="0%" animation_speed_curve__hover="ease-in-out" animation_speed_curve__hover_enabled="ease-in-out" hover_transition_duration__hover="300ms" hover_transition_duration__hover_enabled="300ms" hover_transition_delay__hover="0ms" hover_transition_delay__hover_enabled="0ms" hover_transition_speed_curve__hover="ease" hover_transition_speed_curve__hover_enabled="ease" background_color_gradient_stops__hover="#2b87da 0%|#29c4a9 100%"][et_pb_row column_structure="1_2,1_2" _builder_version="4.16" _module_preset="default" custom_padding="||0px||false|false" global_colors_info="{}"][et_pb_column type="1_2" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.19.2" _module_preset="default" global_colors_info="{}"]Integrity Monitoring[/et_pb_text][/et_pb_column][et_pb_column type="1_2" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_column][/et_pb_row][et_pb_row make_equal="on" _builder_version="4.16" _module_preset="default" custom_margin="0px||||false|false" custom_padding="10px||||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.16" _module_preset="default" header_4_text_color="#5694c4" global_colors_info="{}"]Mission critical systems use a file-based architecture to store data. Core operating system and application binaries, logs, system and application configuration data, customer and business data and much more are stored as files. Attackers may attempt to overtake the operating system or application, steal or modify business-critical information or manipulate log files to hide malicious activity by targeting these files. Even authorized changes may result in misconfigurations, operator error or situations that expose the organization and data to increased risk of compromise. File and System Integrity monitoring identifies and alerts of any changes (create, modify, delete) to monitored systems and applications. Most regulatory compliance frameworks (PCI DSS, NERC CIP, FISMA, SOX, HIPAA, GLBA, ISO 17799 and more) require file and system integrity monitoring as a control for compliance. It is nearly impossible to achieve compliance without this control. XYGATE SecurityOne provides real-time file and system integrity monitoring for HPE NonStop systems and workloads. SecurityOne alerts integrate with a wide range of enterprise security systems such your SIEM, SOAR or ticketing system.[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" custom_padding_last_edited="on|desktop" admin_label="Compliance" module_id="compliance" _builder_version="4.16" _module_preset="default" background_color="rgba(0,0,0,0)" use_background_color_gradient="on" background_color_gradient_type="circular" background_color_gradient_stops="rgba(0,31,45,0.11) 16%|rgba(30,34,38,0.4) 100%" background_color_gradient_start="rgba(0,31,45,0.11)" background_color_gradient_start_position="16%" background_color_gradient_end="rgba(30,34,38,0.4)" parallax="on" custom_padding_tablet="||||false|false" custom_padding_phone="" bottom_divider_color="#ffffff" bottom_divider_height="10vw" bottom_divider_repeat="2x" bottom_divider_flip="horizontal" bottom_divider_height_tablet="90px" bottom_divider_height_phone="" bottom_divider_height_last_edited="on|tablet" bottom_divider_repeat_tablet="0x" bottom_divider_repeat_phone="" bottom_divider_repeat_last_edited="on|desktop" custom_width_px__hover="1080px" custom_width_px__hover_enabled="1080px" custom_width_percent__hover="80%" custom_width_percent__hover_enabled="80%" collapsed="on" global_colors_info="{}" gutter_width__hover="3" gutter_width__hover_enabled="3" parallax_1__hover="off" parallax_1__hover_enabled="off" parallax_2__hover="off" parallax_2__hover_enabled="off" parallax_3__hover="off" parallax_3__hover_enabled="off" parallax_method_1__hover="on" parallax_method_1__hover_enabled="on" parallax_method_2__hover="on" parallax_method_2__hover_enabled="on" parallax_method_3__hover="on" parallax_method_3__hover_enabled="on" use_background_color_gradient__hover="off" use_background_color_gradient__hover_enabled="off" background_color_gradient_start__hover="#2b87da" background_color_gradient_start__hover_enabled="#2b87da" background_color_gradient_end__hover="#29c4a9" background_color_gradient_end__hover_enabled="#29c4a9" background_color_gradient_direction__hover="180deg" background_color_gradient_direction__hover_enabled="180deg" background_color_gradient_type__hover="linear" background_color_gradient_type__hover_enabled="linear" background_color_gradient_direction_radial__hover="center" background_color_gradient_direction_radial__hover_enabled="center" background_color_gradient_start_position__hover="0%" background_color_gradient_start_position__hover_enabled="0%" background_color_gradient_end_position__hover="100%" background_color_gradient_end_position__hover_enabled="100%" background_color_gradient_overlays_image__hover="off" background_color_gradient_overlays_image__hover_enabled="off" parallax__hover="off" parallax__hover_enabled="off" parallax_method__hover="on" parallax_method__hover_enabled="on" background_size__hover="cover" background_size__hover_enabled="cover" background_position__hover="center" background_position__hover_enabled="center" background_repeat__hover="no-repeat" background_repeat__hover_enabled="no-repeat" background_blend__hover="normal" background_blend__hover_enabled="normal" allow_player_pause__hover="off" allow_player_pause__hover_enabled="off" background_video_pause_outside_viewport__hover="on" background_video_pause_outside_viewport__hover_enabled="on" inner_shadow__hover="off" inner_shadow__hover_enabled="off" make_fullwidth__hover="off" make_fullwidth__hover_enabled="off" use_custom_width__hover="off" use_custom_width__hover_enabled="off" width_unit__hover="on" width_unit__hover_enabled="on" make_equal__hover="off" make_equal__hover_enabled="off" use_custom_gutter__hover="off" use_custom_gutter__hover_enabled="off" border_radii__hover="on||||" border_radii__hover_enabled="on||||" box_shadow_style__hover="none" box_shadow_style__hover_enabled="none" box_shadow_color__hover="rgba(0,0,0,0.3)" box_shadow_color__hover_enabled="rgba(0,0,0,0.3)" max_width__hover="100%" max_width__hover_enabled="100%" filter_hue_rotate__hover="0deg" filter_hue_rotate__hover_enabled="0deg" filter_saturate__hover="100%" filter_saturate__hover_enabled="100%" filter_brightness__hover="100%" filter_brightness__hover_enabled="100%" filter_contrast__hover="100%" filter_contrast__hover_enabled="100%" filter_invert__hover="0%" filter_invert__hover_enabled="0%" filter_sepia__hover="0%" filter_sepia__hover_enabled="0%" filter_opacity__hover="100%" filter_opacity__hover_enabled="100%" filter_blur__hover="0px" filter_blur__hover_enabled="0px" mix_blend_mode__hover="normal" mix_blend_mode__hover_enabled="normal" animation_style__hover="none" animation_style__hover_enabled="none" animation_repeat__hover="once" animation_repeat__hover_enabled="once" animation_direction__hover="center" animation_direction__hover_enabled="center" animation_duration__hover="1000ms" animation_duration__hover_enabled="1000ms" animation_delay__hover="0ms" animation_delay__hover_enabled="0ms" animation_intensity_slide__hover="50%" animation_intensity_slide__hover_enabled="50%" animation_intensity_zoom__hover="50%" animation_intensity_zoom__hover_enabled="50%" animation_intensity_flip__hover="50%" animation_intensity_flip__hover_enabled="50%" animation_intensity_fold__hover="50%" animation_intensity_fold__hover_enabled="50%" animation_intensity_roll__hover="50%" animation_intensity_roll__hover_enabled="50%" animation_starting_opacity__hover="0%" animation_starting_opacity__hover_enabled="0%" animation_speed_curve__hover="ease-in-out" animation_speed_curve__hover_enabled="ease-in-out" hover_transition_duration__hover="300ms" hover_transition_duration__hover_enabled="300ms" hover_transition_delay__hover="0ms" hover_transition_delay__hover_enabled="0ms" hover_transition_speed_curve__hover="ease" hover_transition_speed_curve__hover_enabled="ease" background_color_gradient_stops__hover="#2b87da 0%|#29c4a9 100%"][et_pb_row column_structure="1_2,1_2" _builder_version="4.16" _module_preset="default" custom_padding="||0px||false|false" global_colors_info="{}"][et_pb_column type="1_2" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_column][et_pb_column type="1_2" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.19.2" _module_preset="default" global_colors_info="{}"]Compliance[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_2,1_2" make_equal="on" _builder_version="4.16" _module_preset="default" custom_margin="0px||||false|false" custom_padding="10px||||false|false" global_colors_info="{}"][et_pb_column type="1_2" _builder_version="4.16" _module_preset="default" custom_css_main_element="margin: auto;" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2019/12/xs1-clim-top-e1580512463778.jpg" alt="Appliance Sentry Dashboard illustrating the CLIM Risk Manager" title_text="Appliance Sentry Dashboard illustrating the CLIM Risk Manager" _builder_version="4.19.2" _module_preset="c2ed67be-282c-4a6a-9003-ed460ed7a8f0" border_radii="on|3px|3px|3px|3px" box_shadow_style="preset3" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="1_2" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.16" _module_preset="default" header_4_text_color="#5694c4" global_colors_info="{}"]PCI DSS requires a network and system security status scan every 90 days.  Businesses must identify and remediate all critical vulnerabilities detected during every scan. XYGATE SecurityOne compliance scanning is automated and risks are reported in real-time. This simplifies compliance activities and ensures the operational efficiency of your resources. SecurityOne provides easy to understand, detailed reports of your current and ongoing compliance status that are easily extended to other compliance frameworks such as GDPR, The HPE Hardening Guide and more. XS1 Compliance results are delivered through an easy to understand browser based dashboard for a comprehensive and continuous picture of your compliance status.[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" custom_padding_last_edited="on|desktop" admin_label="Appliance Sentry" module_id="appliance-sentry" _builder_version="4.16" _module_preset="default" custom_padding_tablet="||||false|false" custom_padding_phone="" bottom_divider_color="#ffffff" bottom_divider_height="10vw" bottom_divider_repeat="2x" bottom_divider_flip="horizontal" bottom_divider_height_tablet="90px" bottom_divider_height_phone="" bottom_divider_height_last_edited="on|tablet" bottom_divider_repeat_tablet="0x" bottom_divider_repeat_phone="" bottom_divider_repeat_last_edited="on|desktop" custom_width_px__hover="1080px" custom_width_px__hover_enabled="1080px" custom_width_percent__hover="80%" custom_width_percent__hover_enabled="80%" collapsed="off" global_colors_info="{}" gutter_width__hover="3" gutter_width__hover_enabled="3" parallax_1__hover="off" parallax_1__hover_enabled="off" parallax_2__hover="off" parallax_2__hover_enabled="off" parallax_3__hover="off" parallax_3__hover_enabled="off" parallax_method_1__hover="on" parallax_method_1__hover_enabled="on" parallax_method_2__hover="on" parallax_method_2__hover_enabled="on" parallax_method_3__hover="on" parallax_method_3__hover_enabled="on" use_background_color_gradient__hover="off" use_background_color_gradient__hover_enabled="off" background_color_gradient_start__hover="#2b87da" background_color_gradient_start__hover_enabled="#2b87da" background_color_gradient_end__hover="#29c4a9" background_color_gradient_end__hover_enabled="#29c4a9" background_color_gradient_direction__hover="180deg" background_color_gradient_direction__hover_enabled="180deg" background_color_gradient_type__hover="linear" background_color_gradient_type__hover_enabled="linear" background_color_gradient_direction_radial__hover="center" background_color_gradient_direction_radial__hover_enabled="center" background_color_gradient_start_position__hover="0%" background_color_gradient_start_position__hover_enabled="0%" background_color_gradient_end_position__hover="100%" background_color_gradient_end_position__hover_enabled="100%" background_color_gradient_overlays_image__hover="off" background_color_gradient_overlays_image__hover_enabled="off" parallax__hover="off" parallax__hover_enabled="off" parallax_method__hover="on" parallax_method__hover_enabled="on" background_size__hover="cover" background_size__hover_enabled="cover" background_position__hover="center" background_position__hover_enabled="center" background_repeat__hover="no-repeat" background_repeat__hover_enabled="no-repeat" background_blend__hover="normal" background_blend__hover_enabled="normal" allow_player_pause__hover="off" allow_player_pause__hover_enabled="off" background_video_pause_outside_viewport__hover="on" background_video_pause_outside_viewport__hover_enabled="on" inner_shadow__hover="off" inner_shadow__hover_enabled="off" make_fullwidth__hover="off" make_fullwidth__hover_enabled="off" use_custom_width__hover="off" use_custom_width__hover_enabled="off" width_unit__hover="on" width_unit__hover_enabled="on" make_equal__hover="off" make_equal__hover_enabled="off" use_custom_gutter__hover="off" use_custom_gutter__hover_enabled="off" border_radii__hover="on||||" border_radii__hover_enabled="on||||" box_shadow_style__hover="none" box_shadow_style__hover_enabled="none" box_shadow_color__hover="rgba(0,0,0,0.3)" box_shadow_color__hover_enabled="rgba(0,0,0,0.3)" max_width__hover="100%" max_width__hover_enabled="100%" filter_hue_rotate__hover="0deg" filter_hue_rotate__hover_enabled="0deg" filter_saturate__hover="100%" filter_saturate__hover_enabled="100%" filter_brightness__hover="100%" filter_brightness__hover_enabled="100%" filter_contrast__hover="100%" filter_contrast__hover_enabled="100%" filter_invert__hover="0%" filter_invert__hover_enabled="0%" filter_sepia__hover="0%" filter_sepia__hover_enabled="0%" filter_opacity__hover="100%" filter_opacity__hover_enabled="100%" filter_blur__hover="0px" filter_blur__hover_enabled="0px" mix_blend_mode__hover="normal" mix_blend_mode__hover_enabled="normal" animation_style__hover="none" animation_style__hover_enabled="none" animation_repeat__hover="once" animation_repeat__hover_enabled="once" animation_direction__hover="center" animation_direction__hover_enabled="center" animation_duration__hover="1000ms" animation_duration__hover_enabled="1000ms" animation_delay__hover="0ms" animation_delay__hover_enabled="0ms" animation_intensity_slide__hover="50%" animation_intensity_slide__hover_enabled="50%" animation_intensity_zoom__hover="50%" animation_intensity_zoom__hover_enabled="50%" animation_intensity_flip__hover="50%" animation_intensity_flip__hover_enabled="50%" animation_intensity_fold__hover="50%" animation_intensity_fold__hover_enabled="50%" animation_intensity_roll__hover="50%" animation_intensity_roll__hover_enabled="50%" animation_starting_opacity__hover="0%" animation_starting_opacity__hover_enabled="0%" animation_speed_curve__hover="ease-in-out" animation_speed_curve__hover_enabled="ease-in-out" hover_transition_duration__hover="300ms" hover_transition_duration__hover_enabled="300ms" hover_transition_delay__hover="0ms" hover_transition_delay__hover_enabled="0ms" hover_transition_speed_curve__hover="ease" hover_transition_speed_curve__hover_enabled="ease" background_color_gradient_stops__hover="#2b87da 0%|#29c4a9 100%"][et_pb_row column_structure="1_2,1_2" _builder_version="4.16" _module_preset="default" custom_padding="||0px||false|false" global_colors_info="{}"][et_pb_column type="1_2" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.19.2" _module_preset="default" global_colors_info="{}"]Appliance Sentry[/et_pb_text][/et_pb_column][et_pb_column type="1_2" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][/et_pb_column][/et_pb_row][et_pb_row column_structure="3_5,2_5" make_equal="on" _builder_version="4.16" _module_preset="default" custom_margin="0px||||false|false" custom_padding="10px||||false|false" global_colors_info="{}"][et_pb_column type="3_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.16" _module_preset="default" header_4_text_color="#5694c4" global_colors_info="{}"]Insecure and misconfigured appliances (or endpoints) like NonStop Cluster I/O Modules (CLIM) and NonStop Consoles (NSC) put your entire ecosystem at risk from external threats, data loss, and unauthorized access. Mitigating these risks is required for a secure environment. Different appliances CLIM and NSC security requires different tools to manage and enforce corporate policies. Monitoring these appliances has been largely a mystery or downright neglected because visibility into CLIM and NSC security has never existed – until now. XYGATE SecurityOne – Appliance Sentry Module (ASM) continuously monitors your Appliances, identifies insecure or misconfigured settings and provides a risk score and remediation actions to ensure your appliances get to a healthy state and stay there.[/et_pb_text][/et_pb_column][et_pb_column type="2_5" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2021/12/2019-XYGATE-SecurityOne-pdf.jpg" alt="Appliance Sentry Dashboard illustrating the CLIM Risk Manager" title_text="2019-XYGATE-SecurityOne-pdf" url="/wp-content/uploads/2020/01/2019-XYGATE-SecurityOne-Appliance-Sentry-Monitor.pdf" url_new_window="on" module_class="datasheet-pdf" _builder_version="4.19.2" _module_preset="c2ed67be-282c-4a6a-9003-ed460ed7a8f0" width="200px" border_radii="on|5px|5px|5px|5px" box_shadow_style="preset3" global_colors_info="{}"][/et_pb_image][et_pb_text _builder_version="4.16" _module_preset="default" global_colors_info="{}"]XYGATE SecurityOne Appliance Sentry Monitor Data Sheet (PDF)[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" custom_padding_last_edited="on|desktop" admin_label="Privileged Access Management" module_id="access-management" _builder_version="4.16" _module_preset="default" background_color="rgba(0,0,0,0)" use_background_color_gradient="on" background_color_gradient_type="circular" background_color_gradient_stops="rgba(0,31,45,0.11) 16%|rgba(30,34,38,0.4) 100%" background_color_gradient_start="rgba(0,31,45,0.11)" background_color_gradient_start_position="16%" background_color_gradient_end="rgba(30,34,38,0.4)" parallax="on" custom_padding_tablet="||||false|false" custom_padding_phone="" bottom_divider_color="#ffffff" bottom_divider_height="10vw" bottom_divider_repeat="2x" bottom_divider_flip="horizontal" bottom_divider_height_tablet="90px" bottom_divider_height_phone="" bottom_divider_height_last_edited="on|tablet" bottom_divider_repeat_tablet="0x" bottom_divider_repeat_phone="" bottom_divider_repeat_last_edited="on|desktop" custom_width_px__hover="1080px" custom_width_px__hover_enabled="1080px" custom_width_percent__hover="80%" custom_width_percent__hover_enabled="80%" collapsed="off" global_colors_info="{}" gutter_width__hover="3" gutter_width__hover_enabled="3" parallax_1__hover="off" parallax_1__hover_enabled="off" parallax_2__hover="off" parallax_2__hover_enabled="off" parallax_3__hover="off" parallax_3__hover_enabled="off" parallax_method_1__hover="on" parallax_method_1__hover_enabled="on" parallax_method_2__hover="on" parallax_method_2__hover_enabled="on" parallax_method_3__hover="on" parallax_method_3__hover_enabled="on" use_background_color_gradient__hover="off" use_background_color_gradient__hover_enabled="off" background_color_gradient_start__hover="#2b87da" background_color_gradient_start__hover_enabled="#2b87da" background_color_gradient_end__hover="#29c4a9" background_color_gradient_end__hover_enabled="#29c4a9" background_color_gradient_direction__hover="180deg" background_color_gradient_direction__hover_enabled="180deg" background_color_gradient_type__hover="linear" background_color_gradient_type__hover_enabled="linear" background_color_gradient_direction_radial__hover="center" background_color_gradient_direction_radial__hover_enabled="center" background_color_gradient_start_position__hover="0%" background_color_gradient_start_position__hover_enabled="0%" background_color_gradient_end_position__hover="100%" background_color_gradient_end_position__hover_enabled="100%" background_color_gradient_overlays_image__hover="off" background_color_gradient_overlays_image__hover_enabled="off" parallax__hover="off" parallax__hover_enabled="off" parallax_method__hover="on" parallax_method__hover_enabled="on" background_size__hover="cover" background_size__hover_enabled="cover" background_position__hover="center" background_position__hover_enabled="center" background_repeat__hover="no-repeat" background_repeat__hover_enabled="no-repeat" background_blend__hover="normal" background_blend__hover_enabled="normal" allow_player_pause__hover="off" allow_player_pause__hover_enabled="off" background_video_pause_outside_viewport__hover="on" background_video_pause_outside_viewport__hover_enabled="on" inner_shadow__hover="off" inner_shadow__hover_enabled="off" make_fullwidth__hover="off" make_fullwidth__hover_enabled="off" use_custom_width__hover="off" use_custom_width__hover_enabled="off" width_unit__hover="on" width_unit__hover_enabled="on" make_equal__hover="off" make_equal__hover_enabled="off" use_custom_gutter__hover="off" use_custom_gutter__hover_enabled="off" border_radii__hover="on||||" border_radii__hover_enabled="on||||" box_shadow_style__hover="none" box_shadow_style__hover_enabled="none" box_shadow_color__hover="rgba(0,0,0,0.3)" box_shadow_color__hover_enabled="rgba(0,0,0,0.3)" max_width__hover="100%" max_width__hover_enabled="100%" filter_hue_rotate__hover="0deg" filter_hue_rotate__hover_enabled="0deg" filter_saturate__hover="100%" filter_saturate__hover_enabled="100%" filter_brightness__hover="100%" filter_brightness__hover_enabled="100%" filter_contrast__hover="100%" filter_contrast__hover_enabled="100%" filter_invert__hover="0%" filter_invert__hover_enabled="0%" filter_sepia__hover="0%" filter_sepia__hover_enabled="0%" filter_opacity__hover="100%" filter_opacity__hover_enabled="100%" filter_blur__hover="0px" filter_blur__hover_enabled="0px" mix_blend_mode__hover="normal" mix_blend_mode__hover_enabled="normal" animation_style__hover="none" animation_style__hover_enabled="none" animation_repeat__hover="once" animation_repeat__hover_enabled="once" animation_direction__hover="center" animation_direction__hover_enabled="center" animation_duration__hover="1000ms" animation_duration__hover_enabled="1000ms" animation_delay__hover="0ms" animation_delay__hover_enabled="0ms" animation_intensity_slide__hover="50%" animation_intensity_slide__hover_enabled="50%" animation_intensity_zoom__hover="50%" animation_intensity_zoom__hover_enabled="50%" animation_intensity_flip__hover="50%" animation_intensity_flip__hover_enabled="50%" animation_intensity_fold__hover="50%" animation_intensity_fold__hover_enabled="50%" animation_intensity_roll__hover="50%" animation_intensity_roll__hover_enabled="50%" animation_starting_opacity__hover="0%" animation_starting_opacity__hover_enabled="0%" animation_speed_curve__hover="ease-in-out" animation_speed_curve__hover_enabled="ease-in-out" hover_transition_duration__hover="300ms" hover_transition_duration__hover_enabled="300ms" hover_transition_delay__hover="0ms" hover_transition_delay__hover_enabled="0ms" hover_transition_speed_curve__hover="ease" hover_transition_speed_curve__hover_enabled="ease" background_color_gradient_stops__hover="#2b87da 0%|#29c4a9 100%"][et_pb_row _builder_version="4.16" _module_preset="default" custom_padding="||0px||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.19.2" _module_preset="default" text_orientation="right" global_colors_info="{}"] #### Secure Database Management [et_pb_section fb_built="1" next_background_color="#ffffff" admin_label="Hero Section" _builder_version="4.0.4" use_background_color_gradient="on" background_color_gradient_start="#1d3557" background_color_gradient_end="#0e2242" background_image="/wp-content/uploads/slider4/fullwidthslide2.jpeg" background_blend="soft-light" custom_padding="0px||||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x" bottom_divider_arrangement="above_content"][et_pb_row column_structure="1_4,3_4" _builder_version="3.29.3" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="||||false|false" custom_padding="0px||||false|false"][et_pb_column type="1_4" _builder_version="3.25" custom_padding="40px|||" custom_padding__hover="|||"][et_pb_image src="https://xypro.com/wp-content/uploads/2019/11/db-man-white.png" align="right" _builder_version="4.3" max_width="200px" max_width_tablet="" max_width_phone="180px" max_width_last_edited="on|phone" custom_margin="||||false|false" custom_padding="||||false|false" animation_style="none" border_radii="on|0px|0px|0px|0px" border_color_all="rgba(0,0,0,0)"][/et_pb_image][/et_pb_column][et_pb_column type="3_4" _builder_version="3.25" custom_padding="40px|||" custom_padding__hover="|||"][et_pb_text _builder_version="4.3" header_text_align="left" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" background_layout="dark" max_width="700px" module_alignment="left" custom_margin="||22px|auto|false|false" custom_padding="50px||50px||false|false" custom_padding_tablet="0px||50px||false|false" custom_padding_phone="" custom_padding_last_edited="on|phone" header_text_align_tablet="" header_text_align_phone="center" header_text_align_last_edited="on|phone" text_orientation_tablet="" text_orientation_phone="center" text_orientation_last_edited="on|phone"]Secure Database Management Modern, graphical-based solutions to manage NonStop SQL and Enscribe databases.[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="SQLXPress" module_id="SQLXPress" _builder_version="4.2.2" background_color="#ffffff" custom_margin="0px||||false|false" custom_padding="0px||30px||false|false"][et_pb_row _builder_version="4.0.2"][et_pb_column type="4_4" _builder_version="4.0.2"][et_pb_text _builder_version="4.0.5" header_4_text_color="#5694c4"]SQLXPress An Integrated set of Management Tools for HPE NonStop SQL Databases. SQLXPress is an easy-to-use Windows based Graphical User Interface for comprehensive management of HPE NonStop SQL databases. It has a modular architecture and can be configured to support SQL/MX, SQL/MP, or both. SQLXPress provides comprehensive support for managing large, complex database environments. The solution is an essential companion product for NonStop SQL. It is an integrated set of tools specifically designed to work with SQL/MX version 2.3 or later and SQL/MP version 350. SQLXPress’s modular design offers tools for database administrators, software developers, quality assurance analysts and technical support staff. We never knew what we were missing without SQLXPress. We'll never go back![/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_2,1_2" _builder_version="4.9.4" custom_margin="0px||||false|false" custom_padding="0px||0px||false|false" hover_enabled="0" sticky_enabled="0"][et_pb_column type="1_2" _builder_version="4.0.9"][et_pb_text _builder_version="4.2.2"] Effective SQL query tuning Apply commands to multiple objects Boost productivity with wildcards Advanced partition management SQL statistics management (including copy, backup, and restore) [/et_pb_text][/et_pb_column][et_pb_column type="1_2" _builder_version="4.0.9"][et_pb_text _builder_version="4.0.4"] SQL "whiteboard" supports syntax highlighting, code completion, command history, and more Import and export data between NonStop SQL and other databases Track plans for programs, modules, and stand-alone queries Security Audits [/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="4.9.4" custom_margin="||||false|false" custom_padding="||||false|false" hover_enabled="0" sticky_enabled="0"][et_pb_column type="4_4" _builder_version="4.0.9"][et_pb_image src="https://xypro.com/wp-content/uploads/2020/01/2019-SQLXPress-pdf.jpg" alt="SQLXpress Datasheet Download (PDF)" title_text="SQLXpress Datasheet Download (PDF)" url="/wp-content/uploads/2020/01/2019-SQLXPress.pdf" url_new_window="on" module_class="pdf-download" _builder_version="4.2.2" width="200px" border_radii="on|5px|5px|5px|5px" box_shadow_style="preset3"][/et_pb_image][et_pb_text _builder_version="4.2.2"]SQLXPress Data Sheet (PDF)[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="MARS" module_id="MARS" _builder_version="4.2.2" background_color="#ffffff" custom_margin="0px||||false|false" custom_padding="0px||0px||false|false"][et_pb_row _builder_version="4.0.2"][et_pb_column type="4_4" _builder_version="4.0.2"][et_pb_text _builder_version="4.0.5" header_4_text_color="#5694c4"]Merlon Auto Reload System (MARS) Integrated set of Management Tools for HPE NonStop SQL Databases Most application databases include key-sequenced objects on which records are added and deleted on a regular basis. Over time, this can degrade database organization, impacting access times and increasing the performance overhead of using those objects. Disk space, allocated for deleted records, can also become unavailable. Manual methods increase the risk of human error and degrades system performance. Analysis and reload of those objects has a relatively high resourced cost. Automating these activities improves system performance and staff productivity. Automating reloads with MARS has saved us so much time! [/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="4.9.4" custom_margin="|auto||auto|false|false" custom_padding="||||false|false" hover_enabled="0" sticky_enabled="0"][et_pb_column type="4_4" _builder_version="4.9.4" hover_enabled="0" sticky_enabled="0"][et_pb_image src="https://xypro.com/wp-content/uploads/2020/01/2019-Merlon-MARS-pdf.jpg" alt="Merlon MARS Datasheet Download (PDF)" title_text="Merlon MARS Datasheet Download (PDF)" url="/wp-content/uploads/2020/01/2019-Merlon-MARS.pdf" url_new_window="on" module_class="pdf-download" _builder_version="4.2.2" width="200px" border_radii="on|5px|5px|5px|5px" box_shadow_style="preset3"][/et_pb_image][et_pb_text _builder_version="4.2.2"]Merlon MARS Data Sheet (PDF)[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_2,1_2" _builder_version="4.0.9" custom_margin="0px||||false|false" custom_padding="0px||||false|false"][et_pb_column type="1_2" _builder_version="4.0.9"][et_pb_text _builder_version="4.2.2"] Improve Efficiency Eliminate analysis overhead Reduce Risk Reduce Errors Reduce Costs Advanced Technology Audited activities [/et_pb_text][/et_pb_column][et_pb_column type="1_2" _builder_version="4.0.9"][et_pb_text _builder_version="4.2.2"] Reload Objects Automatically Granular scheduling of file selection and reloads Identify files by name, size, type, owner, TMF protected Ensure critical files are reloaded first Restrict reloads to specific CPUs Control and monitor the progress of reloads Stop and restart reloads with a single command [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section] #### Strengthening Cyber Resilience in 2026 Download [et_pb_section fb_built="1" next_background_color="#ffffff" admin_label="Hero Section" _builder_version="4.17.4" use_background_color_gradient="on" background_color_gradient_stops="rgba(0,93,164,0.8) 0%|rgba(29,53,87,0.78) 100%" background_color_gradient_start="rgba(0,93,164,0.8)" background_color_gradient_end="rgba(29,53,87,0.78)" background_image="https://xypro.com/wp-content/uploads/2021/08/software-bg.jpg" parallax="on" background_blend="overlay" custom_margin="||||false|false" custom_padding="0px||||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x" global_colors_info="{}"][et_pb_row _builder_version="4.16" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" custom_padding="40px|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text admin_label="Text" _builder_version="4.27.4" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" text_orientation="center" background_layout="dark" max_width="700px" module_alignment="center" custom_margin="||||false|false" custom_padding="50px||50px||false|false" global_colors_info="{}"]Strengthening Cyber Resilience in 2026[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][et_pb_row _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][et_pb_text admin_label="Text" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"]Congratulations! You've taken the first step to securing your data. Click the button below to download your free Strengthening Cyber Resilience in 2026 WHITEPAPER. Strengthening Cyber Resilience in 2026 WHITEPAPERSize: 5.21 MBVersion: v4.0.1Download Now! The XYPRO Team.