Skip navigation
All Places > Products > RSA Archer Suite > Blog > 2020 > March
2020

We are pleased to announce a new, purpose-built integration for Panaseer with RSA Archer Suite. Panaseer has integrated its Continuous Controls Monitoring (CCM) platform with the RSA Archer platform to provide automated continuous controls and risk monitoring and assurance. This integration is designed to give security teams complete and accurate visibility of assets, controls gaps, and risks, both on premises and in the cloud.

 

Need of the hour

Traditionally, integrated risk management (IRM) practices have relied on manual, human-driven approaches to self-assess and assure that controls are deployed and implemented correctly. To assure complete control coverage and effectiveness across all asset types such as devices, applications, people, accounts and databases, enterprises require very large teams at considerable expense. Alternatively, they are only able to test a sample of controls and assets, on an infrequent basis, with the budget available. The veracity of the results of this process is questionable because humans are prone to error. As the assessment process is manual and costly, it cannot be conducted frequently, leading to out-of-date and inaccurate results.

 

Risk and compliance teams are also seeing an increase in the number and complexity of regulatory requests, as more privacy and security laws go into effect globally. For example, in the banking sector, Singapore’s Notice 655 “Requirements for Cyber Hygiene for Banks” requires banks to ensure that a malware protection solution is installed and functioning on every device all the time. Risk and compliance teams in turn rely on security teams to provide relevant security metrics to inform their security and risk posture assessment for IRM. This places significant load on security teams to do data science, rather than securing the business. In fact, a recent Panaseer commissioned survey found that security teams spend more than 36% of their time on reporting, which includes extracting, moving, cleaning and merging data, as well as making, formatting and presenting calculations.

 

How can CCM + IRM help?

With the new Panaseer integration with RSA Archer, IRM practices that require data to be collected and analyzed can be automated with near real-time insights that are easily scalable. Cost of risk management and the associated data collection and analysis can also be reduced significantly.

 

Panaseer’s CCM Platform integration with RSA Archer enables organizations to:

  • Reduce costs through automation, as large teams doing manual assessments are no longer required
  • Improve accuracy with data as assessments are based on facts versus subjective opinions
  • Perform complete assessments (instead of sampling assessments) as testing of every control instance is available automatically, without the need for a large team
  • View continuous assessments with a consistently up-to-date view of control deployments

 

Panaseer Screenshot Archer Option 1 Color

 

Panaseer Screenshot Archer Option 1

NIST-aligned control assurance metrics automatically calculated in 
Panaseer and exported as Metric Results in RSA Archer

 

How does it work?

CCM sits above existing security tooling, ensuring that all controls are fully operational and all assets are protected. It automatically and continuously consumes data from sources across security, IT and business domains. By unifying disparate data, it can identify previously unknown or unmanaged assets, control coverage gaps, and control compliance failures. It then substantiates that insight through automated reports which can be segmented by market, business process, business unit or service line and mapped to your goals and structure to provide business context for security metrics. Business Risk Perspectives (BRP), an element of Panaseer’s CCM platform, provides a continuous view of the risks associated with the most mission-critical business processes. 

 

Complete asset inventories (including devices, applications, people, accounts and databases), control coverage gaps (control deployment and performance insights), and business context for risk prioritization from Panaseer’s CCM platform are all fed into RSA Archer for continuous controls and risk assessment. 

 

Interested in learning more about the Panaseer Continuous Controls Monitoring integration with RSA Archer? 
Register and join us for a Free Friday Tech Huddle on Friday, March 20, for an overview and live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at www.rsa.com.

If you have any questions or feedback, please get in touch via Panaseer’s contact page.

About the author(s):

Charaka Goonatilake is CTO at Panaseer where he is responsible for the technology strategy and delivery of the Panaseer Platform. He leads a team of engineers who develop innovative technologies and techniques for deriving data-driven cyber security insights for a range of enterprise stakeholders. Charaka has been immersed in Hadoop and cloud-based big data technologies for the past decade, across roles at BAE Systems Applied Intelligence and Panaseer. He has hands-on experience of architecting large-scale data solutions in the enterprise, for a range of cyber security use cases, including security analytics for threat detection, threat intelligence management and cyber security risk management.

