Information about http://www.sensage.com/English/Collaterals/Case_Studies/SenSage_CaseStudy_GlobalFinance.pdf
…
Tags: auditing, business driver, case study, critical business, deployment, disaster recovery, event logs, financial fortune, fortune 500 company, global financial services, high net worth individuals, incident management, institutional clients, massive volume, municipalities, risk management solution, sarbanes oxley, security risk management, sox compliance, threat detection,Pages: 2
Language: english
Created: Fri Apr 1 08:55:43 2005
Display cached document
Page 1
Page 2
Global Financial Services Company
A Case Study
A global financial, Fortune 500 company deployed SenSage's security risk management solution to correlate
data from IDS, authentication and firewall event logs to centralize and improve threat detection and
management. After the initial successful deployment, which included multi-site disaster recovery, the
company doubled the size of deployment to conduct in-depth auditing for Sarbanes-Oxley (SOX) compliance.
The auditing results were also used as a baseline for enhancing incident management and investigations.
"SenSage is the only Company Profile
platform on the market SenSage's customer, a Fortune 500 financial company, serves the financial needs of corporations,
governments and municipalities, institutional clients, and high-net-worth individuals worldwide. The company
that can handle the operates within a network of offices around the world, with over 15,000 employees.
massive volume of data
generated by our critical Business Driver Threat Detection and Management, and Long-Term Analytics
This financial company initially approached SenSage to collect data and detect and manage threats from its
activities worldwide. IDS, authentication and firewall events. Retaining the historical data on-line to conduct ad-hoc queries,
With the ability to scale typically to investigate user activities, was one of their key requirements. Other requirements included daily
summary reports of the number of events by each host, by facility and by event type, and discontinuation of
for project scope events and anomalous host activities, and parameterized reports on specific incidents.
expansion, SenSage can
Results
meet high availability
The company deployed 20 nodes (10 in two major locations) to conduct analysis and run scheduled reports
and capacity from diverse enterprise event logs, including those from network, security, operating system and web
requirements driven by applications. The company conducts ad-hoc searches that augment SenSage's pre-defined reports to generate
customized reports targeted for review by each business user. The company also set up a post-processing
our business needs. query for reports which indicate problematic areas to investigate in-depth, particularly valuable for SOX
SenSage's product compliance. This process freed-up over-utilized resources and improved access control to align it with line of
business.
ROCKS!"
The Bottom Line
- Assistant Vice The financial service leader increased its security posture by ensuring both threat mitigation and SOX
President, compliance. By deploying the high performance, scalable SenSage platform to collect, analyze and store the
Fortune 500 Global events from enterprise-wide systems and applications, the company not only exceeded its initial compliance
Finance Company and security objectives but also streamlined its business operations.
SenSage Solution Summary:
Log Types: Report Types:
Industry: Financial Services
Business Drivers:
Network devices: Checkpoint Firewall and NetScreen Authentication and Access Control
Firewall
· Simplify compliance monitoring Operating System Activity
while ensuring adherence to Security: ISS-IDS Use of Privilege
audit control requirements Firewall Activities
Operating Systems: Windows Event, RACF syslog logs
· Support both threat detection
IDS Activity
and historical analysis Web Applications: Windows IIS, Apache error and access
· Retain data online and logs, WebSense, Tumbleweed, Investigate Hosts and Users
accessible to information NetCache, NSM IPlanet, Hosts with Suspicious Network
security team Access: CA eTrust Access Activity
· Achieve high performance and
scalability
· Support high availability and Daily log volume:
disaster recovery · 20-30 Gigabytes per day
SenSage, Inc., Copyright 2005
SenSage for Network Security
SenSage provides a comprehensive toolset to meet the network security requirements for threat mitigation and management. With custom
1. Pinpoint search basedadapters for collecting log data from critical perimeter security devices such as Symantec, Juniper-NetScreen, Checkpoint, and
on pattern recognition ISS, SenSage provides rapid collection and analysis of complete log data from the target log sources. The company's
(ad-hoc query) patent-pending correlation and storage capabilities facilitate the identification of otherwise hard to identify security
breaches that occur over time. Built-in correlation and pre-defined reports provide intelligent business
analytics that enable users to quickly identify, research, and respond to security violations.
What's Included in the toolset? Report Categories
Hosts with Suspicious Network Activity
SenSage delivers a solution set to support
Internal Users with Suspicious Activity
comprehensive network security investigations and
incident response by keeping all the data online Investigate Hosts
and accessible. The analytics package is capable Investigate Users
of detecting security threats which proliferate both Authentication and Access Control
rapidly and slowly. Operating System Activity
Firewall Activity
Premium package IDS Activity
The following provides the partial list of adapter Remote Access
types and report categories for the Network Systems and Security Event Management
Security premium package
Types of Log Adapters
Network
SenSage Product Facts Firewalls/VPN
Routers/Switches
Runs on commodity hardware Traffic Management
Traffic Analysis
Scales linearly for low-cost expansion
Remote Access
Retains complete log data, no filtering or indexing
Operating Systems
Yields massive, online availability of data based Midrange/Desktops
on Patent-pending compression Mainframe
3rd Party OS Audit Products
Utilizes parallel processing which ensures
redundancy of collection and storage Security
IDS/IPS
Antivirus
SIM/SEM/ESM
Vulnerability Management
SenSage Self-Audit
SenSage, Inc.
55 Hawthorne Street, Suite 700
San Francisco, CA 94105
Tel. 415.808.5900
www.sensage.com
© 2005 SenSage, Inc. All Rights Reserved. SenSage is a registered trademark of SenSage, Inc.
SenSage, Inc., Copyright 2005 All other brand names are Confidentialtheir respective holders.
- trademarks of - 3