– Scott Paly, co-founder and CEO for Global DataGuard (www.globaldataguard.com), says:
In the United States alone, the total number of records containing sensitive personal information involved in a reported security breach since January 2005 has risen to approximately 542,355,201 million, and the average time to resolve a cyber-attack once it has been detected is at least 18 days, according to a Cost of Cyber Crime Study conducted by the Ponemon Institute.
The company also found in a related study on the True Cost of Compliance that the expense associated with achieving and maintaining compliance is, on average, more than $3.5 million – noticeably less than the $9.4 million in estimated costs for failing to comply with regulations. This cost analysis provides a critical frame of reference for IT management because it suggests that a higher investment in compliance-related activities reduces the negative consequences and costs associated with non-compliance.
Weighing the Cost of Non-Compliance – An IT Security Challenge
Achieving and maintaining compliance has been a key issue for IT managers for years and it is surprising that it continues to be such a significant challenge for almost every business, regardless of size. You need only look at this year’s data breach statistics across healthcare, banking, financial, and retail markets, among others, to know that the problem is not going away any time soon.
Why? It’s because most network security technology is reactive in nature, and nearly all enterprise security systems that are deployed today are comprised of disparate applications and appliances that do not retain and correlate suspicious traffic for more than a few minutes.
In order to safeguard network assets, protect confidential data and maintain compliance within their unique vertical market, IT managers need to be able to detect reconnaissance activity leading up to an attack – before a breach occurs – and they need a historical context and depth of analysis in order to more quickly detect a breach after it occurs.
Unified Network Behavior Analysis-Based Security Can Help Businesses Meet or Exceed Compliance Requirements
Instead of cobbling together discrete ‘best of breed’ security offerings that focus on various critical aspects of network security, an architecture based security system that utilizes network behavior analysis and correlation enables IT personnel to quickly and efficiently manage, monitor, analyze, and correlate discrete security events, alerts, logs and reports into actionable security threats across application subsystems.
Global DataGuard’s unified approach to security does just that. Powered by a network behavior analysis-based engine within a security architecture that provides true subsystem integration of core security applications, the company’s unified enterprise security (UES) system can provide early warnings of security threats that other products may not detect. How? It can perform predictive analysis by retaining and correlating suspicious raw packet data for a rolling 14-30 days and signature alerts and behavioral profiles for six months or more. It can also:
- perform intrusion detection and prevention, with customizable signatures for DLP and compliance;
- adapt to evolving networks and track network resources across application subsystems;
- monitor network access and policies for use of critical assets;
- perform sophisticated analysis, correlation and alerting on logs and store the raw logs and alerts for over a year, as well as reviews logs 24/7 so that a customer has timely access to information of interest;
- provision on-demand vulnerability scanning and real-time correlation of scans with other alerts;
- facilitate data sharing with other UES security applications to connect the dots between multiple threats; and
- provide an easy-to-use, instant view of prioritized network, global, vendor and vulnerability threats and the underlying data that created them via a portal that provides unified administration and monitoring;
With more than a decade of experience in network behavior analysis-based unified security, Global DataGuard’s UES system and 24/7 managed and professional services are designed from the ground up to address compliance-specific requirements related to the integration of processes, technology, service, and reporting. Global DataGuard software and services can be customized based on a company’s unique network requirements – from a few security applications to a complete system – providing IT managers and their staff with greater efficiency in labor and detection ability, lower acquisition costs, and easier deployment and management of their company’s network security ecosystem.