SAN JOSE, Calif. – A seat on a panel at a technology trade show has helped a Silicon Valley startup land the nation's largest corporate CU as a user of the firm's automated information risk management system. An executive from IPLocks was on the panel earlier this year with Christofer Hoff, chief information security officer of WesCorp, and piqued Hoff's interest enough that the $24 billion corporate is now the two-year-old company's first CU client. The IPLocks system detects, analyzes and monitors multiple databases for security violations, suspicious, malicious or structural integrity changes and user access patterns, providing alerts and reports that clients can use to both secure their own systems and prove to regulators that they are complying with privacy and security rules. While worms, viruses and hack attacks grab the headlines, insider abuse – whether malicious or simply negligent – can be just as damaging and hard to detect and control, say officials at IPLocks (the IP stands for Intellectual Property.) And credit unions are hardly immune. For instance, one of the three incidents of abuse noted as lead examples in a new national study of insider threats involved a credit union where employees altered credit reports in exchange for money. The company currently can monitor the four major databases used in the United States – Oracle, Microsoft SQL Server, Sybase and IBM's DB2 – and does so externally, with software residing on a dedicated PC or server so it does not drain any system resources while keeping an eye on what's going on. "We're the first line of defense from an internal user and the last line of defense from an external user," says Trish Schaefer Reilly, the San Jose-based company's senior marketing manager. At WesCorp, which services about 1,000 credit unions and associations, investment already has been made in traditional network security technologies such as firewalls and intrusion detection systems – addressing who or what's trying to come in, as well as internal security protections. "The missing piece was a way to understand who or what is accessing the data itself to ensure the security, integrity and availability of the database and its assets," Hoff says. Operating as a read-only user, IPLocks provides that by monitoring a wide range of activities, including transactions by both objects and users in a database, compliance with internal policies, failed log-ins and suspicious log-in times. About 70 databases currently are being covered at WesCorp, with plans to add more, IPLocks officials say. Adrian Lane, IPLocks' chief technology officer, says the system focuses on three main areas: configuration vulnerability assessment, including patches and user privileges; continuous monitoring "like a security camera that's always on", and audit analysis of transactional histories. "We think all three of those pieces are required to demonstrate best practices to auditors, as a transparent tool that shows regulatory compliance," Lane says. "And it provides organizational memory gathered from multiple databases," which is valuable in such a dynamic, changing environment – one in which new users, configurations and threats show up daily. Meanwhile, Hoff says, "It's an agent-less, transparent, zero-load approach. I don't have to worry about integration and there is no resource drag on our infrastructure. In essence, WesCorp is now conducting database security audits around the clock." -

[email protected]