Third Data Corporation provides numerous products which can reside on HP Nonstop and other HP  hardware platforms. In addition we provide custom high performance software design and development for our clients. Don't forget to download the latest version of Sysbusy. It's FREE at www.thirddata.com/dwnlds.html

 Accelerated Development of High-Speed Applications

NxLib – NxLib provides a platform and utility libraries for developing a high performance multi-threaded applications on NonStop Guardian. The platform provides threading, queuing and network capabilities. This enables development of an application written single threaded style to perform as multi-threaded.   Extensible command processing and help are supported.  Development time can be cut to a fraction of the time it would normally take.  This results in fast  application development with consistent look and feel across multiple projects.

FastBuild Switch – When building a switch be it ATM-POS, Wire Transfer, EFT, Medical, or any other type of data that needs to get from one place to another, you are usually faced with three choices. Take an existing package and modify your system to match it. Get the vendor to “enhance” their system to meet your needs. Write a new system from scratch. The FastBuild Switch integrates with your existing system, or if you are building from scratch gives you a great start. The switch is also built around the latest HP technology to maximize performance. It integrates several of our other products to maximize cost savings and security in a fault tolerant manner. In a cross platform environment it also runs on other non-Guardian HP supplied platforms.

SecureStore – If you are security conscience trying to become compliant (PCI, HIPAA, etc) then you know that you can not leave sensitive data readily viewable. SecureStore  encrypts the data  for your application so that you can become compliant. As part of disaster recovery your data is sent to multiple locations so it will be available when you need it. As a bonus for those having trouble with Guardian 4K limits there is no record size. It can also integrate with SQL systems (SQL MX/MP, Oracle, Postgres etc).

TokenStore – TokenStore supports multiple formats. From generation and storage of Tokens per EMV specifications to translation and non-storage of full or partial customer PCI data.

NxSSL – NxSSL is an SSL proxy which may be used to provide SSL encryption and authentication services to TCP/IP connections.  It provides full support for certificates and multiple encryption standards.  It has been carefully tuned to provide the highest performance available for any NonStop SSL connection.

NxWeb – A high performance web server which provides support for NxLib applications.  It also can be used without NxLib.  It provides for secure connections, virtual domains, full http support and interfaces to pathway and IPC communications.

 Please visit our new website at www.ShadowbaseSoftware.com! You will see major improvements in both high-level and technical content and graphics, with easy-to-use “drill-down style” page navigation under six major tabs: Solutions, Products, Support, Publications, About Us, and Contact Us, and a convenient site map at the bottom of each page. Our home page focuses on our four major solutions: Business Continuity, Data Integration and Synchronization, Application Integration and Utilities, all linking to in-depth information. Located under the Publications tab are our popular white papers, case studies, and articles, all categorized by Shadowbase solution type, as well as recent news and newsletters. Other highlights include expanded pages on Shadowbase products and support/service. We hope that you will enjoy visiting and using our new site! Note, we are no longer updating our old website and will retire it within the next year, so please change all references you may have from www.Gravic.com/Shadowbase to www.ShadowbaseSoftware.com.

Please stop by Gravic Booth #9 at the NonStop Technical Boot Camp on November 15-18 at the Fairmont Hotel in San Jose, CA. We look forward to meeting you at the show and sharing ideas regarding how the HP Shadowbase product suite can provide solutions to your most pressing business issues for business continuity, data integration and synchronization, and application integration. We hope to see you at one or all of our presentations:

Gravic personnel recently attended two October events, The Payments Knowledge Forum in London, and the CTUG Fall Conference in Toronto. Attendees enjoyed our presentations: Vodacom’s One Year Recovery and Winning the Battle Against Internet Banking Fraud by Leveraging HP Shadowbase Streams Real-Time Data and Application Integration. Please contact us if you are interested in discussing these presentations’ content or having us present them to you or your colleagues.

To speak with us about your data replication and data integration needs, please visit us at www.ShadowbaseSoftware.com, email us at SBProductManagement@gravic.com, or call us at +1.610.647.6250.

Pre-Conference Seminar Registration:   $150   SPECIAL EVENT!
* Register in Advance - Includes breakfast, snacks, and lunch.

Available online: (see Travel link)

 The Partner SIG looks forward to seeing you soon!

CSP - A NEW DAY HAS COME FOR NONSTOP SECURITY

We recently sent out a notification about our upcoming announcement to be made at NonStop Technical Boot Camp in San Jose, CA this November. As one of the largest projects ever undertaken by CSP, we are very excited to share the news that a New Day has come for NonStop security.

We hope to see you at the CSP booth, and encourage you to attend the exciting and informative presentation on our new solutions which include an expert approach to security hardening in order to reduce the chance of an insider attack.  The presentation entitled "Got Hard ?" will describe how CSP has applied the latest technological advances to hardening NonStop servers with a major focus on NonStop X, Open Systems and OSS.

As an innovator and leader in the NonStop security industry, CSP has been serving the community for over 27 years, helping clients secure their NonStop systems. We understand how critical it is to keep up with the changing times and technologies, and strive to be a step ahead.

CSP is proud to be a platinum sponsor for the upcoming 2015 NonStop Technical Boot Camp at the Fairmont San Jose Hotel (Nov 15-18, 2015), and welcomes you to the event.

We look forward to seeing you at The Fairmont!

Regards,

The CSP Team        

For more information on CSP solutions visit www.cspsecurity.com 

Our segment of the IT industry (financial transaction processing) is unique. It’s all about availability.  While other segments are striving to achieve a fail-over time of less than an hour, we are used to achieving sub-minute and in the best cases sub-second recovery.  For our segment the stakes are too high.  It’s not unusual for a system to be handling tens of thousands of dollars of transactions per second. As an industry we’ve made the investment in redundant hardware, data synchronization across multiple sites, and the associated software to make it all happen.

But redundancy is not enough to achieve availability.  Every holiday season we hear of sites which have failed.  Many if not most of those failures are capacity-related. There is no reason for this.  Our 25 years in the industry have taught us that those failures can be anticipated and avoided.  Here are some of the reasons that you should consider our Ban Bottlenecks service for your site.

You’ve had an outage.  Unfortunately, this is proof that your current methodology is not working. This is the best reason to talk to us.  We will show you how to stabilize your system and prepare it for the workload which will stress it in the future.

The “Performance Group” doesn’t understand your system or your market. As I’ve already mentioned, our requirements for availability are unique. Our systems can’t suffer an outage. Unfortunately, major IT departments have performance groups who either don’t understand or won’t devote the resources to keep ahead of the curve. They typically watch the “usual suspects” which include CPU and perhaps disk.  Our philosophy is to watch everything, all the time, and correlate it to the transaction stream. Every minute is important in our world. Red, yellow, or green squares on a screen or waiting for an alert just doesn’t cut it.

You don’t have the time. Many shops have the tools and the expertise, but simply don’t have the time to collect, correlate, analyze, and project the numbers. This is especially true for those shops running multiple nodes. It’s hard enough to watch everything on only one system.  Doing the same, to the proper level of detail and breadth of components covered, is simply too much for your key individual. Over the years we have developed tools and techniques for comparing and contrasting systems.  We’re very successful in finding the “needle in the haystack” across multiple or even hundreds of systems.

You don’t have the expertise. Sometimes smaller shops simply can’t afford to dedicate and train a performance specialist on the architecture. We take over that function for your shop.  One of our clients in this mode stated “I don’t even have to know the questions to ask.  Ban Bottlenecks tells us.” We are your performance partner.

Cost: When you work with us you will find that our fixed-fee approach is less than your current software cost, training cost, and certainly staff time cost. Our software is bundled into the service.

For the last 25 years Ban Bottlenecks has been successful in collecting, integrating, and analyzing all the factors affecting application availability and performance. We provide weekly reports covering your system 7x24, with a 2-year history. If the goal for your system is proactive performance and capacity management, contact us.

In the September 2015 issue of the Availability Digest, we described the anticipated danger of a long overdue and catastrophic earthquake devastating the Northwest Coast of the United States. The last massive earthquake in the region, a magnitude 9.0, was in January of 1700, long before the U.S. became a country and when few inhabitants were there to experience it. Over three hundred years later, the population has risen into the millions along with the thousands of companies that employ them and thousands of vulnerable data centers. How prepared are those companies today when no one was around for the last big earthquake? Out of sight, out of mind.

