Public Companies Facing Increasing Audit Pressure To Monitor User Behavior Inside the Network According to New Survey  
  SEARCH: Sign In | Register | Contact Us | Site Map | Home  

FFIEC News

Public Companies Facing Increasing Audit Pressure To Monitor User Behavior Inside the Network According to New Survey

(June 02, 2008)-- Securify announced the results of a new survey that confirms that auditors are increasingly asking the majority of public companies for more proof of monitoring user behaviors on the network. The survey of over 330 public companies, including detailed responses from over 100 companies, also showed that over 60 percent of companies surveyed had either already outsourced some network security to Managed Security Services Providers (MSSPs) or would considering doing so for identity-based monitoring. A good solution match for MSSP providers, Identity-based monitoring can help mitigate insider risk, a challenge which is difficult to achieve in a standardized way with existing IT resources. Insider threats have been at the forefront of recent breaches, even for companies that are in compliance with industry regulations like PCI.

Select details of the survey include:

* 68 percent of companies admitted that auditors are now asking for more proof of monitoring user behaviors on the network.
* 66 percent of companies are either already using a managed security services provider or would consider an outsourced or managed service offering that can help address monitoring behaviors on the network.
* Top MSSP partners used today include ATT, CSC, IBM, Trustwave, Unisys and Verizon (listed alphabetically).
* The survey included 330 public companies with revenues between $200 million and $1 billion with detailed responses from over 100 companies.
* The companies surveyed represented industries including Retail, Pharmaceutical, Energy, Financial Services and Chemical Manufacturing.
* The survey was completed over a 60 day period by independent survey firm ReachForce at the request of Securify.

In addition to its direct and channel sales models, Securify works directly with leading Internet Service Providers (ISP's), Managed Service Providers (MSPs) and Managed Security Services Providers (MSSPs) to offer our unique identity-based discovery and control capabilities to enterprise customers as a managed service. Securify monitors network traffic and correlates this against login data from directories (e.g. Microsoft Active Directory) to present an intuitive view of which users are accessing which systems via what services. The unique Securify Discovery view is designed for rapid, easy and cost-effective use by MSSP teams.

MSSPs typically use Securify to deliver value-added services to their own clients, and also to streamline and standardize complex security operations within their MSSP practice areas:

For their clients, MSSPs utilize Securify to automatically discover which insiders are on their network, where they are going and what they are doing & when, all presented via highly intuitive dashboard views, all in real-time and in a minimally invasive way on each network. This enables the client to then apply controls based on this view, immediately identify policy violations and take action to mitigate risks. MSSPs also utilize Securify to generate precise reports to help their clients prove to auditors and management that the appropriate Governance, Risk and Compliance (GRC) obligations are met.

Even companies that have achieved PCI and other audit compliance have suffered breaches due to a lack of identity-based access verification. Securify’s identity-based approach has helped existing clients detect and prevent substantial breaches involving insiders. Securify also helps meet and exceed PCI standards, specifically:

For Requirement 1.1.7: Securify is used to efficiently discover and control all risky protocols, even when tunneled or obfuscated over non-intended ports.

For Requirements 6.3.3, 7.1, 7.2, 8.1, 10.1 Securify is used to continuously discover and control access, by identity, to ensure use of only appropriate systems.

For Requirement 11.1, One of Securify’s core strengths is to protect the inside of the network leveraging existing flow-based data in order to “Test security controls, limitations, network connections, and restrictions annually to assure the ability to adequately identify and to stop any unauthorized access attempts."

In addition, Securify is currently used by MSSP analysts to resolve intrusion detection system (IDS) and firewall alerts 70% more efficiently than traditional methods, saving workload and increasing profit margins in the competitive MSSP marketplace.

“Security and Network operations teams have worked hard to secure the perimeters of their networks, and prove their security posture to auditors. But now, the audit screws are tightening down inside the network,” said Richard Greene, EVP, Worldwide Operations, Securify. “Securify works with MSSP partners to deliver a true identity-based monitoring solution that in turn provides a tamper-proof view of what each user is doing on the network. From FISMA for our Federal clients to PCI for our commercial customers, Securify helps substantially improve audit scores, mitigate existing risks and also preparing organizations for the next generation of audit requirements.”



Share or bookmarklet this web page at:



Google
Privacy Policy | Terms & Conditions | Support | Directory Links | Contact Us | Site Map | Home
Copyright © 2007-2008 ComplianceHome.com. A SUPREMUS GROUP venture. All rights reserved.