Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:26 PM
Dark Reading
Dark Reading
Products and Releases

Courion Upgrades ID And Access Management Solution

Reduces risk and cost of compliance management by combining identity and access management, sensitive data management, and user activity monitoring

FRAMINGHAM, Mass. — February 23, 2010 — Courion' Corporation, leaders in access governance, provisioning, and compliance, today announced its Access Assurance Suite solution version 8.0. As the first vendor to offer integrated compliance management in 2004 and integrated role management in 2006, Courion once again leads the market by delivering the first solution that combines comprehensive Identity and Access Management (IAM) with sensitive data management, user activity monitoring, automated remediation and advanced analytics to help enterprises manage access risk in their organizations.

"To date, the IAM market has focused on managing user access to systems, but with limited success in making that data actionable for the business," said Ian Glazer, Senior Analyst, Identity & Privacy at Burton Group. "Enterprises need to reduce the risk of data exposure by providing the ability to more broadly understand, control and report on user access to sensitive information assets. By managing user access more effectively as part of overall security practices, you can reduce risk and compliance exposure."

Today's enterprises face a number of challenges in securing critical systems and data. One of the fundamental challenges of risk mitigation is ensuring that only the right people have the right access to the right resources and are doing the right things. Until now, this has focused primarily on managing access to key systems and applications; but today, organizations need a more comprehensive look at specific data as well as the activity of users on these key systems. This requires knowledge of where critical data resides, who has access to it, and how it's being used " throughout the corporate network and in the cloud. Enterprises also must be able to prove to auditors and regulatory bodies that they possess this knowledge, and have the processes and technology in place to address inconsistencies as they arise.

Version 8.0 helps enterprises integrate disparate islands of sensitive information from data loss prevention (DLP), security incident and event management (SIEM) and other sources so they can effectively manage and protect access to sensitive data, while putting individual user activity into context in order to take appropriate action. Automating the discovery, validation, remediation, and reporting of this data results in higher levels of compliance and security, while engaging the business managers and lightening the load on IT staff.

With this release, Courion introduces Sensitive Data Manager and User Activity Manager, two new products that deliver vendor-agnostic integration with leading DLP and SIEM technologies and other user activity data sources. This enables organizations to map user access information against sensitive data requirements and user activity, providing a more holistic view of user behavior and helping to improve compliance with a broader range of regulations. This process of effectively combining detective and preventive controls in one system significantly reduces costs, increases security management and improves data protection.

Through its ComplianceCourier access certification and compliance management solution, version 8.0 fills one of the greatest enterprise compliance needs by automating the identification, validation and remediation of access inconsistencies, without requiring an enterprise provisioning solution.

"The latest enhancements to the Courion Access Assurance Suite make it the nerve center for controlling user access in the enterprise," said Kurt Johnson, vice president of corporate development at Courion. "This delivers enormous benefits across the broadest scope of today's enterprise security and compliance challenges " reducing costs, improving data and system security in accordance with policy, and getting more return on investment on existing infrastructure."

New Products and Features

New capabilities within the 8.0 release of the Courion Access Assurance Suite include:

Sensitive Data Manager " improves compliance through integration to industry-leading Data Loss Protection (DLP) solutions by identifying and certifying that access to sensitive data is in accordance with policy. When the DLP solution identifies sensitive data, Courion organizes, filters, and synthesizes this data, putting it in to the hands of business users to determine whether access is appropriate and, if needed, remediates by modifying or disabling access according to policy.

User Activity Manager " improves compliance with user activity requirements through integration with industry-leading Security Incident and Event Management (SIEM) technologies and other sources. Organizations can view the resources users have accessed and how this compares to the access policy, as well as allowing business managers to identify that while access may be appropriate, the user activity may not. The ability to see who is using what applications is also beneficial in avoiding "over-provisioning" or paying user license fees or maintenance on systems and applications that users are not accessing regularly as part of their job.

Automated Remediation " addresses access policy violations during the Access Certification process by enabling notifications via email or help desk ticket, and can automatically modify, disable or delete access as appropriate, without requiring an existing provisioning system.

Advanced Compliance Worksheets " gives business managers greater control for the creation, modification and publication of compliance worksheets. Delivers the ability to change the views and sort and filter data to deliver the appropriate view for every audience, enabling business managers to take action on data as appropriate.

Advanced Analytics Framework " enhances the user experience through new analytic charting and trending capabilities that make it easy to track and ensure that user access is within policy. Delivers to security and audit staff the ability to synthesize data in order to assess, monitor and mitigate risk in their organization.

Building on the success of previous versions of its Access Assurance Suite, Courion delivers new functionality that enables IT managers and compliance officers to more easily engage with business managers. The new version sets the standard in the IAM market for compliance efficiency with advanced analytics capabilities and automated remediation for access violations. And with the use of an advanced analytics framework, the system helps to define risk profiles, identify potential problems and monitor risk exposure over time.

Courion's unique Access Assurance approach to identity, access and compliance management ensures that only the right people have the right access to the right resources and are doing the right things. Access Assurance unifies Access Governance, Access Provisioning and Access Compliance in the most complex, heterogeneous environments. This comprehensive approach increases operational efficiency and transparency, strengthens security, and improves compliance, while delivering the industry's fastest time to value and lowest total cost of ownership.

For more information on how to purchase or upgrade, please contact Courion at [email protected] or call 1-866-COURION or 508-879-8400.

About Courion Courion's award-winning Access Assurance solutions are used by more than 400 organizations and over nine million users worldwide to quickly and easily solve their most complex identity and access management (password management, provisioning, and role management), risk and compliance challenges. Courion's business-driven approach results in unparalleled customer success by ensuring users' access rights and activities are compliant with policy while supporting both security and business objectives. For more information, please visit our website at www.courion.com, our blog at blog.courion.com/, or on Twitter at twitter.com/Courion.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...