Compliance Combines with Vulnerability Scanning to Create Aegify
Two security firms, the established Rapid7 vulnerability manager and eGestalt, a cloud-based compliance management provider, have signed an OEM deal that will do something for the IT security industry that hasn't been done before: a combination security and compliance posture management offering called Aegify SPM.
- (1888PressRelease) December 15, 2012 - SANTA CLARA, Calif. - The SPM stands for Security Posture Management, and eGestalt of Santa Clara defines SPM as "the art and science of monitoring and managing business security status by orchestrating process, people, and technological resources to achieve security objectives."
SPM is about identifying IT assets, evaluating their risks based on known vulnerabilities, then calculating the impact of these threats. These threats are then mapped directly to a set of regulatory compliance frameworks, whether for PCI or HIPAA, where the final output can be used to initiate appropriate countermeasures, eventually bringing the company into compliance.
Inside the Aegify SPM power train is the Rapid7 Nexpose vulnerability technology. Nexpose has a long history with 2,000 enterprises and government agencies using their wares. It must be doing something right. It can sniff out 31,800 vulnerabilities and it conducts more than 92,000 vulnerability checks that comprise
Discovery, detection, verification, risk classification and mitigation. Impact analysis and reporting, like most of these security tools, are par for the course.
Riding on top of Nexpose and serving as the interface and compliance imperative is eGestalt's own SaaS software called SecureGRC, which as the name implies, does governance and risk management by applying a compliance imperative on 400 regulations such as PCI, HIPAA/HITECH, SOX, FISMA, and GLBA.
The integration of these two programs has created a patent-pending system designed by eGestalt that can automatically map security vulnerabilities to popular compliance mandates, thereby automating the task of security posture management and compliance management. The tool can import data from other scanners as well.
A cool feature is how it provides a sequenced remediation roadmap with time estimates for each task.
Who among us likes to deal with government regulatory pressure? Most companies do nothing but stand in the middle of the shooting range and "hope it won't happen to me." They hope no auditor will come knocking. It should be pointed out that ignorance is no excuse.
eGestalt President Anupam Sahai, who holds two master's degrees from MIT's Sloan School, claims the combination of Nexpose with his compliance driver eliminates manual work and is "10 to 20 times more cost-effective than any other competing solution." He thanks the beauty of SaaS for those kind of savings.
Going to the cloud with this "all hands on deck" threat management approach can be a smart way to isolate trouble brewingacross physical and virtual networks, operating systems, databases and Web applications.
Whatever peace of mind you get out of this will be high, knowing that the Feds can't disrupt your business with their eager probing.
That alone is worth something.
About eGestalt Technologies Inc.
eGestalt (www.egestalt.com) is a world-class, innovation driven, leading provider of cloud-computing based enterprise solutions for information security and IT-GRC management. eGestalt is headquartered in Santa Clara, CA, and has offices in the US, Asia-Pacific and Middle East. eGestalt SecureGRC was given a rating of 4.5 stars (out of a maximum 5) with 5 stars for Features, Support and Value for money by SC magazine in June 2012. In Feb. 2012 eGestalt President Anupam Sahai was named a Channel Chief by Everything Channel's CRN.
eGestalt has been ranked in the Top 10 Vendors for Compliance Management and Data Access & Security by Hypatia Research, Q4 2011. eGestalt was nominated Breakthrough Technology Vendor at XChange Americas, Aug. 2010, and selected by SiliconIndia among the "Top 10 Security Companies to Watch." Its SecureGRC application was voted runner-up in the Managed Services Category at XChange Tech Innovators, Nov. 2010. In Sept. 2011 it was selected by Everything Channel as a 2011 CRN Emerging Technology Vendor as well as a 2011 Tech Innovator for Managed Services.
###
space
space