By Ann Silverthorn
—Next week, SenSage, a provider of enterprise security analytics software, will introduce the SenSage Compliance Bundle, a result of a partnership with EMC. The bundle combines SenSage's security analytics software with an EMC Centera content-addressed storage (CAS) system to yield a scalable security information management (SIM) solution.
Companies traditionally use activity logs from security and networking devices, software applications, and host operating systems for troubleshooting. More recently, companies have begun to understand that they can use these logs to evaluate their security posture and respond to security threats. Now, with the onset of compliance mandates, companies are required to create policies for access control and to guard against threats. These companies must be able to respond to violations or threats, not just in the present but even five or 10 years from now.
"For larger companies, this has created a data management nightmare," says Scott Gordon, vice president of worldwide business development at SenSage. "It's similar to having to capture e-mail activity to comply with Sarbanes-Oxley regulations. The activity logs can generate a large amount of data, even in a small company, that can add up to 15GB per day. Many companies put the data in a relational database, which expands storage requirements and increases the amount of processing power required to get through all of that data."
SenSage developed a security analytics solution that brings large amounts of log sources together in a centralized place and compresses the data so it's a tenth of its original size. It also allows high-speed queries against that data so users can continually monitor against violations and threats.
The types of queries a company might initiate would be to determine if there had been unauthorized access attempts to sensitive information or unusual system administrator activity, such as creating many new accounts and then accessing those accounts outside of normal operating hours.
Jon Oltsik, a senior analyst at the Enterprise Strategy Group, says, "We're rapidly moving toward a world where you never throw away management information. In the security world where you may be litigated, and have low-and-slow attacks that take years to unfold, you need to keep that data. The SenSage architecture is based on maintaining a large repository of data, while also being able to query that data over time. It's kind of the security management equivalent to moving from transactional databases to data warehouses."
SenSage stores the data on EMC's Centera CAS platform. The data is non-alterable and the capacity, which is readily extensible, includes daily backup for high availability.
An entry-level Compliance Bundle is priced at $200,000 and includes the SenSage software and a four-node Centera system. The package also includes SenSage's predefined rules and reports mapped to financial reporting, financial services, healthcare, and privacy or government guidelines.