LONDON and NEW YORK, Nov. 9, 2021 /PRNewswire/ -- Panaseer, an enterprise security company, today announces that it has partnered with the Center for Internet Security, Inc. (CIS®) to further the development of its Control Assessment Specification. The newly developed 'version two' of the Controls Assessment Specification, will provide guidance on the metrics a company should use to assess how well they are complying with 'version eight' of the CIS critical security controls.
CIS is a community-driven non-profit organisation that leads a global community of IT professionals to continuously evolve standards and provide products and services to proactively safeguard against emerging security threats. It has years of experience in advising organisations on which controls to prioritise and how to implement them. In 2019 CIS took their first steps into recommending what metrics organisations should measure to assess their compliance with CIS controls, releasing 'version one' of the Controls Assessment Specification.
Developing the de facto automation platform for security measurement has been a strategic priority for Panaseer since its inception in 2014. It pioneered the category of Continuous Controls Monitoring (CCM), which provides enterprises with a trusted, unified view of assets and controls across business lines, regions and technology platforms. By enabling organisations to measure the performance of their assets and controls in an automated, data-driven way, it paved the way for them to more easily assess themselves against the CIS controls framework, and in particular to leverage the measurement guidance provided via Controls Assessment Specification.
This new development partnership combines CIS's authoritative voice on controls best practice and Panaseer's expertise in security measurement. Panaseer is reflecting the Controls Assessment Specification 'version two' within its CCM platform. Moving forward, the organisations will work together to develop future versions of the Controls Assessment Specification that are tailored to automated measurement.
Example metrics and specifications from the Controls Assessment Specification 'version two' as translated into Panaseer's CCM platform, include:
- The percentage of devices from the inventory that are missing from the company's configuration management database (CMDB).
- The percentage of devices from the inventory that haven't been scanned by a patch manager in the last 30 days, but are in scope to be scanned.
- The percentage of employees that have received security awareness training in the last 12 months.
Leila Powell, Lead Data Scientist, Panaseer: 'We are thrilled to be selected as a development partner for CIS. Helping create measurement guidance, applicable to CCM, is a hugely important step in driving adoption of an automated, data-driven approach to measurement. Both Panaseer and CIS recognise that CCM is the future of good controls posture – to continually ensure against controls drift, improve accuracy, trust and repeatability of measurement and reduce the current reporting burden on security teams.'
Phyllis Lee, Senior Director, CIS Critical Security Controls: 'The author of a framework should be the authoritative source on how you measure success in that framework. You need to be continuously monitoring controls to make sure that your security metrics are within your set threshold and you're doing what you need to do to stay compliant. We look forward to further developing the Controls Assessment Specification for automated measurement in collaboration with Panaseer to meet this need.'
About Panaseer
Panaseer is the first Continuous Controls Monitoring (CCM) platform for enterprise security. CCM is solving one of the biggest challenges in cybersecurity today – control failure. Enterprises do not know if their security controls are providing full protection at any given moment in time. Panaseer's CCM platform uniquely correlates data from all security tools to identify and measure missing assets and control gaps so that organisations can optimise security controls, tools, processes, and personnel.
CCM has become a required capability for regulated enterprises. Gartner has included Panaseer as an inaugural vendor in two Hype Cycles for emerging technology. In 2020, in the Continuous Controls Monitoring category under Risk Management, and in 2021 in the Cyber Asset Attack Surface Management (CAASM) category under Network Security. Recently, Momentum Cyber included CCM in its Cybersecurity Almanac, as a next generation technology that will shape the future of cybersecurity, also including Panaseer as an inaugural vendor.
Panaseer's CCM platform was named as the 'Best Regulatory Compliance Tool and Solution' at the 2020 SC Awards Europe, and also received the Editor's Choice award from Cyber Defense Magazine for its 'Continuous Controls Monitoring platform.'
Panaseer clients include the world's largest institutions and enterprises. Total funding to date is $43 million and investors include: AllegisCyber Capital, National Grid Partners, Evolution Equity Partners, Notion, AlbionVC, Cisco Investments and Paladin Capital Group.
For more information visit: www.panaseer.com
About CIS
The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit, responsible for the CIS Critical Security Controls® and CIS Benchmarks™, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously refine these standards to proactively safeguard against emerging threats. Our CIS Hardened Images® provide secure, on-demand, scalable computing environments in the cloud. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the cybersecurity needs of U.S. elections offices. To learn more, visit CISecurity.org or follow us on Twitter: @CISecurity.
Share this article