 |
   |
 |
|
News: |
Coverage - Press Release |
 |
 |
|
SENSAGE DEBUTS NEW GOVERNMENT COMPLIANCE ANALYTICS PACKAGE; SIMPLIFIES SECURITY AUDIT COMPLIANCE FOR FISMA, NISPOM AND DCID SenSage Offers Industry’s Most Extensible Security Event Log Management and Analytics Solution; Expands Government Partner Program SAN FRANCISCO, CA – May 1, 2006 – SenSage, Inc., the leading provider of enterprise security analytics, today announced the availability of the SenSage Government Analytics package. The compliance analytics suite is an extension of’ SenSage’s award-winning scalable log management and analysis software. The solution helps government agencies and system integrators adhere to the growing number of security regulations such as FISMA, NISPOM and DCID. These guidelines mandate consistent monitoring and long-term retention of security, access and system events for security assurance. The SenSage suite is among the industry’s first enterprise security analytics solutions to support the NIST SP-800-53 control guidelines and enable granular, compliant auditing of network devices, security countermeasures, operating systems and applications. The suite incorporates rules and reports mapped to Federal guidelines and leverages SenSage’s IntelliSchema™ technology, which enables rapid integration with any application log source found in government information technology environments. “The SenSage Government Compliance Analytics package is a strong security data warehouse and analytics solution for agencies and their contractors who deal with sensitive or classified information,” said George Hamilton, senior analyst for the Yankee Group. “We believe defense, Federal and State regulations will continue to encourage organizations to maintain broader event log assessment as well as longer term security analysis and retention of critical system event information. SenSage not only facilitates compliance efforts, but it also helps organizations to build strategies that can adapt to continually evolving threats and audit practices.” Civilian and military IT networks contain highly sensitive information and are therefore subject to more extensive security monitoring and retention requirements. These regulations include the Federal Information Security Management Act (FISMA), the National Industrial Security Protection Operating Manual (NISPOM), NIST SP-800-53 and the Director of Central Intelligence Directive 6/3 (DCID 6/3). These regulations recognize that despite the attention paid to external security threats, insider threats represent the most dangerous source of security breach. To address these threats all four guidelines require agencies to perform frequent auditing of activity throughout the IT network, including monitoring of authenticated access to sensitive devices, operating systems, applications, files and access privileges. The regulations further require organizations to maintain long term archives of critical system event logs to allow in-depth investigations and forensics. DCID 6/3, for example, requires that government organizations and contractors with access to classified information must consistently analyze system events and retain event logs for a minimum of five years. These security guidelines place enormous data management burdens on agencies and contractors, which must implement processes and procedures to capture massive volumes of audit data, identify potential security threats, and perform comprehensive investigations and incident response. Given the size and breadth of these networks, government agencies and contractors must analyze millions of events daily, and retain terabytes of data for trending and forensic analysis. SenSage’s powerful log management and analytics solution is distinguished for its high volume data capture, high-speed precision search and reporting, ability to bridge real-time and historic analysis, and fully optimized log data storage. These unique capabilities accelerate return on compliance investment. “Our Federal clients are facing stringent new security mandates that require long term event data monitoring, analysis and retention,” said John Kashishian, Director of Network Information Assurance Solutions at CSC. “SenSage’s ability to integrate, analyze, and retain massive volumes of event data from diverse sources, including proprietary applications, streamlines the reporting and auditing process requirements that safeguard sensitive and classified government networks.” The SenSage Government Compliance Analytics incorporates features that are important to government organizations, such as granular role-based access controls that ensure that only those users with appropriate privileges can operate the system or view particular reports or report fields containing sensitive data. SenSage's IntelliSchema™ technology allows government organizations to collect and audit data from any device or application, and correlate activity across different sources while avoiding any data normalization or modification that can damage the data’s forensic quality. The SenSage architecture scales to support nearly limitless data volumes, providing exceptional data load and query performance against terabytes of compressed event log data. Such scalability is important because it ensures consistent delivery of alerts, reports and searches, while providing significant operational savings. In addition to servicing government agencies directly through its McLean, VA federal office, SenSage has also developed relationships with specialized systems integrators, contractors and other channel partners who integrate SenSage technology into their products, systems and contracts. Among SenSage’s prominent integration partners, CSC, Hewlett-Packard and Lockheed Martin have been instrumental in deploying SenSage security analytics solutions to numerous government organizations. SenSage’s federal partner program aims to expand SenSage’s government security opportunities by offering sales incentives, training and support to new partners. "The SenSage Government Compliance Analytics package simplifies and automates auditing and investigation efforts for government agencies and their contractors," said Dan Barahona, SenSage's director of business development. "Although our Federal clients initially implement SenSage's security analytics solution for regulatory compliance, early adopters have found that SenSage can provide a wide range of additional important benefits such as improved visibility into internal security threats, lowered operational auditing costs, and accelerated audit response." Pricing and Availability SenSage was the first SIM vendor to provide compliance analytics packages that have been generally available since March of 2005. The SenSage Government Compliance Analytics package complements SenSage’s existing regulation-specific compliance offerings, which include specialized packages for Sarbanes-Oxley, Healthcare and Financial Services. Each of the packages is derived from ISO-17799 best practices. To learn more details and attend a free webinar on Log Management and Government Compliance, visit www.sensage.com/govt . About SenSage For more information, please visit www.sensage.com. Media Contact Eric Collopy |
