Saylor Frase, CEONetwork security compliance is a major challenge for organizations worldwide. Visibility, support, and management of remote locations are critical not only for network operations, but also for compliance with federal and industry regulations. Most organizations offering compliance solutions are focused on helping organizations pass an audit by going through a list of GRC controls. “These organizations focus less on actual security controls and more on the minimum requirement to “check the box”,” expresses Saylor Frase, CEO of Nuspire Networks. Nuspire Networks adopts the philosophy of “security, not just compliance.” “Our approach to compliance is to secure the network, put the right people and processes in place, and document accordingly. That is effective in mitigating cyber risk,” states Frase.
Security Analytics Research, threat intelligence, and vulnerability management is at the core of the Nuspire solution offering, since an unknown vulnerability becomes a trending exploit within minutes. Most of the compliance solutions cover consulting audits and assessments, but rarely get into the actual work to remediate problems and build a strong security posture. Going beyond an audit service, Nuspire’s approach to compliance comprises of six phases—training, discovery, assessment, remediation, verification, and completion.
The core deliverable to Nuspire customers is the service level commitment—a guarantee around network technology, monitoring, and response activities that promotes a secure and compliant network. To achieve this goal, each client is provided with a project manager to ensure proper solution set up and rollout to meet these service level agreements. The result is a secure network, along with processes and documentation that can be shown to help organizations aid in governance, risk, and compliance efforts.
The firm also offers highly customizable solutions for managing client’s security postures or providing controls for compliance concerns such as GLBA, HIPAA, SOX, and PCI. In one instance, Nuspire partnered with a global healthcare organization to help their franchises become PCI compliant. The challenge for this organization was to implement security solutions to organizations they did not own, but still wore the name of the enterprise.
Our approach to compliance is to secure network, put the right people and processes in place, and document accordingly
To help the company achieve this goal, Nuspire started a customized program designed for franchisee education, and customized network security solutions with service level agreements tailored for PCI compliance, specific to their organization.
One thing all compliance mandates have in common is making sure an organization has visibility into their network. The firm’s proprietary and award winning Security Information Event Management (SIEM) technology with industry leading Cyber Threat intelligence and network security experts are built with the specific goal to provide organizations with visibility into their network. This blend of technology and human analytics enables organizations to not only achieve compliance, but a securely managed network capable of responding to threats in real-time. “A Managed Security Solution in place, based on a service level agreement and strong cloud-based technologies with human analytics is key and the right approach now and in the future,” states Frase.
According to Frase, cyber security is an ongoing “constant war of attrition.” The future of compliance will need to evolve from “check the box” requirements, into more encompassing solutions, in order to keep up with a growing sophisticated threat landscape. Forging ahead, the firm aims to include artificial intelligence, machine learning and heuristics capabilities into SIEM systems. “Our proprietary nuSIEM is a fault-tolerant execution engine that can successfully weed out false positives and allow for advanced human analytics by security teams to be much more efficient and successful in identifying and remediating threats,” concludes Frase.