June 05, 2013 | Palo Alto, California: In response to increasingly complex and dynamic IT security and threat environments, MetricStream has announced its enhanced IT GRC solution, which will empower organizations and employees with a broad range of new advanced tools and functionalities.
The enhanced solution facilitates enterprise-wide oversight of IT risks and threats, and provides powerful analytics to help organizations efficiently model threat scenarios and risks, and determine the most effective response. The solution also integrates content from sources such as NIST and CERT, as well as COBIT 5 and the Shared Assessments’ Standard Information Gathering (SIG) 2013 questionnaire and Agreed Upon Procedures (AUP) 2013, to help organizations build a truly word-class IT GRC program.
The increasing frequency and sophistication of cybersecurity attacks and data breaches have made it more critical than ever for organizations to proactively secure their IT environments, and effectively comply with regulations and standards such as PCI DSS, HIPAA, NERC, FISMA, and ISO 27001. In line with these requirements, MetricStream provides an integrated portfolio of solutions to streamline, integrate, and strengthen end-to-end IT GRC processes.
MetricStream IT GRC Solution now offers many new and enhanced features, including:
Sophisticated security and risk analytics based on Big Data architecture: The solution aggregates massive volumes of security and threat data from a wide variety of sources (e.g., social media, vulnerability scanners, threat advisories), using Big Data architecture based on Hadoop or MongoDB frameworks. It then maps this data to enterprise assets for comprehensive risk assessments and analysis. MetricStream’s cutting-edge predictive security and risk analytics engine leverages the statistical modeling and analysis tool, “R,” and filtering and correlation framework, MapReduce, to sort through these Big Data sets, and support threat scenario and risk modeling, enabling the management team to make strategic, data-driven decisions.
Real-time threat intelligence from social media and information security monitoring: MetricStream’s social media GRC engine utilizes advanced natural language processing capabilities to analyze social media conversations, facilitate risk evaluations, and trigger issue remediation workflows. The solution also monitors IT infrastructure performance, user activity, and sensitive data flows, enabling pattern anomalies to be detected, analyzed, and remediated early.
Enhanced monitoring of virtualized assets in the cloud: The solution’s enhanced and comprehensive monitoring capabilities enables improved security configuration assessments, continuous controls monitoring, risk management, and threat and vulnerability tracking assets across the vast and complex virtualized IT environment. In doing so, it helps organizations quickly detect new and emerging security risks, and maintain consistent compliance with external regulations and internal policy requirements.
Vendor risk management: The solution provides advanced capabilities to assess, identify, manage, and monitor vendor risks across both traditional and cloud based vendors. It also streamlines and standardizes vendor risk scoring and reporting, and provides an integrated vendor risk profile at the enterprise level which, in turn, helps management proactively identify those high-risk vendors which require additional resources and oversight.
New integrations with NIST, CERT, and support for SCAP standards: The MetricStream solution provides updates on new security threats and guidelines through its integration with automated feeds from NIST and CERT. It also provides support for NIST SCAP standards, vendor hardening guidelines, and security configuration baselines. Additional integrations with various third-party threat and vulnerability management tools, threat advisories, and cyber threat monitoring solutions help organizations gain complete visibility into their enterprise-wide IT risk and compliance posture.
Quarterly releases/ updates of IT GRC content: The MetricStream solution includes the latest release of the Unified Compliance Framework™ which simplifies IT compliance, and reduces resources and costs by standardizing a common set of controls across all regulations and policies. The solution also includes licenses to SIG 2013 and AUP 2103 from Shared Assessments, which provides the world’s most comprehensive standards for vendor risk evaluation. The SIG and AUP, which are based on multiple industry standards, enable objective and consistent evaluations of third-party IT risks and controls.
“Organizations today want a solution that can not only support and enable all IT GRC activities, but also scale across the enterprise, integrating security and threat data, and providing actionable intelligence to support decision-making,” said Vasant Balasubramanian, Vice President of Product Management at MetricStream. “MetricStream’s new and enhanced IT GRC solution provides the oversight, agility, speed, and flexibility to meet these requirements so that organizations can thrive amidst our increasingly complex and dynamic IT security and threat environments.”