[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.17.4" _module_preset="default" custom_margin="0px||||false|false" custom_padding="0px||||false|false" hover_enabled="0" global_colors_info="{}" sticky_enabled="0" locked="off"][/et_pb_section] #### Support URL: https://xypro.com/support/ #### Support Site is Down For Scheduled Maintenance WEBSITE SCHEDULED MAINTENANCE NOTICE XYPRO will be conducting server maintenance on the XYPRO Customer Portal to ensure an improved and secure customer experience. Access to the Customer Portal and software downloads will be unavailable during this time. If you have any questions, please contact support@xypro.com or call +1 805 583 2874. We appreciate your patience. #### The XYPRO Way [et_pb_section fb_built="1" next_background_color="#ffffff" admin_label="Hero Section" _builder_version="3.29.3" use_background_color_gradient="on" background_color_gradient_start="#005DA4" background_color_gradient_end="#1D3557" custom_padding="0px||||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x"][et_pb_row _builder_version="3.29.3" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="||||false|false" custom_padding="0px||||false|false"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="40px|||" custom_padding__hover="|||"][et_pb_text _builder_version="4.0.5" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" text_orientation="center" background_layout="dark" max_width="700px" module_alignment="center" custom_margin="||||false|false" custom_padding="50px||50px||false|false"]The XYPRO Way[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.0.2" custom_padding="30px||30px||false|false"][et_pb_row admin_label="MISSION" _builder_version="4.0.2" custom_padding="0px||||false|false"][et_pb_column type="4_4" _builder_version="4.0.2"][et_pb_text _builder_version="4.0.2"]Our Mission Since our founding in 1983, technology leaders and corporate decision makers at companies processing mission critical data have used XYPRO security solutions to protect against catastrophic data loss, financial loss, reputation damage and regulatory intervention, through all stages of their company’s growth. Delivering HPE NonStop risk management solutions longer than anyone, we strive for meaningful and strategic business relationships while providing great support and delivering leading edge security solutions. At XYPRO, we believe that no data is as important as your data and we protect your data as if it was our own.[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row module_class="custom_row" _builder_version="4.4.6" global_module="219223"][et_pb_column type="4_4" _builder_version="4.4.6"][et_pb_video src="https://xypro.com/wp-content/uploads/2020/06/XYPRO-VIDEO-3-People-Culture.mp4" image_src="https://xypro.com/wp-content/uploads/2020/06/2020-06-29_13h50_45.jpg" thumbnail_overlay_color="rgba(0,0,0,0.6)" src_webm_tablet="" src_webm_phone="" src_webm_last_edited="on|desktop" _builder_version="4.4.6" width="65%" module_alignment="center" box_shadow_style="preset3" src_webm__hover_enabled="on|desktop"][/et_pb_video][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.0.5" custom_margin="||||false|false" custom_padding="0px||||false|false" top_divider_color="#5694c4"][et_pb_row admin_label="CORE VALUES" module_id="xyproway" _builder_version="4.2.2"][et_pb_column type="4_4" _builder_version="4.0.4"][et_pb_text _builder_version="4.0.5"]The XYPRO Way[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_2,1_2" _builder_version="4.0.4"][et_pb_column type="1_2" _builder_version="4.0.4"][et_pb_blurb title="Be Reliable & Responsible" use_icon="on" font_icon="%%214%%" _builder_version="4.0.5" animation_style="slide" animation_delay="250ms"]When you make the effort to ensure you’ve done all you can to answer that question, fulfill that request, meet that deadline or discover the solution to that problem – we all win.  [/et_pb_blurb][/et_pb_column][et_pb_column type="1_2" _builder_version="4.0.5"][et_pb_blurb title="Build Positive Channels of Communication" use_icon="on" font_icon="%%222%%" _builder_version="4.0.5" animation_style="slide" animation_delay="250ms"]We make the effort to ensure effective communication at all levels; empathy up and down the chain is critical. When we trust each other, the customers can trust us.[/et_pb_blurb][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_2,1_2" _builder_version="4.0.4"][et_pb_column type="1_2" _builder_version="4.0.4"][et_pb_blurb title="Care Enough" use_icon="on" font_icon="%%202%%" _builder_version="4.0.5" animation_style="slide" animation_delay="250ms"]Quality is the result when you care enough to "make sure it's right."[/et_pb_blurb][/et_pb_column][et_pb_column type="1_2" _builder_version="4.0.4"][et_pb_blurb title="Excellent Service is the Only Kind" use_icon="on" font_icon="%%277%%" _builder_version="4.0.5" animation_style="slide" animation_delay="250ms"]What kind of customer service would you expect? [/et_pb_blurb][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_2,1_2" _builder_version="4.0.5"][et_pb_column type="1_2" _builder_version="4.0.5"][et_pb_blurb title="Embrace Growth & Innovation" use_icon="on" font_icon="%%234%%" _builder_version="4.0.5" animation_style="slide" animation_delay="250ms"]There's always room for improvement and innovation is only successful when in conjunction with the ability to deliver the result to a market that exists.[/et_pb_blurb][/et_pb_column][et_pb_column type="1_2" _builder_version="4.0.5"][et_pb_blurb title="Hard Work & Cooperation (Without Forgetting the Fun!)" use_icon="on" font_icon="%%259%%" _builder_version="4.0.5" animation_style="slide" animation_delay="250ms"]We're not here to mark the time between 8 and 5. Our customers deserve our best effort, your coworkers deserve your best effort. All while toasting victories, celebrating birthdays, and other good excuses to eat cake![/et_pb_blurb][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_2,1_2" _builder_version="4.0.4"][et_pb_column type="1_2" _builder_version="4.0.4"][et_pb_blurb title="Love What You Do" use_icon="on" font_icon="%%257%%" _builder_version="4.0.5" animation_style="slide" animation_delay="250ms"]If you don't, you owe it to yourself to ask "why?"[/et_pb_blurb][/et_pb_column][et_pb_column type="1_2" _builder_version="4.0.4"][et_pb_blurb title="Be Humble" use_icon="on" font_icon="%%258%%" _builder_version="4.0.5" animation_style="slide" animation_delay="250ms"]Humility is not weakness.  Receive feedback and turn criticism into a plan for growth and development. [/et_pb_blurb][/et_pb_column][/et_pb_row][/et_pb_section] #### Trusted Security & Implementation Services [et_pb_section fb_built="1" next_background_color="#ffffff" admin_label="Hero Section" _builder_version="4.16" use_background_color_gradient="on" background_color_gradient_stops="#1d3557 0%|#0e2242 100%" background_color_gradient_start="#1d3557" background_color_gradient_end="#0e2242" background_image="/wp-content/uploads/slider4/fullwidthslide2.jpeg" background_blend="soft-light" custom_padding="0px||||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x" bottom_divider_arrangement="above_content" global_colors_info="{}"][et_pb_row column_structure="1_4,3_4" _builder_version="4.16" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="1_4" _builder_version="4.16" custom_padding="40px|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_image src="https://xypro.com/wp-content/uploads/2019/11/security-imp-white.png" align="right" _builder_version="4.16" max_width="200px" max_width_tablet="" max_width_phone="180px" max_width_last_edited="on|phone" custom_margin="||||false|false" custom_padding="||||false|false" animation_style="none" border_radii="on|0px|0px|0px|0px" border_color_all="rgba(0,0,0,0)" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="3_4" _builder_version="4.16" custom_padding="40px|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text _builder_version="4.16" header_text_align="left" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" background_layout="dark" max_width="700px" module_alignment="left" custom_margin="||22px|auto|false|false" custom_padding="50px||50px||false|false" custom_padding_tablet="0px||50px||false|false" custom_padding_phone="" custom_padding_last_edited="on|phone" header_text_align_tablet="" header_text_align_phone="center" header_text_align_last_edited="on|desktop" text_orientation_tablet="" text_orientation_phone="center" text_orientation_last_edited="on|phone" global_colors_info="{}"]Trusted Security & Implementation Services Protecting Your Data as if it Were Our Own.[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.16" custom_margin="||||false|false" custom_padding="30px||0px||false|false" global_colors_info="{}"][et_pb_row _builder_version="4.16" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.16" global_colors_info="{}"]XYPRO, a security leader for over 35 years got its start providing consulting services to banks. XYPRO security implementations optimize productivity while securing assets. We regularly partner with companies just like yours that have an obligation to protect their customers’ personal information. XYPRO Professional Services provide actionable insight and recommendations. We identify risks and gaps, helping you achieve the results you seek faster and more effectively, providing greater security while improving efficiency to meet future demands. To realize the benefits from your XYPRO solutions and accelerate your security return on investment, contact XYPRO’s team of experienced security professionals.[/et_pb_text][et_pb_text _builder_version="4.17.4" _module_preset="default" background_color="#E7F3FC" custom_padding="20px|20px|20px|20px|true|true" hover_enabled="0" global_colors_info="{}" sticky_enabled="0"]Free Rapid Security Assessment Our quick and easy-to-run security assessment provides a detailed view of threats found across your HPE NonStop environment. This Assessment includes a FREE review with a security expert to discuss findings and recommendations and ensure you have implemented industry best practices and are protected against advanced threats impacting organizations today. Click here to learn more[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_2,1_2" _builder_version="4.16" global_colors_info="{}"][et_pb_column type="1_2" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.16" custom_margin="||10px||false|false" custom_padding="||||false|false" global_colors_info="{}"]We Help With[/et_pb_text][et_pb_text _builder_version="4.16" custom_margin="||0px|30px|false|false" custom_padding="8px||||false|false" animation_style="slide" animation_direction="right" custom_css_main_element="border-left: 2px solid #005DA4;||padding-left: 1em;" global_colors_info="{}"]Solutions Implementations[/et_pb_text][et_pb_text _builder_version="4.16" custom_margin="||0px|30px|false|false" custom_padding="||||false|false" animation_style="slide" animation_direction="right" animation_delay="250ms" custom_css_main_element="border-left: 2px solid #005DA4;||padding-left: 1em;" global_colors_info="{}"]Security Reviews[/et_pb_text][et_pb_text _builder_version="4.16" custom_margin="||0px|30px|false|false" custom_padding="||||false|false" animation_style="slide" animation_direction="right" animation_delay="500ms" custom_css_main_element="border-left: 2px solid #005DA4;||padding-left: 1em;" global_colors_info="{}"]Security Education[/et_pb_text][/et_pb_column][et_pb_column type="1_2" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.16" global_colors_info="{}"]Contact Our Team Today[/et_pb_text][et_pb_contact_form captcha="off" email="marketing@xypro.com" custom_message="This message comes from the 'Contact Sales' form on the 'Trusted Security & Implementation Services' product page.||et_pb_line_break_holder||---------------||et_pb_line_break_holder||Name: %%Name%%||et_pb_line_break_holder||Email: %%Email%%||et_pb_line_break_holder||||et_pb_line_break_holder||Message:||et_pb_line_break_holder||%%Message%%" success_message="Thank you for your message. Someone will be in contact with you shortly." submit_button_text="Send Message" _builder_version="4.16" _unique_id="2692da66-c756-41f5-bdd5-7f415360ec8d" form_field_background_color="#f2f2f2" form_field_focus_background_color="#ffffff" background_color="rgba(0,0,0,0)" custom_button="on" button_text_size="16px" button_text_color="#ffffff" button_bg_color="#f17050" button_border_color="#f17050" button_border_radius="100px" button_letter_spacing="2px" button_use_icon="off" border_radii="on|3px|3px|3px|3px" box_shadow_style="preset3" box_shadow_style_button="preset3" global_colors_info="{}"][et_pb_contact_field field_id="Name" field_title="Name" _builder_version="4.16" global_colors_info="{}" button_text_size__hover_enabled="off" button_one_text_size__hover_enabled="off" button_two_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_one_text_color__hover_enabled="off" button_two_text_color__hover_enabled="off" button_border_width__hover_enabled="off" button_one_border_width__hover_enabled="off" button_two_border_width__hover_enabled="off" button_border_color__hover_enabled="off" button_one_border_color__hover_enabled="off" button_two_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_one_border_radius__hover_enabled="off" button_two_border_radius__hover_enabled="off" button_letter_spacing__hover_enabled="off" button_one_letter_spacing__hover_enabled="off" button_two_letter_spacing__hover_enabled="off" button_bg_color__hover_enabled="off" button_one_bg_color__hover_enabled="off" button_two_bg_color__hover_enabled="off"][/et_pb_contact_field][et_pb_contact_field field_id="Email" field_title="Email Address" field_type="email" _builder_version="4.16" global_colors_info="{}" button_text_size__hover_enabled="off" button_one_text_size__hover_enabled="off" button_two_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_one_text_color__hover_enabled="off" button_two_text_color__hover_enabled="off" button_border_width__hover_enabled="off" button_one_border_width__hover_enabled="off" button_two_border_width__hover_enabled="off" button_border_color__hover_enabled="off" button_one_border_color__hover_enabled="off" button_two_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_one_border_radius__hover_enabled="off" button_two_border_radius__hover_enabled="off" button_letter_spacing__hover_enabled="off" button_one_letter_spacing__hover_enabled="off" button_two_letter_spacing__hover_enabled="off" button_bg_color__hover_enabled="off" button_one_bg_color__hover_enabled="off" button_two_bg_color__hover_enabled="off"][/et_pb_contact_field][et_pb_contact_field field_id="Message" field_title="Message" field_type="text" fullwidth_field="on" _builder_version="4.16" global_colors_info="{}" button_text_size__hover_enabled="off" button_one_text_size__hover_enabled="off" button_two_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_one_text_color__hover_enabled="off" button_two_text_color__hover_enabled="off" button_border_width__hover_enabled="off" button_one_border_width__hover_enabled="off" button_two_border_width__hover_enabled="off" button_border_color__hover_enabled="off" button_one_border_color__hover_enabled="off" button_two_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_one_border_radius__hover_enabled="off" button_two_border_radius__hover_enabled="off" button_letter_spacing__hover_enabled="off" button_one_letter_spacing__hover_enabled="off" button_two_letter_spacing__hover_enabled="off" button_bg_color__hover_enabled="off" button_one_bg_color__hover_enabled="off" button_two_bg_color__hover_enabled="off"][/et_pb_contact_field][/et_pb_contact_form][/et_pb_column][/et_pb_row][/et_pb_section] #### WASL - Workload Aware Security Layer [et_pb_section fb_built="1" admin_label="Robust Features" module_class="wasl-hero" _builder_version="4.25.0" _module_preset="default" custom_margin="0px||||false|false" custom_padding="0px||||false|false" custom_css_free_form=".wasl-hero {|| padding-bottom: 0 !important;||}" global_colors_info="{}"][et_pb_row _builder_version="4.24.0" _module_preset="default" custom_margin="0px||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.23.1" _module_preset="default" global_colors_info="{}"][et_pb_nextend_smart_slider_3 slider="16" _builder_version="4.24.0" _module_preset="default" custom_css_free_form=".logo-slide .n2-ss-layer-col {|| box-shadow: none !important;||}||||selector .gform_title,||selector .gform_description, ||selector .gform_required_legend {|| display: none;||}||||selector .gform_wrapper {|| padding: 32px;|| box-sizing: border-box;|| background: #E6EEF9;|| border-radius: 24px;||}||||selector .gfield {|| text-align: left;||}||||selector .gfield .gfield_label {|| color: #1D3557;|| font-size: 16px;|| font-weight: 700;||}||||selector .gfield input {|| box-shadow: 0px 2.11px 4.37px 2.63px #00000033 inset;|| border: 0.5px solid #00000080||}||||selector .gform_button {|| background: #F17050;|| box-shadow: none;|| cursor: pointer;|| margin-bottom: 0;||}||||selector .gform_button:hover {|| letter-spacing: normal !important;||}||||selector sup {|| bottom: auto;|| vertical-align: top;||}||||selector .gform_footer {|| padding-bottom: 0;||}||||selector .gform_button {|| font-weight: bold;||}" global_colors_info="{}"][/et_pb_nextend_smart_slider_3][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="Secure and Compliant" _builder_version="4.23.1" _module_preset="default" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_row custom_padding_last_edited="on|desktop" _builder_version="4.23.1" _module_preset="default" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="0px||||false|false" custom_padding="0px||0px||false|false" custom_padding_tablet="||63px||false|false" custom_padding_phone="||63px||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.23.1" _module_preset="default" global_colors_info="{}"][et_pb_heading title="Secure and compliant in minutes, not weeks" _builder_version="4.23.1" _module_preset="default" title_level="h2" title_text_align="center" title_text_color="#1d3557" title_font_size="40px" custom_margin="||0px||false|false" global_colors_info="{}"][/et_pb_heading][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_3,1_3,1_3" use_custom_gutter="on" gutter_width="2" make_equal="on" _builder_version="4.23.1" _module_preset="default" max_width="820px" global_colors_info="{}"][et_pb_column type="1_3" _builder_version="4.23.1" _module_preset="default" background_color="#1d3557" custom_padding="30px|30px|30px|30px|false|false" border_radii="on|30px|30px|30px|30px" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2024/04/icon-1.png" title_text="icon 1" _builder_version="4.24.0" _module_preset="_initial" custom_margin="||25px||false|false" global_colors_info="{}"][/et_pb_image][et_pb_text _builder_version="4.23.1" _module_preset="default" header_3_font="|700|||||||" header_3_text_align="center" header_3_text_color="#FFFFFF" header_3_font_size="24px" global_colors_info="{}"]Deploys in minutes[/et_pb_text][/et_pb_column][et_pb_column type="1_3" _builder_version="4.23.1" _module_preset="default" background_color="#1d3557" custom_padding="30px|30px|30px|30px|false|false" border_radii="on|30px|30px|30px|30px" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2024/04/icon-2.png" title_text="icon 2" _builder_version="4.24.0" _module_preset="_initial" custom_margin="||18px||false|false" global_colors_info="{}"][/et_pb_image][et_pb_text _builder_version="4.23.1" _module_preset="default" header_3_font="|700|||||||" header_3_text_align="center" header_3_text_color="#FFFFFF" header_3_font_size="24px" global_colors_info="{}"]Purpose-builtfor SAP HANA[/et_pb_text][/et_pb_column][et_pb_column type="1_3" _builder_version="4.23.1" _module_preset="default" background_color="#1d3557" custom_padding="30px|30px|30px|30px|false|false" border_radii="on|30px|30px|30px|30px" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2024/04/icon-3.png" title_text="icon 3" _builder_version="4.24.0" _module_preset="_initial" custom_margin="||25px||false|false" global_colors_info="{}"][/et_pb_image][et_pb_text _builder_version="4.23.1" _module_preset="default" header_3_font="|700|||||||" header_3_text_align="center" header_3_text_color="#FFFFFF" header_3_font_size="24px" global_colors_info="{}"]Delivers proven performance[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row custom_padding_last_edited="on|desktop" _builder_version="4.23.1" _module_preset="default" background_size="initial" background_position="top_left" background_repeat="repeat" max_width="848px" custom_margin="0px||0px||false|false" custom_padding="0px||100px||false|false" custom_padding_tablet="||63px||false|false" custom_padding_phone="||63px||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.23.1" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.23.1" _module_preset="default" text_text_color="#222222" text_font_size="16px" text_orientation="center" max_width="80%" custom_margin="|auto||auto|false|false" global_colors_info="{}"]Enterprises need SAP HANA like we need oxygen. You know it – and so do cybercriminals. That’s why it’s so important to ensure your most vital systems are kept compliant and secure. WASL is the automated security and compliance solution for SAP HANA that deploys in minutes – not weeks or months – and enables over 90% compliance with SAP’s latest security standards at a fraction of the cost of custom-built solutions. Once installed, WASL continually updates SAP HANA, issues actionable audit reports and offers deep visibility into security status.[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="WASL Integrates easily..." _builder_version="4.23.1" _module_preset="default" background_color="RGBA(255,255,255,0)" custom_margin="-60px||||false|false" custom_margin_tablet="0px||||false|false" custom_margin_phone="0px||||false|false" custom_margin_last_edited="on|tablet" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_row _builder_version="4.23.1" _module_preset="default" background_color="RGBA(255,255,255,0)" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.23.1" _module_preset="default" global_colors_info="{}"][et_pb_heading title="WASL integrates easily into your SAP HANA workflow." _builder_version="4.23.1" _module_preset="default" title_level="h2" title_font="|700|||||||" title_text_align="center" title_text_color="#1D3557" title_font_size="40px" global_colors_info="{}"][/et_pb_heading][et_pb_video src="https://xypro.com/wp-content/uploads/2023/11/WASL_Video_8.17.23.mp4" image_src="https://xypro.com/wp-content/uploads/2024/02/Rectangle-2856.jpg" play_icon_color="rgba(255,255,255,0.7)" font_icon="||fa||900" use_icon_font_size="on" icon_font_size="141px" _builder_version="4.25.0" _module_preset="default" global_colors_info="{}"][/et_pb_video][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="Trusted by enterprises..." _builder_version="4.23.1" _module_preset="default" custom_margin="0px||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_row _builder_version="4.23.1" _module_preset="default" custom_margin="0px||0px||true|false" custom_padding="0px||0px||true|false" custom_css_free_form="h2 {text-align: center;}" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.23.1" _module_preset="default" global_colors_info="{}"][et_pb_heading title="Trusted by enterprises worldwide" _builder_version="4.23.1" _module_preset="default" title_level="h2" title_text_color="#1d3557" custom_margin="0px||0px||true|false" custom_padding="0px||0px||true|false" global_colors_info="{}"][/et_pb_heading][/et_pb_column][/et_pb_row][et_pb_row _builder_version="4.23.1" _module_preset="default" custom_margin="0px||0px||true|false" custom_padding="0px||0px||true|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.23.1" _module_preset="default" global_colors_info="{}"][et_pb_nextend_smart_slider_3 slider="18" _builder_version="4.25.0" _module_preset="default" global_colors_info="{}"][/et_pb_nextend_smart_slider_3][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="Protect Your Core" _builder_version="4.23.1" _module_preset="default" background_image="https://xypro.com/wp-content/uploads/2024/02/protect-your-core-bg.jpg" global_colors_info="{}"][et_pb_row _builder_version="4.23.1" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.23.1" _module_preset="default" global_colors_info="{}"][et_pb_heading title="Protect Your Core" _builder_version="4.23.1" _module_preset="default" title_level="h2" title_font="|700|||||||" title_text_align="center" title_text_color="#FFFFFF" title_font_size="42px" global_colors_info="{}"][/et_pb_heading][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_3,1_3,1_3" _builder_version="4.16" _module_preset="default" background_size="initial" background_position="top_left" background_repeat="repeat" global_colors_info="{}"][et_pb_column type="1_3" _builder_version="4.23.1" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2024/02/noun-security-shield.png" title_text="noun-security-shield" _builder_version="4.23.1" _module_preset="_initial" custom_margin="||33px||false|false" global_colors_info="{}"][/et_pb_image][et_pb_text _builder_version="4.23.1" _module_preset="default" text_text_color="#FFFFFF" text_font_size="16px" header_3_font="|700|||||||" header_3_text_align="center" header_3_text_color="#FFFFFF" header_3_font_size="24px" text_orientation="center" background_layout="dark" global_colors_info="{}"]Increases security SAP HANA is the lifeblood of your enterprise – and a prime target for attacks. WASL protects your most important data automatically.