Cloud based Information Security and compliance management

egestaltDeployed in the cloud, SecureGRC integrates security monitoring, automates end-to-end assessment with IT Compliance and management workflows. It resolves the security and compliance manageability challenges and breaks the spell of "management via Excel spreadsheet." These new tools delivers value for both strategic and day-to-day compliance management as well as security monitoring and data protection and thus help both executive management and "in the trenches" IT professionals and security analysts.

SecureGRC has been recognized to be a breakthrough technology by various partners, press and media

Why is Cloud based SecureGRC a breakthrough solution:

  • SecureGRC is the world's first truly integrated IT compliance and security solution - simplifies and reduces the time required for regulatory compliance & the certification process. Complete End-to-End automation of all your security, compliance, audit, and risk management needs
  • Built-in support for HIPAA, PCI, SOX, ISO, COBIT and other compliance regulations that can be easily extended
  • Innovative cost and ownership models - Provides 'Software as a Service' (SaaS) model with a completely on-demand cloud based service, requiring very low initial investment with high returns – also ideal for small and medium businesses
  • Cost-effective with up to 10x total cost of ownership reduction!
  • Easier Deployment models, using a software based appliance that is downloadable-plug-n-play and can run on any general purpose hardware in the customer premises. Customers have the latest updates all the time!
  • Security Hardened Cloud infrastructure – No customer specific data is transferred or stored in the cloud. Advanced authentication, encryption and security technologies used to protect customer specific information on secure multi-tenanted architecture.
  • Innovative Channel friendly Go-to-Market strategy offered through the Managed Compliance Provider (MCP) program enabling channel partners to launch managed compliance services easily. MCP "Cookbook" available for MCP partners, containing market-proven "recipes" to start and grow their business.

Managing Compliances is a continuous process. Compliance requirements stem from a number of regulations, standards, best practices, guidelines and can be country specific. Managing such compliances today require automated processes that that will help in continuously monitoring for compliance. An automated process which is certain, fast, available, and simple makes managing various compliance requirements easy, on an on-going basis, leaving business enterprises – large, medium or small, to focus on their core business, competition, and strategies.

egestaltWhat can automated SecureGRC Compliance Management solution do for you?

The software platform provides certain key functions that help the overall process, such as:

  • egestaltDecrease the time to get and stay compliant thus reducing costs associated with the compliance processes; address and adapt to the constantly changing regulatory landscape and achieve compliance with new regulations in significantly less timeacross business units and geographies
  • Cloud based "pay –as – you –grow" delivery option- Provides 'Software as a Service' (SaaS) model with on-premises deployment or a completely on-demand cloud based service, requiring very low initial investment with high returns; also ideal for small and medium businesses
  • Centralized dashboard view of the compliance status drilling down across departments, geographies, etc; generation of reports to demonstrate compliance for any regulatory or standard based audits
  • Provide for Workflow, Document Management, Controls Inventory, Compliance Scanner, andfine-grained access control through a secure Web based interface.
  • Compliance Scanner scans and integrates compliance related information from various multiple sources and matches them against "Compliance Signatures".
  • Manage exceptions and activities related to compliance; provide reminders to people for addressing compliance related tasks in an optimal manner
  • Provide an exhaustive audit trail for all compliance related actions in the whole process

Compliance manager specifications

egestalt egestaltExclusive customer instance of SecureGRC:Each customer on the cloud will have an exclusive instance of the application running ensuring complete security of client data
egestalt egestaltSingle and centralized repository for all compliance related data: Supports storing all relevant documents, evidences, processesrelated to compliance in one place with access to itfrom anywhere and at anytime; organize documents in a hierarchy –whether by geography or department or regulation.
egestalt Display questionnaires to evaluate manual controls: In-built questionnaire generator for use predefined or customized questionnaires. Supports email notifications setup on a schedule to collect information from people.
egestalt Dashboard and reports: Predefined or customized graphs creation facility by the user. The charts have the ability to drill down to the underlying data when clicked.Also, reports that can be exported to CSV, PDF etc can easily be generated, through online interfaces.
egestalt Remediation tracking: Tracking issues or "action items" that are either automatically detected or manually found in the compliance management software process and remediatingthrough feature-rich remediation module. Items can be assigned to individuals or groups, approvedby their managers, fixed, and closed online.
egestalt Compliance activity email reminders: Define workflow once in terms of roles and responsibilities and facility to attach documents and provides exhaustive audit trail of actions related to the workflow.
egestalt Track credit card or sensitive data within databases, file systems, desktops, and servers: Compliance Scanner will search for Credit Card (Track, PIN, CVV) data in Filesystems, Shared drives, Databases, Removable hard drives etc.
egestalt External vulnerability scans: on-demand and scheduled run of external vulnerability scans for external IP addresses.
egestalt Analyze firewall rule sets: Automatically gather information from various supported systemsand mapping against the relevantregulations or standards based on one-time setup and scheduling.
egestalt Perform vulnerability scans and integrate with existing vulnerability scanners: Gatherinformation from Network vulnerability scanning (suchas Nessus) and External ASV scans and automatically map them to the relevant regulations.
egestalt Integrate with web application scanners: Gather information from Webapplication vulnerability scanners and automatically map them to the relevant regulations.
egestalt Compare user access for appropriateness: compare and check access rights of users and whether they belong to groups thathave the appropriate rights for access. Any discrepancies can then be flagged and marked asnon-compliant through the use of "Compliance Signatures".
egestalt Test password strength of domain and databases: Continuously monitor password strengthsettings such as alphanumeric requirement, expiry upon 60 days, account lockout etc. withintarget databases and operating systems in scope. These settings can be configured to match upwith PCI DSS requirement 8 for password strength.

SecureGRC™ compliance management has the following ready to use completely packaged compliance control kits which are developed by security and compliance auditors with industry best practices.

  • PCI-DSS 1.2
  • ISO 27001/27002
  • FISMA
  • COBiT
  • Sarbanes Oxley Act. (SOX)
  • HIPAA

SecureGRC™ compliance manager is being updated with ready to use compliance control kits in the coming months.

  • BASEL II
  • Local and regional regulations

Browser compatibility

Google Chrome, Firefox, Internet Explorer up to version 8 (with compatibility mode switched on)

Database

The default is MySQL. Also supports Oracle and MSSQL through appropriate client interfaces.

Deployment Model

SecureGRC Cloud-based Software as a Service (SaaS)

egestalt

Compliance Scan tools supported

Compliance Scanner scans and integrates compliance related information from varioussources such as, Databases, File systems, Firewall rules, Active Directory, Vulnerability manager andApplication vulnerability scanners etc and matches them against "Compliance Signatures".

Currently supported external Scanning tools: SecureGRC can integrate test results from other tools through XML interface
  • Acunetix
  • DB Analysis
  • DB Search
  • Domain Analysis
  • File system search
  • Firewall
  • HR analysis
  • Nessus Internal
  • NMAP
  • Qualys external
  • Active Directory

Customer On-boarding

We will help you get on board to Compliance Management quickly – Fill up the on-boarding form where our consultants will help you, and leave the rest to us to set it up and help you carry on comfortably.

Contact us

To learn more call +1 (408) 689 2586 or email This e-mail address is being protected from spambots. You need JavaScript enabled to view it