Skip navigation
All Places > Products > RSA Archer Suite > Blog > Author: Gloria Higley

RSA Archer Suite

5 Posts authored by: Gloria Higley Employee

We are pleased to announce a new, purpose-built integration for Panaseer with RSA Archer Suite. Panaseer has integrated its Continuous Controls Monitoring (CCM) platform with the RSA Archer platform to provide automated continuous controls and risk monitoring and assurance. This integration is designed to give security teams complete and accurate visibility of assets, controls gaps, and risks, both on premises and in the cloud.

 

Need of the hour

Traditionally, integrated risk management (IRM) practices have relied on manual, human-driven approaches to self-assess and assure that controls are deployed and implemented correctly. To assure complete control coverage and effectiveness across all asset types such as devices, applications, people, accounts and databases, enterprises require very large teams at considerable expense. Alternatively, they are only able to test a sample of controls and assets, on an infrequent basis, with the budget available. The veracity of the results of this process is questionable because humans are prone to error. As the assessment process is manual and costly, it cannot be conducted frequently, leading to out-of-date and inaccurate results.

 

Risk and compliance teams are also seeing an increase in the number and complexity of regulatory requests, as more privacy and security laws go into effect globally. For example, in the banking sector, Singapore’s Notice 655 “Requirements for Cyber Hygiene for Banks” requires banks to ensure that a malware protection solution is installed and functioning on every device all the time. Risk and compliance teams in turn rely on security teams to provide relevant security metrics to inform their security and risk posture assessment for IRM. This places significant load on security teams to do data science, rather than securing the business. In fact, a recent Panaseer commissioned survey found that security teams spend more than 36% of their time on reporting, which includes extracting, moving, cleaning and merging data, as well as making, formatting and presenting calculations.

 

How can CCM + IRM help?

With the new Panaseer integration with RSA Archer, IRM practices that require data to be collected and analyzed can be automated with near real-time insights that are easily scalable. Cost of risk management and the associated data collection and analysis can also be reduced significantly.

 

Panaseer’s CCM Platform integration with RSA Archer enables organizations to:

  • Reduce costs through automation, as large teams doing manual assessments are no longer required
  • Improve accuracy with data as assessments are based on facts versus subjective opinions
  • Perform complete assessments (instead of sampling assessments) as testing of every control instance is available automatically, without the need for a large team
  • View continuous assessments with a consistently up-to-date view of control deployments

 

Panaseer Screenshot Archer Option 1 Color

 

Panaseer Screenshot Archer Option 1

NIST-aligned control assurance metrics automatically calculated in 
Panaseer and exported as Metric Results in RSA Archer

 

How does it work?

CCM sits above existing security tooling, ensuring that all controls are fully operational and all assets are protected. It automatically and continuously consumes data from sources across security, IT and business domains. By unifying disparate data, it can identify previously unknown or unmanaged assets, control coverage gaps, and control compliance failures. It then substantiates that insight through automated reports which can be segmented by market, business process, business unit or service line and mapped to your goals and structure to provide business context for security metrics. Business Risk Perspectives (BRP), an element of Panaseer’s CCM platform, provides a continuous view of the risks associated with the most mission-critical business processes. 

 

Complete asset inventories (including devices, applications, people, accounts and databases), control coverage gaps (control deployment and performance insights), and business context for risk prioritization from Panaseer’s CCM platform are all fed into RSA Archer for continuous controls and risk assessment. 

 

Interested in learning more about the Panaseer Continuous Controls Monitoring integration with RSA Archer? 
Register and join us for a Free Friday Tech Huddle on Friday, March 20, for an overview and live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at www.rsa.com.

If you have any questions or feedback, please get in touch via Panaseer’s contact page.

About the author(s):

Charaka Goonatilake is CTO at Panaseer where he is responsible for the technology strategy and delivery of the Panaseer Platform. He leads a team of engineers who develop innovative technologies and techniques for deriving data-driven cyber security insights for a range of enterprise stakeholders. Charaka has been immersed in Hadoop and cloud-based big data technologies for the past decade, across roles at BAE Systems Applied Intelligence and Panaseer. He has hands-on experience of architecting large-scale data solutions in the enterprise, for a range of cyber security use cases, including security analytics for threat detection, threat intelligence management and cyber security risk management.

 

Gloria Higley is a Product Manager at RSA focused on providing useful and relevant product offerings for customers and partners with the RSA Exchange for RSA Archer. Offered online through RSA Link, the RSA Exchange provides access to pre-built App-Packs, RSA Ready-certified Integrations, and Tools & Utilities that complement and enhance out-of-the-box capabilities of RSA Archer use cases. 

