Notícias
Marzo 2006
El Protection Manager de Winternals ayuda a las organizaciones a cumplir las regulaciones (inglés)
Winternals Software®, a leading provider of systems availability and protection solutions for the Microsoft enterprise, announced that Protection Manager can enhance the ability of an organization to achieve regulatory compliance standards. Protection Manager shelters systems that contain valuable financial or medical data from a range of internal and external malicious attacks by preventing unauthorized applications from executing.
“Businesses are under increasing pressure to comply with regulations from the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX), and a growing number of compliance initiatives,” said Edwin Brasch, president and CEO of Winternals. “Protection Manager contributes a crucial element to an organization’s ability to meet these compliance regulations by ensuring the security and availability of confidential data.”
Regulatory compliance requirements for businesses include maintaining the accuracy and reliability of confidential financial disclosures, in the case of SOX, and private patient healthcare data, in the case of HIPAA. Compliance is at risk if security measures are compromised and data is inappropriately disclosed or lost. This can occur due to the introduction of malicious software into an organization and an end user’s ability to accidentally or purposefully access and compromise sensitive information.
According to a recent report entitled ‘Maintain Regulatory Compliance Without Neglecting Core Security Requirements’, by Gartner Research VP, Rich Mogull, “Unauthorized disclosure of nonpublic personal information can result in a regulatory violation and extensive reputation damage. Although management and business units are responsible for using personal information appropriately, it’s up to security professionals to protect it.”¹
IT departments have traditionally relied on blacklist/signature-based security solutions, like antivirus and antispyware products, which function by tracking an identifying signature of all known threats and prohibiting them from infiltrating the system. This is an inherently outdated methodology that leaves systems unprotected during the interval between the introduction of a new threat and the time it can be blocked successfully (when signatures are available from security vendors and applied to all systems). During this window of vulnerability, malware attacks can cause data leaks or loss, system instability, corruption, and extended downtime – all of which can result in regulatory compliance failures.
Protection Manager employs a proactive security approach that defines the specific applications permitted to run on managed systems, eliminating current and future threats from malware, worms, viruses, keyloggers and other harmful applications. It prevents malicious software from executing by intercepting applications before they start and blocking all but those which are explicitly authorized to run. Protection Manager can also optionally adjust security privileges of trusted applications when required. Elevating or reducing privileges based on the application and the user or computer ensures that employees have the appropriate level of rights to safely accomplish necessary tasks, while not having more privileges than necessary. Administrators can run applications with limited user privileges, while end-users in the Users group can run applications with elevated privileges as needed for legacy application compatibility. This can also assist in ensuring that the security and personal data privacy aspects of compliance are maintained, enabling organizations to focus on other facets of regulation.