CNS specialist IT security and networking consultancy, today launches its COMPLIANCEngine managed service, addressing the increasing levels of IT compliance regulation across all industries with a managed service, which audits any network to assess its level of compliance.
Kevin Dowd, Director of Security Assessment & Founder of CNS, comments "The concept of the COMPLIANCEngine Service became obvious at CNS. After years of auditing to a full range of regulation and governance requirements, we needed a tool that would allow us to audit a network once and provide the information for many controls. So we built one and I am pleased to say it works".
The CNS COMPLIANCEngine works for any industry or in-house standard by automating compliance-specific functions such as build validation, log management (SIEM), vulnerability assessment, configuration and patch management. As a highly accredited consultancy, (PCI DSS (QSA), CESG CHECK & CLAS) CNS is then able to work with in-house IT teams to resolve the issues raised.
CNS has developed the services using its own scripting engine. It is completely customisable with customers' applications, systems, IT estate and risk management methodology.
Most recently, CNS has used the CompliancEngine with managed hosting provider NetBenefit, to ensure its continued compliance with the Payment Card Industry Data Security Standard (PCI DSS), a significant piece of regulation in the retail sector.
Gerry Lawrence, CTO at NetBenefit explains, "Like any regulation the requirements of PCI DSS compliance can be quite daunting. We wanted to be able to offer our customers a PCI DSS compliant solution that can scale with their requirements whether our customers are merchants using payment gateways or larger retailers who manage the payment process themselves". He continues, "CNS provides an easy to use tool which is supported by a fully managed service. The fact that there are people behind the technology proactively interpreting the outcomes means that we can be confident of providing the best service to our customers, 24x7.
As a managed service, the COMPLIANCEngine frees up time for the internal team by delivering the information needed by regulations such as PCI-DI-DSS, GPG-13 and others. Key features include:
- Threat Engine - automated and scheduled security scanning & vulnerability management.
- Patch Engine - automated & scheduled patch scanning & management.
- Validation Engine - automated and scheduled build checks against bespoke baseline templates.
- Configuration Engine - securely stored config backups with differential comparisons to identify changes.
- Log Engine - collates information from multiple devices and ensures logs are parsed, normalised, indexed and alerted in real time.
- Log Watch - combines one or more of the features above with the CNS Service Desk to analyse logs and respond to alerts.
- Service Watch - assistance with the analysis of the results and remedial work required, including preventative measures.
Results from these features are then presented on the COMPLIANCEngine portal for assessment by clients & CNS consultants.
In addition to NetBenefit, CNS has also used the CompliancEngine with a FTSE 100 finance house and a major public service body. The finance house uses it solve its scanning and build validation needs across diverse technologies and systems, enabling the company to manage compliance issues from one location and focus on the business rather than IT. The public body, struggling with budgets and maintaining staff levels, uses the COMPLIANCEngine to detect and monitor events in its infrastructure, as well as guarantee a response.