Security Posture Management Enters the Cloud


Published on

When eGestalt of Santa Clara, CA, announced in November they were launching a cloud-based security and compliance solution, it set the stage to change the way enterprise businesses could cope with complex compliance and security issues.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Security Posture Management Enters the Cloud

  1. 1. Security Posture Management Enters the CloudSANTA CLARA, Calif., December 12, 2012 - When eGestalt of Santa Clara, CA, announced in November they werelaunching a cloud-based security and compliance solution, it set the stage to change the way enterprise businessescould cope with complex compliance and security issues.The solution, powered by Rapid7 scanning technology, was to deliver a "pure" cloud-based IT security monitoringand compliance management product that worked in real time without requiring any hardware, "a first of its kindsolution," say the vendors.Called Aegify, the technology delivers Security Posture Management (SPM), which first measures the securitystatus of all assets within a network, then delivers a report that can be used to remediate problems, strengthensecurity, and create and manage compliance policies. It leverages the compliance and security engine of eGestaltsSecureGRC (governance, risk management and compliance) product with Rapid7sNexpose vulnerabilitymanagement technology.Aegify uses a patent-pending expert systems technology from eGestalt to automatically map the securityvulnerabilities to compliance mandates, thereby automating the task of security posture management andcompliance management, which is manually done today. The tool can import data from other standardvulnerability scanners in the industry as well.The advantage of using a cloud-based solution to perform this type of sophisticated network diagnoses is a vastreduction in complexity and time, said Anupam Sahai, President of eGestalt."Currently, you do this with on-site hardware," Sahai explained. "You run a scan and get a report. Then the ITperson has to study it and perform the needed remediation. That takes time, and then once this is performed thenetwork settings change" and you can fall back out of compliance and into a weakened security state all overagain.With a cloud-based solution like Aegify, scanning and remediation can be run in perpetuity, and IT administratorscan "see results on the fly," said Sahai. The cloud solution does the work, and you get SPM and/or the complianceposture in real time, or you can schedule it."You dont need specialized IT resources to understand and interpret the results or have to deal with remediation,"Sahai explained.The combined solution from eGestalt and Rapid7 performs a massive amount of work, combining asset discoverywith vulnerability analysis and compliance mandates. This gives even the largest company an easy way to identifyexactly what they have operating in their network, check the level of their exposure to a potential threat, and
  2. 2. make any adjustments that have them falling out of compliance. It can identify 28,000 vulnerabilities and performover 85,000 checks across physical and virtual networks."Its a completely multi-tenant solution," said Sahai, who adds that the cloud-based approach and the integrationof the security, compliance, and scanning system in Aegify solves the cumbersome, time consuming and inefficientmethod of approaching the task with separate, siloed applications that dont communicate well with one another.Aegify will be marketed to the customer and partner bases of both eGestalt and Rapid7. Sheldon Malm, seniordirector of Strategic Partners and Alliances at Rapid7, said the alliance creates "a very complementary offering thatwill benefit our joint customers."On the compliance side, Aegify covers practically every industry that falls under compliance regulations. The cloudsolution can control and manage compliance across more than 400 regulations, from the commonly known onessuch as PCI, HIPAA/HITECH, SOX, FISMA, and GLBA, to compliance rules from other countries outside the U.S.An added advantage of Aegify being a cloud solution is that an IT reseller or consultant can manage it remotely forcustomers and present the reporting wrapped with upsell and cross-sell offerings. And Aegify can be white-labeledwith a resellers or consultants own branding, said Sahai.Public cloud services like Aegify are predicted to grow five times faster than traditional on-premise IT, at a growthrate of 19 percent through 2015, according to a study by MarketBridge. The reason for this growth is multi-faceted. The simplicity that cloud computing offers by moving the complexity away from the customer also meanscustomers no longer have to maintain upgrades or version enhancements. The capital expense of purchasingadditional server or storage capacity is also greatly reduced with a cloud-based service.Still, traditional legacy IT networks dominate the computing landscape, which is why Aegify is such an effectivesolution for reaching out to these networks and keeping them secure and in compliance. In a press release,Bryan Britz, a research director at Gartner, said a mixture of cloud solutions and traditional networks "willpermeate most organizations in the coming years."Sahai of eGestalt agrees and pointed out that a residual effect of Aegify is helping preserve the investment acompany has in its traditional IT network."Many customers claim they have no security or compliance issues," Sahai said, adding that this makes Aegifycommunity edition, a free tool downloadable from the web (, a conversation starter withcustomers - a conversation that can lead to the purchase of traditional network equipment, or more cloudservices."We are solving a number of problems by making networks cheaper, better, and more effective by delivering it tothe cloud," he said.
  3. 3. About eGestalt Technologies Inc.eGestalt ( is a world-class, innovation driven, leading provider of cloud-computing basedenterprise solutions for information security and IT-GRC management. eGestalt is headquartered in Santa Clara,CA, and has offices in the US, Asia-Pacific and Middle East. eGestalt SecureGRC was given a rating of 4.5 stars (outof a maximum 5) with 5 stars for Features, Support and Value for money by SC magazine in June 2012. In Feb. 2012eGestalt President Anupam Sahai was named a Channel Chief by Everything Channels CRN. eGestalt has beenranked in the Top 10 Vendors for Compliance Management and Data Access & Security by Hypatia Research, Q42011. eGestalt was nominated Breakthrough Technology Vendor at XChange Americas, Aug. 2010, and selected bySiliconIndia among the "Top 10 Security Companies to Watch." Its SecureGRC application was voted runner-up inthe Managed Services Category at XChange Tech Innovators, Nov. 2010. In Sept. 2011 it was selected by EverythingChannel as a 2011 CRN Emerging Technology Vendor as well as a 2011 Tech Innovator for Managed Services.Press Contact:Victor CruzPrincipal, MediaPR.netFor eGestalt