ePlat4m Security GRC

2017

Integration with RedCheck

On March 23, 2017 the KIT company announced integration of ePlat4m Security GRC with RedCheck technology of AltexSoft company.

Within the project the module of the automated data collection from RedCheck used in geographically distributed IT infrastructure is created. This module displays summary information on results of checks.

The module provides:

• Display on the map of objects of an organization structure to which the nodes checked by RedCheck belong that allows to gain a fast evident impression about distribution of the checked objects of the geographically distributed organization. Function provides access to the list of the vulnerabilities found on nodes and updates of different degree of criticality and also to the description of the interesting vulnerability (updating).
• Viewing and unloading of summary information on the found vulnerabilities and updates in the form of tables and diagrams with different extent of detailing:
  • on all copies of RedCheck in general;
  • on separately selected copy;
  • on group of the nodes controlled by the selected copy.

This function allows to receive quickly statistics about degree of vulnerability of the protected resource (group of resources) that allows to define the objects priority for acceptance of protective measures.

• Viewing and unloading of results of inventory of nodes for operational formation of an overall picture and a status of the protected resources that provides timely acceptance of protective measures.
• The functions of the administrator of the module allowing to perform setup of the user functions of the module taking into account specifics of the specific organization:
  • the choice of software, the reporting under which interests users;
  • the choice of software which is prohibited to installation (nodes with such software will be noted in inventory reports).

The module ePlat4m providing interaction with RedCheck can be implemented into the organizations, the security of RedCheck having geographically distributed IT infrastructure and applying means of the analysis for solving of tasks of detection of vulnerabilities on controlled network points.

The automated collecting and systematization of data from external information security tools (VM SIEM DLP , etc.) by use of the built-in mechanism of adapters is one of important systems capabilities of ePlat4m Security GRC. The module developed on the ePlat4m Security GRC platform using the present possibility allows to aggregate and systematize within a corporate system of management of cybersecurity (SUIB) data from means of the analysis of security of RedCheck in that type in what it is required to the guide of the organizations for decision making for management processes of cybersecurity. We are sure that this integration solution will be demanded in the market and will allow customers to increase efficiency of the processes of management of vulnerabilities implemented at them. Alexey Lipatov, development director of developer company of ePlat4m

Embedding of our product RedCheck in complex an information and analytical system, such as ePlat4m Security GRC, brings process of the analysis of security of the distributed automated and information systems to the new level which is caused by its "seamless" integration into the general management process of cybersecurity. We welcome and we are proud of such joint projects. There is a wish to select the organization of works and qualification of developer company of ePlat4m which performed works on embedding of RedCheck in very short time. Sergey Uzdemir, deputy CEO for information technologies of AltexSoft company

ePlat4m Security GRC

For March 23, 2017 ePlat4m Security GRC is a software technology of category SUIB.

ePlat4m Security GRC is intended for:

• Automation of organization activity on cybersecurity according to legislative and business requirements and with the concept of GRC
• Organizations of joint work of different categories of users:
  • the top management,
  • divisions of IT,
  • divisions of cybersecurity,
  • employees of the organization

• The centralized information storage concerning cybersecurity
• The automated collecting and systematization of data from external information systems and information security tools
• Information representations in graphic, tabular, other style

Architecture of software, (2016)

Components

Management subsystem data

The management subsystem is intended by data for determination of data structures (structure and types of fields) and interrelations between them and also managements of the ePlat4m Security GRC components within one applied module.

Management subsystem visual interface

The management subsystem the visual interface performs functions of development and setup of visualization tools (work areas, panels, forms, reports, charts, cards and so forth) and also functions of work with them within ready applied modules.

Management subsystem processes

The management subsystem is intended by processes for determination of expanded logic of work within the separate applied module and an applied system in general. Means of the description of working and computation processes, means of the description of status model, means of determination of an event model for applications and forms and also runtime environment of processes are a part of a subsystem.

Integration subsystem

The subsystem of integration is intended for interaction of the applied system which is executed on ePlat4m Security GRC with external information systems, in course of execution of business processes.

Management subsystem access

The management subsystem access contains feature set of authentication and authorization of users, including maintaining own database of users or use of an external system of authentication, maintaining a role model, appointment to users of roles, agrees the job responsibilities executed by them, access isolation and a configuration for users of their working space within the applied system executed on ePlat4m Security GRC.

Administration and monitoring

The components intended for accomplishment of functions of setup, monitoring and control of work of the platform and also distribution of ready modules enter into structure of a subsystem of administration and monitoring.

Components of monitoring and control are intended for fixation of the events which are taking place in a system, in specialized magazines with a possibility of the subsequent report generation.

Components of distribution of ready modules are intended for export and import of components and these applied modules.

Properties of the platform

• storage, processing and extraction of the data arising at process automation of SUIB of the organization as a result of operation of the modules ePlat4m Security GRC;
• input and editing information by employees of division of cybersecurity of the organization using the specialized user interfaces developed for each of modules;
• accomplishment of automatic operations over the modules given according to logic of their processing;
• providing consolidated statements about a status and efficiency of protective measures for the management of the organization and division of cybersecurity in the form of dashboards and printing reports of the set form;
• integration into other technical means of data protection of SUIB of the organization, for the purpose of automatic data acquisition about a status of cybersecurity, modules, necessary for work;
• ensuring differentiation and access control to information of modules due to application of role and status models;
• task management of division of cybersecurity;
• sending notifications by e-mail.

Specific Features

For the management

• Cost optimization on providing Information Security of the organization due to implementation of risk-oriented approach
• Risk reduction, connected with regulating authorities in the field of cybersecurity: FSTEC of Russia, FSB of Russia due to complete and effective accounting and control of observance of different regulatory requirements on cybersecurity
• Providing aggregated analytical data on cybersecurity of the organization in the clear and evident type allowing to exercise effective control behind activity of cybersecurity and IT divisions and also to reduce time necessary for decision-making
• Cutting of costs for operation of the cybersecurity system of the organization due to process automation of management of cybersecurity

For division of cybersecurity

• Creation and/or development of the Situational command center of cybersecurity (SOC) allowing including to obtain analytical information for acceptance by the management of cybersecurity of division of the justified management decisions
• Increase in efficiency of SUIB of the organization due to achievement of coordination of actions of all participants of processes
• Providing the structured information about data assets, IT infrastructure of the organization and level of its security
• Increase in level of compliance to requirements for cybersecurity due to acceptance of the timely adjusting and warning actions for improvement of SUIB of the organization based on carrying out internal audit for cybersecurity, processings of incidents of cybersecurity, etc.
• Justification of operating costs and development of SUIB of the organization

For division of IT

• Increase in efficiency of response to cybersecurity incidents taking into account criticality of data assets
• Integration of event management systems of cybersecurity, vulnerability scanners and inventory of IT infrastructure
• Increase in controllability of the cybersecurity system of the organization due to operational identification of deviations in processes of ensuring IT security
• Simplification of fulfillment of requirements ITIL, COBIT regarding IT security