Startups Offer Security Tools To Contain Insider ThreatsStartups Offer Security Tools To Contain Insider Threats

Under pressure to minimize insider threats, prevent data breaches, and improve IT governance, businesses are looking for better ways to manage and monitor data access.

Three technology startups are offering new tools that give IT departments fine-grained control over the level of information access they grant to employees and others.

Aveksa's "enterprise access governance" software assigns users different levels of access to corporate databases and applications and monitors those privileges. Aveksa uses identity management -- its software works with ID systems from CA, IBM Tivoli, and Sun Microsystems -- to automate the processes around data access privileges.

Aveksa provides auditable, companywide control over data access, and it includes business managers, not just security experts and compliance officers, in the process. All three groups participate in defining the roles that grant different levels of access.

An upgrade is due next month. The Aveksa 3 Enterprise Access Governance Suite will include an updated Compliance Manager -- which automates the monitoring of user access privileges -- and a new Role Manager. The latter application supports role modeling to help reduce the risk of exposure.

Health care benefits company Cigna uses Aveksa to monitor IT privileges for 27,000 employees across 300 applications. Aveksa was founded in 2004 by Deepak Taneja, former CTO of ID management vendor Netegrity.

SailPoint Technologies' Compliance IQ uses risk modeling to determine the appropriate level of data access to give employees. Staffers, managers, and executives are assigned risk scores. Compliance IQ correlates access configuration management -- or what users are allowed to do -- with what they actually do. It sifts through log file data to detect policy violations or suspicious activity and generates alerts based on severity. An updated version of Compliance IQ will be released soon, according to the company.

SailPoint's software addresses the worrisome prospect of employees gone awry. The company points to insider data breaches, brand damage, and IP theft in promoting the need for this kind of monitoring and enforcement tool. An Identity Compliance Assessment Tool is available on SailPoint.com to help companies determine their level of preparedness in managing the risk associated with user access privileges.

Two-year-old SailPoint was co-founded by Mark McClain (CEO), Kevin Cunningham (president), and Jackie Gilbert (VP of marketing), all formerly with ID management company Waveset Technologies, acquired in 2003 by Sun Microsystems.

Sentrigo's Hedgehog monitors Oracle database activity in real-time to prevent data breaches from external and internal sources. A standard version is available for download at no cost, while an enterprise version can be licensed for $2,000 per database CPU. The enterprise version includes alert notifications, custom reports, cluster support, and an ability to terminate user sessions.

Hedgehog was first released in June. The next rev, version 1.2, will protect against SQL injections based on context rather than syntax and signatures, among other new capabilities.