Japan, on the other hand, experiences deadly earthquakes all too frequently. After all, the country sits on the joint of four different tectonic plates. In response, Japanese data centers take their survival very seriously, which is why the majority of them endured the 11 March 2011 Great East Japan Earthquake with little if any damage.

http://www.availabilitydigest.com/public_articles/1010/japan_earthquakes.pdf

“Japan’s Data Centers Survive Their Big One” discusses the steps that Japanese data centers have taken to minimize the impact of the country’s earthquakes and tsunamis.

From the obvious – don’t locate both data centers and their backups in the most vulnerable areas of the country...

...to the measured – raised floor systems, floor-level isolators, equipment secured firmly to the floor...

...to the forward thinking – free-air cooling instead of water coolers,

Japan’s data centers survived March 11th because sound disaster-recovery plans were in place and were followed. It remains to be seen if the U.S. Pacific Northwest-based data centers of Microsoft, Boeing, Starbucks, Amazon, and others will endure as well.

The Availability Digest offers one-day and multi-day seminars on High Availability: Concepts and Practices. Seminars are given both onsite and online and are tailored to an organization’s specific needs. We also offer technical and marketing writing services as well as consulting services.

Join Digest Managing Editor Bill Highleyman at the upcoming NonStop Technical Boot Camp in San Jose, California USA, November 15th thru 18th. Bill’s breakout session is titled “The Fraud Blocker: Catching the Wrongdoers.”

Published monthly, the Digest is free and lives at www.availabilitydigest.com. Please visit our Continuous Availability Forum on LinkedIn. We’re at 712 members and counting. Follow us as well on Twitter @availabilitydig.
 

­XYPRO – Security Intelligence – Intercepting “Low and Slow”

Security has been a lifelong passion of mine. Growing up, I constantly pushed the envelope of what was possible. This was strictly for “research” purposes of course. I would spend a lot of my time after school (and sometimes during school) seeing what systems I could gain access to, discovering obscure security “features”, using my Svengali-like charm for social engineering or exploiting just plain security negligence . This was for no other reason than self-satisfaction, to cure a little bit of boredom and, to obtain some online fame. It was fun. I felt cool.  I WAS that kid in my parent’s basement, but as I was sitting in my parent’s basement banging away on my keyboard, I was pwning your tech! The dot-com bubble was just forming and n00bz didn’t stand a chance.

I look back at the wealth of experience gained from the need to alleviate boredom in my early life and wonder how trivial it would have been for someone to notice what I was doing and to shut me down, but in the late 90s, security wasn’t just an afterthought – it was virtually non-existent. No one was keeping an eye out whether the system was being used for anything other than for what it was originally intended.

MTTD in Today’s World

Fast forward twenty years and security is at the forefront of everyone’s minds, yet common security oversights of best practices and negligence are still very much part of today’s landscape. The Mean Time To Detection (MTTD) of a security incident is still over 200 days!¹ That translates to an attacker being in your systems for at least six months on average until someone notices, that is – if – someone notices. In my day, the issue was that no-one was tracking my activities – nowadays there is audit data being generated everywhere.  The problem has shifted from not enough data to too much data.

Figure 1.¹

In an era where everyone is used to, and in fact demands, instant gratification, and where we have a one hundred billion dollar plus cyber security industry providing the tools and solutions to satisfy that demand, MTTD is still 6+ months. We cannot underestimate the ability of criminals to stay ahead of conventional solutions by constantly adapting – allowing them to hide their malicious intentions or simply fly under the radar.  These low and slow attacks have become the Achilles heel of organizations worldwide. The data breaches that will be announced next year are taking place right now, as you’re reading this article. The attackers are already in the networks and systems doing their reconnaissance work, exfiltrating data, planning their next move – all the while, blending into the noise of everyday business users and operations for months and years at a time. How can one detect these anomalies?

Data is King

We use data every day to gain insight, plan our next moves and run our organizations. Too little data and you’re not getting the complete picture to make an informed decision, too much data and you’re overwhelming your staff and drowning in the noise to make any sense out of it.  Analyzing the vast amounts of data to detect pattern anomalies requires specialized knowledge and takes time. Attackers know this.

Traditional SIEMs and log management devices do what they do well. They aggregate data from multiple sources, report on the verticals you tell them to report on, and allow your auditor to put a tick in the PCI-DSS compliance checkbox for requirement 10.5.3. You would think that should make your CISO sleep better at night, but ticking the compliance box is all that exercise will allow you to do, and I guarantee you your CISO is not sleeping any better at night.

We are bombarded by marketing buzz words like “Big Data” and “Data Lakes”; how can we strip away the marketing buzz and introduce the concepts into our security strategy and use them to our advantage?

Hello Security Intelligence!

Security Intelligence and Analytics is the concept of collecting, normalizing and correlating the data you already have access to from the myriad systems and solutions that have been deployed in the enterprise. Typically a time consuming exercise for highly skilled data scientists, applying computer based algorithms and data analytics to the vast amount of data in order to detect valid security events introduces a new dimension to data intelligence that can be used for tracking security incidents before they occur, ultimately reducing the Mean Time to Detection, and potentially saving organizations millions of dollars and often more importantly - from appearing on the front pages.

Security Intelligence algorithms and analysis techniques take the data sets that are already  being generated from disparate sources in your enterprise, such as security audits, application logs, network flows, vulnerability management, configuration data, keystroke logs etc… It slices and dices that data, pivots the data and ultimately correlates the common elements between these unrelated sources while adding a layer of context to the correlation based on specific indicators of compromise for that system. You have now armed yourself with a proactive method to track anomalies and detect security events important to your environment, while separating the noise from the actionable data.

This real time correlation and contextualization of data sources enables notifications to security analysts of the anomalies that are being measured on a system as they’re occurring. Say for example commands are being issued on a system that are not typical of the user issuing them.  By recognizing this and correlating that activity with suspicious network flow and additional sources of data, security intelligence algorithms can detect and alert that something is happening on the system that is outside of what is normal for the given environment. This powerful concept provides meaningful comprehension of the data, allowing security practitioners to have the upper hand in detecting suspicious activity before you’ve reached the tipping point..

Highest ROI in the Enterprise

Sorting through millions of events to find something that is important to you is a near futile effort. It’s like searching for the proverbial needle in a haystack, meanwhile, more hay is being shoveled onto the stack at an alarming rate. This taxes resources, sends people and applications down rabbit holes chasing false positives, compromises system availability and ultimately wastes time and money, not to mention everything else involved with a large breach. This is why it’s 2015 and the MTTD is still 200+ days.

Figure 2.

The value of security intelligence and the way it takes the human effort involved in data analysis, contextualization, correlation and pattern matching and automates it cannot be underestimated.,. This complex analysis allows for efficient and effective processing of security data, so your security team can make quicker, informed decisions on events that are relevant to them. This in turn yields additional benefits by reducing operational costs, simplifies management, enhances security and increases response times. This is why Security Intelligence and Analytics have one of the highest perceived ROIs compared to its cost.

Organizations recognize the value of intelligence based on data analysis in other parts of their business strategy, like marketing – security intelligence is no different. Being able to leverage the data you already have access to through automated analysis empowers your organization to quickly and efficiently deal with the threats that are constantly evolving.

¹ Source: MANDIANT M-Trends 2015: A VIEW FROM THE FRONT LINES

Steve Tcherchian, CISSP
CISO
XYPRO Technology

Steve Tcherchian is the CISO for XYPRO Technology. With almost 20 years in the cybersecurity field, Steve is responsible for overseeing XYPRO’s risk, compliance, infrastructure and product security to ensure the best security experience to customers in the Mission-Critical computing marketplace.

Please join XYPRO at the HP NonStop Advanced Technical Boot Camp thisNovember 15–18, 2015 in San Jose, California. This event is designed specifically for HP NonStop professionals and anyone interested in learning more about XYPRO's extensive line of Compliance, Access Control, Audit, Authorization, Encryption, Tokenization and Professional Service offerings.

This year, XYPRO is launching a brand new product sure to be the “Next Big Thing in HP NonStop Security”. It’s a can’t miss presentation – you’ll definitely want to be in the audience for this one!

As a proud Diamond sponsor we’ve created a special landing page to keep you updated on all the XYPRO, HP & User Presentations!

Find out more about us at www.tandemworld.net