 

Gloria Higley is a Product Manager at RSA focused on providing useful and relevant product offerings for customers and partners with the RSA Exchange for RSA Archer. Offered online through RSA Link, the RSA Exchange provides access to pre-built App-Packs, RSA Ready-certified Integrations, and Tools & Utilities that complement and enhance out-of-the-box capabilities of RSA Archer use cases. 

Proactive security is essentially a big data problem, although at first glance it may not seem like one. On one hand, the vulnerability deluge is inundated with thousands of vulnerabilities and exploits being reported each day. On the other hand, there is an ever-expanding attack surface with public/hybrid clouds, data centers, and containers. These two dimensions effectively make it a big data problem. Traditional vulnerability assessment (VA) solutions and their scanning-over-the-network models are simply not up to solving it.

 

ThreatWatch is a next generation proactive cyber security solution that uses machine-powered, AI-based vulnerability curation, along with a no-scan approach, for impact assessments for assets including cloud instances, containers, servers, source code, and more.

 

Two key aspects of the ThreatWatch integration to note:

  1. ThreatWatch does no scanning over the network.
  2. All assets recorded in ThreatWatch are protected in a continuous and ongoing manner without user intervention.

ThreatWatch integrates with the RSA Archer IT Security Vulnerabilities Program use case to provide a real-time automated picture of the vulnerability landscape and its impacts on organizational assets to customers. The RSA Archer IT Security Vulnerabilities Program use case offers a centralized catalog of IT assets, repository, and taxonomy for vulnerability data that enables customers to quickly understand which assets are vulnerable based on scanner detections.

 

This integration is achieved via two data feeds in RSA Archer:

  • The ThreatWatch Vulnerability Intel data feed pulls the latest vulnerability intelligence from ThreatWatch into RSA Archer's Vulnerability Library application. This helps provide a complete vulnerability landscape to RSA Archer users. It also helps provide prioritization input for newer vulnerabilities like Common Vulnerabilities and Exposures (CVEs), missing analysis in National Vulnerability Database (NVD), and critical information around availability of patches, remediations and exploits. Together, these details help security teams with prioritization.

    ThreatWatch Vulnerability Library Screenshot
  • The ThreatWatch Vulnerability Impact data feed pulls the latest vulnerability impacts from ThreatWatch into RSA Archer's Vulnerability Scan Results application. ThreatWatch's continuous no-scan approach ensures that impacts are recorded in near real-time without the need for intrusive scans on the network. Impacts are auto-prioritized as either “Do Now” (something that needs immediate attention) or “Do Later," providing actionable insights for security teams.

    ThreatWatch Vulnerability Scan Results Screenshot

 

Having vulnerability intelligence and impact details in RSA Archer out-of-the-box applications like Vulnerability Library and Vulnerability Scan Results ensures that existing RSA Archer users do not have an additional learning curve and can leverage existing reports. The ThreatWatch integration with RSA Archer helps provide a complete and accurate risk score picture to RSA Archer users.

 

ThreatWatch Example Vulnerability Intelligence Chart

 

Example Vulnerability Intelligence Chart

 

ThreatWatch Example Vulnerability Impacts by Asset Chart

Example Vulnerability Impacts by Asset Chart

 

ThreatWatch Example Vulnerability Impacts by Asset by Priority Chart

Example Vulnerability Impacts by Asset by Priority Chart

 

Interested in learning more about the ThreatWatch integration with RSA Archer?
Register and join us for a Free Friday Tech Huddle on Friday, March 20, for an overview and live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at www.rsa.com.


About the author(s):

Ajey Godbole & Paresh Borkar
Ajey Godbole is a Senior Engineer at ThreatWatch. Paresh Borkar is a co-founder and Chief Architect at ThreatWatch.

 

Gloria Higley

Gloria is a Product Manager focused on providing useful and relevant product offerings for customers and partners with the RSA Exchange for RSA Archer. Offered online through RSA Link, theRSA Exchange provides access to pre-built App-Packs, RSA Ready-certified Integrations, Tools & Utilities, and Content that complement and enhance out-of-the-box capabilities of RSA Archer use cases. 

Filter Blog

By date: By tag: