COVELIGHT SYSTEMS ANNOUNCES NEW VERSION FOR GREATER PRIVACY PROTECTIONPercept 2.1 Enhances an Enterprise’s Ability to Safeguard Sensitive InformationCARY, NC, May 25, 2005 – Covelight Systems, Inc., an innovator of solutions that ensure business policy and regulatory compliance, today announced the availability of Percept 2.1. New features enhance privacy protection features of the current version of Percept. The newest version provides continuous monitoring and reporting of web-enabled application users’ access to sensitive information, including personal identity related information. In addition, Percept detects suspicious user activity and privacy breaches in real-time and streamlines the incident resolution process. Increasing Privacy Regulations Today, nearly every medium to large enterprise falls under the jurisdiction of at least one existing or proposed government privacy regulation. These include the Gramm-Leach-Bliley Act, HIPAA and California SB 1386 as well as new privacy laws currently being proposed in 20 states and in both houses of the U.S. Congress. These regulations have several common implications for enterprises that maintain sensitive personal information: First, they require an enterprise to establish adequate policies and controls to ensure that the personal data does not get into the wrong hands as a result of a security breach. Second, they require an enterprise to detect when a breach has occurred. And third, the regulations require the enterprise promptly notify all individuals who might be adversely affected by a breach. Because organizations share this sensitive personal data with partners, suppliers, service providers and even offshore outsourced operations, it is both critical and even more challenging for enterprises to establish and maintain proper controls to safeguard this information. As is evident from the recent series of news events, an information privacy breach against an enterprise can be devastating to the corporation’s brand, image, shareholder value as well as the individuals who are directly affected. Privacy Breaches Are Frequently Caused By Insiders None of these recent breaches involved typical hackers; in fact, many were perpetrated by authorized users with valid login credentials to web applications. The valid credentials gave these ‘insiders’ unrestricted access to the sensitive data, which was either accidentally compromised or deliberately stolen for financial gain. “Most information security breaches, and especially privacy breaches can be traced back to someone who has authenticated into the systems,†says Ira Winkler, information security expert and author of the book Spies Among Us. “They may have obtained the credentials legitimately or through fraudulent means, but they still appear as valid users to the systems.†Typical enterprises use web-applications for customer relationship management, employee self-service, health insurance portals, health-care patient management, consumer marketing information access, and student-faculty portals, among others; all of which facilitate access to personal information. The user populations for these applications are typically geographically diverse, and include enterprise employees, temporary workers, contractors, partners, customers and suppliers. In keeping with the first tenant of privacy regulations, it is crucial that the enterprise take measures necessary to secure this information, monitor its access, and quickly detect any potential breaches in order to mitigate the damage that could result. Percept Helps Enterprises Keep Private Information PrivatePercept is a security appliance from Covelight Systems that polices critical web-enabled applications with full-time usage surveillance to protect the integrity, privacy and confidentiality of enterprise information assets from abuse and misuse by the trusted “insider.†Percept is the only solution that monitors, learns and records the actions of individual application users and provides real-time detection and notification of usage policy and security control violations and suspicious activity – all supported by an extensive forensic audit trail. Uniquely equipped to guard against the insider threat to web-enabled sensitive data, Percept delivers the independent, actionable intelligence required to mitigate theft, fraud and abuse and hold application users accountable. Covelight Percept 2.1 delivers a number of features and benefits to enterprises serious about safeguarding the privacy of personal information from unwanted exposure via their web-enabled applications.
“We are excited about this new release,†said UNC-Pembroke’s associate vice chancellor and chief information security officer Dr. Maurice Mitchell. “We are very concerned about the privacy of our students’ personal information. Our Percept installations are an integral part of our strategy to protect it.†Immediate ResultsCovelight Percept installs transparently in any data center and is configured in less than one hour, delivering no-risk, non-intrusive in-depth monitoring and security analytics for any web application and its user community. Percept 2.1 is available immediately. For more information, visit www.covelight.com. To arrange a demonstration or a complimentary onsite evaluation, please call (919) 677-9680. About Covelight Systems Covelight Systems is an innovator of solutions that detect theft, fraud and abuse of critical web-enabled assets. The company’s patent-pending solutions deliver actionable intelligence in the form of real-time incident detection and notification, security analytics, and extensive forensic audit trails to ensure an enterprise’s web-application user community is held accountable. For additional information about the company's products and services, visit: www.covelight.com. Contacts
Joni Moore Acaggio
D. Mark Durrett |