1-888-MSECURE

IBM’s Premier WebSphere Security Partner

Evans Resource Group is the premier IBM partner for WebSphere Data Security with the only PCI DSS and governance focused testing available.  Our testing has shown approximately 90% of WebSphere installations will not pass a PCI DSS assessment.

Are your key infrastructure assets secure?
What happens if you do nothing?

According to IBM, if you do nothing about security, the most likely effect is that all users can access and change every resource.  This includes not only local users, but also those on remote systems using distributed queuing or clients, where the logon security controls might be less script than is normally the case for z/OS®.

Clients

We have successfully tested financial, merchant and government WebSphere installations and provided security optimizations to Fortune 50 clients globally. We contribute to the bottom lines of our clients by providing the lowest cost WebSphere solutions that reduce risk and liability.

Scope, Test, Harden, and Re-test

At Evans Resource Group, we define the area of interconnectivity that must be tested and test it with our software in context.

Citibank…Hannaford…Heartland…Sony…the IMF

Is Your Network Next?

Recent news stories about the rise in hacker attacks on businesses and government institutions have signaled alarms throughout the cyberworld that current security measures do not go far enough in protecting critical business processes that utilize web technology from attacks where security constructs are underwhelming or absent – the business process interconnectivity applications that act as the glue that connect and move data from one web application to another. In fact, the recent news has come as no surprise to Evans Resource Group (ERG) as we have found that over 90% of the pci dss compliance testing we have performed on this critical part of any e-commerce organization has failed to achieve basic security levels.

At ERG, we specialize in BPIC (Business Process Interconnectivity Security which is also referred to as SOA or Service-Oriented Architecture), Enterprise Service Bus (ESB) and gateway technology security with a focused expertise in IBM® WebSphere® environments. We have created an end-to-end BPIC security solution, in conjunction with IBM, that will help you identify risk and vulnerabilities across your critical BPIC infrastructures and provide you with clear, insightful, actionable optimizations to safeguard and protect your critical business assets.

Click to Learn More

What’s New 

Advanced Message Security (AMS) For WebSphere MQ
Now Secure PCI DSS Compliance at the Lowest Prices Available for AMS though Evans Resource Group! 

Is your firm doing business with the states of MA, MN, NV or WA? By law your firm is required to be PCI DSS compliant across the interconnectivity technology stack.  That means testing your WebSphere and securing messages at rest.  IBM and Evans Resource Group (ERG) can prove PCI compliance of your WebSphere MQ and ESB with our bundled offering using IBM’s WebSphere MQ Advanced Message Security and ERG’s MQSentry security testing solution. Leveraging our teams of highly skilled WebSphere MQ security consultants with deep ESB and message oriented middleware security knowledge, outstanding technical skills, and unparalleled experience with thousands of customer security integrations, our bundled solution for PCI DSS can help you get your PCI Security Assessments right the first time…every time.  Click here to understand more…

New ERG Interconnectivity Security Threat Report Now Available

Download the Security Threat Report

HITECH Act/HIPAA Compliance for WebSphere MQ, ESB and Payment Gateways

Confidentiality, integrity, and accessibility for WebSphere MQ is
required for the HITECH Act for companies that utilize WebSphere MQ as
the message oriented middleware transport for SOA, ESB and payment
gateways. The solution tests and optimizes WMQ for HITECH Act
Compliance using non-perimeter testing and remediation tools and
methods.

http://www-304.ibm.com/partnerworld/gsd/solutiondetails

Free One-Day WebSphere Interconnectivity Vulnerability Assessment

Our one-day Internal Vulnerability Assessment service is provided free to qualified companies as a cost-effective tool to analyze their current WebSphere interconnectivity network. Utilizing intelligent, non-intrusive, scanning technologies and methods that meet or exceed all vulnerability scanning/assessment requirements for most industry standards and regulations, including Sarbanes-Oxley (SOX), Common Vulnerabilities and Exposures (CVE), the Health Insurance Portability and Accountability Act (HIPAA), the Gramm Leach Bliley Act (GLBA), the Payment Card Industry (PCI) Data Security Standard, the Federal Information Security Management Act (FISMA), ISO-9000 and more, ERG’s comprehensive assessment tests against over 20,000 vulnerabilities and provides a detailed list of potential vulnerabilities and available corrective actions.

To schedule an assessment, view a sample report, or get additional information, contact us at:info@evansrg.com or call 1-888-MSECURE

PCI DSS Compliance for Websphere MQ, ESB and payment gateways

PCI Compliance for WebSphere MQ (WMQ) is required for all banks, merchants and data processors that utilize WebSphere MQ as the message oriented middleware transport for SOA, ESB and payment gateways. Given that over 87% of the Fortune 500 use WebSphere MQ as the transport for messages, payment gateways, and with SOA architectures, this solution tests and optimizes WMQ for PCI DSS Compliance using non-perimeter testing methods and remediation tools. Perimeter security vendors do not test WebSphere MQ for PCI DSS compliance because they do not have the correct methods and tools. This solution utilizes methods and tools that were developed in conjunction with IBM to provide the only PCI DSS Compliant messaging solution for banks, merchants and data processors in the world.

http://www-304.ibm.com/partnerworld/gsd/solutiondetails

IBM Infrastructure Security Services – Express Penetration Testing Services

Evans Resource Group’s WebSphere Interconnectivity Software Oriented Architecture (SOA) Penetration Tests evaluate the security of an organization’s WebSphere MQ and ESB that use WebSphere MQ and ESB for their software oriented architectures against security best practice criteria. By simulating real-world, application–level attacks, the tests provide insight into the ability of an organization’s application to resist attacks from unauthorized users and to help prevent misuse by valid users.

Interconnectivity is the technology utilized to move, transform and deliver the data to their intended destinations within the network, what we refer to as atomic components of the network. Interconnectivity vulnerabilities are critical to remediate due to the nature of what the application does, moving, connecting and transforming data between systems and business partners. Enterprise interconnectivity is used in every industry across business to business (B2B) and gateways that act as a hub for business applications and databases to communicate both externally and internally, sending strings of transactions, data and other critical business information across and through networks. Cyber risk becomes cyber liability when it is not secured properly by a business partner.
Download the PDF