Consul InSight Solves the Critical Requirement of Monitoring the Privileged User; Consul InSight Privileged User Monitoring and Audit Solution Flags Behavior that Violates Policy; Delivers ''Must Have'' Audit Reports.HERNDON, Va. -- Consul risk management, the authority in security audit and compliance, today unveiled its Consul InSight(TM) Privileged User Monitoring and Audit solution (InSight PUMA). InSight PUMA combines the InSight(TM) Security Manager technology with Consul's 20 years of audit reporting experience to offer organizations a solution to monitor, report and investigate the activities of privileged users. The solution enables organizations to demonstrate to regulators and auditors that they have proper controls in place over privileged user activities and are effectively managing security risks. Why is Privileged User Monitoring a Critical Part of Information Systems Assurance? Recent studies confirm that unauthorized activities by privileged users, such as administrators who have unrestricted access across applications and platforms, are the main cause of insider security breaches. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the USSS/CERT Insider Threat Survey 2005, 86 percent of all "insider attacks" can be attributed to the privileged user. Accordingly, standards and regulations, such as the Statement on Auditing Standards No. 70 (SAS (1) (SAS Institute Inc., Cary, NC, www.sas.com) A software company that specializes in data warehousing and decision support software based on the SAS System. Founded in 1976, SAS is one of the world's largest privately held software companies. See SAS System. 70), the Payment Card Industry Data Security Standard (PCI DSS (Payment Card Industry Data Security Standard) Security procedures from the PCI Security Standards Council for merchants that accept credit cards online. ), Sarbanes-Oxley (SOX), Gramm-Leach Bliley (GLBA GLBA Gramm-Leach-Bliley Act of 1999 (Financial Modernization Act of 1999) GLBA Gay and Lesbian Business Association GLBA Great Lakes Booksellers Association GLBA Glacier Bay National Park and Preserve ) and the Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when (HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, ), state that the activities of privileged users are of concern. Left unchecked, privileged user activities can violate segregation of duties and lead to incidents of identity theft. Regulators and auditors have a zero-tolerance policy Noun 1. zero-tolerance policy - any policy that allows no exception; "a zero-tolerance policy toward pedophile priests" policy - a line of argument rationalizing the course of action of a government; "they debated the policy or impolicy of the proposed legislation" for this risk. AEGON Canada Is a Step Ahead on Privileged User Monitoring In order to pass an upcoming audit against SOX requirements, AEGON Canada needed to gain better control of its systems and logs, ensure the integrity of data, and monitor that the activities of employees, specifically privileged users, complied with policy. "'Trust but verify' is the motto," said Brian McPhedran assistant vice president, IT Risk Management, AEGON Canada. "Using Consul's InSight Security Manager, AEGON can quickly and easily determine if user activities comply with acceptable use policy of information assets. The reports from InSight do a tremendous job at interpreting the data at a system level. Auditors know that we are aware if staff violate policy by accident or intentionally." "The fundamental building block for secure business practices is the trusted authentication of people and processes participating in online business transactions," said Eric Ogren, security analyst at Enterprise Strategy Group. "Monitoring privileged user activity protects the enterprise against unauthorized configuration changes that lead to operations which may bypass deployed security mechanisms. Consul's Privileged User Monitoring and Audit solution is a welcome focus that promises to allow security professionals to educate internal users and better manage corporate security." Features of the Consul InSight Privileged User Monitoring and Audit Solution Consul InSight Security Manager is the foundation of the InSight PUMA solution. In addition, an organization proceeds through a five-step implementation process resulting in "must have" audit reports to assure that privileged user monitoring requirements are being met. Combined with on-site training and customization of audit settings and policy definitions, Consul offers a complete bundle of services. InSight PUMA offers: --Platform independent monitoring: InSight monitors across more than 80 applications, databases, operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. and devices, which enables privileged user monitoring across the enterprise. --User-oriented normalization In relational database management, a process that breaks down data into record groups for efficient processing. There are six stages. By the third stage (third normal form), data are identified only by the key field in their record. : InSight comes with a built-in translation of every different log file it collects into an English, user-oriented language. This eliminates the need for deep technical and programming capabilities. --Policy-based analysis: Acceptable use policy templates enable an organization to easily compare the activity of privileged users against company policy and hone in on non-compliant behavior. --Built-in reports and alerts: InSight comes with dozens of reports and alerts that focus on the actual behavior of privileged users across the enterprise. "Due to the rise in compliance and security awareness Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical and, especially, information assets of that organization. , audits have been more frequent. Yet, regulatory and audit pressures have made it clear that existing security technologies are missing the mark," said Kristin Gallina Lovejoy, CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. of Consul. "Efforts to date have focused on network-level, externally-oriented threats. This has left organizations woefully woe·ful also wo·ful adj. 1. Affected by or full of woe; mournful. 2. Causing or involving woe. 3. Deplorably bad or wretched: unprotected against the much greater risks posed by insiders and more importantly the authorized employees, customers, partners and outsourcers. Consul's unique approach enables organizations to monitor the behavior of privileged users without hindering business productivity." About Consul risk management, Inc. Founded in 1986, Consul risk management is an authority in security audit and compliance. Consul provides policy-based user monitoring solutions to track, report on and investigate non-compliant behavior, such as unauthorized activity by administrators and other privileged users. The Consul InSight(TM) Suite automates the process of enterprise-wide log collection, privileged user monitoring, behavioral forensics See computer forensics. and compliance reporting. More than 350 customers around the world rely on Consul to accelerate their security audit and compliance efforts, including AEGON Canada, Blue Cross/Blue Shield, Fidelity Financial Services, Ford, Kroger, The New York New York, state, United States New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of Times, Office Depot, Philadelphia Stock Exchange Philadelphia Stock Exchange (PHLX) A securities exchange trading American and European foreign currency options on spot exchange rates. , Wachovia and government agencies. Consul has offices in the United States and the Netherlands, and 25 partners worldwide, including BMC Software. For additional information about Consul and its products, services and partners please call +1 800.258.5077 or +31 15.251.3333 (Worldwide), or visit www.consul.com. Consul InSight Security Manager, Consul InSight, Consul InSight Suite, Consul InSight Privileged User Monitoring and Audit solution are trademarks of Consul risk management, Inc. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion