EventTracker v7.1 Alerts Users to Security Breaches
New version can alert authorities to suspicious data downloads such as those by WikiLeaks of classified information
Note: ESJ’s editors carefully choose vendor-issued press releases about new or upgraded products and services. We have edited and/or condensed this release to highlight key features but make no claims as to the accuracy of the vendor's statements.
Prism Microsystems, a SIEM solutions provider for the midsize enterprise, has released EventTracker v7.1 with enhanced features including USB and writeable media monitoring. This technology release is timely; EventTracker is notified any time a USB device or writeable media is inserted and can potentially prevent episodes like the recent WikiLeaks release of 250,000 classified U.S. diplomatic cables caused by a vast internal security breach within a U.S. government facility.
The proliferation of writeable media devices such as USB thumb drives and CD/DVD-W has created security challenges in private networks. As in the WikiLeaks case, much of the more serious theft of organizations’ data today is from internal sources. It takes only a few seconds to utilize these devices to copy confidential data from a desktop. A key feature of EventTracker v7.1 is its ability to monitor removable media, allowing organizations to detect and in many cases, prevent confidential data loss and limit purposeful attacks from insiders.
According to A.N. Ananth, CEO of Prism Microsystems, USB drives and writeable media provide great efficiency but the potential for misuse is high. Very large volumes of data can be copied in seconds.
On servers or workstations, the EventTracker Windows Agent is notified any time a USB device or writeable media is inserted or removed. The EventTracker Agent monitors all file-change activities for these devices, including any adds, modifications, deletions, or copies that are made. This information, as well as the time and date, the drive letter, and the user name, are provided to the enterprise in real time. Based on predefined policy, EventTracker can generate an incident alert to notify IT personnel, launch automatic remediation actions, or block unauthorized USB devices.
Additional enhancements to EventTracker v7.1 include a new XML API and support for Smart Cards (HSPD12).
Additional information is available at http://www.prismmicrosys.com.