Security Control Area Summary
Rebasoft implements six key control areas based upon ISO27001 and NIST best practice, security frameworks. These areas are supported by security control families which are underpinned by many control points and a unique, real-time golden source of data.
From the network infrastructure, to every connected end-point, to every application accessed; Rebasoft can track it all. Working in harmony with other controls to help make them more effective.
Deployment is quick and easy, meaning that time to recoup the benefits is much shorter. Automation reduces errors and requires fewer staff to operate.
Identify the most critical risks quickly whilst applying the most cost-effective response in priority order. Rebasoft automatically gets live information from the network together with data from your other control systems to build a comprehensive picture of your security posture.
Enterprise class functionality with advanced segregation of duties and multi tenanted, flexible reporting enables information to be made available securely to multiple audiences.
The “C” suite can see summaries and Key Risk Indicators (KRIs) built from this live data, whilst subject matter experts can use the underlying detailed information to investigate and analyse issues.
- Can I be sure that my assets are connecting to the network via known/authorised switches?
- Can I be sure I’m seeing the full extent of my network and all devices connecting to it?
- Can I automatically remediate rogue systems?
- How do I find rogue WiFi access points?
- Can I be sure I’ve not missed anything connected to my network?
- If I find unknown/unauthorised how can I understand whether the most critical ones for me to investigate are?
- Can we identify critical systems and monitor them?
- I believe I’m secure, but how can I be sure that my 3rd Party supplier connections are secure?/li>
- Are there any gaps in our malware defences?
- How can I ensure all systems connected to the network are assessed for vulnerabilities?
- How can I protect critical systems when I cannot install anti-malware software?
- Is there a defence against zero-day attacks?
- Does Rebasoft charge on events received?
- How can I detect incidents that are not traditional log based messages?
- How can I track down a device affected by an incident?
- Can Rebasoft automatically remediate incidents it finds?
- Can I that we have the appropriate admin accounts controlled?
- Do we have all critical systems monitored for admin access?
- How can I easily see any mismatch in permissions and access?
Secure IT operations
- How do I ensure all remediation activity has been completed & is effective?
- How can I meet remediation SLAs with the limited resources I have?
- How can I ensure operational changes do not introduce further security problems?