First Citizens Bank wanted a better handle on the activities of authorized users and installed the Percept firewall system from Covelight Systems Inc. Most firewalls just block malicious software and issue reports or logs on the activity. "When something happened, they didn't let us know right away," says Chip Wentz, senior VP of information security at the bank. "Reading logs, we had to dedicate a couple of people, then parse out the log, and run queries to do the correlation."
Wentz wanted to know more about what was going on with the applications on the network in real time, rather than just reading logs about what already had happened. The Percept firewall can track the activity of every authenticated user, capture in real time all logins and logouts, and monitor every click of a Web site. "Now we're able to mitigate risk up front, and we have in-depth visibility into what users are doing with each app," he says.
A new version of Percept is being released on Monday, and Wentz says it should let him more closely monitor activity on the network and do a better job of correlating events with threat levels. The system also will generate reports on users requesting sensitive data such as Social Security numbers. Covelight says policy-compliance reports, combined with real-time incident detection and notification, will alert appropriate security administrators of violations of company policies and other suspicious activity.