This website requires Javascript for some parts to function propertly. Your experience may vary.

Panaseer: Taking a proactive approach to cybersecurity | Cisco Investments

We use cookies to improve your site experience and deliver personalized content. By continuing to use this site, you consent to our use of cookies.

Security and Security Services

Panaseer: Taking a proactive approach to cybersecurity

Cisco Investments Team

Last year saw a marked change in the way organisations approach cybersecurity. A steady stream of breaches in the news has meant that Board members are keen to understand how well their organisations are protected. Rather than reacting to a breach or an attack, organisations want to be in control and confident of their security posture at all times.

The Board is looking to the Chief Information Security Officer (CISO), Chief Risk Officer (CRO) or Chief Information Officer (CIO) to ensure that existing cybersecurity practices evolve from a reactive to a proactive approach.

The work required to make this change is extensive; revisiting the security strategy, realigning security best practices with security frameworks, updating compliance items and security policies, investing in new security tools and controls – the list goes on.

The focus needs to be placed on the ‘prepare and protect’ approach with streamlined security processes in place. Security projects that mitigate risks are identified and prioritised.

Once priority projects have begun, frontline defences such as firewalls for the hardware assets plus threat intelligence and network monitoring tools are scrutinised and updated as malware defences are strengthened.

Generally, these efforts mean an organisation is heading in the right direction, however the journey to proactive cybersecurity isn’t always straightforward. Common obstacles include:

  • A myriad of tools and data from a heterogenous environment comprising of on-premise, cloud and externally hosted devices and applications, endpoints that are fixed and mobile and obscure the true state of an organisation’s cybersecurity posture.

  • Gaps in CMDB and control coverage mean that organisations will continue to lack visibility, not knowing what assets they have and what protection is required.

  • Inability to identify and report on the right metrics – this is a major concern especially when the Board requests a progress update from the CISO/CRO/CIO on security projects which are supposed to make the organisation more proactive.

Panaseer’s Continuous Controls Monitoring (CCM) platform enables businesses to take a proactive approach to cybersecurity by providing greater visibility into security posture, whilst paving the way for risk transparency by unlocking the full potential of an organisation’s existing security tools. Readily available access to business relevant security metrics also means seamless reporting to the Board and regulators.

Modules of the Panaseer Platform:

Data Connectors
The Panaseer Platform’s off-the-shelf Data Connectors ingest, transform and normalise data from existing software/tools pertaining to three critical functional units in an organisation: IT, security and business. Once the Data Connectors are deployed the process of ingestion, transformation and normalisation are completely automated.

Smart Inventory
The normalised data is then utilised by the Panaseer Platform to build a comprehensive list of assets held in an organisation called Smart Inventory. This is updated continuously and automatically. It enables an organisation to gain insight into existing gaps in their CMDB and uncovers the crucial information needed to address the gaps. More importantly, the Panaseer Platform paves the way for organisations to get complete visibility into their security coverage by automatically comparing devices shown as scanned in an existing security tool with the Smart Inventory, and highlighting gaps in coverage. With the Panaseer Platform organisations can proactively improve their security posture.

Dashboards
Seamless reporting aligned to security metrics is made possible with Panaseer Platform’s Dashboards. The CISO/CRO/CIO can easily demonstrate the success of security investments and projects to the Board and show audit-readiness by taking full advantage of Dashboards for reporting.

Panaseer Platform – Use Cases

Panaseer’s customers have seen rapid improvement in their security posture after using the Panaseer Platform. Some of the most common use cases include:

  • Improved CMDB quality: Increase data quality in CMDB by providing insight into gaps in CMDB and crucial information needed to address these gaps.

  • Increased visibility into security tool coverage: Automatically show control gaps for tools used for vulnerability management, application security, malware defences organised by business unit, region and technology platform.

  • Visibility into new security tool deployment: Identify assets that are covered by the new security tool and expose gaps during deployment.

  • Phishing and Security Awareness training: Track devices/users who are doing poorly in phishing and security awareness training.

Learn more about Panaseer's theatre session at the Cisco Investments Village: What's it called? Case Study – Continuous Controls Monitoring – why the CISO logs in to Panaseer every morning Who's Speaking? Nik Whitfield, CEO of Panaseer What's it about? Hear how the CISO at a global financial institution went from being under pressure from the Board to quickly demonstrating confidence and control over cyber security risk. He was new in role and under growing scrutiny; the Board required real insight about their cyber security posture. You will learn how this CISO used the Panaseer Platform to establish a ground truth by quickly integrating 14 security technologies to identify control gaps and construct a trusted view of IT and security. When's it happening? Times below - Tuesday, January 29th: 15:30 - 15:50 Wednesday, January 30th: 12:00 - 12:20 Thursday, January 31st 10:30 - 10:50

To find out more visit www.panaseer.com and begin your journey to proactive cybersecurity.