SenSage, Inc., the leading provider of enterprise security analytics, today released a white paper entitled, "The Event Analysis and Retention Dilemma," which identifies significant security data information management deficiencies that can compromise an organization's compliance with regulations such as Sarbanes-Oxley, HIPAA, FFIEC and data privacy.

Corporations must demonstrate corporate governance, security due process and adherence to regulatory compliance to their auditors, shareholders, partners and customers.  Compliance requires consistent security monitoring, full incident investigation and long-term data retention -- in some cases over seven years.  Half of reported incidents are perpetrated internally and cause the most financial damage.  Collecting and retaining application and security event information is critical to identifying sources of insider abuse, discovering and understanding incidents, exposing sophisticated attacks, and safeguarding privacy.

Data management issues have manifested within the fast-growing category of security products and user-developed solutions that Gartner references as Security Information Event Management (SIEM).  SIEM tools have become an important means to help organizations respond to incidents and support compliance efforts with the increasing number of Federal, State, International and industry-specific regulations.  These tools collect, correlate and report real-time system and device events to address security incidents.  However, as the number of event sources, rate and volume increases, conventional SIEM approaches often deliver poor, costly and/or incomplete enterprise results due to deficient data management architectures.