[/et_pb_text][/et_pb_column][et_pb_column type="1_3" _builder_version="4.23.1" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2024/02/noun-desktop-lock.png" title_text="noun-desktop-lock" _builder_version="4.23.1" _module_preset="_initial" custom_margin="||33px||false|false" global_colors_info="{}"][/et_pb_image][et_pb_text _builder_version="4.23.1" _module_preset="default" text_text_color="#FFFFFF" text_font_size="16px" header_3_font="|700|||||||" header_3_text_align="center" header_3_text_color="#FFFFFF" header_3_font_size="24px" text_orientation="center" background_layout="dark" max_width="85%" custom_margin="|auto||auto|false|false" global_colors_info="{}"]Improves compliance Gain 90% out-of-box compliance to Linux and SAP HANA security standards.[/et_pb_text][/et_pb_column][et_pb_column type="1_3" _builder_version="4.23.1" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2024/02/noun-clock.png" title_text="noun-clock" _builder_version="4.23.1" _module_preset="_initial" custom_margin="||33px||false|false" global_colors_info="{}"][/et_pb_image][et_pb_text _builder_version="4.23.1" _module_preset="default" text_text_color="#FFFFFF" text_font_size="16px" header_3_font="|700|||||||" header_3_text_align="center" header_3_text_color="#FFFFFF" header_3_font_size="24px" text_orientation="center" background_layout="dark" max_width="85%" custom_margin="|auto||auto|false|false" global_colors_info="{}"]Deploys in minutes Don’t wait weeks or months to develop custom solutions. WASL can be up and running right away.[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_2,1_2" _builder_version="4.23.1" _module_preset="default" global_colors_info="{}"][et_pb_column type="1_2" _builder_version="4.23.1" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2024/02/noun-reports.png" title_text="noun-reports" _builder_version="4.23.1" _module_preset="_initial" custom_margin="||33px||false|false" global_colors_info="{}"][/et_pb_image][et_pb_text _builder_version="4.23.1" _module_preset="default" text_text_color="#FFFFFF" text_font_size="16px" header_3_font="|700|||||||" header_3_text_align="center" header_3_text_color="#FFFFFF" header_3_font_size="24px" text_orientation="center" background_layout="dark" max_width="60%" custom_margin="|auto||auto|false|false" global_colors_info="{}"]Delivers constant visibility WASL issues comprehensive audit reports, and you can view reports through a browser-based dashboard.[/et_pb_text][/et_pb_column][et_pb_column type="1_2" _builder_version="4.23.1" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2024/02/noun-performance-rating.png" title_text="noun-performance-rating" _builder_version="4.23.1" _module_preset="_initial" custom_margin="||33px||false|false" global_colors_info="{}"][/et_pb_image][et_pb_text _builder_version="4.23.1" _module_preset="default" text_text_color="#FFFFFF" text_font_size="16px" header_3_font="|700|||||||" header_3_text_align="center" header_3_text_color="#FFFFFF" header_3_font_size="24px" text_orientation="center" background_layout="dark" max_width="50%" custom_margin="|auto||auto|false|false" global_colors_info="{}"]Proven performance Developed by HP Enterprise, WASL is purpose-built for SAP HANA and has been implemented in enterprises of all sizes.[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" custom_padding_last_edited="on|desktop" admin_label="WASL Supports" _builder_version="4.23.1" _module_preset="default" background_image="https://xypro.com/wp-content/uploads/2024/02/Polygon-2.png" background_size="contain" background_position="top_right" custom_margin="||||false|false" custom_padding="100px||30px||false|false" custom_padding_tablet="||60px||false|false" custom_padding_phone="||60px||false|false" background_last_edited="on|desktop" background_enable_image_tablet="off" global_colors_info="{}"][et_pb_row custom_padding_last_edited="on|desktop" _builder_version="4.23.1" _module_preset="default" custom_margin_tablet="" custom_margin_phone="" custom_margin_last_edited="on|desktop" custom_padding_tablet="||60px||false|false" custom_padding_phone="||60px||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.23.1" _module_preset="default" global_colors_info="{}"][et_pb_heading title="WASL supports:" _builder_version="4.23.1" _module_preset="default" title_level="h2" title_text_align="left" title_font_size="40px" global_colors_info="{}"][/et_pb_heading][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_4,1_4,1_4,1_4" use_custom_gutter="on" gutter_width="2" make_equal="on" _builder_version="4.23.1" _module_preset="default" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin_tablet="0px||||false|false" custom_margin_phone="0px||||false|false" custom_margin_last_edited="on|desktop" custom_css_free_form="@media only screen and (min-width: 980px) {|| selector .et_pb_column {|| margin-right: 20px !important;|| }|||| selector .et_pb_column:last-child {|| margin-right: 0;|| }||}" global_colors_info="{}"][et_pb_column type="1_4" _builder_version="4.23.1" _module_preset="default" background_color="#e8ebee" custom_padding="75px|40px|90px|40px|false|false" border_radii="on|30px|30px|30px|30px" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2024/02/SAP-HANA.png" title_text="SAP-HANA" _builder_version="4.23.1" _module_preset="_initial" custom_margin="||100px||false|false" global_colors_info="{}"][/et_pb_image][et_pb_text _builder_version="4.23.1" _module_preset="default" text_font="|700|||||||" text_text_color="#1d3557" text_font_size="23px" header_font="|800|||||||" text_orientation="center" global_colors_info="{}"]SAP HANA1.0, 2.0[/et_pb_text][/et_pb_column][et_pb_column type="1_4" _builder_version="4.23.1" _module_preset="default" background_color="#e8ebee" custom_padding="60px|40px|60px|40px|false|false" border_radii="on|30px|30px|30px|30px" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2024/02/Red_Hat-Enterprise_Linux.png" title_text="Red_Hat-Enterprise_Linux" _builder_version="4.23.1" _module_preset="_initial" custom_margin="||76px||false|false" global_colors_info="{}"][/et_pb_image][et_pb_text _builder_version="4.23.1" _module_preset="default" text_font="|700|||||||" text_text_color="#1d3557" text_font_size="23px" header_font="|700|||||||" text_orientation="center" global_colors_info="{}"]Red Hat Enterprise Linux 7.x, 8.x, 9.x[/et_pb_text][/et_pb_column][et_pb_column type="1_4" _builder_version="4.23.1" _module_preset="default" background_color="#e8ebee" custom_padding="40px|20px|20px|20px|false|false" border_radii="on|30px|30px|30px|30px" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2024/02/SUSE.png" title_text="SUSE" _builder_version="4.23.1" _module_preset="_initial" custom_margin="||40px||false|false" global_colors_info="{}"][/et_pb_image][et_pb_text _builder_version="4.23.1" _module_preset="default" text_font="|700|||||||" text_text_color="#1d3557" text_font_size="23px" text_orientation="center" global_colors_info="{}"]SUSE Linux Enterprise for SAP HANA 12.x, 15.x SUSE Linux Enterprise 12.x, 15.x[/et_pb_text][/et_pb_column][et_pb_column type="1_4" _builder_version="4.23.1" _module_preset="default" background_color="#e8ebee" custom_padding="65px|30px|65px|30px|false|false" border_radii="on|30px|30px|30px|30px" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2024/02/windows-server-logo.png" title_text="windows-server-logo" _builder_version="4.23.1" _module_preset="_initial" custom_margin="||82px||false|false" global_colors_info="{}"][/et_pb_image][et_pb_text _builder_version="4.24.0" _module_preset="default" text_font="|700|||||||" text_text_color="#1d3557" text_font_size="23px" text_orientation="center" global_colors_info="{}"]Microsoft Windows Server [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="Robust Features" _builder_version="4.23.1" _module_preset="default" background_image="https://xypro.com/wp-content/uploads/2024/02/Polygon-1.png" background_size="contain" background_position="bottom_left" min_height="642px" custom_margin="||||false|false" custom_padding="||0px||false|false" global_colors_info="{}"][et_pb_row _builder_version="4.23.1" _module_preset="default" positioning="none" custom_padding="||0px||false|false" collapsed="off" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.23.1" _module_preset="default" global_colors_info="{}"][et_pb_heading title="Robust features" _builder_version="4.23.1" _module_preset="default" title_level="h2" title_text_align="center" title_font_size="40px" global_colors_info="{}"][/et_pb_heading][et_pb_tabs admin_label="Tabs" _builder_version="4.23.1" _module_preset="default" tab_line_height="1em" positioning="relative" custom_margin="0px||178px||false|false" tab_font_size_tablet="" tab_font_size_phone="13px" tab_font_size_last_edited="on|tablet" custom_css_free_form="selector {|| filter: drop-shadow(0px 4px 9px rgba(0, 0, 0, 0.15));|| border-color: rgba(0, 0, 0, 0.30);||}||||selector .et_pb_tabs_controls::before,||selector .et_pb_tabs_controls::after {|| content: none;||}||||selector .et_pb_tabs_controls li {|| background: #E6EEF9;|| border-bottom: 1px solid rgba(0, 0, 0, 0.30);|| height: calc(100% / 4) !important;|| border-right: 1px solid rgba(0, 0, 0, 0.30) !important;|| border-left: none;||}||||selector .et_pb_tabs_controls li:last-child {|| border-bottom: none;||}||||selector .et_pb_tabs_controls a {|| color: #1D3557 !important;|| padding: 24px 80px 24px 40px;||}||||selector .et_pb_tabs_controls .et_pb_tab_active {|| background: #5694C4;||}||||selector .et_pb_tabs_controls .et_pb_tab_active a {|| color: #FFFFFF !important;||}||||selector .et_pb_tabs_controls {|| display: flex;|| flex-direction: column;|| width: 100%;||}||||selector .et_pb_all_tabs {|| width: 100%;||}||||selector .et_pb_tab {|| width: 100%;||}||||selector .robust-feature {|| text-align: center;|| margin-bottom: 55px;||}||||selector .robust-feature:last-child {|| margin-bottom: 0;||}||||selector .robust-feature__content {|| font-size: 16px;|| color: #1D3557;||}||||selector .robust-feature__title {|| font-size: 22px;|| font-weight: 700;||}||||@media only screen and (min-width: 980px) {|| selector {|| display: flex;|| }|| || selector .et_pb_tabs_controls a {|| font-size: 30px;|| }|| || selector .et_pb_tab {|| padding: 50px 70px;|| }|| || selector .et_pb_tabs_controls {|| max-width: 444px;|| }||}||||@media only screen and (min-width: 1280px) {|| selector .robust-feature {|| display: flex;|| align-items: center;|| gap: 34px;|| text-align: left;|| }||}" global_colors_info="{}"][et_pb_tab title="One-click security" _builder_version="4.23.1" _module_preset="default" global_colors_info="{}"] Security assessment Enable seamless one-click assessments for SAP HANA, effortlessly fortifying your organization against vulnerabilities and threats Harden OS/workload Automate security hardening, ensuring robust defense measures for Linux and Windows operating systems Speed and simplicity Save time and eliminate the hassle of navigating through extensive SAP HANA documentation and CIS benchmarks [/et_pb_tab][et_pb_tab title="Workload-aware policies" _builder_version="4.23.1" _module_preset="default" global_colors_info="{}"] Default OS and workload-based policies Default policies crafted from CIS benchmarks, ensuring a robust defense aligned with industry best practices Policy customization Customize security policies to meet your unique needs and preferences while ensuring a seamless and robust defense for SAP HANA Adaptable Workload-aware policies dynamically adapt to the unique demands of your SAP HANA environment for comprehensive and adaptive security [/et_pb_tab][et_pb_tab title="Instant rollback" _builder_version="4.23.1" _module_preset="default" global_colors_info="{}"] Reset to original state Quick and hassle-free policy management allows effortless policy resets to their original state with just one click Roll back to last hardening operation Confidently roll back to the last known good state for swift remediation and integrity Flexible Tailor security measures according to your unique needs [/et_pb_tab][et_pb_tab title="Integrated security" _builder_version="4.23.1" _module_preset="default" global_colors_info="{}"] Consolidated review Unparalleled visibility and control over your SAP HANA security posture provides a comprehensive and easily navigable snapshot of your system’s security status Single point of control Convenience of a single point of control centralizes SAP HANA security management, ensuring simplified administration Security Harmonize advanced security protocols for SAP HANA with a single click for unified defense and safeguarding against diverse cyber threats [/et_pb_tab][/et_pb_tabs][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" custom_padding_last_edited="on|phone" _builder_version="4.25.0" _module_preset="default" background_color="#1D3557" background_image="https://xypro.com/wp-content/uploads/2024/02/Mask-group-2.png" positioning="none" custom_padding="|100px|210px|100px|false|true" custom_padding_tablet="|50px||50px|false|false" custom_padding_phone="|50px|60px|50px|false|false" custom_css_free_form="#xyfooter .et_pb_top_inside_divider {|| /* Override current code using the svg background image */|| background-image: none; ||}||||#xyfooter {||margin: 0;||}||||@media only screen and (min-width: 768px) {||#xyfooter {||clip-path: polygon(0 2%, 38% 0, 100% 9%, 100% 100%, 0% 100%);||z-index: 99;||margin-top: -160px;||}||}||||@media only screen and (min-width: 1024px) {||#xyfooter {||clip-path: polygon(0 10%, 38% 0, 100% 19%, 100% 110%, 0% 100%);||}||}" global_colors_info="{}"][et_pb_row column_structure="1_2,1_2" _builder_version="4.24.0" _module_preset="default" width="100%" custom_padding="||||false|false" global_colors_info="{}"][et_pb_column type="1_2" _builder_version="4.23.1" _module_preset="default" global_colors_info="{}"][et_pb_heading title="Take a deep dive into WASL." _builder_version="4.23.1" _module_preset="default" title_level="h2" title_text_align="left" title_text_color="#FFFFFF" title_font_size="40px" title_line_height="55px" width="100%" width_tablet="100%" width_phone="100%" width_last_edited="on|phone" module_alignment="center" custom_margin="||24px||false|false" custom_margin_tablet="||24px||false|false" custom_margin_phone="||24px||false|false" custom_margin_last_edited="on|phone" custom_padding="0px|153px|0px||false|false" custom_padding_tablet="0px|153px|0px||false|false" custom_padding_phone="|0px|||false|false" custom_padding_last_edited="on|desktop" title_text_align_tablet="left" title_text_align_phone="left" title_text_align_last_edited="on|phone" title_font_size_tablet="32px" title_font_size_phone="28px" title_font_size_last_edited="on|phone" global_colors_info="{}"][/et_pb_heading][et_pb_heading title="Read our datasheet to learn more about how WASL can deliver greater security and compliance for SAP HANA." _builder_version="4.23.1" _module_preset="default" title_level="h6" title_font="|300|||||||" title_text_align="left" title_text_color="#FFFFFF" title_font_size="16px" title_line_height="28px" width="77.2%" custom_margin="||25px||false|false" custom_padding="||0px||false|false" global_colors_info="{}"][/et_pb_heading][et_pb_button button_url="https://xypro.com/wp-content/uploads/2023/09/XYPRO_WASL_Datasheet_Current.pdf" url_new_window="on" button_text="Download Now" button_alignment="left" _builder_version="4.25.0" _module_preset="default" custom_button="on" button_text_size="22px" button_text_color="#FFFFFF" button_bg_color="#F17050" button_border_width="2px" button_border_color="#1D3557" button_border_radius="45px" button_font="|700|||||||" button_use_icon="off" background_layout="dark" custom_padding="10px|50px|10px|50px|true|true" custom_padding_tablet="|20px||20px|true|true" custom_padding_phone="|20px||20px|true|true" custom_padding_last_edited="on|phone" hover_enabled="0" global_colors_info="{}" button_border_color__hover_enabled="on|hover" button_border_color__hover="#F17050" sticky_enabled="0"][/et_pb_button][/et_pb_column][et_pb_column type="1_2" _builder_version="4.23.1" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2024/06/Screenshot-2024-06-17-at-9.27.25-AM.png" title_text="WASL datasheet" force_fullwidth="on" _builder_version="4.25.0" _module_preset="_initial" border_radii="on|0px|0px|0px|0px" global_colors_info="{}"][/et_pb_image][/et_pb_column][/et_pb_row][/et_pb_section] #### WASL Information Request [et_pb_section fb_built="1" next_background_color="#ffffff" admin_label="Hero Section" _builder_version="4.19.2" use_background_color_gradient="on" background_color_gradient_stops="rgba(0,93,164,0.8) 0%|rgba(29,53,87,0.78) 100%" background_color_gradient_start="rgba(0,93,164,0.8)" background_color_gradient_end="rgba(29,53,87,0.78)" background_image="/wp-content/uploads/2022/04/wasl-hero.jpg" parallax="on" background_blend="overlay" custom_margin="||||false|false" custom_padding="0px||||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x" global_colors_info="{}"][et_pb_row _builder_version="4.16" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" custom_padding="40px|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text admin_label="Text" _builder_version="4.19.2" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" text_orientation="center" background_layout="dark" max_width="700px" module_alignment="center" custom_margin="||||false|false" custom_padding="50px||50px||false|false" global_colors_info="{}"]Learn More About WASL[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.17.4" _module_preset="default" custom_margin="||0px||false|false" custom_padding="||0px||false|false" global_colors_info="{}"][et_pb_row column_structure="1_2,1_2" _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="1_2" _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][et_pb_text admin_label="Text" _builder_version="4.19.2" _module_preset="default" global_colors_info="{}"] Learn more about WASL Thanks for your interest in Workload Aware Security Layer (WASL). Please provide your name and email and we will respond back shortly.Name(Required)Email Address(Required)PhoneThis field is for validation purposes and should be left unchanged. [/et_pb_text][/et_pb_column][et_pb_column type="1_2" _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.19.2" _module_preset="default" global_colors_info="{}"][/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.17.4" _module_preset="default" custom_margin="0px||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][/et_pb_section] #### Webinars [et_pb_section fb_built="1" next_background_color="#ffffff" admin_label="Hero Section" _builder_version="4.0" use_background_color_gradient="on" background_color_gradient_start="#005DA4" background_color_gradient_end="#1D3557" custom_padding="0px||||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x" bottom_divider_arrangement="above_content"][et_pb_row _builder_version="3.29.3" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="||||false|false" custom_padding="0px||||false|false"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="40px|||" custom_padding__hover="|||"][et_pb_text _builder_version="4.0.5" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" text_orientation="center" background_layout="dark" max_width="700px" module_alignment="center" custom_margin="||||false|false" custom_padding="50px||50px||false|false"]Webinars[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="Videos" module_id="merlonhowto" _builder_version="4.0.5" background_color="#ffffff" custom_margin="0px||||false|false" custom_padding="0px||||false|false"][et_pb_row _builder_version="4.5.3" _module_preset="default"][et_pb_column type="4_4" _builder_version="4.5.3" _module_preset="default"][et_pb_text _builder_version="4.9.0" _module_preset="default"]Webinar Replays [/et_pb_text][et_pb_text _builder_version="4.9.0" _module_preset="default"] Prev 1 of 2 Next Digital Resilience for HPE NonStop Systems: ETI-NET and XYPRO’s Cybersecurity Advancements XYPRO 2023 Roadmap Webinar February 7, 2023 PCI DSS 4.0 - Simplify Compliance in a NonStop World - With XYPRO CISO Steve Tcherchian XYPRO Servicenow Integration for HPE Nonstop Webinar Prioritize Your CyberSecurity Initiatives - XYPRO 2022 Roadmap Update - Webinar 2.17.22 CTUG June 23, 2021 - Enterprise Integration of Your HPE NonStop Ecosystem - Steve Tcherchian BITUG 2021 - XYPRO Multi-Factor Authentication with Steve Roy KeyStroke Logging for HPE NonStop Servers XYPRO's 2021 Cybersecurity Roadmap Punto a punto, cerrando el círculo en seguridad HPE NonStop Proactive Risk Management HDFC, India’s Largest Private Bank, modernizes CyberSecurity NonStop Education Day - HPE NonStop Security with XYPRO XUA and XMA Prev 1 of 2 Next [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section] #### Whitepaper [et_pb_section fb_built="1" next_background_color="#ffffff" admin_label="Hero Section" _builder_version="4.16" use_background_color_gradient="on" background_color_gradient_stops="#005DA4 0%|#1D3557 100%" background_color_gradient_start="#005DA4" background_color_gradient_end="#1D3557" custom_padding="0px||||false|false" bottom_divider_style="arrow" bottom_divider_height="150px" bottom_divider_repeat="0.75x" bottom_divider_arrangement="above_content" locked="off" global_colors_info="{}"][et_pb_row _builder_version="4.16" background_size="initial" background_position="top_left" background_repeat="repeat" custom_margin="||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" custom_padding="40px|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text _builder_version="4.27.4" header_2_font="||||||||" header_3_font="||||||||" header_4_font="||||||||" text_orientation="center" background_layout="dark" max_width="700px" module_alignment="center" custom_margin="||||false|false" custom_padding="50px||50px||false|false" global_colors_info="{}"]Whitepapaer[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="Blog" _builder_version="4.16" background_color="#ffffff" custom_margin="0px||||false|false" custom_padding="0px||||false|false" locked="off" global_colors_info="{}"][et_pb_row _builder_version="4.16" width="90%" module_alignment="center" custom_margin="0px||||false|false" custom_padding="0px||||false|false" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.16" global_colors_info="{}"][et_pb_text _builder_version="4.27.4" custom_padding="||||false|false" global_colors_info="{}"]Strengthening Cyber Resilience in 2026READ MOREPCI DSS FOR NONSTOPREAD MORE Load More [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section] #### XYGATE AEGIS Scan [et_pb_section fb_built="1" admin_label="Hero Section" module_class="hero-banner" _builder_version="4.27.4" _module_preset="default" background_enable_color="off" background_image="https://xypro.com/wp-content/uploads/2026/06/Aegis-Scan-banner-scaled-1.webp" background_position="top_center" background_enable_video_mp4="off" background_enable_video_webm="off" width="100%" module_alignment="center" min_height="500px" custom_padding="20px|20px|20px|20px|false|false" collapsed="on" global_colors_info="{}"][et_pb_row module_class="banner-section" _builder_version="4.27.4" _module_preset="default" width="100%" module_alignment="center" custom_css_free_form=".et_pb_gutters3 .et_pb_column_4_4 .et_pb_module, .et_pb_gutters3.et_pb_row .et_pb_column_4_4 .et_pb_module {|| margin-bottom: 0% !important;|| }||||.custom-divider .et_pb_gallery_item{|| margin-bottom: 20px !important;||margin-top: 20px !important;||}" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.27.4" _module_preset="default" background_enable_video_mp4="off" global_colors_info="{}"][et_pb_heading title="Scan HPE Nonstop for CVEs." _builder_version="4.27.4" _module_preset="default" title_font="Figtree|600|||||||" title_text_color="#FFFFFF" title_font_size="45px" custom_padding="0px|0px|0px|0px|false|false" global_colors_info="{}"][/et_pb_heading][et_pb_heading title="Prove It. Fix It" _builder_version="4.27.4" _module_preset="default" title_font="Figtree|600|||||||" title_text_color="#50bc95" title_font_size="45px" custom_padding="0px|0px|0px|0px|false|false" locked="off" global_colors_info="{}"][/et_pb_heading][et_pb_gallery gallery_ids="245348" show_title_and_caption="off" module_class="custom-divider" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][/et_pb_gallery][et_pb_text _builder_version="4.27.4" _module_preset="default" text_text_color="#FFFFFF" text_font_size="24px" width="45%" global_colors_info="{}"]If you can’t prove you scanned it, you didn’t.[/et_pb_text][et_pb_button button_url="#aegis-scan-form" button_text="Get Free Security Assessment" _builder_version="4.27.4" _module_preset="default" custom_button="on" button_text_color="#FFFFFF" button_bg_color="#50bc95" button_border_width="0px" button_border_color="#50bc95" button_border_radius="0px" button_font="Figtree|600|||||||" button_use_icon="off" custom_margin="40px||||false|false" custom_padding="10px|25px|10px|25px|false|false" box_shadow_style="preset2" box_shadow_horizontal="0px" box_shadow_vertical="4px" box_shadow_blur="4px" global_colors_info="{}"][/et_pb_button][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.27.4" _module_preset="default" custom_padding="80px||50px||false|false" custom_css_free_form=".one-platform .et_pb_text .et_pb_text_inner {|| font-size: 23px;|| line-height: normal;||}" collapsed="on" global_colors_info="{}"][et_pb_row _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_heading title="Trusted by Top Enterprises" _builder_version="4.27.4" _module_preset="default" title_level="h2" title_font="Figtree|700|||||||" title_text_align="center" title_text_color="#091c4f" title_font_size="36px" title_line_height="48px" global_colors_info="{}"][/et_pb_heading][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_4,1_4,1_4,1_4" module_class="one-platform" _builder_version="4.27.4" _module_preset="default" custom_css_free_form=".aegis-scan-work-box .et_pb_image img {|| height: 180px;|| width: 100%;|| object-fit: contain;|| object-position: center;||}||.aegis-scan-work-box .et_pb_heading .et_pb_heading_container h2{|| text-align:center;||}" global_colors_info="{}"][et_pb_column type="1_4" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/Global-Banks.webp" title_text="Global Banks" _builder_version="4.27.4" _module_preset="_initial" width="85px" height="85px" custom_margin="||10px||false|false" global_colors_info="{}"][/et_pb_image][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree|700|||||||" text_text_color="#091c4f" text_font_size="25px" text_line_height="1.3em" text_orientation="center" global_colors_info="{}"]Global Banks[/et_pb_text][/et_pb_column][et_pb_column type="1_4" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/Governance.webp" title_text="Governance" _builder_version="4.27.4" _module_preset="_initial" width="85px" height="85px" custom_margin="||10px||false|false" global_colors_info="{}"][/et_pb_image][et_pb_text admin_label="Text" _builder_version="4.27.4" _module_preset="default" text_font="Figtree|700|||||||" text_text_color="#091c4f" text_font_size="25px" text_line_height="1.3em" text_orientation="center" global_colors_info="{}"]Payment Processors[/et_pb_text][/et_pb_column][et_pb_column type="1_4" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/Monitoring.webp" title_text="Monitoring" _builder_version="4.27.4" _module_preset="_initial" width="85px" height="85px" custom_margin="||10px||false|false" global_colors_info="{}"][/et_pb_image][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree|700|||||||" text_text_color="#091c4f" text_font_size="25px" text_line_height="1.3em" text_orientation="center" global_colors_info="{}"]Retailers[/et_pb_text][/et_pb_column][et_pb_column type="1_4" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/Monitoring.webp" title_text="Monitoring" _builder_version="4.27.4" _module_preset="_initial" width="85px" height="85px" custom_margin="||10px||false|false" global_colors_info="{}"][/et_pb_image][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree|700|||||||" text_text_color="#091c4f" text_font_size="25px" text_line_height="1.3em" text_orientation="center" global_colors_info="{}"]Telecommunication[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="Key Challenges Section" module_class="key-challenge" _builder_version="4.27.4" _module_preset="default" background_color="#f3faff" custom_padding="30px|20px|30px|20px|false|false" custom_css_free_form=".key-challenge .et_pb_row{|| align-items: center;|| display: flex;||}" collapsed="on" global_colors_info="{}"][et_pb_row column_structure="1_2,1_2" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="1_2" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_heading title="Key Challenges in Vulnerability Management for Nonstop " _builder_version="4.27.4" _module_preset="default" title_font="Figtree|700|||||||" title_text_align="left" title_text_color="#091c4f" title_font_size="36px" custom_margin="||10px||false|false" locked="off" global_colors_info="{}"][/et_pb_heading][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree||||||||" text_text_color="#000000" text_font_size="22px" text_line_height="30px" header_font="Figtree||||||||" custom_padding="10px||10px||false|false" global_colors_info="{}"]There are many reasons that cause security and compliance problems in HPE data, from regulation requirements to security threats. Here is a look at some of the key challenges.[/et_pb_text][/et_pb_column][et_pb_column type="1_2" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/Key-img.webp" title_text="Key-img" _builder_version="4.27.4" _module_preset="_initial" global_colors_info="{}"][/et_pb_image][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="Video Section" _builder_version="4.27.4" _module_preset="default" collapsed="on" global_colors_info="{}"][et_pb_row _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_heading title="Watch This to Understand How Aegis Scan Works " _builder_version="4.27.4" _module_preset="default" title_level="h2" title_font="Figtree|700|||||||" title_text_align="center" title_text_color="#091c4f" title_font_size="36px" title_line_height="48px" locked="off" global_colors_info="{}"][/et_pb_heading][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree||||||||" text_text_color="#000000" text_font_size="22px" text_line_height="30px" text_orientation="center" custom_padding="10px||10px||false|false" global_colors_info="{}"]There’s nothing like watching this video to understand our product.[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="4.27.4" _module_preset="default" background_color="#FFFFFF" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_video src="https://www.youtube.com/watch?v=l6s9wyoFr9M" _builder_version="4.27.4" _module_preset="default" width="80%" module_alignment="center" height="540px" border_radii="on|20px|20px|20px|20px" global_colors_info="{}"][/et_pb_video][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="CTA Section" module_class="custom-banner" _builder_version="4.27.4" _module_preset="default" background_image="https://xypro.com/wp-content/uploads/2026/06/XYGATE-Aegis-Scan-banner-scaled-1.webp" background_position="top_center" module_alignment="center" min_height="100%" height="100%" custom_padding="50px|50px|50px|50px|false|false" custom_css_free_form=".custom-banner{|| display: flex;|| align-items: center;||}" collapsed="on" global_colors_info="{}"][et_pb_row column_structure="1_2,1_2" _builder_version="4.27.4" _module_preset="default" custom_margin="|198px||auto||" custom_padding="10px|0px|||false|false" global_colors_info="{}"][et_pb_column type="1_2" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][/et_pb_column][et_pb_column type="1_2" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree|600|||||||" text_text_color="#FFFFFF" text_font_size="30px" background_layout="dark" width="100%" custom_margin="|0px|20px||false|false" custom_padding="|||0px||" global_colors_info="{}"]Get into the Specifics of XYGATE Aegis Scan [/et_pb_text][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree|500|||||||" text_text_color="#FFFFFF" text_font_size="20px" background_layout="dark" width="100%" custom_margin="|-9px||||" custom_padding="|||0px||" global_colors_info="{}"]Learn more about XYGATE Aegis Scan and how it can help you with this technical datasheet. Download now. [/et_pb_text][et_pb_button button_url="https://xypro.com/wp-content/uploads/2024/10/VS-Datasheet-a50013548enw53.pdf" url_new_window="on" button_text="Datasheet Download" _builder_version="4.27.4" _module_preset="default" custom_button="on" button_text_color="#FFFFFF" button_bg_color="#50bc95" button_border_width="0px" button_border_color="#50bc95" button_border_radius="0px" button_font="Figtree|600|||||||" button_use_icon="off" custom_padding="10px|25px|10px|25px|false|false" box_shadow_style="preset2" box_shadow_horizontal="0px" box_shadow_vertical="4px" box_shadow_blur="4px" global_colors_info="{}"][/et_pb_button][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.27.4" _module_preset="default" hover_enabled="0" custom_css_free_form="/*||.et_pb_column_9, .et_pb_column_10 {|| background-image: url(https://xypro.com/wp-content/uploads/2026/06/why-choose-b1.webp);|| padding-top: 50px;|| padding-right: 30px;|| padding-bottom: 120px !important;|| padding-left: 30px;||}||*/||.business-case .et_pb_heading_container h1.et_pb_module_heading{|| padding-bottom:10px !important;||}||.business-impact-row{|| flex-direction: row;|| display: flex;|| flex-wrap: wrap;|| align-items: stretch;|| gap: 10px;||}||.et_pb_column.et_pb_column_1_3.business-case {|| padding-top: 30px;|| padding-bottom: 30px !important;|| flex: 1 1 160px;|| display: flex;|| flex-direction: column;||}||.et_pb_gutters3 .business-case, .et_pb_gutters3.et_pb_row .business-case{|| margin-right:auto;||}||.business-impact-row .business-case{|| padding-bottom: 50px !important;|| padding-top: 40px;|| width: 22.875%;||}" collapsed="on" global_colors_info="{}" sticky_enabled="0"][et_pb_row _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_heading title="XYGATE Aegis Scan - Continuous Protection, Simplified Compliance " _builder_version="4.27.4" _module_preset="default" title_font="Figtree|700|||||||" title_text_align="center" title_text_color="#091c4f" title_font_size="36px" locked="off" global_colors_info="{}"][/et_pb_heading][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree||||||||" text_text_color="#000000" text_font_size="22px" text_line_height="30px" header_font="Figtree||||||||" text_orientation="center" custom_padding="20px||10px||false|false" global_colors_info="{}"]XYGATE Aegis Scan identifies CVEs across your Nonstop stack and feeds them directly into your existing vulnerability management tools.[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_4,1_4,1_4,1_4" module_class="business-impact-row" _builder_version="4.27.4" _module_preset="default" custom_margin="8px||||false|false" custom_padding="20px|0px|20px|0px|false|false" custom_css_free_form=".et_pb_column.et_pb_column_1_4.et_pb_column_9.business-case {|| padding-bottom: 30px !important;||}" global_colors_info="{}"][et_pb_column type="1_4" module_class="business-case" _builder_version="4.27.4" _module_preset="default" background_image="https://xypro.com/wp-content/uploads/2026/06/why-choose-b1.webp" custom_padding="20px|30px|20px|30px|false|false" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/HPE-Nonstop.webp" title_text="HPE Nonstop" align="left" _builder_version="4.27.4" _module_preset="_initial" width="56px" height="56px" global_colors_info="{}"][/et_pb_image][et_pb_heading title="Built for HPE Nonstop" _builder_version="4.27.4" _module_preset="default" title_font="Figtree|700|||||||" title_text_color="#FFFFFF" title_font_size="21px" custom_margin="||0px||false|false" global_colors_info="{}"][/et_pb_heading][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree||||||||" text_text_color="#FFFFFF" header_font_size="18px" header_line_height="27px" custom_margin="8px||||false|false" custom_css_free_form=".et_pb_text_inner{|| line-height:27px;||}" global_colors_info="{}"]All HPE Nonstop OS and related software can be scanned for CVEs [/et_pb_text][/et_pb_column][et_pb_column type="1_4" module_class="business-case" _builder_version="4.27.4" _module_preset="default" background_image="https://xypro.com/wp-content/uploads/2026/06/why-choose-b1.webp" custom_padding="20px|30px|20px|30px|false|false" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/Risk-Scores.webp" title_text="Risk Scores" align="left" _builder_version="4.27.4" _module_preset="_initial" width="56px" height="56px" locked="off" global_colors_info="{}"][/et_pb_image][et_pb_heading title="Mapping for Risk Scores" _builder_version="4.27.4" _module_preset="default" title_font="Figtree|700|||||||" title_text_color="#FFFFFF" title_font_size="21px" custom_margin="||0px||false|false" locked="off" global_colors_info="{}"][/et_pb_heading][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree||||||||" text_text_color="#FFFFFF" header_font_size="18px" header_line_height="27px" custom_margin="8px||||false|false" locked="off" global_colors_info="{}"]Risk scores are mapped to be prioritized by vulnerability analysis[/et_pb_text][/et_pb_column][et_pb_column type="1_4" module_class="business-case" _builder_version="4.27.4" _module_preset="default" background_image="https://xypro.com/wp-content/uploads/2026/06/why-choose-b1.webp" custom_padding="20px|30px|20px|30px|false|false" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/Audit-Ready-Evidence.webp" title_text="Audit-Ready Evidence" align="left" _builder_version="4.27.4" _module_preset="_initial" width="56px" height="56px" locked="off" global_colors_info="{}"][/et_pb_image][et_pb_heading title="Standardized Output " _builder_version="4.27.4" _module_preset="default" title_font="Figtree|700|||||||" title_text_color="#FFFFFF" title_font_size="21px" custom_margin="||0px||false|false" locked="off" global_colors_info="{}"][/et_pb_heading][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree||||||||" text_text_color="#FFFFFF" header_font_size="18px" header_line_height="27px" locked="off" global_colors_info="{}"]Standardized CSV, XML, and JSON output for effortless VMP integration[/et_pb_text][/et_pb_column][et_pb_column type="1_4" module_class="business-case" _builder_version="4.27.4" _module_preset="default" background_image="https://xypro.com/wp-content/uploads/2026/06/why-choose-b1.webp" custom_padding="20px|30px|20px|30px|false|false" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/Lightweight-and-Native.webp" title_text="Lightweight and Native" align="left" _builder_version="4.27.4" _module_preset="_initial" width="56px" height="56px" locked="off" global_colors_info="{}"][/et_pb_image][et_pb_heading title="Lightweight and Native " _builder_version="4.27.4" _module_preset="default" title_font="Figtree|700|||||||" title_text_color="#FFFFFF" title_font_size="21px" custom_margin="||0px||false|false" locked="off" global_colors_info="{}"][/et_pb_heading][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree||||||||" text_text_color="#FFFFFF" header_font_size="18px" header_line_height="27px" locked="off" global_colors_info="{}"]No effect on HPE Nonstop performance due to lightweight, native nature [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.27.4" _module_preset="default" background_image="https://xypro.com/wp-content/uploads/2026/06/Form-bg-scaled-1.webp" custom_css_free_form="#aegis-scan-form{|| width:70%;|| margin:auto;||}||#aegis-scan-form .gform_required_legend{|| color:#fff;|| font-size:13px;||}||#aegis-scan-form input{|| border: 2px #fff solid;|| background: transparent;|| border-radius: 5px !important;|| color: #fff;|| padding: 16px;|| font-size: 14px;|| margin: 3px 0px;||}||#aegis-scan-form .gform_heading .gform_title{|| text-align:center;|| color:#fff;||}||#aegis-scan-form input.gform_button.button{|| margin: 10px auto !important;|| background: #50bc95;|| border: 1px #50bc95 solid;|| border-radius: 0px !important;|| width: 100%;||}||#aegis-scan-form input::placeholder {|| color: #fff;|| opacity: 1; /* Firefox */||}||||#aegis-scan-form input::-ms-input-placeholder { /* Edge 12 -18 */|| color: #fff;||}" collapsed="on" global_colors_info="{}"][et_pb_row module_id="aegis-scan-form" _builder_version="4.27.4" _module_preset="default" width="70%" module_alignment="center" custom_css_free_form="/*.aegis-form .et_pb_contact_field {|| position:relative;||}||.aegis-form label.et_pb_contact_form_label{|| color: #fff;|| display: block;|| font-weight: 500;|| position: absolute;|| top: -17px;|| left: 32px;|| background:transparent;||}*/||.aegis-form .et_pb_contact_field .input, .aegis-form .et_pb_contact_field .input:focus, .aegis-form .et_pb_contact_field .input:hover, .aegis-form .et_pb_contact_field .input:active{|| border:2px #fff solid;|| background:transparent;|| border-radius:2px;||}||.aegis-form .et_contact_bottom_container{|| width: 99%;|| margin-top: 10px;||}||.aegis-form .et_contact_bottom_container .et_pb_contact_submit{|| width: 100%;|| border: none;|| border-radius: 0px;||}" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_code module_id="aegis-scan-form" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"] Fill-Up Form "*" indicates required fields Name*Company*Email* Phone Number*TitleCommentsThis field is for validation purposes and should be left unchanged. [/et_pb_code][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="4.27.4" _module_preset="default" custom_css_free_form="||.business-case .et_pb_heading_container h1.et_pb_module_heading{|| padding-bottom:10px !important;||}||.business-impact-row{|| flex-direction: row;|| display: flex;|| flex-wrap: wrap;|| align-items: stretch;|| gap: 10px;||}||.et_pb_column.et_pb_column_1_3.business-case {|| padding-top: 30px;|| padding-bottom: 30px !important;|| flex: 1 1 160px;|| display: flex;|| flex-direction: column;||}||.et_pb_gutters3 .business-case, .et_pb_gutters3.et_pb_row .business-case{|| margin-right:auto;||}" collapsed="on" global_colors_info="{}"][et_pb_row _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_heading title="How Does XYGATE Aegis Scan Work?" _builder_version="4.27.4" _module_preset="default" title_font="Figtree|700|||||||" title_text_align="center" title_text_color="#091c4f" title_font_size="36px" locked="off" global_colors_info="{}"][/et_pb_heading][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree||||||||" text_text_color="#000000" text_font_size="22px" text_line_height="30px" header_font="Figtree||||||||" text_orientation="center" custom_padding="20px||10px||false|false" global_colors_info="{}"]Aegis Scan works in the most automatic sense and makes your job much easier. This is how you can get it:[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_5,1_5,1_5,1_5,1_5" module_class="aegis-scan-work-box" _builder_version="4.27.4" _module_preset="default" custom_css_free_form=".aegis-scan-work-box .et_pb_column .et_pb_module img {|| height: 180px;|| width: 100%;|| object-fit: contain;||}||.aegis-scan-work-box .icon-box{|| width: 30%;|| text-align: center;|| margin-right: 0px;||}||.aegis-scan-work-box .icon-box .et_pb_image{|| text-align:center;||}||.aegis-scan-work-box .arrow-box{|| width: 5%;|| margin-right: 0px;||}" global_colors_info="{}"][et_pb_column type="1_5" module_class="icon-box" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/pull-cve.webp" title_text="pull-cve" align="left" _builder_version="4.27.4" _module_preset="_initial" width="100%" height="100%" global_colors_info="{}"][/et_pb_image][et_pb_heading title="Pull CVE data (HPE + external sources)" _builder_version="4.27.4" _module_preset="default" title_level="h2" title_font="Figtree|700|||||||" title_text_color="#000000" title_font_size="24px" custom_margin="||0px||false|false" global_colors_info="{}"][/et_pb_heading][/et_pb_column][et_pb_column type="1_5" module_class="arrow-box" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/flow-arrow.webp" title_text="flow-arrow" admin_label="Image" _builder_version="4.27.4" _module_preset="_initial" width="100%" module_alignment="center" min_height="80px" height="80px" locked="off" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="1_5" module_class="icon-box" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/Scan.webp" title_text="Scan" align="left" admin_label="Image" _builder_version="4.27.4" _module_preset="_initial" width="100%" height="100%" locked="off" global_colors_info="{}"][/et_pb_image][et_pb_heading title="Scan NonStop environment (OS + software)" _builder_version="4.27.4" _module_preset="default" title_level="h2" title_font="Figtree|700|||||||" title_text_color="#000000" title_font_size="24px" custom_margin="||0px||false|false" global_colors_info="{}"][/et_pb_heading][/et_pb_column][et_pb_column type="1_5" module_class="arrow-box" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/flow-arrow.webp" title_text="flow-arrow" admin_label="Image" _builder_version="4.27.4" _module_preset="_initial" width="100%" module_alignment="center" min_height="80px" height="80px" locked="off" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="1_5" module_class="icon-box" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://xypro.com/wp-content/uploads/2026/06/tools.webp" title_text="tools" align="left" _builder_version="4.27.4" _module_preset="_initial" width="100%" height="100%" locked="off" global_colors_info="{}"][/et_pb_image][et_pb_heading title="Output to tools (Qualys, Tenable, SIEMs)" _builder_version="4.27.4" _module_preset="default" title_level="h2" title_font="Figtree|700|||||||" title_text_color="#000000" title_font_size="24px" custom_margin="||0px||false|false" global_colors_info="{}"][/et_pb_heading][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" disabled_on="off|off|off" admin_label="CTA Section" module_class="custom-banner" _builder_version="4.27.4" _module_preset="default" background_image="https://xypro.com/wp-content/uploads/2026/06/still-have-questions-banner-scaled-1.webp" background_position="top_center" module_alignment="center" min_height="400px" height="400px" custom_padding="50px|50px|50px|50px|false|false" custom_css_free_form=".custom-banner{|| display: flex;|| align-items: center;||}" collapsed="on" global_colors_info="{}"][et_pb_row column_structure="1_2,1_2" _builder_version="4.27.4" _module_preset="default" custom_margin="|198px||auto||" custom_padding="10px|0px|||false|false" global_colors_info="{}"][et_pb_column type="1_2" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][/et_pb_column][et_pb_column type="1_2" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree|600|||||||" text_text_color="#FFFFFF" text_font_size="30px" background_layout="dark" width="100%" custom_margin="|0px|20px||false|false" custom_padding="|||0px||" global_colors_info="{}"]Still Have Questions? [/et_pb_text][et_pb_text _builder_version="4.27.4" _module_preset="default" text_font="Figtree|500|||||||" text_text_color="#FFFFFF" text_font_size="20px" background_layout="dark" width="100%" custom_margin="|-9px||||" custom_padding="|||0px||" global_colors_info="{}"]We would love to answer all your queries about XYGATE Aegis Scan! Ask them so we can understand what you want to know better. [/et_pb_text][et_pb_button button_url="/contact/" button_text="Contact Us" _builder_version="4.27.4" _module_preset="default" custom_button="on" button_text_color="#FFFFFF" button_bg_color="#50bc95" button_border_width="0px" button_border_color="#50bc95" button_border_radius="0px" button_font="Figtree|600|||||||" button_use_icon="off" custom_padding="10px|25px|10px|25px|false|false" box_shadow_style="preset2" box_shadow_horizontal="0px" box_shadow_vertical="4px" box_shadow_blur="4px" global_colors_info="{}"][/et_pb_button][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" admin_label="FAQ Section" _builder_version="4.27.4" _module_preset="default" collapsed="on" global_colors_info="{}"][et_pb_row _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_heading title="Frequently Asked Questions " _builder_version="4.27.4" _module_preset="default" title_level="h2" title_font="Figtree|700|||||||" title_text_align="center" title_text_color="#091c4f" title_font_size="36px" title_line_height="48px" custom_padding="||20px||false|false" locked="off" global_colors_info="{}"][/et_pb_heading][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_2,1_2" module_class="faq-section" _builder_version="4.27.4" _module_preset="default" custom_css_free_form=".faq-section .et_pb_toggle{|| border-width:0px 0px 1px 0px !important;||}||.faq-section .et_pb_toggle .et_pb_toggle_title{|| cursor:context-menu;||}" global_colors_info="{}"][et_pb_column type="1_2" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_accordion _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_accordion_item title="1. What formats are Aegis Scan reports provided in? " open="on" open_toggle_text_color="#091c4f" _builder_version="4.27.4" _module_preset="default" body_font="Figtree||||||||" body_text_align="left" body_text_color="#000000" body_font_size="20px" border_color_bottom="#3b475d" global_colors_info="{}" toggle_text_color="#091c4f" toggle_font="Figtree||||||||" toggle_text_align="left" toggle_font_size="24px"]Aegis Scan provides scan reports in XML, CSV, or JSON formats, which are used widely by most systems. [/et_pb_accordion_item][/et_pb_accordion][et_pb_accordion _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_accordion_item title="2. Can Aegis Scan be operated with ease? " open="on" open_toggle_text_color="#091c4f" _builder_version="4.27.4" _module_preset="default" body_font="Figtree||||||||" body_text_align="left" body_text_color="#000000" body_font_size="20px" border_color_bottom="#3b475d" global_colors_info="{}" toggle_text_color="#091c4f" toggle_font="Figtree||||||||" toggle_text_align="left" toggle_font_size="24px"]Aegis Scan is easy to operate and is a lightweight tool for HPE Nonstop systems. You will not have any problems using it.[/et_pb_accordion_item][/et_pb_accordion][et_pb_accordion _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_accordion_item title="3. Are risks scored on the Aegis Scan? " open="on" open_toggle_text_color="#091c4f" _builder_version="4.27.4" _module_preset="default" body_font="Figtree||||||||" body_text_align="left" body_text_color="#000000" body_font_size="20px" border_width_all="0px" border_color_bottom="#3b475d" global_colors_info="{}" toggle_text_color="#091c4f" toggle_font="Figtree||||||||" toggle_text_align="left" toggle_font_size="24px"]CVE severities are scored as NULL, LOW, MEDIUM, HIGH, and CRITICAL on Aegis Scan.[/et_pb_accordion_item][/et_pb_accordion][/et_pb_column][et_pb_column type="1_2" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_accordion _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_accordion_item title="4. Does Aegis Scan support all HPE Nonstop systems? " open="on" open_toggle_text_color="#091c4f" _builder_version="4.27.4" _module_preset="default" body_font="Figtree||||||||" body_text_align="left" body_text_color="#000000" body_font_size="20px" border_color_bottom="#3b475d" global_colors_info="{}" toggle_text_color="#091c4f" toggle_font="Figtree||||||||" toggle_text_align="left" toggle_font_size="24px"]Aegis Scan supports every HPE Nonstop system. On top of that, systems installed manually are also allowed.[/et_pb_accordion_item][/et_pb_accordion][et_pb_accordion _builder_version="4.27.4" _module_preset="default" border_color_bottom="#3b475d" global_colors_info="{}"][et_pb_accordion_item title="5. What compliance standards are checked by Aegis Scan? " open="on" open_toggle_text_color="#091c4f" _builder_version="4.27.4" _module_preset="default" body_font="Figtree||||||||" body_text_align="left" body_text_color="#000000" body_font_size="20px" border_width_all="0px" border_color_bottom="#3b475d" global_colors_info="{}" toggle_text_color="#091c4f" toggle_font="Figtree||||||||" toggle_text_align="left" toggle_font_size="24px"]Aegis Scan checks all known major compliance standards like PCI DSS, NIST, ISO 27001, and others to give maximum weightage to them.[/et_pb_accordion_item][/et_pb_accordion][/et_pb_column][/et_pb_row][/et_pb_section] ### Careers #### Internship XYPRO Technology XYPRO is a Simi Valley-based provider of Mission Critical Security software solutions. The XYPRO Internship Program provides motivated students an opportunity to gain first-hand experience, receive valuable on-the-job training, and learn about the variety of professions involved in running a software development company, particularly one that focuses on security. We’re big enough to be the recognized leader in our global niche market but small enough for you to have an impact. So if you have a desire to expand your real-world work experience, we invite current students to apply. Our interns are viewed as a key source of future talent for entry-level careers within the company. Real assignments with real software products Hands-on experience with development, test automation, research & development, supporting existing and new product lines Genuine resume-building experience We offer internships in: Software Engineering Test Automation Engineering Software Quality Assurance Business Analysis Technical Project Management Technical Support Data Science Financial Analysis Technical Writing Contact us if you are a student interested in contributing to and benefiting from XYPRO’s growing success. Click here to apply ### Case Studies #### HPE Technology Partner, XYPRO, secures fault-tolerant payment infrastructure [et_pb_section fb_built="1" admin_label="section" _builder_version="3.22" global_colors_info="{}"][et_pb_row admin_label="row" _builder_version="3.25" background_size="initial" background_position="top_left" background_repeat="repeat" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text admin_label="Text" _builder_version="4.13.1" background_size="initial" background_position="top_left" background_repeat="repeat" global_colors_info="{}"][/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_4,3_4" admin_label="row" _builder_version="3.25" background_size="initial" background_position="top_left" background_repeat="repeat" global_colors_info="{}"][et_pb_column type="1_4" _builder_version="3.25" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_code admin_label="PDF Shortcode" _builder_version="4.13.1" _module_preset="default" global_colors_info="{}"] Download the PDF[/et_pb_code][et_pb_divider _builder_version="4.13.1" _module_preset="default" global_colors_info="{}"][/et_pb_divider][et_pb_text admin_label="PRODUCT LISTING" _builder_version="4.13.1" _module_preset="default" hover_enabled="0" global_colors_info="{}" sticky_enabled="0"]Products Used Risk Management and Real Time Threat Detection HPE Software from XYPRO [/et_pb_text][/et_pb_column][et_pb_column type="3_4" _builder_version="3.25" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text admin_label="Text" _builder_version="4.13.1" background_size="initial" background_position="top_left" background_repeat="repeat" global_colors_info="{}"]HPE Technology Partner, XYPRO, secures fault-tolerant payment infrastructure XYPRO security modules on HPE NonStop servers help achieve PCI DSS compliance For businesses running mission-critical applications, continuous availability and strong security are essential. With world-class security software from HPE Technology Partner, XYPRO, embedded on the near-continuously available HPE NonStop servers, that’s exactly what they get. XYPRO and HPE have a long history of partnership securing fault-tolerant systems, going back to the beginnings of the NonStop platform. It’s a great example of truly bringing together the best of breed— the renowned continuous availability of HPE technology with system, user, and data security optimized by XYPRO for the NonStop architecture. In fact, some XYPRO security software is now an integral part of every HPE NonStop system, included in the HPE NonStop operating system. These include XYPRO’s XYGATE User Authentication (XUA) and XYGATE Merged Audit (XMA) products— both fundamental to every NonStop customer’s security needs. For example, XUA brings industry-standard, secure authentication to the NonStop environment, and XMA enables the NonStop platform to deliver cutting-edge data logging and real-time alerting mechanisms based on user activity. Protecting customer data is paramount, and with the increased payment processing expected during the 2020 Olympics, HPE NonStop with XYPRO security modules gives us confidence that we can handle the added workload while maintaining compliance with PCI DSS regulations. – Spokesperson, Large Japanese Enterprise Together, HPE and XYPRO provide a complete, integrated solution for secure, mission-critical computing. Partnership brings PCI DSS-compliant, mission-critical solution to Japanese enterprise Companies with mission-critical business requirements have put their trust in HPE NonStop and XYPRO security solutions for decades. In one example, a leading Japanese enterprise relies on HPE NonStop servers to process millions of payment transactions every day for its customers purchasing products and services. Read More[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section] #### Leading Cybersecurity Firm XYPRO Chosen by European Bank [et_pb_section fb_built="1" admin_label="section" _builder_version="3.22" global_colors_info="{}"][et_pb_row admin_label="row" _builder_version="3.25" background_size="initial" background_position="top_left" background_repeat="repeat" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text admin_label="Text" _builder_version="4.13.1" background_size="initial" background_position="top_left" background_repeat="repeat" global_colors_info="{}"]Multi-Factor Authentication saves time, money, reputation - and provides PCI DSS Compliance[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_4,3_4" admin_label="row" _builder_version="3.25" background_size="initial" background_position="top_left" background_repeat="repeat" global_colors_info="{}"][et_pb_column type="1_4" _builder_version="3.25" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_code admin_label="PDF Shortcode" _builder_version="4.13.1" _module_preset="default" global_colors_info="{}"] Download the PDF[/et_pb_code][et_pb_divider _builder_version="4.13.1" _module_preset="default" global_colors_info="{}"][/et_pb_divider][et_pb_text admin_label="PRODUCT