Today's Top SOA Links
Security Posture Management Enters the Cloud
A “pure” cloud-based IT security monitoring and compliance management product
By: Dan Neel
Dec. 13, 2012 02:00 PM
When eGestalt of Santa Clara, CA, announced in November they were launching a cloud-based security and compliance solution, it set the stage to change the way enterprise businesses could cope with complex compliance and security issues.
The solution, powered by Rapid7 scanning technology, was to deliver a "pure" cloud-based IT security monitoring and compliance management product that worked in real time without requiring any hardware, "a first of its kind solution," say the vendors.
Called Aegify, the technology delivers Security Posture Management (SPM), which first measures the security status of all assets within a network, then delivers a report that can be used to remediate problems, strengthen security, and create and manage compliance policies. It leverages the compliance and security engine of eGestalt's SecureGRC (governance, risk management and compliance) product with Rapid7's Nexpose vulnerability management technology.
Aegify uses a patent-pending expert systems technology from eGestalt to automatically map the security vulnerabilities to compliance mandates, thereby automating the task of security posture management and compliance management, which is manually done today. The tool can import data from other standard vulnerability scanners in the industry as well.
The advantage of using a cloud-based solution to perform this type of sophisticated network diagnoses is a vast reduction in complexity and time, said Anupam Sahai, President of eGestalt.
"Currently, you do this with on-site hardware," Sahai explained. "You run a scan and get a report. Then the IT person has to study it and perform the needed remediation. That takes time, and then once this is performed the network settings change" and you can fall back out of compliance and into a weakened security state all over again.
With a cloud-based solution like Aegify, scanning and remediation can be run in perpetuity, and IT administrators can "see results on the fly," said Sahai. The cloud solution does the work, and you get SPM and/or the compliance posture in real time, or you can schedule it.
"You don't need specialized IT resources to understand and interpret the results or have to deal with remediation," Sahai explained.
The combined solution from eGestalt and Rapid7 performs a massive amount of work, combining asset discovery with vulnerability analysis and compliance mandates. This gives even the largest company an easy way to identify exactly what they have operating in their network, check the level of their exposure to a potential threat, and make any adjustments that have them falling out of compliance. It can identify 28,000 vulnerabilities and perform over 85,000 checks across physical and virtual networks.
"It's a completely multi-tenant solution," said Sahai, who adds that the cloud-based approach and the integration of the security, compliance, and scanning system in Aegify solves the cumbersome, time consuming and inefficient method of approaching the task with separate, siloed applications that don't communicate well with one another.
Aegify will be marketed to the customer and partner bases of both eGestalt and Rapid7. Sheldon Malm, senior director of Strategic Partners and Alliances at Rapid7, said the alliance creates "a very complementary offering that will benefit our joint customers."
On the compliance side, Aegify covers practically every industry that falls under compliance regulations. The cloud solution can control and manage compliance across more than 400 regulations, from the commonly known ones such as PCI, HIPAA/HITECH, SOX, FISMA, and GLBA, to compliance rules from other countries outside the U.S.
An added advantage of Aegify being a cloud solution is that an IT reseller or consultant can manage it remotely for customers and present the reporting wrapped with upsell and cross-sell offerings. And Aegify can be white-labeled with a reseller's or consultant's own branding, said Sahai.
Public cloud services like Aegify are predicted to grow five times faster than traditional on-premise IT, at a growth rate of 19 percent through 2015, according to a study by MarketBridge. The reason for this growth is multi-faceted. The simplicity that cloud computing offers by moving the complexity away from the customer also means customers no longer have to maintain upgrades or version enhancements. The capital expense of purchasing additional server or storage capacity is also greatly reduced with a cloud-based service.
Still, traditional legacy IT networks dominate the computing landscape, which is why Aegify is such an effective solution for reaching out to these networks and keeping them secure and in compliance. In a press release, Bryan Britz, a research director at Gartner, said a mixture of cloud solutions and traditional networks "will permeate most organizations in the coming years."
Sahai of eGestalt agrees and pointed out that a residual effect of Aegify is helping preserve the investment a company has in its traditional IT network.
"Many customers claim they have no security or compliance issues," Sahai said, adding that this makes Aegify community edition, a free tool downloadable from the web (www.egestalt.com), a conversation starter with customers - a conversation that can lead to the purchase of traditional network equipment, or more cloud services.
"We are solving a number of problems by making networks cheaper, better, and more effective by delivering it to the cloud," he said.
Reader Feedback: Page 1 of 1
Web 2.0 Latest News
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
SYS-CON Featured Whitepapers
Most Read This Week