Proactive security is essentially a big data problem, although at first glance it may not seem like one. On one hand, the vulnerability deluge is inundated with thousands of vulnerabilities and exploits being reported each day. On the other hand, there is an ever-expanding attack surface with public/hybrid clouds, data centers, and containers. These two dimensions effectively make it a big data problem. Traditional vulnerability assessment (VA) solutions and their scanning-over-the-network models are simply not up to solving it.

 

ThreatWatch is a next generation proactive cyber security solution that uses machine-powered, AI-based vulnerability curation, along with a no-scan approach, for impact assessments for assets including cloud instances, containers, servers, source code, and more.

 

Two key aspects of the ThreatWatch integration to note:

  1. ThreatWatch does no scanning over the network.
  2. All assets recorded in ThreatWatch are protected in a continuous and ongoing manner without user intervention.

ThreatWatch integrates with the RSA Archer IT Security Vulnerabilities Program use case to provide a real-time automated picture of the vulnerability landscape and its impacts on organizational assets to customers. The RSA Archer IT Security Vulnerabilities Program use case offers a centralized catalog of IT assets, repository, and taxonomy for vulnerability data that enables customers to quickly understand which assets are vulnerable based on scanner detections.

 

This integration is achieved via two data feeds in RSA Archer:

  • The ThreatWatch Vulnerability Intel data feed pulls the latest vulnerability intelligence from ThreatWatch into RSA Archer's Vulnerability Library application. This helps provide a complete vulnerability landscape to RSA Archer users. It also helps provide prioritization input for newer vulnerabilities like Common Vulnerabilities and Exposures (CVEs), missing analysis in National Vulnerability Database (NVD), and critical information around availability of patches, remediations and exploits. Together, these details help security teams with prioritization.

    ThreatWatch Vulnerability Library Screenshot
  • The ThreatWatch Vulnerability Impact data feed pulls the latest vulnerability impacts from ThreatWatch into RSA Archer's Vulnerability Scan Results application. ThreatWatch's continuous no-scan approach ensures that impacts are recorded in near real-time without the need for intrusive scans on the network. Impacts are auto-prioritized as either “Do Now” (something that needs immediate attention) or “Do Later," providing actionable insights for security teams.

    ThreatWatch Vulnerability Scan Results Screenshot

 

Having vulnerability intelligence and impact details in RSA Archer out-of-the-box applications like Vulnerability Library and Vulnerability Scan Results ensures that existing RSA Archer users do not have an additional learning curve and can leverage existing reports. The ThreatWatch integration with RSA Archer helps provide a complete and accurate risk score picture to RSA Archer users.

 

ThreatWatch Example Vulnerability Intelligence Chart

 

Example Vulnerability Intelligence Chart

 

ThreatWatch Example Vulnerability Impacts by Asset Chart

Example Vulnerability Impacts by Asset Chart

 

ThreatWatch Example Vulnerability Impacts by Asset by Priority Chart

Example Vulnerability Impacts by Asset by Priority Chart

 

Interested in learning more about the ThreatWatch integration with RSA Archer?
Register and join us for a Free Friday Tech Huddle on Friday, March 20, for an overview and live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at www.rsa.com.


About the author(s):

Ajey Godbole & Paresh Borkar
Ajey Godbole is a Senior Engineer at ThreatWatch. Paresh Borkar is a co-founder and Chief Architect at ThreatWatch.

 

Gloria Higley

Gloria is a Product Manager focused on providing useful and relevant product offerings for customers and partners with the RSA Exchange for RSA Archer. Offered online through RSA Link, theRSA Exchange provides access to pre-built App-Packs, RSA Ready-certified Integrations, Tools & Utilities, and Content that complement and enhance out-of-the-box capabilities of RSA Archer use cases. 

Designing the right processes, organization, and templates during the initial set-up of an Information Security Management System (ISMS) are challenges many organizations face. Rolling out an ISMS in a large organization is a completely different story: aspects like automating frequent manual steps, usability, easy reporting or access permissions to sensitive information become crucial for the ISMS’ success.

 

The NTT ISMS Control Assessment app-pack was introduced as part of the RSA Exchange Release R11 to enable organizations to achieve a streamlined classification and control assessment methodology when implementing and operating their ISMS. This app-pack allows organizations to leverage the first two steps in a flexible three step approach for the implementation and roll-out of an ISMS that has been successful among many of NTT’s clients. The methodology is derived from ISO 27005 and NIST Special Publication 800-30, as well as NTT’s many years of consulting experience assisting clients with their ISMS implementation process.The three steps of the methodology include:

 

  1. Classification
    Use a built-in questionnaire or derive classification from assets, such as business processes or information assets, when master data applications are integrated.