LISTING" _builder_version="4.13.1" _module_preset="default" hover_enabled="0" global_colors_info="{}" sticky_enabled="0"]Products Used Risk Management and Real Time Threat Detection HPE Software from XYPRO [/et_pb_text][/et_pb_column][et_pb_column type="3_4" _builder_version="3.25" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text admin_label="Text" _builder_version="4.13.1" background_size="initial" background_position="top_left" background_repeat="repeat" global_colors_info="{}"]Leading Cybersecurity Firm XYPRO Chosen by European Bank Multi-Factor Authentication saves time, money, reputation - and provides PCI DSS Compliance BackgroundBefore utilizing XYPRO software solutions and services, one prominent bank depended on non-standard, less secure processes for logging onto their HPE NonStop systems and applications. Relying on a single set of credentials that was managed separately from their corporate Active Directory was both difficult to integrate with enterprise infrastructure and gave poor user experience. It was not part of the mobile app their users were accustomed to and carried high support costs because dedicated technical staff was needed to manage and reset user accounts and passwords. Integration with XYGATE User Authentication (XUA) was put in place and has continued to work successfully since implementation. As security systems of the organization became upgraded, a modernized authentication method was required. For this, XYGATE User Authentication multi-factor authentication was implemented for all users to reduce risk, increase overall security and enhance their user experience all while lowering operational costs. The ChallengeAs one of the largest banks in their region, it is critical to have the most robust cyber security solutions in place to protect mission critical systems and applications as well as customer data. A solution was needed that would integrate their HPE NonStop servers and applications with their corporate Active Directory, provide strong authentication based on industry standards, simplify the user experience through their mobile app and deliver a low total cost of ownership. The SolutionAfter evaluating various solutions available in the market, the security team chose XYGATE User Authentication which addressed all of their requirements. XUA was quickly and easily deployed in their environment and is now protecting all HPE NonStop servers with required PCI DSS multi-factor authentication. When a user attempting to authenticate provides a password, a request is sent back to the user through the mobile app asking to allow the access. Once the user clicks allow, the request is granted and the user is logged on (similar to the behavior of all other applications within the company). Processing this request through the mobile app provides an additional authentication factor, reducing risk and ensuring PCI DSS compliance requirements are met. Read More[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section] #### Leading Global Bank Modernizes HPE NonStop Security with XYGATE Multi-Factor Authentication [et_pb_section fb_built="1" admin_label="section" _builder_version="3.22" global_colors_info="{}"][et_pb_row admin_label="row" _builder_version="3.25" background_size="initial" background_position="top_left" background_repeat="repeat" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text admin_label="Text" _builder_version="4.13.1" background_size="initial" background_position="top_left" background_repeat="repeat" global_colors_info="{}"]Multi-Factor Authentication saves time, money, reputation - and provides PCI DSS Compliance[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_4,3_4" admin_label="row" _builder_version="3.25" background_size="initial" background_position="top_left" background_repeat="repeat" global_colors_info="{}"][et_pb_column type="1_4" _builder_version="3.25" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_code admin_label="PDF Shortcode" _builder_version="4.13.1" _module_preset="default" global_colors_info="{}"] Download the PDF[/et_pb_code][et_pb_divider _builder_version="4.13.1" _module_preset="default" global_colors_info="{}"][/et_pb_divider][et_pb_text admin_label="PRODUCT LISTING" _builder_version="4.13.1" _module_preset="default" hover_enabled="0" global_colors_info="{}" sticky_enabled="0"]Products Used HPE Software from XYPRO [/et_pb_text][et_pb_image src="https://xypro.com/wp-content/uploads/2021/10/XYGATE-success-story.jpg" title_text="XYGATE-success-story" disabled_on="on|on|on" admin_label="IGNORE THIS" _builder_version="4.13.1" _module_preset="default" border_radii="on|5px|5px|5px|5px" box_shadow_style="preset3" box_shadow_horizontal="0px" box_shadow_vertical="12px" box_shadow_blur="18px" box_shadow_spread="-6px" disabled="on" global_colors_info="{}"][/et_pb_image][/et_pb_column][et_pb_column type="3_4" _builder_version="3.25" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text admin_label="Text" _builder_version="4.13.1" background_size="initial" background_position="top_left" background_repeat="repeat" global_colors_info="{}"]BackgroundBefore utilizing XYPRO software solutions and services, one prominent bank depended on non-standard, less secure processes for logging onto their HPE NonStop systems and applications. Relying on a single set of credentials that was managed separately from their corporate Active Directory was both difficult to integrate with enterprise infrastructure and gave poor user experience. It was not part of the mobile app their users were accustomed to and carried high support costs because dedicated technical staff was needed to manage and reset user accounts and passwords. Integration with XYGATE User Authentication (XUA) was put in place and has continued to work successfully since implementation. As security systems of the organization became upgraded, a modernized authentication method was required. For this, XYGATE User Authentication multi-factor authentication was implemented for all users to reduce risk, increase overall security and enhance their user experience all while lowering operational costs. The ChallengeAs one of the largest banks in their region, it is critical to have the most robust cyber security solutions in place to protect mission critical systems and applications as well as customer data. A solution was needed that would integrate their HPE NonStop servers and applications with their corporate Active Directory, provide strong authentication based on industry standards, simplify the user experience through their mobile app and deliver a low total cost of ownership. XYPRO simplified our user experience while reducing our risk and improving compliance. The SolutionAfter evaluating various solutions available in the market, the security team chose XYGATE User Authentication which addressed all of their requirements. XUA was quickly and easily deployed in their environment and is now protecting all HPE NonStop servers with required PCI DSS multi-factor authentication. When a user attempting to authenticate provides a password, a request is sent back to the user through the mobile app asking to allow the access. Once the user clicks allow, the request is granted and the user is logged on (similar to the behavior of all other applications within the company). Processing this request through the mobile app provides an additional authentication factor, reducing risk and ensuring PCI DSS compliance requirements are met. Read More[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section] #### Strict Adherence to Global Security Standards is Essential [et_pb_section fb_built="1" admin_label="section" _builder_version="3.22" global_colors_info="{}"][et_pb_row admin_label="row" _builder_version="3.25" background_size="initial" background_position="top_left" background_repeat="repeat" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text admin_label="Text" _builder_version="4.13.1" background_size="initial" background_position="top_left" background_repeat="repeat" global_colors_info="{}"]Multi-Factor Authentication saves time, money, reputation - and provides PCI DSS Compliance[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_4,3_4" admin_label="row" _builder_version="3.25" background_size="initial" background_position="top_left" background_repeat="repeat" global_colors_info="{}"][et_pb_column type="1_4" _builder_version="3.25" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_code admin_label="PDF Shortcode" _builder_version="4.13.1" _module_preset="default" hover_enabled="0" global_colors_info="{}" sticky_enabled="0"] Download the PDF[/et_pb_code][et_pb_divider _builder_version="4.13.1" _module_preset="default" global_colors_info="{}"][/et_pb_divider][et_pb_text admin_label="PRODUCT LISTING" _builder_version="4.13.1" _module_preset="default" global_colors_info="{}"]Products Used Secure Database Management HPE Software from XYPRO [/et_pb_text][/et_pb_column][et_pb_column type="3_4" _builder_version="3.25" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text admin_label="Text" _builder_version="4.13.1" background_size="initial" background_position="top_left" background_repeat="repeat" global_colors_info="{}"]Seven Bank banks on HPE Integrity NonStop to handle critical transaction switching. Ensures continuous operations with HPE Integrity NonStop BladeSystem NB54000c To meet customer expectations of anytime, anywhere availability, Seven Bank deployed HPE Integrity NonStop BladeSystem NB54000c servers to ensure continuous availability of switching services critical for completing ATM transactions with no data loss. Seven Bank, Ltd. was founded in 2001 as a unique Japanese financial institution specializing in ATM services, driven by demand from Seven-Eleven customers looking for in-store ATMs. The bank has since grown to offer a range of banking services, including online bank deposit, loan, payment, and wire transfer services. Today, Seven Bank handles as many as 5,700,000 transactions per day through its 22,000 bank-owned ATM machines in Seven-Eleven convenience stores, Itoyokado, shopping malls, metro stations, and airports all across Japan. With a goal to provide anytime, anywhere access to its services, Seven Bank required an IT infrastructure designed for continuous business. The relay server that supports our core business must run nonstop while also enabling us to grow as demand increases. Only HPE Integrity NonStop BladeSystem NB54000c servers have both high availability and scalability to support all our ATM services today and into the future. – Masaaki Matsuhashi, Executive Officer and Director, ATM Solution Department, Seven Bank At the core of the bank’s infrastructure is a mission-critical server that aggregates all requests from ATM machines and relays them to internal accounting systems, as well as systems at partner institutions. This relay server must handle a rapidly growing volume of transactions in real time with no disruption 24/7/365. However, the bank’s previous platform lacked sufficient performance and scalability to keep up with the enormous processing demands projected for the next ten years. Ensures continuous availability of critical services After considering an upgrade to its conventional server, Seven Bank worked with its trusted IT partner, Nomura Research Institute (NRI), to explore alternative solutions. After an extensive technical evaluation, Seven Bank turned to Hewlett Packard Enterprise (HPE) and replaced its conventional server with HPE Integrity NonStop BladeSystem NB54000c servers powered by the Intel® Itanium® Processor 9300 Series. The HPE platform runs Intelligent Wave Inc.’s NET+1 application, which authenticates ATM card transactions and online connections to banking services. In addition, Seven Bank relies on an HPE Integrity NonStop NS2200 Server for development. Mr. Kazuki Nishizaki, Seven Bank’s Manager, comments, “While migrating NET+1 to the NonStop operating system, we consolidated many functions that had been extended over the last 14 years since the company started. At the same time, we enhanced development efficiency by simplifying the structure of the entire application. This optimizes the environment to respond quickly and be flexible for future enhancements.” NRI led the project, from design and build through ongoing infrastructure operations and management. There are four HPE Integrity NonStop BladeSystem NB54000c servers, two systems are deployed in East Japan and the other two systems are deployed in West Japan. These four systems are production. With the two sites synchronized for active-active operations, this configuration ensures continuous availability of relay services should one of the data centers go down. It also enhances agility to handle unexpected spikes in workload. Read More[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section] #### XYGATE Access Control Quickly Identifies Root Cause of System Outage [et_pb_section fb_built="1" admin_label="section" _builder_version="3.22" global_colors_info="{}"][et_pb_row admin_label="row" _builder_version="3.25" background_size="initial" background_position="top_left" background_repeat="repeat" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text admin_label="Text" _builder_version="4.13.1" background_size="initial" background_position="top_left" background_repeat="repeat" global_colors_info="{}"]Multi-Factor Authentication saves time, money, reputation - and provides PCI DSS Compliance[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure="1_4,3_4" admin_label="row" _builder_version="3.25" background_size="initial" background_position="top_left" background_repeat="repeat" global_colors_info="{}"][et_pb_column type="1_4" _builder_version="3.25" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_code admin_label="PDF Shortcode" _builder_version="4.13.1" _module_preset="default" text_orientation="center" custom_margin="||||false|false" global_colors_info="{}"] Download the PDF[/et_pb_code][et_pb_divider _builder_version="4.13.1" _module_preset="default" global_colors_info="{}"][/et_pb_divider][et_pb_text admin_label="PRODUCT LISTING" _builder_version="4.13.1" _module_preset="default" hover_enabled="0" global_colors_info="{}" sticky_enabled="0"]Products Used Risk Management and Real Time Threat Detection HPE Software from XYPRO [/et_pb_text][/et_pb_column][et_pb_column type="3_4" _builder_version="3.25" custom_padding="|||" global_colors_info="{}" custom_padding__hover="|||"][et_pb_text admin_label="Text" _builder_version="4.13.1" background_size="initial" background_position="top_left" background_repeat="repeat" global_colors_info="{}"]XYGATE Access Control Quickly Identifies Root Cause of System Outage BackgroundBefore this credit card processor began utilizing XYPRO software solutions and services, they had a manual checkout process for privileged account ids. In it a Tech Support Manager would manually process requests and release privileged account credentials for approved requests. This process was not only inefficient, but diluted accountability for the actions of those privileged IDs. Once the password was released, there was no way to track which commands were executed under that privileged ID. Additionally, if multiple people were using the privileged ID at the same time, there was no way to distinguish who executed each command. After implementing XYPRO’s XYGATE Access Control (XAC), not only was their process streamlined but it also increased security and accountability with capabilities like easily configurable access controls and keystroke logging, all while still providing their users with the privileged access needed to do their jobs. ProblemIn early 2018, the client encountered issues during a major system upgrade which impacted their business operations as well as those of several external customers. After they were unable to restore normal operations, the systems upgrade was stopped and reverted back to its previous state. Hours were spent attempting to resolve the issues and more time was spent attempting to identify the root cause. It wasn’t until the next day that the root cause was discovered. The XAC Keystroke Report saved countless hours of research to determine the root cause of our issue. – Spokesperson, Payments Processor SolutionAn XAC keystroke log report determined that the problem was caused by human error. A technical team member had mistakenly executed an erroneous command, which impacted system communications. The client declared that “without the XAC keystroke log report, we may have never discovered the root cause.” Armed with the root cause, the company was able to inform impacted customers and reassure them that they had taken steps to make sure this type of outage unlikely to occur again. Additionally, the company created training to educate employees about proper privileged account id usage. Read More[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section] ### Whitepaper #### PCI DSS FOR NONSTOP [et_pb_section fb_built="1" _builder_version="4.17.4" _module_preset="default" custom_margin="||0px||false|false" custom_padding="||0px||false|false" locked="off" global_colors_info="{}"][et_pb_row _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.17.4" _module_preset="default" global_colors_info="{}"][et_pb_text admin_label="Text" _builder_version="4.27.4" _module_preset="default" hover_enabled="0" global_colors_info="{}" sticky_enabled="0"]Complete the form below to get instant access to your PCI 4.0.1 for Nonstop white paper. HPE Nonstop PCI DSS WhitePaper "*" indicates required fields * First Name Last Name Company*Company Email* PhoneJob TitleOpt In* I agree to Xypro privacy policy and consent to sharing my information. CommentsThis field is for validation purposes and should be left unchanged. [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section] #### Strengthening Cyber Resilience in 2026 [et_pb_section fb_built="1" _builder_version="4.27.4" _module_preset="default" custom_margin="||0px||false|false" custom_padding="||0px||false|false" custom_css_free_form=".et-db #et-boc .et-l .et_pb_row{|| width:100%;||}" locked="off" global_colors_info="{}"][et_pb_row column_structure="1_2,1_2" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_column type="1_2" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"]Threat Intelligence Report- Q1 2026 Learnings Cyber threats continue to evolve at an unprecedented pace, with AI-enhanced phishing, identity abuse, ransomware, and third-party compromise becoming some of the most significant risks facing enterprise organizations today.  The XYPRO Threat Intelligence Report — 2026 Q1 explores the latest cybersecurity trends shaping mission-critical environments, including real-world security incidents impacting healthcare, financial systems, and enterprise infrastructure across global organizations.  This report provides insight into:  Emerging ransomware and identity-based attack strategies   The growing impact of AI-driven phishing campaigns   Third-party and supply chain security risks   Zero Trust, MFA, and security automation trends   Best practices for strengthening cyber resilience   Download the report to learn how organizations can improve visibility, strengthen identity governance, and better protect mission-critical systems against evolving cyber threats. [/et_pb_text][/et_pb_column][et_pb_column type="1_2" _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.27.4" _module_preset="default" global_colors_info="{}"]Complete the form below to get instant access to your Strengthening Cyber Resilience in 2026 white paper. Strengthening Cyber Resilience "*" indicates required fields * First Name Last Name Company*Company Email* PhoneJob TitleOpt In* I agree to Xypro privacy policy and consent to sharing my information. [/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section] ### Events #### 2020 SunTUG Sunshine Summit Online: Reservations can be made online at www.TampaDoubleTree.com. The group code for reservations is S2T. XYPRO Presentation Topic: Enterprise Integration of Your HPE NonStop Ecosystem HPE NonStop Servers and Applications can be a challenge to integrate with enterprise processes. Without enterprise integration, User, Identity and Access Management rely on manual processes. This disparate functionality is time-consuming, error-prone and vulnerable to security risk. That all changes now! In this session, learn how the XYGATE suite of security, compliance and risk management solutions modernizes NonStop applications and integrates your HPE NonStop servers with the latest enterprise solutions like Sailpoint IdentityIQ, CyberArk, ServiceNow, and others. XYGATE integration provides visibility and governance of your NonStop processes – saving time and money while greatly reducing risk. It has never been so easy to be a seamless part of the enterprise! The 2020 Connect Florida/SunTUG Sunshine Summit will feature a full day of NonStop education and networking for end-users, third-party vendor partners, and HP. This year we will be having breakfast, lunch, an afternoon coffee break, and an evening networking social. Please note: registering for the Friday Sunshine Summit does not automatically register you for the Golf Tournament. Please register for the golf tournament separately. #### 2023 NonStop Technical Boot Camp SAVE THE DATE! September 12-14, 2023 Hilton Denver City Center Denver, Colorado USA Hotel Reservation Portal Event Registration #### 2023 SunTUG Sunshine Summit and Golf Tournament The 2023 SunTUG Sunshine Summit and Golf Tournament will take place on Friday and Saturday, March 3 & 4 in 2023. Registration for the events opens on Wednesday, 30 November 2022 at Noon (Eastern). Well, they're tearing down the DoubleTree, so we are moving back to the Embassy Suites! For 2023 we will be returning to the Embassy Suites by Hilton Tampa Airport Westshore. Stay tuned for a registration link and discount code for reservations. The 2023 Connect Florida/ SunTUG Sunshine Summit on Friday, 3 March 2023, will feature a full day of NonStop education and networking for end-users, third-party vendor partners, and HPE. This year we will have breakfast, lunch, an afternoon coffee break, and an evening networking social. And we will still be having our traditional golf tournament on Saturday, 4 March 2023. This year we are doing the reservations and ticketing for both the Friday and Saturday events as one-stop shopping, so everything is available via this registration page. Click the link below to check out all the information on EventBrite. Send me an email if you have questions. We look forward to seeing you in March! Register #### 2024 Nonstop Technical Bootcamp- Monterey, CA 2024 NonStop Technical Boot Camp September 23-26, 2024 Hyatt Regency Monterey Monterey, California USA REGISTER HERE:  https://www.nonstoptbc.com/register #### 2026 N2TUG Event Where members of the Nonstop community will come together for a full day of discussion, knowledge sharing, and collaboration. We’re excited to return to Texas and welcome attendees back to a familiar venue for another great N2TUG gathering. Event Date: Wednesday, May 6, 2026 Venue: Hilton Garden Inn, Hurst Conference Center Hurst, Texas Hotel room blocks A discounted room block is available at the event hotel. N2TUG 2026 Meeting - Direct Booking Link (Guaranteed through April 14, 2026) #### 2026 SunTUG Sunshine Summit and Golf Tournament Join us for the 2026 SunTUG Sunshine Summit & Golf Tournament—where the Nonstop community comes together for insightful discussions, networking, and a little time on the course in the Florida sunshine. Don’t miss this chance to connect around #HPE #Nonstop, #missioncritical systems, and community collaboration. #SunTUG2026 #XYPRO Event Dates & Location Sunshine Summit: Friday, March 6, 2026 7:30 AM – 2:00 PM EST Golf Tournament: Saturday, March 7, 2026 7:30 AM – 2:00 PM EST Venue: Aloft Tampa Midtown 3650 Midtown Dr Tampa, FL 33607 Join us at the SunTUG 2026 Summit   #### 5 Best Practices for HPE NonStop File Integrity Monitoring Join XYPRO for This Live Webinar! · Register Today! · Tuesday, July 28, 2020, 8:00 am PDT Tuesday, July 28, 2020, 6:00 pm PDT Wednesday, July 29, 2020, 11:00 am AEST File Integrity Monitoring (FIM) is a foundational requirement for security compliance frameworks to help identify unexpected or malicious activity across critical system files, diagnose unwanted or inadvertent changes, and shut down attacks before they have a chance to cause damage and disruption. Organizations that collect and process credit card transactions and payments data must comply with the Payment Card Industry Data Security Standard (PCI DSS) requirements 10.5.5 and 11.5 that state organizations must make efforts to monitor file modifications and ensure the integrity of critical logs from within their Cardholder Data Environment (CDE). On HPE NonStop servers, XYGATE SecurityOne (XS1) monitors and alerts when key files, objects, or system configurations are viewed, deleted, modified or ownership has changed. XS1 identifies who made the change and if the change put the system at risk or violated policy. This intelligent form of real-time integrity monitoring simplifies monitoring activity and helps meet the strictest of compliance requirements while reducing noise generated by unnecessary alerts. Your resources are focused on the most critical security events. Join XYPRO Technology’s Chief Product Officer & CISO, Steve Tcherchian, and Solutions Delivery Specialist, William Ferrara, as we demonstrate the Top 5 HPE NonStop File Integrity Monitoring use Cases. · Registration · Tuesday, July 28, 2020 8 am PDT 6 pm PDT Wednesday, July 29, 2020, 11:00 am AEST 11 am AEST 5 Best Practices for HPE NonStop File Integrity Monitoring #### ATUG – Atlanta Chapter Meeting Save the Date for the 2023 ATUG Chapter Meeting May 3, 2023 HPE Customer Innovation Center Alpharetta, Georgia You are invited to join your Atlanta-based HPE NonStop Community for your annual Chapter Meeting at the HPE Customer Innovation Center in Alpharetta, GA. ATUG is comprised of members from HPE, Partners, Users, and Vendors from around the world. We formed to meet others, exchange ideas, and learn from others’ experiences. These are exciting times and we have a well-rounded group of attendees. Past attendees have come from companies like TSYS, Suntrust, HomeDepot, UPS, USDA, Liaison, CRIF, Bank of America, Verizon, and CoverMyMeds (McKesson). Register Here ATUG 2023 is Sponsored By: #### Bite-sized eBITUG 2021 Dates: December 2nd, 7th and 9th 2021 - 13:00-16:10 UK time (GMT) December 2nd Registration link: Dec 2nd Registration Link December 7th Registration link: Dec 7th Registration Link December 9th Registration link: Dec 9th Registration Link 3 hours of Presentations spread across 3 x afternoons in December. FREE for everyone to attend using Zoom. You NEED to register and the Zoom invite to be emailed to you. You MUST also register for each afternoon session that you would like to join - so if you want to attend all 3 x afternoons, you need 3 x registrations! XYPRO’s Chief Product Officer and CISO, Steve Tcherchian, presents Thursday December 9 at 15:00 GMT.  #ZeroTrust   #### BITUG Big Sig 2022 BITUG welcomes back its members to BIG SIG 2022! It is with great pleasure your BITUG committee can confirm the first face-to-face SIG since December 2019. Please put a place marker in your diaries because the BIG SIG will be held on Thursday 9th June 2022 at Trinity House London; a well-loved venue for our community. BITUG BIG SIG Plenary Presentation by XYPRO’s Chief Product Officer Steve Tcherchian. Zero-Trust Security with HPE and XYPRO: Reduce the Cost of Security and Compliance by 80% The probability that an organization will experience a breach in the next 24 months is high and the current time to identify and contain a breach is still 280 days*.  