SOX News

Lumension Security Bags Patent for Its Innovative Shadowing Technology

(Jan 02, 2008)--Lumension Security, a global security management company announced it has received a significant patent for its data shadowing technology, a key component to Lumension Security's Sanctuary Device Control endpoint security solution. The shadowing feature enables organizations to monitor all the information transferred to or from removable media while capturing a full copy of that data, providing a comprehensive audit trail that is part of a robust security and compliance posture.

"Monitoring sensitive proprietary information -- especially when it is being moved -- is vital for effectively securing data and demonstrating compliance. Virtually all organizations track data being sent via email, but very few monitor what is written to or read from removable storage media," said Mike Wittig, president and CTO of Lumension Security. "Our industry-leading Sanctuary Device Control solution combines whitelisting and granular policy enforcement with this critical data shadowing functionality to provide our customers with a powerful tool for preventing data leakage. Being awarded a patent for this technology demonstrates its innovation, maturity and value as organizations across the globe continue to deploy Sanctuary as a key constituent to their data security and compliance infrastructure."

According to the Ponemon Institute, 53 percent of organizations have no way of knowing what data was on a lost or stolen device. Sanctuary Device Control's data in/out shadowing capability monitors, controls and audits the information that users may copy to or from removable media to their PCs and laptops. Administrators are able to capture the complete binary code of the data transferred and save it on a centralized server. This can be assimilated to an entire mirror copy of the data and used for auditing purposes. The patented technology also allows the logging of only file names where applicable, offering a less intrusive approach to monitoring data transfers. This audit log is invaluable for measuring and enforcing policy compliance, and it helps as proof of compliance with SOX, HIPAA, the Gramm-Leach-Bliley Act and other industry and federal regulations.

"While the use of consumer gadgets and other peripherals presents serious security concerns, simply banning all removable media is an impractical solution because many devices serve a valuable business purpose. Lumension Security's Sanctuary enables us to set and enforce acceptable device use policies to make sure employees have access to the tools they need without jeopardizing sensitive company or patient data," said Rob Israel, CIO of John C. Lincoln Health Network, a not-for-profit health care organization based in Phoenix, Ariz. "Sanctuary's Device Shadowing capability adds an extra layer of control by tracking all the information written to or read from a device, and it even captures a full copy of that data in a central database. Not only is the audit log invaluable in measuring and enforcing policy compliance, it also bundles the information we need to assist with HIPAA compliance."

Share or bookmarklet this web page at: