Government agencies and contractors face a huge crisis today. Amidst budget cuts and public scrutiny, they now face a whole new level of attack from hactivists and cybercriminals who are intent on exposing critical information and taking down their systems. Whether driven by a political statement, a nuisance or a true breach, IT organizations must treat each attack with the same diligence.
To make matters worse, governments and their trusted connections must comply with data retention and privacy regulations. They are required to collect, store and analyze event data and logs from all relevant systems in a variety of different formats.
As recently as October 2011, an Executive Order by President Obama provides direction to government agencies on matters of Insider Threat. Read more about this.
At the core of this order and other data and privacy regulations is the shared set of goals: to protect sensitive information assets, detect suspicious events, and respond and contain incidents. Each of the following regulations include specific requirements for audits of sensitive information systems and personally identifiable information (PII). Sensage helps satisfy requirements from multiple agencies in a single system.
| Regulation | Description |
|---|---|
|
Federal Information Security Management Act (FISMA) |
Defines security standards for all federal agencies, excluding those designated for national security |
| National Industrial Security Protection Operating Manual (NISPOM) | Department of Defense (DoD) standards for government contractors to protect classified information |
| DoD Instruction 8500.2 | Procedures for protecting DoD information systems and networks |
| Director of Central Intelligence Directive 6/3 | Requirements for protecting intelligence information for all applicable US government agencies and commercial contractorrs |
| Directive 2006/24/EC of the European Parliament & Council | Mandates for Member States to incorporate into local legislation and enforcement practices |
In order to address these mandates, government agencies and their trusted connections - including contractors - must petabytes of log and event data coming from every "system of record." Yet, traditional security, log management and data warehouse solutions are poorly suited to address the challenges this imposes - just the data warehousing and query access issues are staggering.
Sensage delivers a purpose-built event data warehouse suited to address the needs of collecting, storing and analyzing massive amounts of log and event data. Sensage solutions have been validated for Common Criteria and in process for FIPS 140-2.
Sensage has a strong presence in the government sector, including national defense, federal civilian, state and local agencies. Customers include the US Defense Information Systems Agency (DISA), National Security Agency (NSA), National Defense University, US Air Force, US Navy, The Center for Medicaid Services, Veteran’s Administration, US Census Bureau, The Department of Treasury including Internal Revenue Service (IRS), Office of Comptroller of the Currency (OCC).
Sensage also partners with leading resellers and integrators who service Governments worldwide.
