Addamark focuses on regulatory compliance

Data management company Addamark Technologies plans to announce a new version of its Omnisight software on Monday with features designed to help companies comply with a host of U.S. information security regulations, the company said.

Free IT resource Open Source Business Conference (OSBC) May 22-23, 2007 Sponsored by OSBC Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft

Omnisight 2.0 is the latest version of Addamark's data management product and expands support for new data sources while adding new reports tailored to meet the requirements of specific regulations, the company said.

First released in 2003, Omnisight is a data management product that collects, retains and reviews log files generated by a wide range of devices, including application servers, databases and mainframe systems, according to Adam Frankl, vice president of marketing at Addamark, in San Francisco.

Log files gathered by an Addamark collector device are transferred to a dedicated log server running a customized database optimized to store and search log data, Frankl said.

The system is designed to be scalable. One terabyte of log data requires just 1G-byte of storage space, and the log data can be quickly searched and retrieved using query features built into a separate Analyzer component, he said.

With the new release, Addamark has added a Security Analytics Subscription (SAS) service on top of the Analyzer. The service allows Addamark customers to quickly generate reports tailored to the requirements of specific regulations, as well as prepared reports for reviewing suspicious activity, conducting security investigations or identifying company policy violations, Addamark said.

The idea is to address a specific business problem -- regulatory compliance -- with a tool that allows customers to quickly comply with demands for documentation required by courts and federal regulations such as Gramm-Leach-Bliley Act of 1999 and the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Frankl said.

The recent US$10 million fine levied by the U.S. Securities and Exchange Commission against Bank of America Corp. for failing to produce documents in a probe of personal trading by a former employee is just one example of the need for such technology, he said.

Other improvements in Omnisight 2.0 include support for 40 new types of log files and a Web-based user interface for the Analyzer, Addamark said.

Addamark's technology is often lumped together with Security Event Management (SEM) products, but has a different purpose, Frankl said.

SEM products analyze and correlate log data from security products like firewalls and intrusion detection systems in real-time and contain sophisticated anomaly detection features. Omnisight is intended to efficiently gather, store and analyze log events over months or even years, and often works in concert with SEM products, capturing and storing their output in addition to that of other products, he said.

Noridian Mutual Insurance Company Inc. is using Omnisight 1.0 to comply with HIPAA and track potentially troublesome activities on its network, such as access to privileged patient files and databases, said Troy Aswege, assistant vice president of information systems at Noridian, based in Fargo, North Dakota.

Noridian is a Blue Cross and Blue Shield Association licensee in North Dakota and also a Medicare contractor for 12 states, including North Dakota, South Dakota, Colorado, Washington, Oregon and Arizona. The company uses Addamark to store logs from its Web servers, Check Point Software Technologies Ltd. firewalls, mainframe systems by Unisys Corp. and IBM Corp., a number of IBM AIX machines as well as systems by Novell Inc. and Microsoft Corp., he said.

The system replaced a "very difficult" and decentralized process for managing and storing log files, he said.

Noridian will use Omnisight as the foundation for a larger IDS system that includes event correlation and uses Omnisight as a central store for all event data, he said.

While Aswege hasn't seen the Omnisight 2.0 product and is still waiting for a final roll-out of the Omnisight 1.0 product, he is happy about the direction Addamark is taking.