Articles by Steve Tcherchian

In most mission critical environments, SAP HANA is the lifeblood of an organization. SAP HANA (High-performance ANalytic Appliance) is a highly performant, highly scalable in-memory database that serves as a platform for enterprise resource planning (ERP) applications and other business workloads that need to analyze data in real time.

The probability that an organization will experience a breach in the next 24 months is high and the current time to identify and contain a breach is still 280 days. XYPRO security solutions reduce the meantime to detect, and the resources required to respond to potential breaches by up to 80%, dramatically reducing the impact of a breach on your enterprise.

Since the release of PCI-DSS 3.0 in 2013, the PCI Security Standards Council has been quite busy.  A little over a year after it was published, the council released PCI-DSS 3.1, followed by several new templates and supplements, including the “Migrating from SSL and early TLS Information Supplement” in April 2015 which highlighted the risks of SSL and TLS 1.0. 

Well, we made it. 2021 is finally in the books. The gift of LOG4J and the onslaught of vendor emails made for an eventful end to 2021. Take a minute (and I only mean a minute) to catch your breath before we jump headfirst into 2022. It’s time to look forward to what the cybersecurity landscape will give us this year.

Have we become numb to the news of security breaches? Unfortunately, the attacks on our businesses, personal lives and even global infrastructure are not slowing down. Cybercrime is up over 600% during the pandemic. According to Verizon’s 2021 Data Breach Investigation Report, 61% of cyberattacks targeted credential theft. This far surpasses personal, banking and payment card information which have been primary targets for years. The cybersecurity industry has responded with a variety of ways to protect sensitive data with regulations, technology, and awareness, which has forced attackers to look for easier targets, such as usernames and passwords.

The General Data Protection Regulation, or GDPR, is a major piece of legislation adopted in 2018. It is designed to address the protection and responsible use of every European Union citizen’s personal data. However, GDPR is not an EU-only regulation. It affects ANY business or individual handling the data of EU citizens, regardless of where that business or individual is based.

CashApp, Zelle, Venmo, ApplePay, Square – the payments industry is growing and expanding into areas we hadn’t imagined. Everyone relied on it before the pandemic – now it’s critical infrastructure and embedded into our everyday habits.

A recent industry phishing report showed that 4% of users are prone to click on anything sent to them. That is a scary statistic given that phishing is one of the primary methods ransomware attacks are carried out.

Since the release of PCI-DSS 3.0 in 2013, the PCI Security Standards Council has been quite busy. A little over a year after it was published, the council released PCI-DSS 3.1, followed by several new templates and supplements, including the “Migrating from SSL and early TLS Information Supplement” in April 2015 which highlighted the risks of SSL and TLS 1.0. The supplement described a migration plan as well as set a migration deadline of 1 July, 2016.

COVID-19 and its security ramifications continue in 2021 and well beyond. All of the threats brought to the fore when we were sent to work from home got added to the already-growing set of risks we were already trying to mitigate.

With 2020 finally, in the books, it’s time to look forward and discuss our cybersecurity predictions that will most affect the industry in 2021. I thought long and hard about what I could say that would be impactful and hasn’t been said before.  Obviously, COVID-19 and its security ramifications will continue to stay with us for 2021 and well beyond.

2020 was another troubling year in the cybersecurity world. We saw a repeat of 2019’s data breaches on a larger scale. Instagram, TikTok, YouTube, Nintendo, WaWa and many more fell victim to some sort of compromise. Hardly a week went by where we weren’t reading about a new mega breach or ransomware attack.

File Integrity Monitoring (FIM) is a foundational requirement for security compliance frameworks to help identify unexpected or malicious activity across critical system files, diagnose unwanted or inadvertent changes, and shut down attacks before they have a chance to cause damage and disruption.

CyberArk’s Brian Carpenter, Director of Business Development for CyberArk the global leader in privileged access management, and Steve Tcherchian, Chief Product Officer and Chief Information Security Officer for XYPRO Technology Corporation, a leading cybersecurity solutions company Co-presented on the topic of integrating HPE NonStop servers with CyberArk.

During this time of unprecedented uncertainty, we at XYPRO are concerned about the safety and health of our employees, their families, our customers and everyone who makes up our global community.

The client, a large US-headquartered financial institution, is a multinational, independent investment bank and financial services company assisting individuals, corporations, and municipalities. With more than 8,100 financial advisors serving approximately 3 million accounts in more than 2,600 locations throughout the United States, Canada and overseas, total client assets approach $1 trillion.

Before utilizing XYPRO software solutions and services, one prominent bank depended on non-standard, less secure processes for logging onto their HPE NonStop systems and applications. Relying on a single set of credentials that was managed separately from their corporate Active Directory was both difficult to integrate with enterprise infrastructure and gave poor user experience…

As 2020 approaches, it’s time to discuss cybersecurity predictions that will impact the industry in the upcoming year. As a CISSP and Chief Information Security Officer for XYPRO, I thought long and hard about what I could say that would be impactful and hasn’t been said before – that’s a tall order! The reality is, what we predicted would be important in 2019, 2018 and even 2017 – is still applicable. A lot of what we predicted back then was never properly addressed and remains a risk today – credential theft and attacks targeting privileged user logins are more prevalent than ever. Currently, the best way to combat these types of attacks is to use 2-factor authentication.

Every business wants more data. Data on their customers, competition, operations, processes, employees, inventory and more. Data can be used to make better-informed business decisions and provide strategic insights that give your company a competitive advantage in terms of efficiencies, enhancing the customer experience, or refining market strategy. Its uses are limitless. Over the last decade, computing power has advanced to the point where generating and storing massive amounts of data has become highly cost-efficient.

It can take months or even years before a data breach is detected. The latest statistics from Ponemon Institute’s 2018 Cost of Data Breach Report outlines that it takes an average of 197 days to identify a breach. That means someone is in your network, on your systems, in your applications for over six months before they’re detected, IF they’re detected. That’s six months! On the higher end of the same report, there are companies that have been breached for years before they realize it. For example, sources indicate the Marriott data breach occurred back in 2014, but it was not disclosed until 2018. The scale of that breach is still being evaluated and it seems to get bigger and more impactful as more information is discovered.

Real-time threat detection is an indisputably critical element for maintaining operational integrity across a rapidly changing mission critical environment. Knowing