Welcome!

Machine Learning Authors: Elizabeth White, Ed Featherston, Pat Romanski, Liz McMillan, Progress Blog

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Machine Learning , Agile Computing, Cloud Security

@CloudExpo: Article

Security Posture Management Enters the Cloud

A “pure” cloud-based IT security monitoring and compliance management product

When eGestalt of Santa Clara, CA, announced in November they were launching a cloud-based security and compliance solution, it set the stage to change the way enterprise businesses could cope with complex compliance and security issues.

The solution, powered by Rapid7 scanning technology, was to deliver a "pure" cloud-based IT security monitoring and compliance management product that worked in real time without requiring any hardware, "a first of its kind solution," say the vendors.

Called Aegify, the technology delivers Security Posture Management (SPM), which first measures the security status of all assets within a network, then delivers a report that can be used to remediate problems, strengthen security, and create and manage compliance policies. It leverages the compliance and security engine of eGestalt's SecureGRC (governance, risk management and compliance) product with Rapid7's Nexpose vulnerability management technology.

Aegify uses a patent-pending expert systems technology from eGestalt to automatically map the security vulnerabilities to compliance mandates, thereby automating the task of security posture management and compliance management, which is manually done today. The tool can import data from other standard vulnerability scanners in the industry as well.

The advantage of using a cloud-based solution to perform this type of sophisticated network diagnoses is a vast reduction in complexity and time, said Anupam Sahai, President of eGestalt.

"Currently, you do this with on-site hardware," Sahai explained. "You run a scan and get a report. Then the IT person has to study it and perform the needed remediation. That takes time, and then once this is performed the network settings change" and you can fall back out of compliance and into a weakened security state all over again.

With a cloud-based solution like Aegify, scanning and remediation can be run in perpetuity, and IT administrators can "see results on the fly," said Sahai. The cloud solution does the work, and you get SPM and/or the compliance posture in real time, or you can schedule it.

"You don't need specialized IT resources to understand and interpret the results or have to deal with remediation," Sahai explained.

The combined solution from eGestalt and Rapid7 performs a massive amount of work, combining asset discovery with vulnerability analysis and compliance mandates. This gives even the largest company an easy way to identify exactly what they have operating in their network, check the level of their exposure to a potential threat, and make any adjustments that have them falling out of compliance. It can identify 28,000 vulnerabilities and perform over 85,000 checks across physical and virtual networks.

"It's a completely multi-tenant solution," said Sahai, who adds that the cloud-based approach and the integration of the security, compliance, and scanning system in Aegify solves the cumbersome, time consuming and inefficient method of approaching the task with separate, siloed applications that don't communicate well with one another.

Aegify will be marketed to the customer and partner bases of both eGestalt and Rapid7. Sheldon Malm, senior director of Strategic Partners and Alliances at Rapid7, said the alliance creates "a very complementary offering that will benefit our joint customers."

On the compliance side, Aegify covers practically every industry that falls under compliance regulations. The cloud solution can control and manage compliance across more than 400 regulations, from the commonly known ones such as PCI, HIPAA/HITECH, SOX, FISMA, and GLBA, to compliance rules from other countries outside the U.S.

An added advantage of Aegify being a cloud solution is that an IT reseller or consultant can manage it remotely for customers and present the reporting wrapped with upsell and cross-sell offerings. And Aegify can be white-labeled with a reseller's or consultant's own branding, said Sahai.

Public cloud services like Aegify are predicted to grow five times faster than traditional on-premise IT, at a growth rate of 19 percent through 2015, according to a study by MarketBridge. The reason for this growth is multi-faceted. The simplicity that cloud computing offers by moving the complexity away from the customer also means customers no longer have to maintain upgrades or version enhancements. The capital expense of purchasing additional server or storage capacity is also greatly reduced with a cloud-based service.

Still, traditional legacy IT networks dominate the computing landscape, which is why Aegify is such an effective solution for reaching out to these networks and keeping them secure and in compliance. In a press release, Bryan Britz, a research director at Gartner, said a mixture of cloud solutions and traditional networks "will permeate most organizations in the coming years."

Sahai of eGestalt agrees and pointed out that a residual effect of Aegify is helping preserve the investment a company has in its traditional IT network.

"Many customers claim they have no security or compliance issues," Sahai said, adding that this makes Aegify community edition, a free tool downloadable from the web (www.egestalt.com), a conversation starter with customers - a conversation that can lead to the purchase of traditional network equipment, or more cloud services.

"We are solving a number of problems by making networks cheaper, better, and more effective by delivering it to the cloud," he said.

