Protecting Web-enabled Sensitive Data from Insider Threats
The 2005 Global Security Survey, released by Deloitte Touche Tohmatsu in June, identified internal attacks as a greater threat than external attacks to the information technology systems of the world’s largest financial institutions. Intellitactics and Coverlight Systems have joined together to provide an integrated product empowering organizations to identify attempts by authenticated users to access sensitive data in web-enabled applications that would otherwise go undetected.
“Corporate financials, customer data, and other trade secrets centralized in data centers are now accessible to a large number of users via web-based applications. Unfortunately the convenience of access comes abuse and misuse,” explains Scott Crawford, senior analyst with Enterprise Management Associates. “To make matters worse, the application environment is in a constant state of change, users are transient, access rights are rarely revoked, and user credentials are subject to phishing and identity theft. What’s at risk is the integrity and security of financial data, the privacy of entrusted customer and employee information, the confidentiality of sensitive business information, as well as the company’s reputation, brand, and shareholder value. The techniques of attackers and thieves are always evolving and nothing short of full-time vigilance will do.”
The alliance, announced last week, combines Intellitactics Security Manager software and Coverlight Percept Privacy Protection and Fraud Management technology to provide a holistic approach to security management. This powerful integration allows organizations to detect theft, fraud and abuse of web-enabled assets and accelerate the threat-management timeline. Compressing the “time to notification, time to investigation and time to remediation timeline” helps companies protect critical assets, avoid expensive and embarrassing security incidents and limit risk without sacrificing business effectiveness.
“As is evident from the recent series of news events, an information privacy breach against an enterprise can be devastating to the corporation’s brand, image, shareholder value as well as the individuals who are directly affected. Annual losses from security failures cost billions of dollars every year. Companies are under a lot of pressure to limit risk without sacrificing business effectiveness. This means they have to keep the bad guys out while they prevent losses coming from trusted insiders with unauthorized access to confidential information,” explains Randall K. Davis, president and CEO of Intellitactics. “Today, our customers rely on Security Manager for operational and informational control of complex security infrastructures. By integrating Coverlight Precept with Security Manager, we provide our mutual customers with a single database of audit log information that contains both Identity and Access Management information and Security infrastructure information.”
From an operational perspective, the offering empowers operations to passively monitor authenticated-user activity in real-time, receive security alerts in real-time, quickly investigate suspicious activity, and take immediate action to defend against and mitigate attacks. IT also allows them to maintain sensitive personal information to meet increasing privacy and auditing requirements imposed by compliance regulations including Gramm-Leach-Bliley, HIPAA, and California SB 1386 as well as privacy laws currently proposed in 20 states and both houses of the U.S. Congress.
“Today’s business conflict is quick and easy data access versus security and privacy,” explains Spencer Snedecor, CEO for Covelight. “The relative simplicity and economic benefits of web-enabled applications has introduced a new set of vulnerabilities that can be exploited by authenticated user access to confidential information and identity data. Criminals who use stolen IDs and passwords or set up fraudulent accounts to access sensitive data, and customers, employees, contractors, partners and other trusted insiders who succumb to temptation are proving to be more dangerous to enterprise security. According to Gartner, 70% of all security incidents come from insiders, and Ernst & Young reports that an insider attack against a large company causes an average of $2.7-million in damages, where the average outside attack costs $57,000.”