C-Smart Security Compliance Tool

• What is it ?
C-Smart is an Innovative cloud security product that does almost ‘hands free’
monitoring and remediation of cloud security related threats and
vulnerabilities at the time of provisioning till the asset is retired from service.
• What does it do?
C-Smart tool is typically installed at the time of provisioning of VM or server
( Asset ) in an on premise or off premise ( public ) cloud environments based
on CISO defined security profile and ensures industry regulations such as PCI
DSS or STIGS or HIPAA are adhered to on a continued basis
• How does it do this?
C-Smart tool when installed and run through a job scheduler, continues to
monitor, detect, report and remediates vulnerabilities of your VMs or servers
without any human intervention whereby adopting to existing change policies
of the organization
C-Smart Security Compliance Tool
• What is needed?
C-Smart needs a CISO certified industry profile to be chosen and applied
to the assets ( VMs ) or servers
• Why is this needed?
Organizations have to comply to regulatory standards such as PCI DSS,
STIGS, FFIEC or HIPAA in order to successfully run their business
( Retail, Finance or Healthcare ) and C-Smart enables not only the service
provider but also the end user to confidently trust the application he is
using since it monitors and remediates ‘near term’ the vulnerabilities and
threats on a consistent basis
• What is needed from CISO?
To choose the optimum security profile available in C-Smart tool based on
the application’s compliance requirement be it PCI DSS or STIGS or
FFIEC or HIPAA
C-Smart Security Compliance Tool
• Who uses this?
Retail or Finance or Health care companies have a necessity to use such innovative
cloud security product so that they can be protected and save lots of money in
maintaining strong compliance posture without too much hassle
• How to implement this?
C-Smart is implemented at the time of provisioning of asset through CISO defined
profile and will be there till EOL of asset. DevOps team would use the scheduler to
have the C-Smart tool continuously monitor and remediate the application.
• Does it remediate online or offline?
DevOps team can run the scheduler so that the tool can be run both online and/or
offline based on the agreed change window. The scheduler will run against the
targeted assets on a periodic basis and then produce a report based on the observed
drifts ( if any ) against the CISO approved profile. The report would also suggest
remediation action which can be done during a change window.
C-Smart Security Compliance Tool
• When do you require this?
C-Smart tool is needed almost always to ensure that the assets are compliant
with industry security standards and audit ready. A lot of effort is required for
prepping up an organization for an external audit and C-Smart tool report can
help alleviate any security concerns
• Will there be any updates to tool?
Yes. There would be updates provided to the tool based on industry insights
and technology changes along with security exposure updates and its
remediation. This would be seamless to the end user and would not cause any
disruption.
• Is this product scalable?
Yes. The product is scalable and can be applied against all assets
simultaneously. The scheduler can be independently run against the assets for
checking compliance and the user would get consolidated report of all assets
C-Smart Security Compliance Tool
• Why C-Smart and why not another tool?
C-Smart is unique in the below aspects
1. Installed after CISO validates profile and not a system administrator
2. Remediates automatically based on the scheduler unlike traditional tools such as Alert
Logic or Carbon Black which only report
3. Cloud based security tool for both public and private that provides end to end protection
throughout an asset’s lifecycle
• Do we need to change profile?
Depending on Organization priorities, profiles may be modified or changed as per CISO’s
approval. The changes can be applied to only targeted assets
• What is the value add?
1. Reduces security compliance complexity drastically
2. 40 to 60% productivity achieved
3. Eliminates human error
4. Strong compliance posture demonstrated anytime
5. Audit report available anytime
6. Almost audit ready thus eliminating anxieties