Percept 2.1 Enhances an Enterprise’s Ability to Safeguard Sensitive Information
CARY, NC, May 25, 2005 – Covelight Systems, Inc., an innovator of solutions that ensure business policy and regulatory compliance, today announced the availability of Percept 2.1. New features enhance privacy protection features of the current version of Percept. The newest version provides continuous monitoring and reporting of web-enabled application users’ access to sensitive information, including personal identity related information. In addition, Percept detects suspicious user activity and privacy breaches in real-time and streamlines the incident resolution process.
Increasing Privacy Regulations Today, nearly every medium to large enterprise falls under the jurisdiction of at least one existing or proposed government privacy regulation. These include the Gramm-Leach-Bliley Act, HIPAA and California SB 1386 as well as new privacy laws currently being proposed in 20 states and in both houses of the U.S. Congress.
These regulations have several common implications for enterprises that maintain sensitive personal information: First, they require an enterprise to establish adequate policies and controls to ensure that the personal data does not get into the wrong hands as a result of a security breach. Second, they require an enterprise to detect when a breach has occurred. And third, the regulations require the enterprise promptly notify all individuals who might be adversely affected by a breach.
Because organizations share this sensitive personal data with partners, suppliers, service providers and even offshore outsourced operations, it is both critical and even more challenging for enterprises to establish and maintain proper controls to safeguard this information. As is evident from the recent series of news events, an information privacy breach against an enterprise can be devastating to the corporation’s brand, image, shareholder value as well as the individuals who are directly affected.
Privacy Breaches Are Frequently Caused By Insiders None of these recent breaches involved typical hackers; in fact, many were perpetrated by authorized users with valid login credentials to web applications. The valid credentials gave these ‘insiders’ unrestricted access to the sensitive data, which was either accidentally compromised or deliberately stolen for financial gain. “Most information security breaches, and especially privacy breaches can be traced back to someone who has authenticated into the systems,” says Ira Winkler, information security expert and author of the book Spies Among Us. “They may have obtained the credentials legitimately or through fraudulent means, but they still appear as valid users to the systems.”
Typical enterprises use web-applications for customer relationship management, employee self-service, health insurance portals, health-care patient management, consumer marketing information access, and student-faculty portals, among others; all of which facilitate access to personal information. The user populations for these applications are typically geographically diverse, and include enterprise employees, temporary workers, contractors, partners, customers and suppliers. In keeping with the first tenant of privacy regulations, it is crucial that the enterprise take measures necessary to secure this information, monitor its access, and quickly detect any potential breaches in order to mitigate the damage that could result.
Percept Helps Enterprises Keep Private Information Private
Percept is a security appliance from Covelight Systems that polices critical web-enabled applications with full-time usage surveillance to protect the integrity, privacy and confidentiality of enterprise information assets from abuse and misuse by the trusted “insider.” Percept is the only solution that monitors, learns and records the actions of individual application users and provides real-time detection and notification of usage policy and security control violations and suspicious activity – all supported by an extensive forensic audit trail. Uniquely equipped to guard against the insider threat to web-enabled sensitive data, Percept delivers the independent, actionable intelligence required to mitigate theft, fraud and abuse and hold application users accountable.
Covelight Percept 2.1 delivers a number of features and benefits to enterprises serious about safeguarding the privacy of personal information from unwanted exposure via their web-enabled applications.
1. Sensitive information reports – know which users are the top consumers of sensitive information, and who is accessing sensitive files and personal identifiers, such as U.S. Social Security Numbers, credit card or ABA bank account numbers, telephone numbers, and email addresses. This information is crucial to regular privacy audits.
2. Policy compliance reports – know which users have violated your policies - when and to what extent. These reports may be generated and distributed daily or on demand.
3. Real-time incident detection and notification – know immediately when your policies are violated, controls are broken or when a user is behaving suspiciously. For example, when a user is accessing an excessive amount of sensitive information compared to his/her typical profile, Percept will automatically detect this and notify the appropriate personnel. This early warning notification system is similar to the fraud detection systems used by credit card companies to detect suspicious credit card activity before they have incurred significant financial loss.
4. Rapid incident resolution – Percept collects and maintains extensive information about users, their sessions, and the application activity as well as details about the level of sensitive information exposed in a given incident. These are presented in an easy-to-use management console that enables the incident management team to rapidly determine the perpetrators, the cause of the incident and the extent of the damage.
“We are excited about this new release,” said UNC-Pembroke’s associate vice chancellor and chief information security officer Dr. Maurice Mitchell. “We are very concerned about the privacy of our students’ personal information. Our Percept installations are an integral part of our strategy to protect it.”
Covelight Percept installs transparently in any data center and is configured in less than one hour, delivering no-risk, non-intrusive in-depth monitoring and security analytics for any web application and its user community.
Percept 2.1 is available immediately. For more information, visit www.covelight.com. To arrange a demonstration or a complimentary onsite evaluation, please call (919) 677-9680.
About Covelight Systems Covelight Systems is an innovator of solutions that detect theft, fraud and abuse of critical web-enabled assets. The company’s patent-pending solutions deliver actionable intelligence in the form of real-time incident detection and notification, security analytics, and extensive forensic audit trails to ensure an enterprise’s web-application user community is held accountable. For additional information about the company's products and services, visit: www.covelight.com. Contacts: Joni Moore Acaggio Public Relations 508-308-7900 firstname.lastname@example.orgD. Mark Durrett Covelight Systems (919) 677-9680 x-202 email@example.com
Back to Portfolio News