Panaseer integration with RSA Archer helps automate Integrated Risk Management

August 21, 2020

Charaka Goonatilake

Gloria Higley

We are pleased to announce a new, purpose-built integration of Panaseer with RSA Archer Suite.

Panaseer has integrated its Continuous Controls Monitoring (CCM) platform with RSA Archer’s Integrated Risk Management (IRM) platform to provide automated continuous controls and risk monitoring and assurance. This integration is designed to give security teams complete and accurate visibility of assets, controls gaps and risks, both on-premises and in the cloud.

 

Need of the hour

Traditionally, IRM practices have relied on manual, human-driven approaches to self-assess and assure that controls are deployed and implemented correctly. To assure complete control coverage and effectiveness across all asset types such as devices, applications, people, accounts and databases, enterprises require very large teams at considerable expense. Alternatively, they’re only able to test a sample of controls and assets, on an infrequent basis, with the budget available. The veracity of the results of this process is questionable because humans are prone to error. As the assessment process is manual and costly, it can’t be conducted frequently, leading to out-of-date and inaccurate results.

Risk and compliance teams are also seeing an increase in the number of regulatory requests and the complexity of these requests, as more privacy and security laws go into effect globally. For example, in the banking sector, Singapore’s Notice 655 “Requirements for Cyber Hygiene for Banks” requires banks to ensure that a malware protection solution is installed and functioning on every device all the time. The GRC teams in turn rely on security teams to provide relevant security metrics to inform their security and risk posture assessment for IRM. This places significant load on security teams to do data science, rather than securing their business. In fact, a recent Panaseer commissioned survey found that security teams spend more than 36% of their time on reporting, which includes extracting, moving, cleaning and merging data, as well as making, formatting and presenting calculations.

 

How can CCM and IRM help?

With the new Panaseer integration with RSA Archer, IRM practices that require data to be collected and analysed can be automated with near real-time insights that are easily scalable. Cost of risk management and the associated data collection and analysis is also reduced significantly.

Panaseer’s CCM Platform integration with RSA Archer enables organisations to:

  • Reduce costs through automation as large teams doing manual assessments are no longer required
  • Improve accuracy with data as assessments are based on facts versus subjective opinions
  • Perform complete assessments (instead of sampling assessments) as testing of every control instance is available automatically, without the need for a large team
  • View continuous assessments with a consistently up-to-date view of control deployments

NIST metrics dashboard in Panaseer

NIST metrics displayed in RSA Archer

NIST-aligned control assurance metrics automatically calculated in Panaseer and exported as Metric Results in RSA Archer.

 

How does it work?

CCM sits above existing security tooling, ensuring that all controls are fully operational, and all assets are protected. It automatically and continuously consumes data from sources across security, IT and business domains. By unifying disparate data, it can identify previously unknown or unmanaged assets, control coverage gaps and control compliance failures. It then substantiates that insight through automated reports. These can be segmented by market, business process, business unit or service line and mapped to your goals and structure, providing business context for security metrics. Business Risk Perspectives (BRP), an element of Panaseer’s CCM platform, provides a continuous view of the risks associated with the most mission-critical business processes.

Complete asset inventories (including devices, applications, people, accounts and databases), control coverage gaps (control deployment and performance insights), business context for risk prioritisation from Panaseer’s CCM platform are all fed into RSA Archer for continuous controls and risk assessment.

Interested in learning more about the Panaseer Continuous Controls Monitoring integration with RSA Archer? 

If you are not a RSA customer but you are interested in learning more, you can find more information on RSA Archer’s website.

If you have any questions or feedback, use our contact page to get in touch.