XYPRO security solutions reduce the mean time to detect, and the resources required to respond to potential breaches by up to 80%, dramatically reducing the impact of a breach to your enterprise. HPE and XYPRO have expanded our decades-long partnership and XYPRO’s entire suite of mission critical security and integration solutions are available through HPE. This unique partnership removes complexity and reduces cost by delivering fully integrated, ZERO Trust solutions to secure and manage the HPE NonStop technology stack. In this session learn how HPE and XYPRO solutions integrate into your company’s existing security infrastructure, enable a zero trust security model and how to get our free rapid security assessment for your systems. Event Details Registration will occur from 08:30 until 08:50 when the conference starts in earnest. As usual, it will be free to enter. We have multi-track breakout sessions covering HPE updates, Business Continuity, Application APIs and DevOps, Systems Management, Security, and much more as well as user presentations. (The latest agenda is posted below) Coffees and luncheon will be provided around the Expo floor and the prize draw will return between 16:50 and 17:00 after which the event is due to close. For those who can make it there will be a “Beer bust” at Liberty Bounds Pub close to Trinity House on the evening of Wednesday the 8th of June starting around 18:00. The event will be at - Trinity House -  in London for the event. This historical building has always proven popular in the past. Address: Tower Hill, London, EC3N 4DH (http://www.trinityhouse.co.uk/th/about/) Register     #### BITUG Big Sig 2024 BITUG welcomes back its members to BIG SIG 2024! BIG SIG’ registration is now open! BIG SIG will be held on Thursday 13 June, 2024 at our ever popular venue Trinity House in London. It will consist of a full-day multi-track agenda of presentations from HPE, Vendors and Customer's covering a multitude of subjects, from Digital Resiliency and Security through to Application Modernisation of your NonStop estate. You may not know it, but NonStop celebrates it’s 50 years anniversary this year! Plenary Presentation:   XYPRO’s Chief Product Officer Steve Tcherchian, CISSP as he presents:  “Cybersecurity Strategies for Ransomware Protection and Digital Resilience in Today’s Threat Landscape” Meet and chat with sponsor vendors who will be setup in the Expo floor where we will also have both morning and afternoon Tea and Coffee breaks as well as Lunch sponsored by some of our vendor partners and BITUG. Join us just down the road at 17:30 for a traditional 'Beer Bust'  at Traitors Gate Pub All the details, including registration and current agenda are available on here: https://www.bitug.com/big-sig-2024 Event Location: Trinity House, Tower Hill, London, EC3N 4DH (http://www.trinityhouse.co.uk/th/about/) Registration and Event Agenda Coming Soon!       #### BITUG BIG SIG 2026 Join us for BITUG BIG SIG 2026 as we return to the iconic Trinity House in London. A long-standing home for BIG SIG events, this distinguished venue offers an intimate and prestigious setting for focused discussion, technical insight, and collaboration within the HPE Nonstop community. Located near the Tower of London with views of the River Thames, Trinity House blends centuries of maritime heritage with refined Georgian architecture—making it an ideal setting where tradition meets modern professionalism. Event Date: Thursday, June 4, 2026 Venue: Trinity House Tower Hill London, UK Join us at the BITUG BIG SIG 2026   #### BITUG Little SIG 2023 Registration for the BITUG Little SIG scheduled for 7 December 2023 in London is now open. We have a packed Little SIG agenda for you this year, including an overview of what you may have missed if you did not attend the Connect Technical Bootcamp in Denver this year as well as a number of Vendor updates. Be sure not to miss XYPRO's Steve Roy presenting "Identify, Protect, Detect - A ZERO Trust Approach to Ransomware Protection" After the AGM, we are holding a traditional "Beer Bust" at the local BrewDog Tower Hill, Gt Tower Street EC3R 5AR. As always with BITUG Little SIGs, this year's event will be free of charge to HPE NonStop user members of BITUG.  BITUG Membership is also free. #### BITUG Little SIG 2024 Register now for BITUG Little SIG 2024!! Little SIG is BITUG's annual one-day, free to attend event in London: OSIT (Office Space in Town) Monument. Address is: 20 St Dunstan's Hill, London EC3R 8HL The packed Little SIG agenda for you this year, includes an overview of what you may have missed if you did not attend the Connect Technical Bootcamp in Monterey this year as well as a number of Vendor updates. Prior to the Little SIG on evening of 5th November, we are holding a traditional "Beer Bust" at the HYDRANT PUB, (Equitable House, 1 Monument St, London EC3R 8BG).  Join us 4:30pm to 7:30pm where you can enjoy a drink (or two) and some nibbles whilst mingling with your fellow BITUGers. Morning tea/coffee, lunch, afternoon tea/coffee and the 'Beer Bust' all courtesy of BITUG. XYPRO presents "CYBERSECURITY STRATEGIES FOR RANSOMWARE PROTECTION" Spaces for this event are limited, so please register early to avoid disappointment   #### BITUG Virtual SIG 2021 XYPRO Presentation:   Multi-Factor Authentication for HPE NonStop – You Already Have It! According to Microsoft, 81% of data breaches occur because of weak, default or stolen credentials and 99% of these attacks can be blocked by implementing Multi-Factor Authentication (MFA). MFA grants a user access only after successfully presenting two or more of the following: Something you know (password) Something you have (security token, smart card, authenticator app) Something you are (biometrics)   XYGATE User Authentication (XUA) – included with your HPE NonStop server - strengthens the security of your servers AND applications through industry leading multi-factor authentication. XUA enables regulatory compliance with PCI-DSS, GDPR, HIPAA and more. Protect almost any application, whether Pathway-based or not, with MFA. In this session, XYPRO’s Account Executive in EMEA, Steve Roy will describe how to secure your environment against authentication attacks using the tools you already have.  Nothing to purchase!   #### Chile NonStop Summit 2024 Evento NonStop HPE FY24 ¡Regístrate y participa del esperado evento NonStop HPE Chile FY24! Fecha: Miércoles 17 de Enero Horario: 09:00 hrs Lugar: Salón Madrid, Hotel NH Collection Plaza Santiago, Av Vitacura 2610. Te esperamos. #### ChileTUG – Chile Chapter Meeting Amigos Chilenos! nos vemos este próximo 27 de marzo en Santiago para continuar hablando de #ciberseguridad de misión crítica en el #ChileTUG!  XYPRO Technology #missioncritical #cybersecurity #zerotrust We kindly invite you to the ChileTUG 2025 event to be held in the City of Santiago this coming Thursday, March 27, 2025. This event will bring together HPE NonStop customers as well as experts and Partners who add value and grow the community. Take advantage of the conferences and presentations. Learn about HPE's latest plans for the future of NonStop and connect with Partners throughout the event! Come and be a part of the HPE NonStop Community!! Register Today     #### CTUG – Canadian Chapter Meeting The CTUG Conference is Back in 2023! The 2023 edition of CTUG is an opportunity to enhance your knowledge and a venue to meet friends and share ideas. REGISTER NOW! #### CTUG – Canadian Chapter Meeting The CTUG Conference 2024! Each year the CTUG board looks forward to hosting the CTUG Conference. It is an excellent opportunity to bring the Canadian HPE NonStop User community together for a couple of days of learning, networking, and, socializing! The 2024 edition of CTUG is an opportunity to enhance your knowledge and a venue to meet friends and share ideas. 1875 Buckhorn Gate Mississauga, ON L4W 5N9 Canada REGISTER NOW! #### CTUG 2021 Virtual Conference Advances and changes in technology do not stop, even for a pandemic! CTUG are pleased to announce a series of one-half day virtual technical briefings starting June 23rd at 10 am. The Agenda for the first one includes: 10:00 CTUG Welcome and Opening Remarks – Jack McAuley 10:10 Featured Speaker Justin Simonds, The Art of the Possible 11:15 NonStop & Enterprise Integration, Steve Tcherchian, XYPRO Historically a big part of CTUG events is getting together with colleagues and friends that you have met over the years for lunch, or an evening beverage at the event. This level of contact is hard to replicate during a ZOOM meeting. However, we will continue with our popular prize draws at the end of the session. HPE,  XYPRO and others have generously offered to contribute door prizes. Winners will be drawn and contacted separately by Email by the next day. There is a no cost to attend this event, and, it is also open to non-CTUG members who are interested in the technology and may be interested in joining the group. Please feel  invite someone in your organization who may benefit from the education. To register simply email CommunicationDirector@ctug.ca by JUNE 21st , and you will be sent a link to join. We look forward to your participation. Enclaid Pinto, Director of Communication, sent on behalf of the CTUG Board. If you have questions about the conference please e-mail: CommunicationDirector@ctug.ca Copyright © 2021 Canadian Tandem User Group, All rights reserved. Canadian Tandem User Group 5150 Spectrum Way Mississauga, On L4W 5G1 Canada #### CTUG 2026 Conference – Mississauga, Ontario Join us for the CTUG 2026 Conference as members of the Canadian Nonstop community come together for collaboration, technical learning, and knowledge sharing. The CTUG conference provides valuable opportunities to connect with users, partners, and industry experts focused on HPE Nonstop and mission-critical environments. The event will include a full day conference followed by education sessions designed to provide deeper technical insight and practical knowledge for Nonstop professionals. Event Dates & Location Conference: Wednesday, June 3, 2026 Education Session: Thursday, June 4, 2026 Venue: 1875 Buckhorn Gate Mississauga, ON L4W 5P1 Canada Join us at the CTUG 2026 Conference   #### CTUG Chapter Fall Meeting The CTUG Conference is Back in 2022! Keynote Speakers: Justin Simonds, Master Technologist at Hewlett Packard Enterprise The fight against Human Trafficking through the use of AntiMoneyLaundering (AML) and KnowYourClient (KYC) Processes Keith Moore, HPE Distinguished Technologist Everything New in 2022 NonStop Technology Register Here #### CTUG Virtual Fall Conference 2021 - Canadian Tandem User Group URL: https://xypro.com/event/ctug-virtual-fall-conference-2021/ #### E-BITUG - European NonStop Symposium June 3-5, 2025  Dublin, Ireland                 Registration, Hotel Booking, Agenda and much more can be found here:  https://www.bitug.com/e-bitug-2025-brochure     #### E-BITUG EDINBURGH 2023 THE EUROPEAN NONSTOP TECHNICAL SYMPOSIUM Dates: 15-17th May 2023 BITUG IS PLEASED TO PRESENT E-BITUG 2023!! It’s time for us here at BITUG to turn our attention to the next big HPE NonStop community event. The Sheraton Grand Hotel, Edinburgh, Scotland, is the venue from Monday 15th to Wednesday, 17th May. This is the second time the European NonStop Symposium will have visited this great city, and we can’t wait to return. Following on from the Connect NonStop Technical Boot Camp in San Francisco last November, the 2023 E-BITUG will bring together HPE NonStop users and vendors from across the globe. This will be an event that will offer genuine educational value as well as excellent networking opportunities. Plus, as always, there will be unfettered access to HPE technical and management resources. Educational plenary sessions from HPE, HPE NonStop customers, and our valued partners will provide breakout sessions that will enable you to delve into the deeper technicalities of the platform. Registration is open, and we have secured a great rate at the hotel, which can all be booked now – Book Here. The full agenda, including details of a social event, will be shared shortly, so keep an eye on BITUG.com and your inbox for updates. This will be another event that you will not want to miss. Golf Day Sponsored by TCM 10:00 AM – 4:00 PM Registration Desk Open for Badge Pickup 4:00 PM – 6:00 PM at the Registration Desk Beer Bust! Welcome Reception 6:00 PM – 10:00 PM at BrewDog Pub - Festival Square Please join us for this annual tradition. Attendance is included in your conference registration. #### eGTUG - European HPE NonStop HotSpot 2022 This annual European Conference is this year once again organized by the Hewlett Packard Enterprise User Group GTUG NonStop e.V. and strongly supported by HPE. Due to the ongoing pandemic situation, we think it is still too early to plan this conference as an onsite event. Therefore, unfortunately, it will be an Zoom event again - however,  we all have some experience in this..... The conference features a strong international agenda on current topics. You will hear about latest strategic and technical developments on NonStop from users, HPE Management and international vendors. In order to enable personal exchange even in digital times, there is the opportunity to meet in breakout sessions for personal discussions. In particular, after the respective lecture, the speakers have a room available for individual questions. Currently we are planning the Agenda. If you have any wishes on topics you are interested in or if you want to present, please let us know! (pamela.bogner@gtug.de). More details on the "eGTUG - European NonStop HotSpot 2022"  to come Please save the date and we hope to meet you (virtually) on April 26/27! #### eGTUG European Nonstop Symposium 2026 The eGTUG European NonStop Symposium brings together the NonStop community for three days of education, technical sessions, and networking. The 2026 program follows the successful format of the 2025 eBITUG conference in Dublin. April 14, 2026 – Pre-conference training - Education and Excursion Day GTUG is offering rooms for your education/training sessions as part of certain sponsoring packages. Morning: Visit to the Deutsches Museum, one of the largest technology museums in Europe, including guided tours. Afternoon: Brewery tour with beer tasting and a small snack, or alternatively, a guided tour of the Allianz Arena, the soccer stadium and home of the famous Bayern Munich April 15 & 16 2026 – eGTUG Symposium The regular conference program includes up to three parallel tracks. On Wednesday evening, there will be a guided walking tour from the hotel to the dinner and entertainment venue, passing several of Munich’s well-known sights. The evening will feature a “Bavarian Evening” with food, drinks, and music. #### European NonStop HotSpot / IT-Symposium 2020 The event has been canceled due to the ongoing worldwide Corona Pandemic. XYPRO's presentation topics will be on: Anatomy of a CyberSecurity Breach - Building a Strategy That Works Once your network and systems have been compromised, there is no going back. The best you can do is contain the damage as quickly as possible. The current mean time to detect a cybersecurity breach is nearly 200 days. That means hackers are in your network, on your systems doing what they want for over 6 months before they’re detected - IF they're ever detected.  The damage to your systems, the loss of your critical data, the impact on your company’s reputation, and your career is immeasurable.  These are the things that keep leaders up at night. Interestingly, most organizations have the solutions and data necessary to proactively detect malicious activity, yet this problem still exists. Why? Join us as we dissect the activities cybercriminals use to infiltrate networks, how they camouflage their activity as “innocuous user behavior” while they move freely about your infrastructure, targeting your data. We’ll show you a security strategy that utilizes next-generation threat detection, providing actionable data with real-time analytics to quickly mitigate risks. This one-hour session shows you the strategy to protect you and your organization’s mission-critical data from a catastrophic security breach. Steve Tcherchian - Presenter Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. Steve is on the ISSA CISO Advisory Board, the NonStop Under 40 executive board and part of the ANSI X9 Security Standards Committee. With over 20 years in the cybersecurity field, Steve is responsible for strategy and innovation of XYPRO’s security product line as well as overseeing XYPRO’s risk, compliance and security to ensure the best experience to customers in the Mission-Critical computing marketplace. Steve is an engaging and dynamic speaker who regularly presents on cybersecurity topics at conferences around the world. Modern NonStop SQL Database Management HPE NonStop SQLXPress, available through HPE and direct from XYPRO, is the most effective and modern way to manage NonStop SQL databases. During this session, we will review the need for NonStop database management, as well as the business and technical benefits of HPE NonStop SQLXPress.  The session will also include a NonStop customer use case that describes how the customer uses HPE NonStop SQLXPress to better manage NonStop SQL environments (both MX and MP) with an intuitive, easy-to-use interface, and powerful tools to save DBA’s time, increase database performance and reduce business risk. Kenneth Scudder - Presenter Sr. Director, Business Development and President, Merlon Software Corporation (a XYPRO company) Ken joined XYPRO in 2012 and has more than two decades of enterprise software experience in product management, sales, and business development. Ken’s previous experience includes positions at ACI Worldwide, CA Technologies, Peregrine Systems (acquired by HPE), and Arthur Andersen Business Consulting. A former navy officer and U.S. diplomat, Ken holds an MBA from the University of Southern California and a Bachelor of Science degree from Rensselaer Polytechnic Institute.  Ken is PCI-ISA and CompTIA Security+ certified. Steve Roy - Presenter EMEA Account Executive Steve joined XYPRO 18 months ago and is responsible for building strong customer and HPE relationships across the region.  During the 25 years prior to his time at XYPRO, Steve held senior sales positions at Oracle Corporation, GoldenGate, and ACI Worldwide and has a wealth of experience in the HP NonStop world both in EMEA and the USA. #### European NonStop HotSpot/IT-Symposium 2024 XYPRO (Gold Sponsor) invites you to join the European HPE User community meeting in Berlin! Get firsthand information about the latest strategic and technical developments on HPE NonStop from HPE, partners and users.  Discuss your business requirements with HPE executives onsite and meet with vendors and your fellow HPE NonStop users. Join XYPRO's Chief Product Officer Steve Tcherchian, CISSP as he presents:  "Cybersecurity Strategies for Ransomware Protection and Digital Resilience in Today's Threat Landscape" Enjoy your stay at the Hotel Steigenberger am Kanzleramt Berlin located in the heart of the city right next to the river Spree and the main train station offering direct connection to the new international airport (BER). Within walking distance are Berlin’s renowned museums and historical monuments, as well as the government district. Welcome to Berlin and feel the atmosphere of this ever-inspiring city! REGISTER Agenda Here (subject to change) :  https://gtug.de/HotSpot2024/Agenda.pdf #### GTUG Frühjahrstagung - 27. und 28. April 2021 (digital) Multi-Factor Authentication for HPE NonStop – You Already Have It! XYPRO’s Chief Product Officer and Technology Transformer, Steve Tcherchian presents on the topic of HPE NonStop Multi-Factor Authentication (MFA). According to Microsoft, 81% of data breaches occur because of weak, default or stolen credentials and 99% of these attacks can be blocked by implementing Multi-Factor Authentication (MFA). MFA grants a user access only after successfully presenting two or more of the following: Something you know (password) Something you have (security token, smart card, authenticator app) Something you are (biometrics) XYGATE User Authentication (XUA) – included for free with your HPE NonStop server - strengthens the security of your servers AND applications through industry leading multi-factor authentication. XUA enables regulatory compliance with PCI-DSS, GDPR, HIPAA and more. You can protect almost any application, whether Pathway-based or not, with MFA. In this session, XYPRO’s Chief Product Officer Steve Tcherchian will describe how to secure your environment against authentication attacks using the tools you already have.  Nothing to purchase! #### GTUG Herbsttagung 2021 (digital)   XYPRO's Steve Tcherchian will be presenting "XYPRO Security One Suite for Zero Trust Security"  on November 17th from 8:30 am - 9:00 am (CET) Traditional security relies on a “trust but verify” model. Once authenticated and granted access, users are trusted within the enterprise network. This “trust” leaves the network vulnerable to malicious insiders and compromised accounts. Zero trust is a “never trust, always verify” strategy, rather than a technology. Instead of assuming connections within the corporate network are trusted and secure, zero trust verifies every request to every asset, no matter where it originates from. All access is constantly monitored, authenticated, and authorized, regardless of if the connection attempt is from within the enterprise or outside. Biographie Steve Tcherchian, CISSP, PCI-ISA, PCI-P is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. Steve is a member of the Forbes Technology Council, the NonStop Under 40 executive board and part of the ANSI X9 Security Standards Committee. With over 20 years in the cybersecurity field, Steve is responsible for global strategy and innovation of XYPRO’s security product line as well as overseeing XYPRO’s risk, compliance and security to ensure the best experience for customers in the Mission-Critical computing marketplace. Steve is a security leader with a record of superior results in a variety of challenging and multicultural environments, as well as an engaging and dynamic speaker who regularly presents on cybersecurity topics at conferences around the world. Click here to download the full event agenda. Click here to register #### Hewlett Packard Enterprise and OZTUG Technology Summit 2024 - Melbourne OZTUG NonStop Technology Summit 2024 is an exclusive event where Hewlett Packard Enterprise and industry partners will unveil the latest updates and roadmap for NonStop technology. Innovation is the cornerstone of HPE and the theme for this year’s summit ‘NonStop - the As a Service Journey’ promises to deliver. The summit is a great opportunity for you to hear this all in one place and amongst other peers also seeking insights and best practice into the specialist area. We are delighted to invite you to register for either of our locations, as not only will we be having Mark Pollans, HPE Senior Worldwide Product Manager for NonStop from San Jose, but we will also be having international speakers from our NonStop Solution partners, sharing their plans on the future and value of our NonStop. Discover the NonStop solution – an always-on, ultra-robust system that ensures unrivaled data integrity and unlimited scalability. Register #### Hewlett Packard Enterprise and OZTUG Technology Summit 2024 - Sydney OZTUG NonStop Technology Summit 2024 is an exclusive event where Hewlett Packard Enterprise and industry partners will unveil the latest updates and roadmap for NonStop technology. Innovation is the cornerstone of HPE and the theme for this year’s summit ‘NonStop - the As a Service Journey’ promises to deliver. The summit is a great opportunity for you to hear this all in one place and amongst other peers also seeking insights and best practice into the specialist area. We are delighted to invite you to register for either of our locations, as not only will we be having Mark Pollans, HPE Senior Worldwide Product Manager for NonStop from San Jose, but we will also be having international speakers from our NonStop Solution partners, sharing their plans on the future and value of our NonStop. Discover the NonStop solution – an always-on, ultra-robust system that ensures unrivaled data integrity and unlimited scalability. Register #### HPE Australia and New Zealand HPE NonStop Technology Summit URL: https://xypro.com/event/hpe-australia-and-new-zealand-hpe-nonstop-technology-summit/ #### HPE Australia Tandem User Group Technology Summit - Sydney Conference details This year’s theme is 'The next stop for NonStop'. At the event we will cover the technology and product roadmap for NonStop offerings, how our partners work with us on protecting the system against the increasing threats in security, and how to ensure business continuity and manageability in this ever-changing world, we will present the strategy, direction, and progress. Innovation is the cornerstone of HPE and the theme for this year’s summit will be This annual event has been delivered virtually for the past few years, but in 2023 we are delighted to be able to host customers again in an in-person conference. Following is a proposed agenda (subject to change) #### HPE Business Critical Dialogue 2022 Hewlett Packard Enterprise is back with the most awaited flagship conference!! This year has seen an enhanced need for the companies to rethink their stand and chart the way they want to run their Mission Critical Environments - whether to address the rapidly growing data or always being available, even in the face of Pandemic or Supply Chain Concerns. This year at BCD 2022, we plan to hold insightful discussions on the future of technology adoption by the wider industry. Industry leaders such as yourself will engage in an exchange of ideas on how they see the future of their organizations and define the way forward. A platform created for learning and networking with peers and technology partners including HPE, SUSE, and Intel. Join us for the knowledge-sharing forum, designed to craft new paradigms in mission-critical computing. We look forward to your gracious presence. Eco System Partner Since our founding in 1983, technology leaders and corporate decision-makers at companies processing mission-critical data have used XYPRO security solutions to protect against catastrophic data loss, financial loss, reputation damage and regulatory intervention, through all stages of their company’s growth. Delivering HPE NonStop risk management solutions longer than anyone, we strive for meaningful and strategic business relationships while providing great support and delivering leading-edge security solutions. At XYPRO, we believe that no data is as important as your data and we protect your data as if it was our own. www.xypro.com XYPRO Technology's Chief Product Officer, Steve Tcherchian will be a session speaker at the event. Click Here to Register #### HPE Discover 2021 LUMINARY SPEAKERS, ACTION-PACKED SESSIONS, MEET-UPS AND MORE - ALL TO ACCELERATE YOUR BUSINESS FROM EDGE TO CLOUD At HPE Discover 2021, we’ll explore the next wave of digital transformation and what it really means for your enterprise. Join us for a special Breakout Session with Steve Tcherchian, Chief Product Officer/CISO and Zuhra Rahyab, Product Analyst What is “Zero Trust” Security, Anyway? B4499 Traditional security relies on a “trust but verify” model. Authenticated users are trusted within the enterprise network. This leaves the network vulnerable to malicious activity. Zero trust is a “never trust, always verify” model. Steve Tcherchian, CPO at XYPRO, explains what zero trust is and how it can reduce your vulnerability footprint. Click here to join the session #### HPE DISCOVER 2022 THE EDGE-TO-CLOUD CONFERENCE LAS VEGAS, JUNE 28 – 30 THE BEST OF EDGE, CLOUD, AND EVERYTHING IN BETWEEN ALL IN ONE PLACE From the latest insights in secure connectivity, hybrid cloud, AI and unified data analytics, HPE Discover 2022 is the best place to stay ahead of the trends and technologies that will move your business forward, faster. Join HPE experts, leading companies, and industry luminaries and learn how to accelerate your data-first modernization across edge to cloud. Click here to register #### HPE Discover 2023 Modernize your business, edge to cloud From the latest insights in secure connectivity and hybrid cloud to data governance and sustainability, HPE Discover 2023 is the best place to stay ahead of the trends and technologies that will fast-forward your data-first modernization. Find answers to your toughest challenges Engage with experts who will help you fast-forward your transformation journey and modernize in ways that are sustainable, data-first, and hybrid by design. Advance your edge to cloud expertise Sharpen your skills for the edge-to-cloud world with our expanded technical program that includes hands-on labs, test drives, training and certification classes, and more. Expand your network and make new connections Meet with our ever-expanding ecosystem of customers, partners and industry experts through networking opportunities tailored to help you grow your business and career. Learn More Register Now #### HPE Discover 2024 - Cybersecurity Strategies for Ransomware Protection This session will cover the latest in defending against ransomware, ensuring compliance, and enhancing resilience. Learn to identify vulnerabilities, navigate compliance standards, and build a robust cyber-defense framework. Gain insights into the anatomy of a ransomware attack, create resilient strategies for anticipating and recovering from cyber-threats, and foster a security-aware culture. #### HPE New Zealand Tandem User Group Technology Summit - Auckland Conference details This year’s theme is 'The next stop for NonStop'. At the event we will cover the technology and product roadmap for NonStop offerings, how our partners work with us on protecting the system against the increasing threats in security, and how to ensure business continuity and manageability in this ever-changing world, we will present the strategy, direction, and progress. Innovation is the cornerstone of HPE and the theme for this year’s summit will be This annual event has been delivered virtually for the past few years, but in 2023 we are delighted to be able to host customers again in an in-person conference. Following is a proposed agenda (subject to change) #### HPE NonStop APAC Technical Boot Camp 2021 The event is specially tailored for the APAC customers and partners. Here’s what to expect: Hear from APAC esteemed customers sharing their story from AIX and Windows to NonStop. Get all the latest NonStop technology updates, product announcement, great new solutions presented by global and regional experts Get exciting updates from our essential solution partners: XYPRO, ACI, ETI-NET, Gravic, Idelji, MVI, Nuwave and others... Event Date and Time by Country: Note: Event dates and times are listed below to reflect local time in each region. Hong Kong, Malaysia, Singapore, Taiwan: Nov 17 - 18th (Wed-Thurs) 10:00am - 4:00pm (Local Time) XYPRO's Chief Product Officer Steve Tcherchian will be presenting Secure Enterprise for Open NonStop Platforms on Thursday, the 18th of November from 1:30 pm to 1:55 pm (Singapore Time) Indonesia, Thailand: Nov 17 - 18th (Wed-Thurs) 9:00am - 3:00pm (Local Time) South Korea: Nov 17 - 18th (Wed-Thurs) 11:00am - 5:00pm (Local Time) South Pacific: Nov 17 - 19th (Wed-Fri) Nov 17th - 1:00pm - 3.30pm (Sydney Time) Nov 18th - 9.30am-3.30pm (Sydney Time) Nov 19th - 9.30am-12.30pm (Sydney Time) XYPRO's Chief Product Officer Steve Tcherchian will be presenting Secure Enterprise for Open NonStop Platforms on Friday, the 19th of November from 9:30 am to 9:55 am (Sydney Time) Venue: Zoom Webinar Click here to download the event PDF Click here to download the complete NonStop TBC APAC Agenda Click here to register #### HPE NONSTOP TECHNICAL BOOT CAMP - Oct 5th - 7th, 2021 TBC21 Digital Experience – October 5-7, 2021 Connect Brings the NonStop Technologists to YOU! HPE and Connect are offering the 2021 Technical Boot Camp (TBC) for HPE NonStop customers, users, and partners. Connect is at the forefront of today's open system leaders and is a true user-driven consortium of HPE customers and partners working with HPE's NonStop Enterprise Division. Meet and learn from the developers, engineers, and executives that are leading the global HPE NonStop community. XYPRO is a proud sponsor of the NonStop TBC 2021 Prev 1 of 1 Next XYPRO at HPE NonStop Technical Boot Camp 2021, Oct 5 -7 Prev 1 of 1 Next Please note that all times listed below are Central Time. TBC21-Z03 - How Cyber Criminals are Trying to Break into Your Systems -  Steve Tcherchian will be a  panelist along  with  NonStop legend Wendy Bartlett. October 5th - 10:10 AM - 11:10 AM TBC21-X05 - See Security One (XS1) in Action - managing security through a single pane of glass October 5th - 1:40 PM - 2:40 PM TBC21-X04 - Secure Database Management  - Steve Tcherchian will be presenting with Roland Lemoine, NonStop Product Manager, Hewlett Packard Enterprise  October 6th - 10:10 AM - 11:10 AM TBC21-603 - XYPRO Product Family Now Available Through HPE October 6th - 1:20 PM - 2:20 PM TBC21-607 - XYGATE Security One  - In-depth Instruction on installation and use and  of XYPRO's SecurityOne product October 7th - 12:00 PM - 4:00 PM Click here to learn more Back by popular demand! Connect NonStop Technical Boot Camp 2021 -- Whova Prize Win a FREE hour of one-on-one time with XYPRO's CISO, Chief Product Officer, Steve Tcherchian!  