New SenSage 3.5 Smashes Event Data Management Barriers: Scalability, Retention, and Analysis

Posted by tadelste on Oct 10, 2005 12:56 PM EDT
PR Newswire; By Press release
Mail this story
Print this story

Enterprise-Class Security Analytics Solution Cost-Effectively Accelerates Compliance and Investigation

SAN FRANCISCO, Oct. 10 /PRNewswire/ -- SenSage, Inc., the leading provider of enterprise security analytics, today introduced SenSage 3.5 which overcomes event-data management obstacles, and streamlines compliance, investigation and monitoring processes. Unlike alternative solutions, SenSage's breakthrough approach takes advantage of its unique architecture developed to cost- effectively provide the highest levels of performance, scalability and data retention. SenSage 3.5 includes a new integrated management console, extended clustering and high availability, and enhanced reporting and analytics.

"SenSage has essentially addressed the scalability and cost concerns associated with aggregating, retaining and readily analyzing activity logs to monitor internal controls and investigate threats," said Preston Wood, chief information security officer of Zions Bancorporation, a leading banking institution. "Not only are we seeing greater process efficiencies, but we can apply new and previously cumbersome measures that fortify our corporate policy and complement regulatory efforts." Event Data Management, Performance and Retention Obstacles

Regulatory compliance, internal and sophisticated threats, and thorough security investigations require collecting, retaining and analyzing terabytes of system-activity (referred to as "event") data for as long as seven years. Most commercial and "homegrown" security information management (SIM) solutions rely on relational database management system (RDBMS) approaches that were not designed for high-volume, event-data capture, analysis, and long-term retention. Thus, these systems are inherently limited in fully meeting compliance mandates for consistent monitoring, in-depth investigation, and iterative analysis. These drawbacks can impede an organization's ability to reduce security risks, such as insider abuse, sophisticated attacks, and privacy leakage. SenSage's enterprise security analytics solution eliminates these deficiencies.

"The sheer volume of event data required for meeting security compliance and operations management poses an executive problem -- how much is enough, how much is usable, how might monitoring needs change, and at what cost?" said Phebe Waterfield, senior security solutions analyst at The Yankee Group. "SenSage's unique architecture and compliance solution-packaging yields the flexibility, scale, and cost benefits needed by those adopting appropriate security analytics." SenSage Delivers Peerless Security Data Management

SenSage is peerless in delivering the combination of event-data collection, compression, retention and analytics. SenSage provides the most scalable means to centrally aggregate, efficiently analyze, dynamically monitor and cost-effectively store high-volumes of event log data.

SenSage collects data from a broad range of sources at a sustained rate of 87,500 events per second, and scan that data at 2,000,000 records per second (assuming a five-node cluster). This real-world scan rate is that of a complex sub-string URL search with full data extraction. As such, users do not have to make compromises about which systems to monitor or which data to collect. And, it allows users to get faster results from a huge repository of multiple-source event data.

When storing event data, SenSage can compress it to as little as 10 percent of the original, raw, event-log data; and 2.5 percent the size of that stored using an RDBMS. Since SenSage is based on a purpose-built repository with self-optimized storage, it also avoids RDBMS tuning and archiving. Clearly, users can store all their event data without outrageous storage and administrative costs.

Yet, the compressed data is organized in a way that supports very fast queries, especially the iterative type, pattern-matching and sub-string searches so characteristic of investigations. As a result, users can efficiently analyze all the event data in the repository, as opposed to using data subsets or restoring archives. Furthermore, SQL queries can be executed against the repository.

"Our corporate customers represent organizations that have hit or will hit a data-management brick wall using homegrown or commercial SIMs. This is reflected by huge storage and database administration costs, the inability to accommodate and effectively utilize large amounts of event data, as well as slow and unpredictable reporting and investigation processes," said Jim Pflaging, chief executive officer at SenSage, Inc. "SenSage 3.5 scalability solves real-world compliance and security data management issues and further extends our analytics and performance advantages." SenSage 3.5 Architecture

The SenSage 3.5 architecture is designed for event-centric, high- performance collection and analysis of terabytes of event log data. It enables unparalleled precision and long-term search and trending, yet offers significant storage-capacity and operational savings. Using clustering and parallel-processing technology, SenSage 3.5 provides incremental scalability on load and query throughput as well as redundant data capacity. Its appliance-like flexible configuration supports clustering of inexpensive commercial off-the-shelf hardware. SenSage 3.5 features:

-- a new management console with tabular format that streamlines

administration and investigation for greater user productivity,

-- a user interface that integrates real-time and long-term compliance

monitoring, alerting, and reporting with accelerated ad-hoc

investigation,

-- enhanced trend, anomaly and operational reporting, which leverages

predefined and custom exception and authorized-access monitoring,

incident scope, and root-cause analysis,

-- multi-tenancy for line-of-business and compliance-relevant asset

tagging, tiered, roles-based privileges, logical data segregation, and

authenticated access via directory services. Additionally, customers can optionally leverage the compliance-ready, scalable and reliable storage of EMC(R) Cetera. SenSage is Centera-proven certified and yields transparent performance at 95 percent that of primary SenSage storage. The SenSage, EMC combination maintains a compliance-ready security data management platform that is unalterable, yet provides online retention with fast and precise answers. Patent-pending technologies that underpin SenSage capabilities include:

EventScope -- which bridges real-time with long-term event-log analysis by delivering flexible, precise, and rapid search capabilities -- regardless of the number of correlated fields, event log sources, and time range. Swift results materially improve audit and investigation productivity.

IntelliSchema -- which enables fast, broad-source correlation by initiating parsed, event-log-data mapping intelligence at query time within a virtual schema. This avoids performance, storage and updating impact associated with changes or new fields introduced within large, often fixed schemas. It also provides data normalization flexibility, enabling the capture and use of all available data without immediate parsing rule requirements.

CompresStor -- which algorithmically compresses and stores volumes of like-parsed, event-log data in separate datastores, regardless of event log source. This repository technology provides high-speed data insertion and search, significant raw data compression, compliant data storage and redundancy, and query-capable compressed data sets. Availability

SenSage 3.5 is available and supports appliance-like deployment and configuration. The SenSage system and each SenSage Scalable Log Server (SLS) can be placed on one system, or components can be distributed across multiple systems for scalable performance, high availability and distributed data collection and analysis. The system operates on inexpensive, commercial off- the-shelf platforms running Red Hat Linux.

This enterprise-class software is priced starting at $70,000 with total price determined by performance, retention, distribution and source-type requirements. The core software can be complemented with SenSage Analytics Packages for Sarbanes-Oxley, HIPAA, FFIEC and other compliance guidelines. SenSage 3.5 is available direct from SenSage or through selected partners. About SenSage

SenSage, the leading provider of enterprise security analytics, offers unparalleled performance and a scalable means for organizations to centrally aggregate, efficiently analyze, dynamically monitor and cost-effectively store massive volumes of event log data. Our solutions empower companies to readily respond to business-critical threats, conduct thorough and precise investigations, and maintain compliant operations. Based in San Francisco, CA, SenSage currently protects Global 2000 customers in financial services, government, healthcare, manufacturing, and technology. The company markets its product directly and through partners including Cerner, EMC, Hewlett- Packard, and Lockheed Martin. For more information, visit http://www.sensage.com.

Media Contact:

Kerry Swanson

Dovetail Public Relations

408-395-3600

kerry@dovetailpr.com

  Nav
» Read more about: Groups: Red Hat; Story Type: News Story

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.