    RSA Archer Classification Step for NTT ISMS Control Assessment App-Pack

  2. Control Assessment
    Results from previous cycles are pre-filled and controls automatically selected based on three filter stages to ensure there are only controls for relevant assets in the assessment. This reduces the effort needed for assessment in the process.


    RSA Archer Control Assessment Step for NTT ISMS Control Assessment App-Pack

  3. Risk Assessment
    Threat events are automatically selected, results from previous cycles are pre-filled, and risks automatically calculated based on the results from the Classification and Control Assessment steps to derive a well-founded prioritization of measures.

    RSA Archer Risk Assessment Step for NTT ISMS Control Assessment App-Pack

 

NTT has developed two app-packs to provide RSA Archer customers with this methodology, including:

  • NTT ISMS Control Assessment app-pack
    • Includes the Classification and Control Assessment steps.
    • Prerequisite for the NTT ISMS Risk Assessment app-pack and currently available on the RSA Exchange.

  • NTT ISMS Risk Assessment app-pack
    • Includes the Risk Assessment step.
    • Currently in development and is a planned offering for a future RSA Exchange release.

 

With the NTT ISMS Control Assessment app-pack, RSA Archer customers can:

  • Evaluate the maximum impact resulting from a breach of a security objective (confidentiality, integrity, availability) based on a questionnaire or by inheriting from one or multiple assets
  • Assess compliance with relevant controls (filtered by asset category, classification and zone)
  • Define and track remediation plans
  • Assess assets with a streamlined process as part of the organization’s ISMS
  • Gain insight into compliance violations of internal or external policies
  • Improve overall compliance and security
  • Track measures using RSA Archer Issues Management

The NTT ISMS Control Assessment app-pack includes several useful features, including:

  • Workflow process graphics
  • Tooltips to efficiently provide all the necessary information to the user
  • Multi-language user interface, including content like controls and threat events
  • Automatically saved inline edit grids

 

Interested in learning more about the NTT ISMS Control Assessment app-pack? 
Register and join us for a Free Friday Tech Huddle on Friday, February 28, for an overview and live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at www.rsa.com.

 

About the author(s):


Lars Rudolff
Lead Consultant, GRC Tools - NTT Ltd. 

Lars Rudolff works for NTT Ltd. as lead consultant for GRC Tools. Mr. Rudolff is responsible for the technical and strategic orientation of the GRC Implementation practice. He has experience in the area of GRC tools in general since 2005 and with RSA Archer since 2011. He has led implementation projects for many customers including the introduction of one of the largest RSA Archer environments in Europe at a German car manufacturer.

In addition, Mr. Rudolff accompanies the NTT’s Operations team for RSA Archer, which provides operational services for existing RSA Archer customers. This includes, among other things, 2nd and 3rd level support activities as well as maintenance services such as system upgrades or minor modifications of an existing implementation. He is also responsible for developing monitoring and automation tools for the RSA Archer platform.

 

Gloria Higley

Product Manager - RSA 

Gloria is a Product Manager focused on providing useful and relevant product offerings for customers and partners with the RSA Exchange for RSA Archer. Offered online through RSA Link, the RSA Exchange provides access to pre-built App-Packs, RSA Ready-certified Integrations, and Tools & Utilities that complement and enhance out-of-the-box capabilities of RSA Archer use cases. 

With today's launch of RSA Exchange Release R11, we're excited to share new offerings to enable you to expand your IT & Security Risk Management processes. It's important to have a complete picture of technology and security-related risks in order to make decisions. What's more, the alignment of security policies and regulatory and business requirements is critical for success.

 

One of our new offerings, the RSA Archer IoT Project Readiness app-pack, enables organizations to prioritize their IoT projects around business goals and needs.  Our partner, NTT, has created the NTT ISMS Controls Assessment app-pack to help with the challenges that organizations face when setting up an Information Security Management System (ISMS).

 

We're excited about our partner integrations like the AWS IAM Access Analyzer which will provide a consolidated view of unauthorized access findings from multiple AWS accounts, prioritize and take action on critical devices, save time analyzing resource policies for public or cross-account accessibility, and continuously monitor and refine permissions. Our new Cysiv Command Integration provides an ongoing management of incidents and security posture using RSA Archer, while allowing Cysiv to provide SOC-as-a-service and SIEM-as-a-service. The Panaseer integration computes metrics that measure control deployment and control performance. Our Rapid7 Nexpose integration enables organizations to catalog network devices discovered on the network. Finally, the ThreatWatch integration enables organization to access near real-time vulnerability intelligence along with continuous impact assessment of organizational assets.