Steve Tcherchian CISSP, PCI-ISA, PCIP is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. With over 20 years in the  cybersecurity field, Steve is responsible for XYPRO’s technology strategy, innovation of our security product line as well as overseeing XYPRO’s risk, compliance and security to ensure the best experience for customers in the Mission-Critical computing marketplace. Steve holds US Patent 9,948,678 “Method and System for Gathering and Contextualizing Multiple Security Events”, which is an innovative new approach to quickly detecting actionable security incidents that would indicate a breach. An engaging and dynamic speaker who regularly presents on cybersecurity topics at conferences around the world, Steve is on the Forbes Technology Council and the NonStop Under 40 executive board. The XYPRO Raffle winner will get a free 60 minute, one on one session with Steve. You can use this time to  plan an effective security strategy, discuss your career goals, how to become a CISO, a Product Manager, past experiences and almost anything else that can help you get to the next level - maybe even learn more about XYPRO Cybersecurity Solutions ;)   #### HPE NonStop Technology & Business Conference 2025 Join your global HPE NonStop community in the Woodlands, Texas, for the 2025 HPE NonStop Technology & Business Conference for three days of NonStop tech sessions, keynotes, networking, and social events. Announcing the evolution of our flagship event, now known as the HPE NonStop Technology and Business Conference. This change reflects Connect and HPE NonStop’s ongoing commitment to providing a comprehensive experience that combines cutting-edge technical education with a robust business-focused agenda. While you’ll continue to gain access to the world-class HPE NonStop technical expertise you expect, this year’s conference will also offer valuable opportunities for business leaders to enhance their strategic insights and leadership skills.  https://nonstoptbc.com/   #### INNIG HPE NonStop 2024 The Dutch HPE NonStop user group (also known as 'INNIG') is pleased to invite you for a HPE NonStop user group event. Again we have a packed agenda with the latest NonStop news presentations of NonStop users. This event will take place on December 3, from 12:30 PM - 5:30 PM. Location: Rabobank/Worldline office building, Winthontlaan 351, Utrecht. 12:00-13:00 Reception coffee, tea & light lunch 13:00-13:10 Welcome 13:10-13:30 Neil Davis HPE – State of the Nation 13:30-13:50 Casey Taylor - HPE NonStop past and future 13:50-14:20 ING DevOps on NonStop Update 2:20-3:00 PM Break for coffee & tea 15:00-16:00 Gravic & XYPRO – Dora, Ransomware Detection & Recovery, Immutable Storage 16:00-16:30 ING S3 16:30-17:00 Comforte – PCI/DSS 4.0 5:00-5:30 PM TBC update & Bare Metal Recovery $SYSTEM 17:30-20:00 Networking Buffet Register for this event for free on www.interexperience.nl (menu 'MyExperience'). As the site is in Dutch, for the non-Dutch participants registering on this site can be challenging... Please send a mail to innig@interexperience.nl to register for this event. #### INNIG HPE NonStop Update A long awaited INNIG meeting! December 12, 11:30-18:30 including Lunch and Dinner. Don't miss the latest news, developments and customer presentations!  We have a packed agenda. 12:00 -  Lunch 13:00 - Welcome 13:05 - Update from HPE NonStop European General Manager Neil Davis 13:35 - Experiences with NS2 system, Lau Meijer, Shell 14:05 -  Digital Resilience due to modern threats: HPE, Gravic, and XYPRO Technology 15:40 - HPE NonStop news,  Jeroen Goossens, HPE 16:00 - Azure pipelines and NonStop: demonstration Ronny Emons, Jeroen Wallaard - ING Bank 17:10 - Experiences/migration to HPE NonStop NS8 - Edwin Posthuma, Rabobank 17:35 - Dinner Register Here     #### Integrate Your HPE NonStop Servers With CyberArk Join XYPRO and CyberArk for This Live Webinar! Proper Credential Storage and Accountability are Paramount for Responsible Risk Mitigation · Register Today! · Wednesday, June 24, 2020, 8:00 am PDT Wednesday, June 24, 2020, 6:00 pm PDT Thursday, June 25, 2020, 11:00 am AEST XYPRO Technology Corporation, a leading cybersecurity solutions company, and CyberArk the global leader in privileged access management, will present a webinar on integrating HPE NonStop Servers. The presenters will be: CyberArk’s Brian Carpenter, Director of Business Development, and Steve Tcherchian, Chief Product Officer and Chief Information Security Officer for XYPRO. They will discuss how the CyberArk Privileged Access Security Solution secures, manages, automates, and logs all activities associated with privileged access. They will detail current attack vectors and analyze real use cases on how your HPE NonStop servers can seamlessly integrate with CyberArk processes to help ensure complete visibility, traceability, automation, and security of your HPE NonStop servers. “The largest security risks to any organization are the misuse or compromise of privileged credentials,” said Tcherchian. “Privileged accounts are a particular risk as they enable elevated access to your organization’s mission-critical data.” “Because of the fear of ‘breaking something’ that could impact the ATM, POS, Mobile, or Payments infrastructure, many applications and systems were initially deployed, years ago, with passwords for privileged accounts that were and still are rarely rotated, shared, and improperly stored,” said Tcherchian. “This practice should be keeping CIOs and CISOs up at night, especially since there is something they can do about it.” The compromise of privileged accounts is connected to nearly all targeted attacks. Proper credential storage and management are paramount for responsible risk mitigation. If you are still manually managing privileged access, you’re not doing all you can to protect your systems. It’s not news that anything manual is resource-intensive, error-prone, and leaves gaps in your security. A Privileged Access Management solution provides the ideal capabilities for automating these activities. In this webinar, XYPRO and CyberArk will discuss how the HPE NonStop server integration can help with visibility, traceability, automation and security. · Registration · Wednesday, June 24, 2020, 8:00 am PDT 8 am PDT Wednesday, June 24, 2020, 6:00 pm PDT 6 pm PDT Thursday, June 25, 2020, 11:00 am AEST 11 am AEST Integrate Your HPE NonStop Servers With CyberArk Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. Steve is on Forbes Technology Council, the NonStop Under 40 executive board, and part of the ANSI X9 Security Standards Committee. With over 20 years in the cybersecurity field, Steve is responsible for strategy and innovation of XYPRO’s security product line as well as overseeing XYPRO’s risk, compliance, and security to ensure the best experience for customers in the Mission-Critical computing marketplace. Steve is an engaging and dynamic speaker who regularly presents on cybersecurity topics at conferences around the world. #### Integrate Your HPE NonStop Servers with SailPoint Identity Governance Join XYPRO and SailPoint for This Live Webinar! · Register Today! · Wednesday, October 7, 2020, 8:00 am PDT Wednesday, October 7, 2020, 6:00 pm PDT Thursday, October 8, 2020, 12:00 pm AEST Ensuring employees have the correct access to the right business applications and IT resources is a critical business requirement with which many companies struggle.  Current solutions for requesting and managing user access are inefficient, manual, complex, outdated and don’t map to core business initiatives. Governance is often an afterthought, leaving enterprises vulnerable to security risks and exposed to compliance issues. XYGATE Identity Connector (XIC) for SailPoint is the first and only SailPoint certified integration for HPE NonStop Servers. With XIC, HPE NonStop customers can integrate their NonStop servers with SailPoint IdentityIQ, for seamless participation with the enterprise. SailPoint’s industry-leading, powerful access certifications, governance controls and logical workflows allow NonStop customers to take full advantage of the capabilities provided by SailPoint that have long been available for other platforms. KEY BENEFITS • Visibility and Control of NonStop identities directly from SailPoint IdentityIQ • Quickly detect risks and entitlement issues • Automate provisioning process • Enforce account compliance • SailPoint Certified Integration KEY FEATURES • Add/Delete/Disable/Enable/Update • SCIM 2.0 Support • Lightweight Microservice Deployment • Encrypted Communication Channel • Full Audit and Logging • Integrated with XYGATE Suite Join us and find out how to free up nearly 80% of security-related resources! Steve Tcherchian, CISSP, PCI-ISA, PCIP - Chief Product Officer and Chief Information Security Officer for XYPRO Technology and Adam Creaney, Principal Engineer, Technical Strategy for SailPoint discuss investing in analytics for investigating “in-flight” activities with real-time correlation and the proper contextualization. · Registration · Wednesday, October 7, 2020, 8:00 AM PDT 8 am PDT Wednesday, October 7, 2020, 6:00 PM PDT 6 pm PDT Thursday, October 8, 2020, 12:00 pm AEST 12 pm AEST Integrate Your HPE NonStop Servers with SailPoint Identity Governance Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. Steve is on Forbes Technology Council, the NonStop Under 40 executive board, and part of the ANSI X9 Security Standards Committee. With over 20 years in the cybersecurity field, Steve is responsible for strategy and innovation of XYPRO’s security product line as well as overseeing XYPRO’s risk, compliance, and security to ensure the best experience for customers in the Mission-Critical computing marketplace. Steve is an engaging and dynamic speaker who regularly presents on cybersecurity topics at conferences around the world. #### Join XYPRO at Connect NonStop Technical Boot Camp 2020 Boot Camp is coming! November 15-19 Connecting and collaborating with the global HPE NonStop community is the main focus on the NonStop Technical Boot Camp. For decades, the NonStop TBC has been a key place to keep conversations going and continue building momentum for the mission critical space. Although we can’t wait for the day we’ll be able to get together in-person, this virtual event is essential in educating and keeping our community thriving. Register Here XYPRO at NonStop Technical Boot Camp Mon. Nov 16, 2020   Noon - 12:30 PM (GMT) Anatomy of a CyberSecurity Breach - Building a Strategy That Works (European Track) Presented by Steve Tcherchian, Chief Product Officer and CISO, XYPRO Technology This one-hour session shows you the strategy to protect you and your organization’s mission critical data from a catastrophic security breach. Add to Your Agenda! 7:30 AM - 8:00 AM (PST) Welcome to the All Digital NonStop Technical Boot Camp Welcome keynote from Connect Worldwide, followed by a General Session from Hewlett Packard Enterprise executives. Add to Your Agenda! 9:45 AM - 10:45 AM (PST) Success & Covid19 - Strength, Capacity, Caring & Compassion Presented by Melodie Bond-Hillman, PhD., Director, HR and Administration, XYPRO Technology How XYPRO prepared for and handled the Covid-19 pandemic, moving to 100% work from home, helping our employees work effectively when they never worked remotely before, employee engagement, mental health, retaining our company culture and planning for a return to the office. Add to Your Agenda! 10:45 AM - 11:30 AM (IST) HPE NonStop - Helping to Fight COVID-19 Add to Your Agenda! 1:30 PM - 2:30 PM (PST) BEER BUST Virtual Edition w/ Your Nerdy Best Friend Presented by Beth Z With the emergence of COVID-19, the need for near real-time access to critical health data and the ability to share medical information across organizational and government boundaries has become of paramount importance to enable recovery efforts. In this session, you will learn how HPE is helping enable early detection and response to minimize the spread of COVID-19 and how we can help facilitate data exchange and collaboration across the healthcare lifecycle. Add to Your Agenda! Tue. Nov 17, 2020 9:00 AM - 9:30 AM (JST) Welcome to the TBC for Japan hosted by HPE Japan Add to Your Agenda! 1:00 PM - 1:30 PM (AEDT) Welcome to the TBC for Asia Pacific customers hosted by HPE Add to Your Agenda! 10:00 AM - 10:30 AM (IST) HPE NonStop Security Products Updates (India Replay) Presented by Prashanth Kamath U, HPE NonStop Product Manager, Hewlett Packard Enterprise 4:30 am - 5:00 am (GMT) Opening Session for the European Track at the 2020 NonStop Technical Boot Camp. Add to Your Agenda! 8:00 AM - 8:30 AM (PST) HPE NonStop Security Products Updates Presented by Prashanth Kamath U, HPE NonStop Product Manager, Hewlett Packard Enterprise Add to Your Agenda! Wed. Nov 18, 2020   2:00 PM - 3:00 PM (JST) Anatomy of a CyberSecurity Breach - Building a Strategy That Works (Japan Replay) Presented by Steve Tcherchian, Chief Product Officer and CISO, XYPRO Technology The current mean time to detect a cybersecurity breach is nearly 60 days. That means hackers are in your network, on your systems doing what they want for 2 months before you know, IF they're ever detected. The damage to your systems, the loss of your critical data, the impact to your company’s reputation and potentially to your career is immeasurable. These are the things that keep leaders up at night. Add to Your Agenda! 7:00 AM - 8:00 AM (PST)  Developer Chat: HPE NonStop Security Products Join us to meet with the engineers working on the HPE NonStop security products. Add to Your Agenda! 9:00 AM - 9:30 AM (PST) Proactive Risk Management - HDFC, India’s Largest Private Bank, modernizes CyberSecurity Join Shailesh Khochare, Senior Vice President, Head Data Processing Center, IT Security Operations & Compliance for HDFC as he discusses HDFC’s use of XYGATE SecurityOne (XS1) from XYPRO. Shailesh will describe the comprehensive business requirements for securing India’s largest private bank and the vetting process which lead to the selection of XS1, the “single pane of glass” solution to contextualize, prioritize and control HPE NonStop and ACI Base24 security incidents. Add to Your Agenda! 9:45 AM - 10:45 AM (PST) Modernizing CyberSecurity - Building a Strategy That Works Presented by Steve Tcherchian, Chief Product Officer and CISO, XYPRO Technology Once your network and systems have been compromised, there is no going back. The best you can do is contain the damage as quickly as possible. The current mean time to detect a cybersecurity breach is nearly 60 days. That means hackers are in your network, on your systems doing what they want for 2 months before you know, IF they're ever detected. The damage to your systems, the loss of your critical data, the impact to your company’s reputation and potentially to your career is immeasurable. These are the things that keep leaders up at night. Add to Your Agenda! ENTER to WIN! Visit our Booth today and enter the XYPRO raffle. Win a FREE hour of one on one time with XYPRO's CISO, Chief Product Officer, Steve Tcherchian! Steve Tcherchian CISSP, PCI-ISA, PCIP is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. With over 20 years in the cybersecurity field, Steve is responsible for XYPRO’s technology strategy, innovation of our security product line as well as overseeing XYPRO’s risk, compliance and security to ensure the best experience for customers in the Mission-Critical computing marketplace. Steve holds US Patent 9,948,678 “Method and System for Gathering and Contextualizing Multiple Security Events”, which is an innovative new approach to quickly detecting actionable security incidents that would indicate a breach. An engaging and dynamic speaker who regularly presents on cybersecurity topics at conferences around the world, Steve is on the Forbes Technology Council and the NonStop Under 40 executive board. The XYPRO Raffle winner will get a free 60 minute, one on one session with Steve. You can use this time to discuss your career goals, how to become a CISO, a Product Manager, plan an effective security strategy, past experiences and almost anything else that can help you get to the next level - maybe even learn more about XYPRO Cybersecurity Solutions ;) #### KeyStroke Logging for HPE NonStop Servers Join XYPRO for This Live Webinar!   Privileged accounts hold the keys to the most critical data on your HPE NonStop servers. They can take action with the highest privileges on the most sensitive areas of your system. PCI DSS requires that all actions taken by any user with administrative privileges must be tracked. Presented by XYPRO Senior Solutions Architect and Connect User Group Past President, Rob Lesan. This webinar will cover it all! If your HPE NonStop servers handle PCI data, you need to keystroke log privileged users! Period. You must implement automated audit trails for all system components in order to reconstruct the following events: • All individual user access to cardholder data. • All actions taken by any individual with root or administrative privileges. Keystroke logging is the most effective method to meet this requirement. XYGATE captures keystrokes from Guardian (TACL), OSS (ksh, bash, etc.), via telnet (hopefully over TLS!), ssh or any other method. XYGATE keystroke logging operates with or without Safeguard and differentiates between a user and an alias for both reporting and control. Keystroke logs combined with a SIEM or Security Intelligence technology, go beyond compliance to real-time detection and prevention of data breaches. Compliance requirements, zero overhead, extensible reporting and the ability to record actions from all users via XYGATE is the ideal solution to meet this very necessary security requirement. · Registration · Wednesday, March 17th, 2021, 8:00 AM PDT 8 AM PDT Wednesday, March 17th, 2021, 6:00 PM PDT 6 PM PDT Thursday, March 18th, 2021, 12:00 PM AEDT 12 PM AEDT Rob Lesan is a Senior Solutions Architect for XYPRO and a true customer, security and HPE NonStop platform advocate for over 25 years. XYPRO specializes in security intelligence, risk management and compliance software and services for HPE NonStop and other operating systems. #### LITTLE SIG @ BARCLAYS 2022 Date: 8th December 2022 Location: Barclays Bank, 5 North Colonade, London E14 4BB Tube: Canary Wharf Little SIG is our annual one-day, free to attend event, which this year will be held in London district of Docklands. Barclays Bank have kindly offered to host the Little SIG event again at their offices, Barclays Bank, 5 North Colonade, London E14 4BB The nearest tube station to Barclays offices is Canary Wharf on the DLR. We have a packed Little SIG agenda for you this year, including an overview of what you may have missed if you did not attend the Connect Bootcamp in California this year. Morning tea/coffee, lunch and afternoon tea/coffee will be provided courtesy of BITUG. Our Agenda is as follows: As always with BITUG Little SIG's, this years event will be free of charge to NonStop user members of BITUG, that includes vendors. BITUG Membership is also free for ALL NonStop users. All NonStop users both new and old and from any industry are welcome to join BITUG. If you are not yet a BITUG Member, it's free to join here: https://www.bitug.com/join Please note: You need to complete a separate registration for each attendee! (for example, if you have more than one attendee from same company) Spaces for this event are limited, so please register early to avoid disappointment. Click Here to Register #### MATUG – Mid-Atlantic States Chapter Meeting Greetings! We invite all interested attendees and vendors to register for the Mid-Atlantic Tandem User Group (MATUG) Meeting in Reston, VA on Thursday, May 14, 2024, 8:00am- 5:00pm. The meeting is open to all HPE NonStop customers, partners, users, consultants, or interested parties. Attendees are usually from the following states: Pennsylvania, New Jersey, Maryland, Delaware, Virginia, Washington, D.C., and West Virginia, although anyone can attend. MATUG provides members with the opportunity to participate in quality informational sessions, learn about new HPE products and services, and interact with fellow HPE NonStop users. Please share this information with colleagues. Venue: Lobby Level Conference Center 11951 Freedom Drive, Reston, VA 20190 Visitor parking – The closest garages are the “Purple” garage, directly across the street from 11951 Freedom Drive, and the “Green” garage diagonally across the street from the office. HPE does not provide validation for these garages; the attendee should prepay using either the phone app or the prepay station at the garage entrances. Register Now #### MATUG 2022 Meeting (Mid-Atlantic Tandem User Group) We invite all interested attendees and vendors to register for the Mid-Atlantic Tandem User Group (MATUG) Meeting in Reston, VA on Thursday, May 19, 2022, 8:00am- 5:00pm. The meeting is open to all HPE NonStop customers, partners, users, consultants, or interested parties. Attendees are usually from the following states: Pennsylvania, New Jersey, Maryland, Delaware, Virginia, Washington, D.C., and West Virginia, although anyone can attend. MATUG provides members with the opportunity to participate in quality informational sessions, learn about new HPE products and services, and interact with fellow HPE NonStop users. Venue HPE Office Discovery Square  Tower 1, Suite 300 12010 Sunset Hills Road Reston, VA 20190 Visitor parking – Visitors should pull a ticket at the gate and take the parking ticket to the HPE Security Lobby at the 3rd floor so the receptionist can validate the parking ticket. Disabled parking spaces – Located at designated areas in the parking garage. Tentative Agenda Time Topic 8:00 AM Registration and continental breakfast 9:00 AM HPE presentations 12:00 PM Catered lunch 1:00 PM Vendor presentations – at least six 25-minute slots are available for purchase (see below) 4:00 PM Connect update, The future role of MATUG 4:45 PM Prizes for customer/user/consultant attendees (must be present to win) 5:00 PM Adjourn to a local bar (compliments of the vendors) Registration As part of HPE’s response to the COVID-19 (coronavirus) pandemic, we have implemented a policy requiring all staff and visitors to HPE sites to be fully vaccinated against COVID-19. HPE will send you an email outlining the policy, to which the visitor must reply via email, stating that they understand the Policy. If any of the Policy applies to the visitor, they should postpone or cancel their visit. This acknowledgement email must be received prior to the MATUG Meeting at the facility for entry to the meeting. #### MATUG Meeting – Mid-Atlantic States HPE Office 11951 Freedom Drive Opportunity Room “A” Reston, VA Registration Information coming soon! #### MEXTUG – Mexico Chapter Meeting URL: https://xypro.com/event/mextug-mexico-chapter-meeting/ #### MEXTUG 2020 - Mexico Tandem User Group Chapter Meeting Due to COVID-19, Event Postponed Until Further Notice XYPRO's presentation topic is on Enterprise Integration of Your HPE NonStop Ecosystem HPE NonStop Servers and Applications can be a challenge to integrate with enterprise processes. Without enterprise integration, User Identity and Access Management rely on manual processes that are time-consuming, error-prone, and vulnerable to security risk. That all changes now! XYPRO will be presenting on how the XYGATE suite of security, compliance, and risk management solutions modernizes NonStop applications and integrates your HPE NonStop servers with the latest enterprise solutions like Sailpoint IdentityIQ, CyberArk, ServiceNow, and others. XYGATE integration provides visibility and governance of your NonStop processes – saving time and money while greatly reducing risk. Gabriel Alvarez – Presenter Gabriel Alvarez currently leads all sales of XYPRO Technology in Latin America. Gabriel has worked together with banks, transactional switches, and retailers in the region for over nine years focused on HPE NonStop security. His dedication to covering critical business needs, and problem-solving has strengthened the NonStop security of countless companies. A graduate of Electronics and Communications Engineering from ITESM, Gabriel began his professional career as a Field Engineer and eventually Field Services Manager within the energy industry. He has worked in countries such as Asia, North, and South America, and has allowed him to develop important interpersonal skills in a multicultural environment, always centered on providing the best customer service. A proud family man, Gabriel enjoys spending time outdoors, reading and traveling. Mariano Drago – Presenter Mariano Drago is a Professional Services Specialist at XYPRO Technology serving the Latin American region. His main tasks are to provide training services in XYPRO and Merlon products as well as addressing HPE NonStop security issues. Additionally, he leads the installation, configuration, and implementation processes of the XYGATE and Merlon suite, as well as providing technical advice in the region. Thanks to his experience in security management in HPE NonStop systems, Mariano provides immense value in strengthening NonStop security in Latin America. Mariano is a Systems Engineer from the Inter-American Open University of Buenos Aires, Argentina. He has 13 years of experience working in information security with leading companies in industries such as HPE, Banelco, and Prisma Medios de Pago in Argentina. Mariano enjoys spending his time with his family and friends. He loves football, music, and going to the movies. His hobbies include playing the guitar and sports. #### MEXTUG 2023 - Mexico Tandem User Group Chapter Meeting Register NOW! June 1, 2023 This year’s MexTUG will be held at the beautiful Sofitel Mexico City Reforma. Located in the heart of Mexico City’s historic Reforma Avenue, we will experience chic French style while submerging ourselves in the vibrant and lively Mexican culture. Join your HPE NonStop community in Mexico City for a day of informative presentations, networking, and a fun evening reception to celebrate this long-awaited gathering.   #### MEXTUG 2024 - Mexico Tandem User Group Chapter Meeting May 16, 2024 No se pierdan este gran evento de la comunidad NonStop! Te invitamos al MexTUG 2024 a Ilevarse a cabo en la Ciudad de Mexico, El Jueves 16 de Mayo, 2024. Este evento reune a los clientes NonStop, expertos y partners para aprovechar y hacer creer la comunidad. Ven y participa en la Comunidad Nonstop! Ubicación Sofitel Mexico City Reforma Mexico City, Mexico El capítulo de usuarios de HPE NonStop México y Connect Worldwide tienen el agrado de invitarlos al evento MexTUG HPE NonStop edición 2024, a realizarse el jueves 16 de mayo en el salón Versalles del hotel Sofitel Reforma en la Ciudad de México. Contaremos con la participación de importantes HPE NonStop Partners y estaremos hablando de temas de valor para todos. ¡Esperamos su presencia!   #### Mid-Atlantic Tandem User Group (MATUG) Meeting 2020 The MATUG Meeting is open to all HPE NonStop customers, partners, users, consultants, or interested parties. Please check back for discussion topics and agenda. #### Modernize Compliance and Reduce the Cost of Security Incidents by 80% - Webinar The probability that an organization will experience a breach in the next 24 months is 27.9% and the current time to identify and contain a breach is 280 days. XYPRO helps organizations reduce the mean time to detect and respond to potential breaches by up to 80%, dramatically reducing the impact of a breach to the critical HPE NonStop stack. Time well spent Join our experts from XYPRO and HPE to learn: Best practices to address regulatory and compliance requirements. Why security is not a one and done effort. How to address multiple layers of threat protection – particularly with Tier 0-1 applications. How the combined value of XYPRO's SecurityOne solution running on HPE NonStop is an unrivaled platform that is secure and compliant. How HPE and XYPRO have joined forces to make purchasing and implementing XYPRO's Security suite easy and affordable. Security assessment offer Gauge your security readiness with our free security assessment for all qualified webinar attendees. Attend and find out more. Reserve your spot. Allen Whipple Server Security and Management Solutions Business Manager, Hewlett Packard Enterprise     Steve Tcherchian Chief Product Officer | CISO, XYPRO   #### N2TUG – Texas and Oklahoma Chapter Meeting A Golden Anniversary is a big deal for any group, from a Married Couple to a Technology Follower. In Cupertino, California, in 1974, Tandem Computers, Inc. debuted the technology called NonStop, which is the focus of what N2TUG and Connect Worldwide are about. So, this year, we’re going to highlight those 50 years in our N2TUG annual meeting! We are holding the event again at the Hurst Conference Center on Thursday, May 2nd. As is our custom, we will host a full day of presentations, networking, and refreshment opportunities. Please make plans to attend and learn what is going on with your NonStop platform and our great sponsors. And we’re hoping to have a surprise or two! You don't have to be a Connect member to attend this event; registration is free! Please note that we will share your contact information with the sponsors, who are investing their time and money to support the event. We will only share the contact info of those who attend. We won’t share your contact info for any reason other than N2TUG business. If you have special dietary restrictions or accommodation needs, please let us know at registration. The Conference Center shares the parking lot with the Hilton Garden Inn next door. We have arranged for rooms there at $120 per night. Please use this website to reserve your room if you wish to stay on Wednesday and/or Thursday nights. Alternatively, you can call them at +1 (817) 281-5800 and ask for the ‘N2TUG’ block to receive the group rate. Please note that the Room Block expires on the 10th of April, so please reserve soon! The Hurst Conference Center is just north of Texas Highway 121 near Precinct Line Road, about 8.5 miles west of D/FW Airport. There is plenty of free, covered parking for the venue and for the hotel. We hope to see you in Hurst for our 2024 N2TUG event. It should be a great day! Register AGENDA #### N2TUG – Texas and Oklahoma Chapter Meeting URL: https://xypro.com/event/n2tug-texas-and-oklahoma-chapter-meeting-2/ #### N2TUG 2023 The N2TUG Community is meeting on Thursday June 15th, 2023 at the new venue the Hurst Conference Center in Hurst, Texas is just a few miles west of D/FW Airport and really convenient for attendees who are flying in. Register Here     #### NonStop TBC Highlights 2024 & OZTUG Christmas Drinks (Sydney & Melbourne) Attend the HPE presentation of “Highlights from the Nonstop Technical Boot Camp 2024” either at a HPE office or online, followed by our traditional Christmas drinks, generously sponsored by XYPRO and Comforte.  Sydney  Tuesday 3rd December 2024 ================================================================================ 2:30PM  - 3:30PM  OZTUG SIG "Highlights from the Nonstop Technical Boot Camp 2024" If attending in person :      HPE Office, Level 18/207 Kent St, Sydney NSW 2000 For online attendees:        Microsoft Teams Meeting ID: 282 322 545 745  Passcode: biwGgM 3:45PM - 7:45PM         OZTUG End of Year Celebrations @ Henley's Kitchen and Bar 9 Lime Street Sydney NSW 2000 Proudly Sponsored by XYPRO Melbourne  Friday 6th  December 2024 ================================================================================= 3:30 PM - 4:30PM          OZTUG SIG "Highlights from the Nonstop Technical Boot Camp 2024" If attending in person :          HPE Office, Level 11/150 Lonsdale St, Melbourne 3000 For online attendees:       Microsoft Teams Meeting ID: 266 198 121 566   Passcode: 45d2ht 5:00PM- 8:00PM           OZTUG End of Year Celebrations @ Father’s Office QV Little Lonsdale 249 Little Lonsdale St, Melbourne, 3000 Proudly Sponsored by Comforte #### NonStop Technical Boot Camp 2019 Connect is at the forefront of today's open system leaders and is a true user-driven consortium of HPE customers and partners working with HPE's NonStop Enterprise Division. The 2019 NonStop Technical Boot Camp will begin with cutting edge deep-dive pre-conference seminars on Sunday hosted by the leaders of NonStop innovations and solutions, and will follow with three days of breakout sessions, keynotes, and networking receptions. Meet and learn from the developers, engineers, and executives that are leading the global NonStop community. #### NonStop Technical Boot Camp 2022 Connect Brings the NonStop Technologists to YOU! Join your HPE NonStop User Community IN-PERSON at the 2022 NonStop Technical Boot Camp. November 8-10, 2022 Hyatt Regency SFO Burlingame, CA USA Return to meeting old friends in person and making new ones! :: HPE and Connect are offering the NonStop Technical Boot Camp 2022 (TBC) for NonStop developers, customers, and partners. :: The event will consist of two and a half days of breakout sessions, keynotes, and networking receptions. Attendees will meet and hear from the developers, engineers, product managers, and executives from the global NonStop community. :: Step away from your office, open your mind to new ideas and directions, and join your colleagues and friends in person this year at TBC 2022. Keynotes will be presented in the morning immediately following breakfast. Show themes this year: Application Development Transformation & Cloud‑Experience for the Data-Driven Enterprise Keynote speakers: Robert Christiansen Jeff Kyle Traci Brown HPE VP, Innovation—Office of the CTO HPE VP and GM, HPC & AI—Data Solutions Fraud Busting Body Language Expert The 12 laws of the innovator Latest news on the HPE NonStop business Fraud busting body language Just some of what you can expect Learn more about how NonStop is transforming application development and how it is redefining the Cloud-Experience for mission-critical workloads  Developer chats—talk directly to the people who make and support the product Find out what’s new with your favorite vendor company Live NonStop partner and HPE solution demos at booths, fun developer challenges and plenty of networking opportunities Live, in-person talks on all aspects of NonStop and differentiated solutions by HPE and NonStop partner experts Connect with your friends and contacts face-to-face XYPRO at TBC 2022 TBC22-VT16 - PCI DSS 4.0 – Simplify Compliance in a NonStop World Speaker: Steve Tcherchian, XYPRO Technology PCI-DSS 4.0 was released in March and is the most significant impact on the standard since its initial release in 2004. With new requirements, controls, and interpretations – this can seem overwhelming. Where do you start your journey? Working with the PCI Security Standards Council, XYPRO has dedicated extensive time and resources to map PCI DSS 4.0 affects the HPE NonStop Server ecosystem and its customers. We will take out the guesswork and show you step by step how to address compliance in an automated way. This presentation will educate you on the new standard before the mandatory deadline dates, as well as cover how to implement the new controls and report on compliance using XYPRO’s XYGATE SecurityOne available from HPE. This will ensure your organization has enough time to implement the necessary steps for data protection to help you on the road to compliance. Examples of Breakout Talks expected this year! • Modernizing the world of contactless payments • Create mission-critical solutions with minimal or no NonStop background • Develop for NonStop in the cloud • NonStop open dev and open middleware • Unlock the data value of your operational systems with real-time analytics • HPE Virtualized NonStop—the shuttle to the cloud • Protect and secure the NonStop environment • Kernel Level Threading (KLT)—ease the path to make that Linux® app NonStop ready • Innovate with SQL/MX—the latest news • Secure database management • Smart manufacturing with abat+ Register today at: nonstoptbc.com For health and wellness information, see nonstoptbc.com/health-and-wellness For sponsorship and associated benefits, check out nonstoptbc.com/2022-sponsorship-opportunities #### Nonstop Technology & Business Conference 2026 Join the global HPE Nonstop community in Orlando, Florida, for the 2026 Nonstop Technology & Business Conference. This three-day event brings together Nonstop professionals, business leaders, and industry experts for a mix of technical sessions, strategic discussions, keynotes, and networking. Building on the enhanced format introduced last year, the conference continues to blend deep technical content with business-focused insights—giving attendees a well-rounded view of where the Nonstop platform is headed and how organizations can prepare for the future. Connect with peers, engage with HPE Nonstop teams, and explore the latest developments shaping mission-critical environments. Event Dates & Location Date: September 15–17, 2026 Venue: The Rosen Plaza 9700 International Drive Orlando, Florida Learn more and register: Join us at the Nonstop TBC 2026   #### NYTUG Meeting – New York / New Jersey Area HPE Office 200 Connell Drive Berkeley Heights, NJ 07922 Register #### NYTUG Meeting – New York / New Jersey Chapter HPE Customer Briefing Room 461 Fifth Avenue New York City, NY Registration Information Coming Soon! #### OZTUG Melbourne Dear Members and Friends of OZTUG, I am delighted to be able to invite you to the second of 2 SIG meetings courtesy of HPE Australia and OZTUG.  Please find below the details of the Melbourne venue and online Teams details.  Don’t forget to join the post-event drinks at the Garden State Hotel.  It is such a wonderful opportunity to catch up with our old and new Nonstop friends! Feng Lin Secretary, OZTUG Feng.lin@xypro.com Melbourne Details and Agenda Date: Jul 28th, Melbourne Venue: ANZ Level 10, 833 Collins Street, Melbourne. Agenda: 3.00pm to 5.00pm ♦ NonStop SQL ​–​ Database as a Service ♦ DBS ​–​ DB provisioning ♦ DBS demo 5.00pm - 9.00pm Post-event drinks at: Garden State Hotel 101 Flinders Lane, Melbourne Can’t join in person? Click here to join the meeting via Teams Register for Sydney #### OZTUG Melbourne Holiday Party Chloe’s Bar @ Young and Jackson’s Corner Swanston & Flinders Sts, Melbourne, VIC, 3000 Date: 01/12/22 Time: 4:30PM – 8:30PM Please RSVP to david.callander@anz.com   #### OZTUG SIG and Year End Drinks - Melbourne! You are invited to our special end of year OZTUG SIGs in Sydney and Melbourne.  At these SIGs, HPE’s Senior Solution Architect Nelson Wong will share updates and highlights from HPE NonStop TBC 2023. Our traditional end of year drinks will follow each SIG, thanks to the good people at comForte and XYPRO for their contributions. #### OZTUG SIG and Year End Drinks - Sydney! You are invited to our special end of year  OZTUG SIGs in Sydney and Melbourne .  At these SIGs, HPE’s Senior Solution Architect Nelson Wong will share updates and highlights from HPE NonStop TBC 2023. Our traditional end of year drinks will follow each SIG, thanks to the good people at comForte and XYPRO for their contributions #### OZTUG Sydney Dear Members and Friends of OZTUG, I am delighted to be able to invite you to the first of 2 SIG meetings courtesy of HPE Australia and OZTUG.  Please find below the details of the Sydney venue and online Teams details.  Don’t forget to join the post-event drinks at the Morrison Bar and Oyster Room.  It is such a wonderful opportunity to catch up with our old and new Nonstop friends! BTW, the SIG meeting is scheduled for Melbourne too. For details of the Melbourne event, click here. Feng Lin Secretary, OZTUG Feng.lin@xypro.com Sydney Details and Agenda Date: Jul 21st, Sydney Venue: HPE Level 13, 1 Castlereagh Street, Sydney Agenda: 3.00pm to 5.00pm ♦ NonStop introduction ♦ The platform ​–​ hardware, software & virtual ♦ How fault-tolerant works with NonStop 5.00pm - 9.00pm Post-event drinks at: The Morrison Bar & Oyster Room 225 George Street Corner of, Grosvenor St, Sydney Can’t join in person? Click here to join the meeting via Teams Register for Sydney #### OZTUG Sydney Holiday Party Beer Garden Section, Cargo Bar Darling Harbour, King Street Wharf, 52-60 The Promenade Sydney New South Wales 2000 Date: 14/12/22 Time: 4:30PM – 8:30PM Please RSVP to feng.lin@xypro.com   #### PCI DSS 4.0 - Simplify Compliance in a NonStop World - A Live Webinar XYPRO is inviting you to join us for Live Webinars on Wednesday, January 18th and Thursday, January 19th where we demystify one of the most important cybersecurity topics of 2023: the latest version of the Payment Card Industry's Data Security Standard - better known as PCI 4.0 We know PCI-DSS 4.0 has been on your mind since it was revealed this past March. It is the most significant impact to the standard since its first release in 2004. The new PCI standard was designed with a zero-trust philosophy at its core. We see new requirements for authentication, behavior analysis, and real-time monitoring.  Working with the PCI Security Standards Council, XYPRO has dedicated extensive time and resources to evaluate how PCI DSS 4.0 impacts your HPE NonStop environment. Let XYPRO take out the guesswork and show you step-by-step how to address compliance in an automated way. This live webinar educates you on the new standard to ensure your company has enough time and knowledge to implement everything needed for data protection and become compliant before the mandatory deadline. Prev 1 of 1 Next XYPRO PCI DSS 4.0 PCI DSS 4.0 - Simplify Compliance in a NonStop World - Live Webinar Invitation Prev 1 of 1 Next   Select your preferred viewing time and register below: January 18, 2023 - 8:00 AM PST January 18, 2023 - 6:00 PM PST January 19, 2023 - 1:00 PM AEDT Please note that a Zoom account is required for registration to this event. Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. Steve is on Forbes Technology Council, the NonStop Under 40 executive board, and part of the ANSI X9 Security Standards Committee.    With over 20 years in the cybersecurity field, Steve is responsible for strategy and innovation of XYPRO’s security product line as well as overseeing  XYPRO’s risk, compliance, and security to ensure the best experience for customers in the Mission-Critical computing marketplace.   Steve is an engaging and dynamic speaker who regularly presents cybersecurity topics at conferences around the world. #### PCI SSC Asia Pacific Community Meeting 2019 The PCI Security Standards Council’s 2019 Asia Pacific Community Meeting is THE place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches. Don’t miss out! #### Prioritize Your CyberSecurity Initiatives - XYPRO 2021 Roadmap Update Join XYPRO for This Live Webinar! XYPRO's Chief Product Officer, Steve Tcherchian presents XYPRO’s 2021 product roadmap update including how recent XYGATE updates help you meet your 2021 data protection goals and cybersecurity objectives. Get an insider’s look into new features and functionality that maximize your XYGATE security investment. Join Steve as he discusses XYPRO's latest advances in Multi-Factor Authentication(MFA), Compliance and Anomaly Detection. You'll also be updated on HPE NonStop integrations with Splunk, SailPoint, CyberArk and ServiceNow. · Registration · Wednesday, February 24, 2021, 8:00 AM PST 8 AM PST Wednesday, February 24, 2021, 6:00 PM PST 6 PM PST Thursday, February 25, 2021, 1:00 PM AEDT 1 PM AEDT Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. Steve is on Forbes Technology Council, the NonStop Under 40 executive board, and part of the ANSI X9 Security Standards Committee. With over 20 years in the cybersecurity field, Steve is responsible for strategy and innovation of XYPRO’s security product line as well as overseeing XYPRO’s risk, compliance, and security to ensure the best experience for customers in the Mission-Critical computing marketplace. Steve is an engaging and dynamic speaker who regularly presents on cybersecurity topics at conferences around the world. #### Prioritize Your CyberSecurity Initiatives - XYPRO 2022 Roadmap Update XYPRO’s Chief Product Officer, Steve Tcherchian presents XYPRO’s 2022 Product Roadmap Update including how recent XYGATE updates help you meet your 2022 ZERO-trust goals and cybersecurity objectives. Get an insider’s look into new features and functionality that maximize your XYGATE security investment. Join Steve as he discusses XYPRO’s latest advances in Multi-Factor Authentication (MFA), Compliance and Anomaly Detection. You’ll also be updated on HPE NonStop integrations with Splunk, SailPoint, CyberArk and ServiceNow. Select your preferred viewing time and register below: February 17 2022, 8:00 AM PST February 17, 2022, 6:00 PM PST February 18, 2022, 1:00 PM AEDT Please note that a Zoom account is required for registration to this event. Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. Steve is on Forbes Technology Council, the NonStop Under 40 executive board, and part of the ANSI X9 Security Standards Committee.    With over 20 years in the cybersecurity field, Steve is responsible for strategy and innovation of XYPRO’s security product line as well as overseeing  XYPRO’s risk, compliance, and security to ensure the best experience for customers in the Mission-Critical computing marketplace.   Steve is an engaging and dynamic speaker who regularly presents on cybersecurity topics at conferences around the world. #### ServiceNow Integration for HPE NonStop Inadequate change control exposes you to cybersecurity risk and compliance issues. ServiceNow IT Service Management (ITSM) is the primary enterprise solution for IT change management. Join XYPRO CISO Steve Tcherchian and Jorge Alonzo, XYPRO’s Chief Architect for a live webinar and learn just how seamless we make integrating your HPE NonStop servers with ServiceNow ITSM. Validate privileged commands against Problem, Change and Incident Tickets, granting or denying execution based on the response from ServiceNow. Eliminate complex, after-the-fact manual effort otherwise required to match NonStop executed commands with individual ServiceNow tickets. Prev 1 of 1 Next ServiceNow Integration for HPE NonStop Webinar Prev 1 of 1 Next XYGATE ServiceNow Integration using ZeroTrust enforces the highest level of security in the ServiceNow workflow to reduce risk and increase efficiency. Select your preferred viewing time and register below: March 16 2022, 8:00 AM PDT March 16, 2022, 6:00 PM PDT March 17, 2022, 12:00 PM AEDT Please note that a Zoom account is required for registration to this event. Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. Steve is on Forbes Technology Council, the NonStop Under 40 executive board, and part of the ANSI X9 Security Standards Committee.    With over 20 years in the cybersecurity field, Steve is responsible for strategy and innovation of XYPRO’s security product line as well as overseeing  XYPRO’s risk, compliance, and security to ensure the best experience for customers in the Mission-Critical computing marketplace.   Steve is an engaging and dynamic speaker who regularly presents on cybersecurity topics at conferences around the world.   Jorge Alonzo is the Chief architect for XYPRO Technology. With over 37 years of experience on the NonStop platform, he has been heavily engaged with NonStop Systems Administration, NonStop software development and Solutions architecture.  He is responsible for developing new and creative innovative approaches for integration of enterprise level systems with the NonStop platform. #### Steve Tcherchian to present at the PCI SSC North America Community Meeting XYPRO's Chief Product Specialist, Steve Tcherchian will present Cybersecurity Strategies for Ransomware Protection, Compliance, and Digital Resilience at the PCI SSC North America Community Meeting. This year’s meeting will be held in Boston, Massachusetts on 10-12 September at the Hynes Convention Center. Join your global payment security peers at the 2024 PCI SSC Community Meetings.  PCI SSC Community Meetings bring together the brightest minds in payment security. Don’t miss the opportunity to collaborate and learn about the latest developments in global payment security and in the PCI Security Standards.  You are the payment security community. Community Meetings are your forum.  Click here to register. #### SUNTUG Sunshine Summit 2022 Join your HPE NonStop User Community in sunny Tampa, Florida for the 2022 SUNTUG Sunshine Summit and Golf Tournament. Details coming soon. Contact Pat Hill for more information. #### VNUG Conference The meeting will be held at Rånäs Slott, app 30 km (30 mins) from Arlanda airport and 69 km, (1 hour) from Stockholm city. Should you need help with a taxi, please contact the conference venue and they will help you with taxi advice. For more information about Rånäs Slott and directions, please visit the website: https://www.ranasslott.se/en/home #### XYPRO’s 2023 Product Roadmap - Live Webinar XYPRO’s Chief Product Officer, Steve Tcherchian will present XYPRO’s 2023 Product Roadmap Update including how recent XYGATE updates help you meet your 2023 ZERO trust goals and cybersecurity objectives. Get an insider’s look into new solutions, features, and functionality that maximize your XYGATE security investment. Join Steve as he discusses XYPRO’s latest advances in Ransomware protection, PCI DSS Compliance, Multi-Factor Authentication (MFA), and Cloud Enablement. You’ll also learn how to benefit from the latest HPE NonStop integrations with Splunk, SailPoint, CyberArk, and ServiceNow. Prev 1 of 1 Next 2023 XYPRO Product Roadmap Webinar Prev 1 of 1 Next Select your preferred viewing time and register below: February 7, 2023, 8:00 AM PST February 7, 2023, 6:00 PM PST February 8, 2023, 1:00 PM AEDT Please note that a Zoom account is required for registration to this event. Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. Steve is on the Forbes Technology Council, the NonStop Under 40 executive board, and part of the ANSI X9 Security Standards Committee.    With over 20 years in the cybersecurity field, Steve is responsible for the strategy and innovation of XYPRO’s security product line as well as overseeing  XYPRO’s risk, compliance, and security to ensure the best experience for customers in the Mission-Critical computing marketplace.   Steve is an engaging and dynamic speaker who regularly presents on cybersecurity topics at conferences around the world. ### Team Showcase #### ALIREZA MOVASSAGHI Alireza is a seasoned technology leader with 25 years of experience in the field of software engineering. He has leveraged his expertise to lead software engineering teams and drive large-scale technological innovation for industry giants like AWS, SONY PlayStation, 20th Century FOX, and IBM. Alireza joined XYPRO in 2023 from Amazon Web Services, where he led Cloud Transformation architectural projects, especially within the Media and Telecommunications areas. #### DMITRY ERMAN Dmitry is a development and technology veteran who brings a proven track record of managing large teams that deliver large scale enterprise applications. Dmitry joined XYPRO In 2019 from 20th Century Fox in the midst of the Disney acquisition. His extensive experience includes managing development organizations for brands such as FOX, Beachbody, NFL and Realtor.com. With more than 25 years of experience in development organizations, Dmitry has helped companies improve development environments through Rapid Application Delivery, Agile methodologies, DevOps, and integration of new and modern technologies across enterprise and software industries such as eCommerce, Media & Entertainment, and Real Estate. #### JORGE ALONZO URL: https://xypro.com/team_mf/jorge-alonzo-chief-architect/ #### SANTHOSHI SUNKAM With over 12 years of software development experience, Santhoshi Sunkam joined XYPRO in 2016. As XYPRO’s Business Analysis Manager, she leads a team of skilled analysts and leverages her strategic thinking and data analysis skills to drive data-informed decision making and innovation at XYPRO. Santhoshi is adept at analyzing business processes and empowering her team to provide impactful recommendations that support organizational growth. Her expertise in both strategy and analytics makes Santhoshi a valued leader at XYPRO. #### STEVE TCHERCHIAN Steve is a visionary cybersecurity leader with over 20 years of experience driving innovation and growth in the industry. As CEO of XYPRO, he leads the company’s global strategy and vision, ensuring it remains at the forefront of cybersecurity innovation that protects the digital infrastructure of enterprises worldwide. His strategic foresight, technical expertise, and focus on building lasting partnerships have been key to transforming XYPRO into a top-tier cybersecurity provider—achieving record growth and expanding adoption of its threat detection and compliance solutions across diverse industries. A passionate advocate for advancing cybersecurity awareness, Steve is a sought-after global speaker known for simplifying complex security challenges for businesses and leaders. Beyond his executive role, he has helped shape industry standards and innovation through his contributions to the ISSA CISO Advisory Council, X9 Security Standards Committee, Forbes Tech Council, and as a cybersecurity patent holder. #### ZUHRA RAHYAB Zuhra Rahyab is an accomplished leader with over 15 years of experience in reporting, analytics, and process automation. Since joining XYPRO Technology in 2019, she has led initiatives that transform complex data into strategic insights and measurable business value. Her leadership has driven major modernization efforts—revamping legacy systems, automating workflows, and building performance-driven frameworks that have improved efficiency, collaboration, and customer satisfaction across the organization. Renowned for her analytical precision and business acumen, Zuhra’s expertise spans data modeling, dashboard development, governance, and process optimization. She excels at aligning analytical innovation with strategic goals, ensuring every initiative advances XYPRO’s mission of operational transparency and informed decision-making. Through her vision and dedication to data excellence, Zuhra continues to shape how the company leverages information to achieve sustainable growth and long-term success.