More Stories By Dan Neel

Dan Neel is an award-winning journalist who has covered technology trends and best practices for over 15 years working with leading technology publications like Infoworld, CRN, VARbusiness and Investment Management Weekly. He led the direction of technology channel content at United Business Media, and is the recipient of 9 industry awards, including Best News Story for 2000 from the American Society of Business Press Editors.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
Most of the time there is a lot of work involved to move to the cloud, and most of that isn't really related to AWS or Azure or Google Cloud. Before we talk about public cloud vendors and DevOps tools, there are usually several technical and non-technical challenges that are connected to it and that every company needs to solve to move to the cloud. In his session at 21st Cloud Expo, Stefano Bellasio, CEO and founder of Cloud Academy Inc., will discuss what the tools, disciplines, and cultural...
SYS-CON Events announced today that Fusic will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Fusic Co. provides mocks as virtual IoT devices. You can customize mocks, and get any amount of data at any time in your test. For more information, visit https://fusic.co.jp/english/.
SYS-CON Events announced today that Massive Networks, that helps your business operate seamlessly with fast, reliable, and secure internet and network solutions, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. As a premier telecommunications provider, Massive Networks is headquartered out of Louisville, Colorado. With years of experience under their belt, their team of...
21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Me...
SYS-CON Events announced today that Enroute Lab will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Enroute Lab is an industrial design, research and development company of unmanned robotic vehicle system. For more information, please visit http://elab.co.jp/.
SYS-CON Events announced today that MIRAI Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MIRAI Inc. are IT consultants from the public sector whose mission is to solve social issues by technology and innovation and to create a meaningful future for people.
IBM helps FinTechs and financial services companies build and monetize cognitive-enabled financial services apps quickly and at scale. Hosted on IBM Bluemix, IBM’s platform builds in customer insights, regulatory compliance analytics and security to help reduce development time and testing. In his session at 21st Cloud Expo, Lennart Frantzell, a Developer Advocate with IBM, will discuss how these tools simplify the time-consuming tasks of selection, mapping and data integration, allowing devel...
SYS-CON Events announced today that Mobile Create USA will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Mobile Create USA Inc. is an MVNO-based business model that uses portable communication devices and cellular-based infrastructure in the development, sales, operation and mobile communications systems incorporating GPS capabi...
Today traditional IT approaches leverage well-architected compute/networking domains to control what applications can access what data, and how. DevOps includes rapid application development/deployment leveraging concepts like containerization, third-party sourced applications and databases. Such applications need access to production data for its test and iteration cycles. Data Security? That sounds like a roadblock to DevOps vs. protecting the crown jewels to those in IT.
SYS-CON Events announced today that Interface Corporation will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Interface Corporation is a company developing, manufacturing and marketing high quality and wide variety of industrial computers and interface modules such as PCIs and PCI express. For more information, visit http://www.i...
SYS-CON Events announced today that Keisoku Research Consultant Co. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Keisoku Research Consultant, Co. offers research and consulting in a wide range of civil engineering-related fields from information construction to preservation of cultural properties. For more information, vi...
SYS-CON Events announced today that SIGMA Corporation will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. uLaser flow inspection device from the Japanese top share to Global Standard! Then, make the best use of data to flip to next page. For more information, visit http://www.sigma-k.co.jp/en/.
SYS-CON Events announced today that B2Cloud will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. B2Cloud specializes in IoT devices for preventive and predictive maintenance in any kind of equipment retrieving data like Energy consumption, working time, temperature, humidity, pressure, etc.
Agile has finally jumped the technology shark, expanding outside the software world. Enterprises are now increasingly adopting Agile practices across their organizations in order to successfully navigate the disruptive waters that threaten to drown them. In our quest for establishing change as a core competency in our organizations, this business-centric notion of Agile is an essential component of Agile Digital Transformation. In the years since the publication of the Agile Manifesto, the conn...
While some developers care passionately about how data centers and clouds are architected, for most, it is only the end result that matters. To the majority of companies, technology exists to solve a business problem, and only delivers value when it is solving that problem. 2017 brings the mainstream adoption of containers for production workloads. In his session at 21st Cloud Expo, Ben McCormack, VP of Operations at Evernote, will discuss how data centers of the future will be managed, how th...
SYS-CON Events announced today that NetApp has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. NetApp is the data authority for hybrid cloud. NetApp provides a full range of hybrid cloud data services that simplify management of applications and data across cloud and on-premises environments to accelerate digital transformation. Together with their partners, NetApp em...
SYS-CON Events announced today that Nihon Micron will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Nihon Micron Co., Ltd. strives for technological innovation to establish high-density, high-precision processing technology for providing printed circuit board and metal mount RFID tags used for communication devices. For more inf...
Why Federal cloud? What is in Federal Clouds and integrations? This session will identify the process and the FedRAMP initiative. But is it sufficient? What is the remedy for keeping abreast of cutting-edge technology? In his session at 21st Cloud Expo, Rasananda Behera will examine the proposed solutions: Private or public or hybrid cloud Responsible governing bodies How can we accomplish?
SYS-CON Events announced today that Cedexis will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Cedexis is the leader in data-driven enterprise global traffic management. Whether optimizing traffic through datacenters, clouds, CDNs, or any combination, Cedexis solutions drive quality and cost-effectiveness.
SYS-CON Events announced today that Suzuki Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Suzuki Inc. is a semiconductor-related business, including sales of consuming parts, parts repair, and maintenance for semiconductor manufacturing machines, etc. It is also a health care business providing experimental research for...