In addition to live global deployments, Miercom's independent 3rd-party testing laboratory rated Proventsure's Governance & Compliance Auditor at outstanding levels. Miercom determined Proventsure "detected sensitive information better than other products tested to date." They further published Proventsure "proved instrumental in discovering key documents in a real life Identity Theft case" that Miercom's Professional Services practice was currently managing.
At the most simple level, "sensitive information" is data regulated to protect citizen privacy. However, Proventsure’s powerful framework will also seek loosely defined "sensitive" information, complete with support for open source modules! As an example, Proventsure has been used to scan systems for sensitive engineering information contained within images. Proventsure empowers organizations to create extremely customized audits, even for proprietary applications. (One customer audits a check-printing server to ensure the payroll department prints checks only for people who exist in the organization!)
The Proventsure Governance & Compliance Platform automatically locates regulated and "sensitive" information.
The patent pending methodologies for risk calculation used within the Proventsure framework correlate the following:
- Probability of Loss - Examines controls, integrity, and potential "avenues of exploitation" - a practice pioneered by Proventsure's founders.
- Impact of Loss - Assessed from the type, volume, and nature of the sensitive or regulated information discovered.
Algorithms used to map the Human Genome to discover "unknown and interesting" genes are used by Proventsure's technologies to discover "unknown and interesting" types of information during audits. These algorithms operate more accurately and efficiently than other technologies scanning for sensitive information. Proventsure dynamically determines how to decode files through a series of innovative statistical and structural analysis techniques. This enables the analysis engine to "learn" decoding techniques for many proprietary and unknown formats.
The Proventsure framework is designed for the real world and preserving the end user's experience is a top priority. One would assume such a level of scanning and analysis would negatively impact the interactive user response-time. Unlike other assessment technologies, Proventsure's assessments leverage unused CPU cycles, giving priority to the user's activity. Disk I/O is limited to further prevent performance bottlenecks. This allows desktops and laptops to be audited without the user being aware a scan is even running!
One of the most innovative aspects (and the source of several pending patents) is the calculation of objective and defendable probability of loss and risk metrics. Proventsure calculates the impact of potential vulnerabilities and correlates this impact with "ease of exploitation weightings" for processes of the same nature. This is contrasted to the configuration of the system for an exposure index before correlation to the types and quantities of sensitive information discovered by the Proventsure framework. This is subsequently weighed against an integrity analysis of the computer - research stemming from analysis of 100's of live, real world, non-honeypot compromises. Final metrics constitute the risk/assurance score used to direct analysts to the systems needing immediate attention. Different scoring algorithms are applied to individual computers vs. departments (groups of computers) vs. entire business units (groups of departments).
At the most simple level, "sensitive information" is data regulated to protect citizen privacy. However, Proventsure’s powerful framework will also seek loosely defined "sensitive" information. As an example, Proventsure has been used to scan systems for sensitive engineering information contained within images. The intelligence community may use Proventsure to seek images only of a certain nature. Proventsure empowers organizations to create extremely customized audits, even for proprietary applications. (One customer audits a check-printing server to ensure the payroll department prints checks only for people who exist in the organization!) The entire framework is self-updating, so administrators have a single point of management.