Compliance Combines with Vulnerability Scanning to Create Aegify


Published on

Two security firms, the established Rapid7 vulnerability manager and eGestalt, a cloud-based compliance management provider, have signed an OEM deal that will do something for the IT security industry that hasn't been done before: a combination security and compliance posture management offering called Aegify SPM.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Compliance Combines with Vulnerability Scanning to Create Aegify

  1. 1. Compliance Combines with Vulnerability Scanning to Create AegifySANTA CLARA, Calif., December 11, 2012 - Two security firms, the established Rapid7 vulnerability manager andeGestalt, a cloud-based compliance management provider, have signed an OEM deal that will do something for theIT security industry that hasnt been done before: a combination security and compliance posture managementoffering called Aegify SPM.The SPM stands for Security Posture Management, and eGestalt of Santa Clara defines SPM as "the art andscience of monitoring and managing business security status by orchestrating process, people, and technologicalresources to achieve security objectives."SPM is about identifying IT assets, evaluating their risks based on known vulnerabilities, then calculating theimpact of these threats. These threats are then mapped directly to a set of regulatory compliance frameworks,whether for PCI or HIPAA, where the final output can be used to initiate appropriate countermeasures, eventuallybringing the company into compliance.Inside the Aegify SPM power train is the Rapid7 Nexpose vulnerability technology. Nexpose has a long history with2,000 enterprises and government agencies using their wares. It must be doing something right. It can sniff out31,800 vulnerabilities and it conducts more than 92,000 vulnerability checks that compriseDiscovery, detection, verification, risk classification and mitigation. Impact analysis and reporting, like most ofthese security tools, are par for the course.Riding on top of Nexpose and serving as the interface and compliance imperative is eGestalts own SaaS softwarecalled SecureGRC, which as the name implies, does governance and risk management by applying a complianceimperative on 400 regulations such as PCI, HIPAA/HITECH, SOX, FISMA, and GLBA.The integration of these two programs has created a patent-pending system designed by eGestalt that canautomatically map security vulnerabilities to popular compliance mandates, thereby automating the task ofsecurity posture management and compliance management. The tool can import data from other scanners as well.A cool feature is how it provides a sequenced remediation roadmap with time estimates for each task.Who among us likes to deal with government regulatory pressure? Most companies do nothing but stand in themiddle of the shooting range and "hope it wont happen to me." They hope no auditor will come knocking. Itshould be pointed out that ignorance is no excuse.eGestalt President Anupam Sahai, who holds two masters degrees from MITs Sloan School, claims thecombination of Nexpose with his compliance driver eliminates manual work and is "10 to 20 times more cost-effective than any other competing solution." He thanks the beauty of SaaS for those kind of savings.
  2. 2. Going to the cloud with this "all hands on deck" threat management approach can be a smart way to isolatetrouble brewingacross physical and virtual networks, operating systems, databases and Web applications.Whatever peace of mind you get out of this will be high, knowing that the Feds cant disrupt your business withtheir eager probing.That alone is worth something.About eGestalt Technologies Inc.eGestalt ( is a world-class, innovation driven, leading provider of cloud-computing basedenterprise solutions for information security and IT-GRC management. eGestalt is headquartered in Santa Clara,CA, and has offices in the US, Asia-Pacific and Middle East. eGestalt SecureGRC was given a rating of 4.5 stars (outof a maximum 5) with 5 stars for Features, Support and Value for money by SC magazine in June 2012. In Feb. 2012eGestalt President Anupam Sahai was named a Channel Chief by Everything Channels CRN. eGestalt has beenranked in the Top 10 Vendors for Compliance Management and Data Access & Security by Hypatia Research, Q42011. eGestalt was nominated Breakthrough Technology Vendor at XChange Americas, Aug. 2010, and selected bySiliconIndia among the "Top 10 Security Companies to Watch." Its SecureGRC application was voted runner-up inthe Managed Services Category at XChange Tech Innovators, Nov. 2010. In Sept. 2011 it was selected by EverythingChannel as a 2011 CRN Emerging Technology Vendor as well as a 2011 Tech Innovator for Managed Services.Press Contact:Victor CruzPrincipal, MediaPR.netFor eGestalt