 

We're also introducing a wide range of content that provides best-practice policies, control standards, legal and regulatory requirements, industry standards, and assessments such as the CCPA Regulation that was passed in June 2018 and went into effect on January 2020.

 

To learn more about each of these new and updated offerings, start by reviewing the Product Advisory. Also, please join me on Friday, February 21 for a Free Friday Tech Huddle for an overview of the RSA Exchange Release R11 offerings.

 

And last, but not least, there is a wealth of documentation, downloads, and more on the RSA Exchange on RSA Link.  I recommend that you bookmark the listing of all RSA Exchange offerings. And if you have new ideas for the RSA Exchange, please submit them on RSA Ideas

Compliance teams within different organizations, spread across industry verticals, work towards achieving regulatory requirements through different regulatory compliance, control assurance and monitoring programs.  A large part of the compliance team’s responsibility is managing and responding to regulatory interactions such as information, investigation and inspection requests, as well as documenting meeting notes, outcomes, correspondence, and formal orders.

 

The complexity of responding to regulators and tracking those responses creates challenges for compliance teams due to the number of regulators requesting information, internal review and governance processes, linkages to regulatory change processes, and impacts to other compliance and risk areas.

 

The HCL Regulatory Interactions Management app-pack was introduced as part of RSA Exchange Release R10 to help organizations streamline the complexity of interactions with regulatory bodies. 

 

It enables organizations to efficiently maintain a repository of regulatory requests along with associated responses to ensure organizational readiness in meeting underlying compliance requirements through other linked assurance processes.

 

With the HCL Regulatory Interactions Management
app-pack, RSA Archer customers can:

 

  • Register regulatory interactions, identify internal respondents, and track responses to closure
  • Consolidate responses and track supporting evidence
  • Track approvals for external communication readiness
  • Trigger regulatory reviews, policy change requests, findings, associated actions and impacted risks and controls
  • Streamline interactions with regulatory bodies
  • Efficiently maintain a repository of requests and associated responses
  • Ensure organizational readiness in meeting underlying compliance requirements

 

 

ADDRESSING HCL CUSTOMER’S NEEDS

HCL Technologies recently worked with a U.S.-based multinational finance and insurance corporation to assess their needs for responses to regulatory requests and an effective mechanism for collaboration with internal stakeholders. With a global presence in more than 75 countries and jurisdictions, the customer needed to address many complex regulatory challenges, including:

 

  • Managing interactions with a diverse set of regulators for various counties and jurisdictions
  • No central system and/or repository for these interactions and communications
  • Significant human effort required to manage and respond to interactions with regulators
  • Lack of understanding of the organizational impact of regulator interactions on policies, business processes, and product or services


HCL carried out a detailed analysis on the customer environment, including current processes for regulatory interactions and use of regulatory change management functionality within their RSA Archer implementation. Post review, HCL created a solution blueprint by proposing an on-demand application (ODA) built on top of the customer’s existing RSA Archer instance.
Based on this solution blueprint, HCL developed the HCL Regulatory Interactions Management app-pack to help streamline the process of managing the customer’s interactions with regulatory bodies.

 

HCL did a phased rollout of the app-pack to all business units and locations for the customer. In doing so, the HCL Regulatory Interactions Management app-pack enabled the customer to:

 

  • Streamline the process of managing interactions with regulatory bodies
  • Enable faster response to regulatory communications
  • Reduce efforts to manage regulatory interactions by 30%
  • Efficiently maintain a repository of requests and associated responses
  • Ensure organizational readiness for meeting underlying compliance requirements
  • Create a comprehensive repository of global interactions and communications to share knowledge with different business functions and locations

 

Interested in learning more about the HCL Regulatory Interactions Management app-pack? Register and join us for a Free Friday Tech Huddle on Friday, January 31, for a live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at www.rsa.com.

 

About the author(s):

Deepak Arora
Senior Manager – HCL Technologies

Deepak is a seasoned GRC professional with industry experience of over ten years across different industry verticals including Financial Services, Telecommunications, Manufacturing and Retail. He is responsible for providing GRC technology advisory, blueprinting, and implementation services at HCL spanning across areas like Enterprise & Operational Risk, IT Compliance, Internal Audit, Business Continuity and Information Security and has been associated in driving various GRC Transformation programs for many esteemed organizations in the United States and Europe.

 

Gloria Higley

Product Manager - RSA 

Gloria is a Product Manager focused on providing useful and relevant product offerings for customers and partners with the RSA Exchange for RSA Archer. Offered online through RSA Link, the RSA Exchange provides access to pre-built App-Packs, RSA Ready-certified Integrations, and Tools & Utilities that complement and enhance out-of-the-box capabilities of RSA Archer use cases. 

Filter Blog

By date: By tag: