 |
|
|
Posted 2005, October 14:
2005 Mimbres Region Information Security Symposium presentation
The Presentation Powerpoint
Speakers:
David Furnas, CISM, CISSP; Edie Steed, Chief Information Officer, Gila Regional Medical Center; Ed Reynolds, Chief of Police, Silver City Police Department
|
| Benefit from a better understanding of how the Information Security (InfoSec) professional manages the inherent challenges of protecting information, information systems, and information networks. |
|
Posted 2005, July 24:
Tizor fills the need for application behavior monitoring
Originally published 7/11/2005 by Jon Oltsik
|
In spite of all of an enterprise full of access controls, log files, and management tools, there is still a large gap when it comes to auditing applications. Access control software monitors application access but can't tell you what users actually do. Log files keep track of application and database transactions but can't map this activity to users and roles. Finally, management tools track all sorts of application, system, security and network events but still can't map user behavior to applications. This is not a trivial security weakness as it impacts regulatory compliance and confidential information protection.
Enter Tizor Systems, a venture-backed startup in Maynard Massachusetts. Tizor provides a behavioral element appliance that monitors users' application usage and flags anomalies. For example, many DBA's have access to an entire Oracle database but their job function doesn't require them to do a "select all" query on customer credit card numbers. Tizor sits on the network, looks for behavioral anomalies like this, and issues immediate alerts. This capability helps to reduce the insider threat and also captures application usage patterns for forensics, capacity planning, and compliance
A few other notes about the product:- The appliance hangs off a switch port and does passive monitoring like an IDS. It is NOT a bump in the wire.
- Today, Tizor supports Oracle but is already planning additional support for other enterprise-class data repositories.
- The company vision is a network of Tizor systems that monitor application behavior locally and report into a central management server that controls enterprise policies and reporting.
ESG Take: With so many "me-too" security technologies out there, it is refreshing to see something new. Yes, Tizor does have a few competitors, but these vendors pursue the problem on a server-by-server basis which runs into predictable cost and scalability problems over time. Tizor's appliance approach can avoid these inevitable issues.
Tizor is a new company and still has to execute and prove itself to customers. That said, the company has a strong management team, a burgeoning market opportunity, and a truly unique product. What a great set of circumstances to start a company!
|
|
