As IT and Information Security audits are becoming the new norm, now more than ever before organizations are scrambling to stay compliant. In response to that growing need, Cavirin's
Automated Risk Assessment Platform (ARAP) helps companies pass their PCI audits and protect themselves from a catastrophic security breach, as well as avoid the financial penalty costs associated with a failure to pass their audit.
Nobody wants to fail an audit. ARAP can help prepare businesses with an automated easy-to-read report with a pass or fail grade, making it simple to identify gaps that could lead to a breach, and do it in a cost-effective way, said Cavirin CEO JD Sherry. The 7.6 release of our platform touts impressive upgrades, such as an improved dashboard now featuring heat maps and trend lines for a complete visibility of cloud and on-premises environments. Staying compliant AND secure just got a whole lot easier and affordable, Sherry added.
Cavirin?s innovative platform manages the day-to-day challenges of implementing security best practices and assessing operational risk against the major compliance frameworks out there such as PCI, CIS, HIPAA, ISO, NIST, DISA, and more.
As a testament to its unique approach, ARAP just became the first platform to earn an Adaptive Compliance PCI Continuous Compliance Certification. The certification serves as a standardized evaluation of PCI audit tools. Continuous compliance is becoming a requirement for a lot of organizations. Now more than ever, there is a growing need and focus on tools that can help with that. For each tool, we measure effectiveness and comprehensiveness in meeting the requirements of the PCI DSS 3.1 framework, said James Spence, Quality Security Assessor (QSA), Adaptive Compliance. Tools which earn this certification are proven to confirm that deployed systems match documented configuration standards and defined policies. In addition, it generates reports which are useful
and acceptable to the assessed entity and the PCI auditor, added Spence.
The certification evaluates tools for the following qualities:
Ensures a secure environment with PCI compliance as a byproduct of security
Verifies compliance continuously for card data environment systems
Compatible with private clouds, public clouds and hybrid combinations of both
Generates reports that helps validate that deployed systems reflect the approved configuration standards, including:
All running services, ports and protocols are expected and business justified
Local user accounts are authorized
PCI required settings, eg., NAT, logging, FIM, AV, are implemented
Patching is current and security patches are applied
Exceptions are documented for approval by the QSA
Generates reports acceptable to a QSA as proof of compliance
Handles a large card data environment without requiring significant technical resources from IT teams.
As PCI assessors, we have found that one of the top challenges for organizations and the assessing QSA is accurately evaluating baseline configuration standards against the actual configurations. Comparison of the base builds against actual configurations is not just challenging, it is time consuming and often impacts utilization of technical staff, pulling them from production roles to compliance, commented Spencer.
Cavirin?s ARAP continuously scans the entire infrastructure and allows security and compliance managers to select and define policy, so each build's actual configuration is compared against the defined policy. The compliance manager can generate reports that are validated configuration standards for each deployed system.
Achieving this certification validates what we believe and know for a fact ARAP is the right tool to identify a gap and solve the audit challenges that fast-growing companies are facing today, commented Sherry. We are absolutely thrilled to be the first company to get this nod from the industry.?
For more information about Adaptive Compliance, visit: http://adaptivecompliance.com
For more information about Cavirin, visit: https://www.cavirin.com
To schedule a quick demo of ARAP, contact Cavirin at: https://www.cavirin.com/support/test-drive.html
To test drive Cavirin in your environment, visit: https://www.cavirin.com/support/test-drive.html
About Adaptive Compliance
Adaptive Compliance is a partnership of information security consultants
working to develop information security methodologies for continuous
compliance. The partnership is focused on showing its clients how
creating secure systems can and should produce compliance as a byproduct
without running into the trap of a compliance ?silo?, where
organizations fetch check-box templates from each year to meet Payment
Card Industry (PCI) or other compliance obligations. Adaptive Compliance
identifies the tools and creates the process that results in continuous
compliance. For more information, visit http://adaptivecompliance.com.
Cavirin engineers security and compliance solutions to protect the
elastic enterprise against destructive cyber threats. Headquartered in
Santa Clara, Calif., Cavirin technology provides comprehensive
protection in both the datacenter and across multiple cloud instances
and accounts. Global enterprise and Software-as-a-Service (SaaS) leaders
depend on Cavirin to mitigate dangerous breaches that damage brand
integrity and shareholder value. For more information, visit www.cavirin.com and
follow @Cavirin on Twitter