HP targets energy compliance with appliance

By Robert Westervelt, News Editor 15 May 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Energy is a very underserved market and out of any compliance regulations, NERC are probably the most demanding. Frank Bien, vice president of products and alliances, SenSage Inc.

The goal of the appliance is to help energy companies meet the North American Electric Reliability Corporation (NERC) 2006 cyber security and audit requirements, said Frank Bien, vice president of products and alliances of San Francisco-based SenSage, a software vendor, which develops the data management software at the heart of the appliance.

"Energy is a very underserved market and out of any compliance regulations, NERC are probably the most demanding," Bien said in an interview with SearchSecurity.com.

NERC, a not-for-profit industry group responsible for keeping electricity flowing throughout the United States and Canada, approved a set of standards last year to address data security, training, physical security and data recovery. NERC had been working to establish a set of guidelines since the Aug. 14, 2003 blackout in which a sagging high voltage line in Ohio caused a power failure that plunged 50 million people in eight states and a Canadian province into darkness.

The HP TCS-e device scans company databases to collect and store event data records to enable companies to meet audit and investigations by giving them the ability to produce reports and analyze the time-stamped transaction data. The data can be used to detect suspicious activity such as insider threats and data security breaches.

The appliance is a dual-processor Linux system designed to scale with the amount of logging data collected. Bien said businesses can add more nodes to the cluster to improve performance when conducting an analysis on historical log data. It's easy to throw commodity hardware at it, he said. It can scale from one node to 20 to 30 nodes in a cluster, he said.

To collect the log data SenSage provides about 200 different adapter types. Agents are also used to get information out of Windows, Bien said. Customization may also be needed to connect to proprietary applications.

A number of vendors have stepped up in recent years to address NERC compliance pains. Cupertino, Calif.-based Symantec Corp. offers a variety of services, appliances and software to address NERC, review NERC guidelines and develop a security plan to become compliant. San Diego Calif.-based Akonix Systems, Inc. also sells appliances to address NERC compliance.

Tags: IT Security Audits,  Identity Theft and Data Security Breaches,  FISMA,  Enterprise Risk Management: Metrics and Assessments,  Identity Theft and Data Security Breaches,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT IT Security Audits MasterCard increases PCI compliance requirements for some merchants How to write a risk methodology that blends business, security needs PCI compliance requirement 11: Testing Using IAM tools to improve compliance Forensic accounting success depends on information security support HIPAA compliance: New regulations change the game PCI DSS Q&A: Answering your questions Maltego demo: Identifying a website's trust relationships PCI QSA assurance program penalizes assessors Strategies for email archiving and meeting compliance regulations Identity Theft and Data Security Breaches How to prevent and build protection against online identity theft Heartland breach highlights PCI limitations FBI investigates coordinated ATM scam Encrypt now to meet new Mass. data protection law Recovery plans essential for preventing data loss disasters Internal auditors and CISOs mitigate similar risks Cybersecurity expert sees PCI DSS problems ahead for retailers PCI is about eliminating data, not securing it, former QSA says Data breach discovery, disclosure outpaces 2007 PCI groups to focus on wireless, pre-authorization changes Identity Theft and Data Security Breaches Research FISMA DHS fills National Cybersecurity Center post Experts optimistic of Obama cybersecurity plan WH cybersecurity plan needs private sector guidance White House cybersecurity czar faces major hurdles Feds should get private sector advice on cybersecurity ICE Act would create White House cybersecurity post Experts alarmed over U.S. electrical grid penetration Group identifies top 20 security controls to thwart cyberattacks FISMA compliance made easier with OpenFISMA Learn from NIST: Best practices in security program management FISMA Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Federal Information Security Management Act  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary