Security Expert Comments on 40 Million Credit Card Records Stolen and Customers Await Answers (News Release)   - 2,049 Views, 2 Comments

Some interesting observations about the recent CardSystems hack in this news release:

SAN FRANCISCO, June 24 /PRNewswire/ — A week after CardSystems
Solutions, Inc. disclosed that thieves made off with credit-card information
affecting up to 40 million cardholders, the company has provided scant
information about how the theft was perpetrated. CardSystems and the FBI are
reportedly searching for the cause and the perpetrators.

According to one industry insider, CardSystems is not alone in its
inability to immediately identify the cause of the breach.

“Most hacking victims are ill-prepared to fully understand the cause of
their security breaches,” said Scott Gordon, vice president of marketing at
SenSage, a San Francisco, Calif. company that makes systems for investigating
such situations. “Most companies today don’t collect, retain and effectively
analyze system and security log files. Log-file management and correlation
expedites finding clues and, often, discovering the exact details about how
the attack was done, when it occurred, and possibly who may have done it. It
also provides the means to prevent future occurrences by identifying and
eliminating the exposure. It’s essential that all organizations improve how
they monitor business critical systems and sensitive data stores, and analyze
suspicious activity. Security analytics provide the information organizations
need to reduce risks and respond to incidents affecting privacy, integrity and
governance.”

The CardSystems breach underscores the urgency for companies to adopt more
effective strategies for understanding the scope and causes of security
violations. Without fundamental improvements in security best practices,
massive identity thefts and related security breaches will continue to occur.
These operational best security practices for maintaining system integrity and
monitoring appropriate access controls are crucial for regulatory compliance.

“Effective security is a continuous process,” says Gordon. “As security
threats evolve, an organization’s defensive posture must also evolve beyond
simple perimeter protection and alerting. To accomplish this, an organization
needs solutions that can monitor and analyze both current and historical
network attacks, internal threats, and anomalies affecting internal systems.”

A new breed of security-analytics solutions provides organizations with
the compliance, investigation and forensic analysis capabilities needed to
discover, respond, prosecute and prevent these serious breaches.

“Computer criminals leave digital fingerprints,” added Gordon. “The
challenge is to gather all those fingerprints across a broad set of
application, network and security activities and make sense of them.”

Security Expert Available for Comment
Scott Gordon, an industry recognized security expert, is available to
reporters who want to learn more about how security breaches can be
identified, analyzed and prevented. To arrange an interview, call Rob
Brownstein at Dovetail Public Relations at 408-395-3600, or via email at Rob
(at) dovetailpr.com.

About SenSage:
Founded in 2000, SenSage develops security analytics solutions that allow
customers to perform real-time and historical analysis of security event log
data. SenSage’s products are distinguished among Security Information
Management (SIM) products for their ability to execute precise, high-speed
analysis of massive volumes of event log data. Based in San Francisco, SenSage
serves Global 5000 customers in financial services, government, healthcare,
manufacturing, and technology. The company markets its product directly and
through partners, including Accenture, EMC, Hewlett-Packard, and Lockheed
Martin. The company can be reached by phone at 415-808-5900, or on the Web at
http://www.sensage.com .