Top 10 Questions You Must Ask Before You Buy A SIM Solution (registration required)
		Enterprise Security Analytics Datasheet
		SenSage FAQs

What is an Event Data Warehouse?

Enterprise Security Analytics provides a scalable log management platform, which optimizes event collection, retention and analysis to automate compliance reporting, investigation and security decision support processes.

In order to maintain compliance with corporate, industry and regulatory security guidelines, as well address blended and insider threats, organizations implement process controls such as monitoring activity regarding privileged user access, system integrity and sensitive data use.  All these tasks demand long-term retention and analysis of event log data. This event log data, generated by network operating systems, network devices and applications, must be consistently captured and correlated in near real-time. As well, the data needs to be assessed against appropriately preserved long-term data stores.

When utilized, event log data, is an invaluable information asset. But controlling this data presents organizations with costly data management problems because it often consumes terabytes of storage and processing capacity. SenSage’s patented Scalable Log Server technology overcomes event data management barriers enabling organizations to extract actionable results and reduce risks.

What problems can SenSage solve?

Event log management is an effective analysis tool to identify blended, sophisticated attacks. A single event may not have significance, but multiple event patterns can and do provide insight into attacks, breaches, faults and systemic problems. Multiple failed logins, followed by a successful login, followed by a system with administrative privileges analyzing other internal systems represents a significant security breach. Without tools to bridge activities across systems and applications spanning weeks, months and even years of time, it is difficult if not impossible to understand the full contextual risk of an event – be it a security breach or a process failure.

Insider threats represent an even greater challenge because most of the activity described is permitted by network and applications access controls. No alarms will result on the individual systems and applications being accessed by privileged users. This is another example where event correlation among varied sources is critical with respect to unusual activity monitoring, forensic investigations and event reconstruction. By setting normal use thresholds, patterns can be identified to expose insider abuse, policy violations or operation anomalies. By readily enabling users to see immediate alerts and examine historic patterns of relevance, incidents can be fully exposed and policies can be set to reduce the possibility of repeated incidents. Learn the advantages of the SenSage Event Data Warehouse.

IT organizations are under increasing pressure to comply with various regulatory and industry guidelines concerning confidentiality, integrity, protection and availability. While all US public companies now must comply with Sarbanes Oxley (SOX), it is common for large organizations to face multiple compliance requirements relative to their business and industry. The majority of compliance mandates require control policies that assess appropriate user access and supporting infrastructures as well as facilitate violation and anomaly investigation. This entails consistent and complete event log data collection, timely review, standards of reporting and audit, and retention of auditable records and supportive data. Event log management system monitoring, reporting and auditing functionality that complement corporate procedures demonstrates due process for compliance.