Enhancements to Flagship Product Boost Auditing, Threat Detection and Reporting Capabilities While Further Reducing Cost of Ownership

CARY, NC, March 2, 2005 – Covelight Systems, Inc., an innovator of solutions that ensure
business policy and regulatory compliance, today announced the availability of Percept 2.0, a
new version of software for its flagship product that significantly enhances protection of webenabled information assets. New enhancements include incident detection and notification based on Percept threat event correlation, detection and tracking of sensitive information access and executive level reporting capabilities.

Percept is a security appliance from Covelight Systems that polices critical web-enabled applications with full-time usage surveillance to protect the integrity, privacy and confidentiality of enterprise information assets from abuse and misuse by the trusted “insider.” Percept monitors, learns and records the actions of application users and provides real-time detection and notification of usage policy and security control violations and suspicious activity – all supported by an extensive forensic audit trail. Uniquely equipped to guard against the insider threat to web-enabled sensitive data, Percept delivers the independent, actionable intelligence required to
mitigate theft, fraud and abuse and hold authenticated users accountable.

Can you trust your trusted users?

Corporate financials, sales forecasts, entrusted customer data, operational reports and other trade secrets have been centralized in data centers and are now accessible to a large number of users via web-based technologies, subjecting them to abuse and misuse by the users of mission-critical applications. This “enterprise web user community” consists of employees, trusted partners, suppliers and contractors – all of whom have valid user credentials.

“With the vast majority of theft and fraud stemming from insider abuse, it is quickly becoming
necessary to focus IT security resources beyond the perimeter and onto the actual users of the applications,” said Jon Oltsik, Senior Analyst with Enterprise Strategy Group. “Enterprises grappling with this problem really haven’t had access to any tools to help them cope. With Percept, Covelight is offering an innovative solution for the proactive enterprise concerned about the insider threat.”

Percept helps enterprises trust but verify

The development of Percept 2.0 was guided by customer feedback from installations of the 1.x platform, and includes a number of enhancements that reduce the total cost of ownership and increase its ability to protect sensitive information assets. Feature enhancements in Percept 2.0 include:

• High-level incident detection and notification. Percept 2.0 introduces the concept of highlevel incident detectors that only trigger when a set of correlated threat events occur.
Previous versions of Percept included only the discrete threat event detection and
notification. Examples of incidents detected include suspicious user activity, shared login
credentials, access policy violation, data mining, and hacker activity.

• Ability to track and measure the users’ interaction with sensitive information assets.
With 2.0, Percept can detect and measure the access to sensitive areas of the application,
documents and sensitive object patterns such as credit card, bank account and U.S. Social
Security Numbers. In addition, Percept automatically baselines each users’ typical
interaction with sensitive information, and alerts the appropriate personnel when abnormal
levels of access are detected.

• Ability to concisely communicate the security posture of the applications and sensitive
information assets to others in the organization through executive-level reporting.

• Enhanced operator efficiencies, reducing the time to resolve an incident. A simplified
and more intuitive management console, structured around three primary use cases of
incident investigation, usage auditing, and forensic justification as well as enhanced forensic
details is included in Percept 2.0.

• Enhanced support for third party integration. Percept 2.0 includes support for Syslog
messages and network timing protocol (NTP).

“Covelight’s Percept is the only product we know of that consolidates all the essential tools
necessary to safeguard our web applications from abuse and misuse by our users with valid
credentials,” said Dr. Maurice Mitchell, Associate Vice Chancellor and Chief Information
Officer at the University of North Carolina at Pembroke. “This release [2.0] represents a
significant step in the maturation of Percept, which was already a very solid product delivering value in our datacenter.”

First Citizens Bank agrees. “We know of no other solution like Covelight Percept,” said Chip Wentz, vice president of information security at the regional bank. “It uniquely gives us visibility into how our users are accessing the sensitive data in our web-enabled financial applications, and proactively notifies us when our business use policies have been violated. Percept has enabled us to dramatically mitigate the risk associated with operating these applications”

Immediate Results

Covelight Percept installs transparently in any data center and is configured in less than one hour, delivering no-risk, non-intrusive in-depth auditing, analytics and forensics for any web application and its user community. Percept 2.0 is available immediately.

About Covelight Systems
Covelight Systems is an innovator of solutions that detect theft, fraud and abuse of critical webenabled assets. The company’s patent-pending solutions deliver actionable intelligence in the form of real-time incident detection and notification, operational and security analytics, and extensive forensic audit trails to ensure an enterprise’s web-application user community is held accountable. Founded in 2002, the company is headquartered in Cary, North Carolina. For additional information about the company's products and services, visit: www.covelight.com.
Contacts:
Joni Moore
Acaggio Public Relations
508-308-7900
jmoore@acaggio.com
D. Mark Durrett
Covelight Systems
(919) 677-9680 x-202
mdurrett@covelight.com

Back to Portfolio News