HP targets energy compliance with appliance

By Robert Westervelt, News Editor 15 May 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Energy is a very underserved market and out of any compliance regulations, NERC are probably the most demanding. Frank Bien, vice president of products and alliances, SenSage Inc.

The goal of the appliance is to help energy companies meet the North American Electric Reliability Corporation (NERC) 2006 cyber security and audit requirements, said Frank Bien, vice president of products and alliances of San Francisco-based SenSage, a software vendor, which develops the data management software at the heart of the appliance.

"Energy is a very underserved market and out of any compliance regulations, NERC are probably the most demanding," Bien said in an interview with SearchSecurity.com.

NERC, a not-for-profit industry group responsible for keeping electricity flowing throughout the United States and Canada, approved a set of standards last year to address data security, training, physical security and data recovery. NERC had been working to establish a set of guidelines since the Aug. 14, 2003 blackout in which a sagging high voltage line in Ohio caused a power failure that plunged 50 million people in eight states and a Canadian province into darkness.

The HP TCS-e device scans company databases to collect and store event data records to enable companies to meet audit and investigations by giving them the ability to produce reports and analyze the time-stamped transaction data. The data can be used to detect suspicious activity such as insider threats and data security breaches.

The appliance is a dual-processor Linux system designed to scale with the amount of logging data collected. Bien said businesses can add more nodes to the cluster to improve performance when conducting an analysis on historical log data. It's easy to throw commodity hardware at it, he said. It can scale from one node to 20 to 30 nodes in a cluster, he said.

To collect the log data SenSage provides about 200 different adapter types. Agents are also used to get information out of Windows, Bien said. Customization may also be needed to connect to proprietary applications.

A number of vendors have stepped up in recent years to address NERC compliance pains. Cupertino, Calif.-based Symantec Corp. offers a variety of services, appliances and software to address NERC, review NERC guidelines and develop a security plan to become compliant. San Diego Calif.-based Akonix Systems, Inc. also sells appliances to address NERC compliance.

Tags: IT Security Audits,  FISMA,  Enterprise Risk Management: Metrics and Assessments,  Identity Theft and Data Security Breaches,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT IT Security Audits Standards compliance does not equal sound information security risk management Tony Spinelli: Prioritize Information Security over Compliance How to prepare for a FERPA audit MasterCard increases PCI compliance requirements for some merchants How to select a set of network security audit guidelines How to write a risk methodology that blends business, security needs PCI compliance requirement 11: Testing Using IAM tools to improve compliance Forensic accounting success depends on information security support HIPAA compliance: New regulations change the game FISMA GAO report cites government weaknesses, data leakage DHS fills National Cybersecurity Center post Experts optimistic of Obama cybersecurity plan WH cybersecurity plan needs private sector guidance White House cybersecurity czar faces major hurdles Feds should get private sector advice on cybersecurity ICE Act would create White House cybersecurity post Experts alarmed over U.S. electrical grid penetration Group identifies top 20 security controls to thwart cyberattacks FISMA compliance made easier with OpenFISMA FISMA Research Enterprise Risk Management: Metrics and Assessments How to avoid Internet liability lawsuits Bruce Jones: Report Security and Risk Metrics in a Business-Friendly Way Bernie Rominski: Communicate Effectively with Management about Risk Best Policy and Risk Management Products Monitoring program data and internal controls for risk management Risk management strategy for an information technology solution provider Align your data protection efforts with GRC The basics of enterprise GRC project management RSA council addresses growing security risks in the cloud How to write a risk methodology that blends business, security needs Enterprise Risk Management: Metrics and Assessments Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Federal Information Security Management Act  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary