Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

5/31/2011
03:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

SenSage Achieves In Process Status For Stringent FIPS 140-2 Government Standard

To expedite the validation process, SenSage partnered with Corsec Security

REDWOOD SHORES, CA – May 31, 2011 – SenSage, Inc., a leading provider of Security Information and Event Management (SIEM) systems, today announced that the SenSage CryptoCore Module has been placed on the Modules In Process List for the Federal Information Processing Standards Publications (FIPS) 140-2 Validation: Security Requirements for Cryptographic Modules. Since FIPS 140-2 validation is a requirement for any cryptographic product that will be used in a U.S. government agency network, this achievement provides strong validation for SenSage SIEM, log management and event data warehouse applications.

To expedite the FIPS 140-2 validation process, SenSage partnered with Corsec Security, Inc., a consulting firm with over 13 years experience in testing products for FIPS certification. “With the increased complexity of insider threats and advanced persistent threats, government agencies are looking beyond traditional SIEM technologies to address their sophisticated requirements for collecting, retaining, and analyzing sensitive data,” said Matthew Appler, CEO of Corsec Security. “SenSage directly addresses these needs, and this FIPS 140-2 validation is evidence of that.”

SenSage’s technology is also currently being evaluated under the National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme for IT Security (CCEVS), with expected completion in the coming months.

“SenSage open security intelligence solutions address government compliance requirements and enable proactive information assurance missions,” said Joe Gottlieb, president and CEO of SenSage. “We are extremely proud of our role teaming with the Federal Government to facilitate compliance reporting and auditing while helping to protect our nation’s digital information, applications and infrastructure.”

“Government agencies need to filter vast amounts of security information and then drill down, across, through and around security exceptions to better understand security effectiveness and to prioritize security improvements,” explained Kirk Hanson, Senior Vice President of IT Solutions, Alvarez & Associates. “We are pleased to partner with SenSage to deliver what our customers need, and certainly, the FIPS 140-2 validation of the SenSage Private Encryption File System will provide users with a high degree of security, assurance, and dependability.”

The FIPS 140-2 standard, which is mandated by law in the U.S., is a joint effort by the National Institute of Standards and Technology (NIST) in the United States, and the Communications Security Establishment (CSEC), under the Canadian government. The FIPS standard is also currently being reviewed by ISO to become an international standard. The Cryptographic Module Validation Program (CMVP), headed by NIST, provides module and algorithm testing for FIPS 140-2, which applies to Federal agencies using validated cryptographic modules to protect sensitive government data in computer and telecommunication systems. FIPS 140-2 provides stringent third-party assurance of security claims on any product containing cryptography that may be purchased by a government agency. The In Process listing can be viewed at http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140InProcess.pdf.

About SenSage SenSage', Inc. helps organizations collect, store, analyze and interpret complex information to identify new threats, improve cyber-security defenses, and achieve industry and regulatory compliance.

Combining powerful data warehousing, scalable clustered multiprocessing and sophisticated analytics, SenSage serves our customers’ most advanced Security Information and Event Management (SIEM), log management, Call Detail Record (CDR) retention and retrieval and Continuous Controls Monitoring (CCM) use cases. SenSage systems are open to all event data types, scale to petabytes, minimize storage costs and perform sophisticated data analysis.

Hundreds of customers worldwide leverage patented Security Intelligence solutions from SenSage to identify, understand and counteract cyber-threats, fraud and compliance violations. SenSage partners include Cerner, Cisco, EMC, McAfee and SAP. For more information, visit www.Sensage.com, follow us on Twitter: @Sensage, and watch for us on www.youtube.com/Sensagetv.

About Corsec Security, Inc.

Corsec Security, Inc. specializes in helping companies navigate through the complex process of receiving FIPS 140-2 and Common Criteria (CC) certifications. Corsec’s consulting, document creation, and project management services deliver unmatched expertise in achieving government validation efforts at a firm, fixed price. Corsec partners with companies around the world to achieve local and international certification and to add security functionality to a wide range of products. Corsec minimizes the time, effort and money a vendor needs to invest in validation while ultimately maximizing the return on that investment. For further information, please visit www.corsec.com.

About Alvarez & Associates, LLC

Founded in 2004, Alvarez & Associates, LLC, (A&A) is a Washington DC based Information Technology company. In 2007, A&A was awarded the NASA SEWP lV Contract as one of only 6 Service Disabled Veteran Owned Small Businesses (SDVO/SB) prime contractors out of 38 prime contractors. The NASA SEWP (Solutions for Enterprise-Wide Procurement) GWAC (Government-Wide Acquisition Contract) allows Alvarez to provide the latest in Information Technology products to any Federal Government Agency, while helping that agency achieve its SDVO set-aside credit goals. For more information, please visit www.alvarezassociates.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5641
PUBLISHED: 2020-11-24
Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the user's intention or consent via unspecified vectors.
CVE-2020-5674
PUBLISHED: 2020-11-24
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2020-29002
PUBLISHED: 2020-11-24
includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator.
CVE-2020-29003
PUBLISHED: 2020-11-24
The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll.
CVE-2020-26890
PUBLISHED: 2020-11-24
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the r...