Gloria Higley

Panaseer Integration with RSA Archer Helps Automate Integrated Risk Management

Blog Post created by Gloria Higley Employee on Mar 19, 2020

We are pleased to announce a new, purpose-built integration for Panaseer with RSA Archer Suite. Panaseer has integrated its Continuous Controls Monitoring (CCM) platform with the RSA Archer platform to provide automated continuous controls and risk monitoring and assurance. This integration is designed to give security teams complete and accurate visibility of assets, controls gaps, and risks, both on premises and in the cloud.

 

Need of the hour

Traditionally, integrated risk management (IRM) practices have relied on manual, human-driven approaches to self-assess and assure that controls are deployed and implemented correctly. To assure complete control coverage and effectiveness across all asset types such as devices, applications, people, accounts and databases, enterprises require very large teams at considerable expense. Alternatively, they are only able to test a sample of controls and assets, on an infrequent basis, with the budget available. The veracity of the results of this process is questionable because humans are prone to error. As the assessment process is manual and costly, it cannot be conducted frequently, leading to out-of-date and inaccurate results.

 

Risk and compliance teams are also seeing an increase in the number and complexity of regulatory requests, as more privacy and security laws go into effect globally. For example, in the banking sector, Singapore’s Notice 655 “Requirements for Cyber Hygiene for Banks” requires banks to ensure that a malware protection solution is installed and functioning on every device all the time. Risk and compliance teams in turn rely on security teams to provide relevant security metrics to inform their security and risk posture assessment for IRM. This places significant load on security teams to do data science, rather than securing the business. In fact, a recent Panaseer commissioned survey found that security teams spend more than 36% of their time on reporting, which includes extracting, moving, cleaning and merging data, as well as making, formatting and presenting calculations.

 

How can CCM + IRM help?

With the new Panaseer integration with RSA Archer, IRM practices that require data to be collected and analyzed can be automated with near real-time insights that are easily scalable. Cost of risk management and the associated data collection and analysis can also be reduced significantly.

 

Panaseer’s CCM Platform integration with RSA Archer enables organizations to:

  • Reduce costs through automation, as large teams doing manual assessments are no longer required
  • Improve accuracy with data as assessments are based on facts versus subjective opinions
  • Perform complete assessments (instead of sampling assessments) as testing of every control instance is available automatically, without the need for a large team
  • View continuous assessments with a consistently up-to-date view of control deployments

 

Panaseer Screenshot Archer Option 1 Color

 

Panaseer Screenshot Archer Option 1

NIST-aligned control assurance metrics automatically calculated in 
Panaseer and exported as Metric Results in RSA Archer

 

How does it work?

CCM sits above existing security tooling, ensuring that all controls are fully operational and all assets are protected. It automatically and continuously consumes data from sources across security, IT and business domains. By unifying disparate data, it can identify previously unknown or unmanaged assets, control coverage gaps, and control compliance failures. It then substantiates that insight through automated reports which can be segmented by market, business process, business unit or service line and mapped to your goals and structure to provide business context for security metrics. Business Risk Perspectives (BRP), an element of Panaseer’s CCM platform, provides a continuous view of the risks associated with the most mission-critical business processes. 

 

Complete asset inventories (including devices, applications, people, accounts and databases), control coverage gaps (control deployment and performance insights), and business context for risk prioritization from Panaseer’s CCM platform are all fed into RSA Archer for continuous controls and risk assessment. 

 

Interested in learning more about the Panaseer Continuous Controls Monitoring integration with RSA Archer? 
Register and join us for a Free Friday Tech Huddle on Friday, March 20, for an overview and live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at www.rsa.com.

If you have any questions or feedback, please get in touch via Panaseer’s contact page.

About the author(s):

Charaka Goonatilake is CTO at Panaseer where he is responsible for the technology strategy and delivery of the Panaseer Platform. He leads a team of engineers who develop innovative technologies and techniques for deriving data-driven cyber security insights for a range of enterprise stakeholders. Charaka has been immersed in Hadoop and cloud-based big data technologies for the past decade, across roles at BAE Systems Applied Intelligence and Panaseer. He has hands-on experience of architecting large-scale data solutions in the enterprise, for a range of cyber security use cases, including security analytics for threat detection, threat intelligence management and cyber security risk management.

 

Gloria Higley is a Product Manager at RSA focused on providing useful and relevant product offerings for customers and partners with the RSA Exchange for RSA Archer. Offered online through RSA Link, the RSA Exchange provides access to pre-built App-Packs, RSA Ready-certified Integrations, and Tools & Utilities that complement and enhance out-of-the-box capabilities of RSA Archer use cases. 

Outcomes