The document discusses a new cloud-based security and compliance solution called Aegify launched by eGestalt and Rapid7. Aegify delivers Security Posture Management by first measuring security of all assets, reporting problems, and enabling remediation and compliance policy management. Using a cloud-based approach provides advantages over traditional on-site hardware by offering continuous scanning and real-time results without needing IT expertise. Aegify covers over 400 regulations across industries and can be managed remotely by resellers. Cloud security solutions are predicted to grow faster than traditional IT due to reduced costs and complexity.
1. Security Posture Management Enters the Cloud
SANTA CLARA, Calif., December 12, 2012 - When eGestalt of Santa Clara, CA, announced in November they were
launching a cloud-based security and compliance solution, it set the stage to change the way enterprise businesses
could cope with complex compliance and security issues.
The solution, powered by Rapid7 scanning technology, was to deliver a "pure" cloud-based IT security monitoring
and compliance management product that worked in real time without requiring any hardware, "a first of its kind
solution," say the vendors.
Called Aegify, the technology delivers Security Posture Management (SPM), which first measures the security
status of all assets within a network, then delivers a report that can be used to remediate problems, strengthen
security, and create and manage compliance policies. It leverages the compliance and security engine of eGestalt's
SecureGRC (governance, risk management and compliance) product with Rapid7'sNexpose vulnerability
management technology.
Aegify uses a patent-pending expert systems technology from eGestalt to automatically map the security
vulnerabilities to compliance mandates, thereby automating the task of security posture management and
compliance management, which is manually done today. The tool can import data from other standard
vulnerability scanners in the industry as well.
The advantage of using a cloud-based solution to perform this type of sophisticated network diagnoses is a vast
reduction in complexity and time, said Anupam Sahai, President of eGestalt.
"Currently, you do this with on-site hardware," Sahai explained. "You run a scan and get a report. Then the IT
person has to study it and perform the needed remediation. That takes time, and then once this is performed the
network settings change" and you can fall back out of compliance and into a weakened security state all over
again.
With a cloud-based solution like Aegify, scanning and remediation can be run in perpetuity, and IT administrators
can "see results on the fly," said Sahai. The cloud solution does the work, and you get SPM and/or the compliance
posture in real time, or you can schedule it.
"You don't need specialized IT resources to understand and interpret the results or have to deal with remediation,"
Sahai explained.
The combined solution from eGestalt and Rapid7 performs a massive amount of work, combining asset discovery
with vulnerability analysis and compliance mandates. This gives even the largest company an easy way to identify
exactly what they have operating in their network, check the level of their exposure to a potential threat, and
2. make any adjustments that have them falling out of compliance. It can identify 28,000 vulnerabilities and perform
over 85,000 checks across physical and virtual networks.
"It's a completely multi-tenant solution," said Sahai, who adds that the cloud-based approach and the integration
of the security, compliance, and scanning system in Aegify solves the cumbersome, time consuming and inefficient
method of approaching the task with separate, siloed applications that don't communicate well with one another.
Aegify will be marketed to the customer and partner bases of both eGestalt and Rapid7. Sheldon Malm, senior
director of Strategic Partners and Alliances at Rapid7, said the alliance creates "a very complementary offering that
will benefit our joint customers."
On the compliance side, Aegify covers practically every industry that falls under compliance regulations. The cloud
solution can control and manage compliance across more than 400 regulations, from the commonly known ones
such as PCI, HIPAA/HITECH, SOX, FISMA, and GLBA, to compliance rules from other countries outside the U.S.
An added advantage of Aegify being a cloud solution is that an IT reseller or consultant can manage it remotely for
customers and present the reporting wrapped with upsell and cross-sell offerings. And Aegify can be white-labeled
with a reseller's or consultant's own branding, said Sahai.
Public cloud services like Aegify are predicted to grow five times faster than traditional on-premise IT, at a growth
rate of 19 percent through 2015, according to a study by MarketBridge. The reason for this growth is multi-
faceted. The simplicity that cloud computing offers by moving the complexity away from the customer also means
customers no longer have to maintain upgrades or version enhancements. The capital expense of purchasing
additional server or storage capacity is also greatly reduced with a cloud-based service.
Still, traditional legacy IT networks dominate the computing landscape, which is why Aegify is such an effective
solution for reaching out to these networks and keeping them secure and in compliance. In a press release,
Bryan Britz, a research director at Gartner, said a mixture of cloud solutions and traditional networks "will
permeate most organizations in the coming years."
Sahai of eGestalt agrees and pointed out that a residual effect of Aegify is helping preserve the investment a
company has in its traditional IT network.
"Many customers claim they have no security or compliance issues," Sahai said, adding that this makes Aegify
community edition, a free tool downloadable from the web (www.egestalt.com), a conversation starter with
customers - a conversation that can lead to the purchase of traditional network equipment, or more cloud
services.
"We are solving a number of problems by making networks cheaper, better, and more effective by delivering it to
the cloud," he said.
3. About eGestalt Technologies Inc.
eGestalt (www.egestalt.com) is a world-class, innovation driven, leading provider of cloud-computing based
enterprise solutions for information security and IT-GRC management. eGestalt is headquartered in Santa Clara,
CA, and has offices in the US, Asia-Pacific and Middle East. eGestalt SecureGRC was given a rating of 4.5 stars (out
of a maximum 5) with 5 stars for Features, Support and Value for money by SC magazine in June 2012. In Feb. 2012
eGestalt President Anupam Sahai was named a Channel Chief by Everything Channel's CRN. eGestalt has been
ranked in the Top 10 Vendors for Compliance Management and Data Access & Security by Hypatia Research, Q4
2011. eGestalt was nominated Breakthrough Technology Vendor at XChange Americas, Aug. 2010, and selected by
SiliconIndia among the "Top 10 Security Companies to Watch." Its SecureGRC application was voted runner-up in
the Managed Services Category at XChange Tech Innovators, Nov. 2010. In Sept. 2011 it was selected by Everything
Channel as a 2011 CRN Emerging Technology Vendor as well as a 2011 Tech Innovator for Managed Services.
Press Contact:
Victor Cruz
Principal, MediaPR.net
For eGestalt Technologies
vcruz@mediapr.net