Addamark Releases Information Security Survey Results.Business Editors/High-Tech Writers SAN FRANCISCO--(BUSINESS WIRE)--June 16, 2003 Reducing Investigation Costs, Improving Security Analyst Productivity, and Ensuring Regulatory Compliance Top List of 2003 Security Priorities for Large Financial and Healthcare Organizations Addamark Technologies today announced that the top security priorities of large financial and healthcare organizations in 2003 are improving security analyst efficiency, reducing the cost of investigations and ensuring regulatory compliance, according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the results of its 2003 information security survey. An independent research firm conducted interviews with information security departments at 60 large financial and healthcare companies from January to March 2003 examining current pain points and evolving priorities as well as determining how much event data is generated in each organization and what types of solutions would help organizations deal with this volume. According to the survey results, most large organizations generate two gigabytes or more of log data a day, with 19% of organizations generating over 10 gigabytes per day. These logs provide a wealth of data that can be analyzed and used to aid investigations and ensure compliance with federal mandates such as HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, and the USA PATRIOTS USA PATRIOT Uniting and Strengthening America By Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (US legislation) Act if it is stored and managed effectively. Addamark's security solution, Omnisight, centrally manages and analyzes event data generated by any system or application, including email servers See mail server. , network firewalls, IDS, VPN (Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks. , Web servers, databases, CRM (Customer Relationship Management) An integrated information system that is used to plan, schedule and control the presales and postsales activities in an organization. , ERP (Enterprise Resource Planning) An integrated information system that serves all departments within an enterprise. Evolving out of the manufacturing industry, ERP implies the use of packaged software rather than proprietary software written by or for one customer. , routers and sniffers. It enables rapid detection and investigation of damaging attacks, particularly insider abuse, long-term attacks and other suspicious activity inside the firewall. "Every system throughout an organization generates massive volumes of logs, recording all the pertinent information necessary to effectively detect insider attacks and conduct investigations. However, security administrators remain powerless due to the inability of most solutions to handle the volume, resulting in limited and incomplete analysis," said Paul E. Proctor A person appointed to manage the affairs of another or to represent another in a judgment. In English Law, the name formerly given to practitioners in ecclesiastical and admiralty , president, Practical Security, Inc. and author of "The Secured Enterprise: Protecting Your Information Assets" and "the Practical Intrusion Detection See IDS and IPS. Handbook." "Addamark's unique solution stores years of historical data from multiple sources in its entirety and enables customers to easily run ad-hoc queries. Because Addamark correlates information from every system for any length of time, it is particularly valuable for investigating long-term attacks, incidents that involve multiple departments or systems, and for containing insider threats that bypass conventional perimeter defenses A defense without an exposed flank, consisting of forces deployed along the perimeter of the defended area. ." Select Results from Addamark's 2003 Information Security Survey Daily security log volume at 60 large financial and healthcare companies: -- Less than 500 megabytes per day: 24% -- 500 megabytes to two gigabytes per day: 37% -- Two to 10 gigabytes per day: 20% -- 10 gigabytes per day or more: 19% Percentage of respondents that rated each of the following priorities as "very important": -- Improving security team productivity and reducing costs of investigations: 100% -- Ensuring regulatory compliance: 51% -- Supporting legal prosecutions: 31% -- Improving real-time event management: 9% -- Detecting insider abuse and social engineering attacks: 22% About Addamark Addamark Technologies is a software security company that enables enterprises to cost-effectively store and manage high volumes of log data to monitor security events and extract business critical information. With Addamark, enterprises can store and correlate log data from multiple sources and run ad-hoc queries to analyze user behavior and network activity to the highest granularity The degree of modularity of a system. More granularity implies more flexibility in customizing a system, because there are more, smaller increments (granules) from which to choose. . Founded in October 2000 by enterprise software veterans, Addamark was named one of the top 10 software start-ups of 2002 by Venture Reporter and is funded by Sierra Ventures and Battery Ventures. For more information please visit www.addamark.com. Addamark is a trademark of Addamark Technologies. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion