Blog

Qmulos announced the new versions and general availability of its two flagship products, Q-Compliance V4.2.0 – an all-in-one solution for any enterprise, environment, framework, control, and datasource, and Q-Audit V3.4.0 – Qmulos’ Splunk-powered real-time audit software, an enterprise-grade tool designed to meet the most stringent audit requirements.

Qmulos is pleased to announce the general availability of Q-Compliance V4.2.0 and Q-Audit V3.4.0. These versions add capabilities to streamline the configuration of organizations and systems with complex shared responsibility models and other new features.

With billions of federal dollars flowing into state and local agencies, there has never been a better time to invest in a cybersecurity program.

With billions of federal dollars flowing into state and local agencies, there has never been a better time to invest in a cybersecurity program.

The Technology Modernization Fund (TMF) is an investment program that loans funding to federal agencies to address urgent IT modernization challenges.

Qmulos is pleased to announce the general availability of Q-Compliance V4.1.0! In this release, we’ve added a lot of exciting new features to support our core use case of continuously monitoring security controls.

The United States government recently published its National Cyber Strategy, a comprehensive plan aimed at improving the nation’s cybersecurity posture. The strategy outlines several key initiatives, including securing federal networks, strengthening critical infrastructure cybersecurity, and promoting cybersecurity as a national economic and security priority.

Qmulos is pleased to announce the general availability of Q-Audit V3.3.0! Key upgrades for this release include the ability to apply filters and reduce noise to better detect suspicious activity, generating a report of all the latest results on the ISSO Audit Review Dashboard, and customizable ISSO Audit Review dashboard…

As CMMC 2.0 becomes Federal law this spring, bringing increasing numbers of defense contracts within its scope, firms will begin to see their revenues directly impacted by their compliance posture – and that’s the point!

The new hires include Nick Jovanovic, Chief Revenue Officer; Theresa Feraren, Vice President of Marketing; and Russ Odom, Chief Financial Officer.

DoD Demands Diligence will show you how CMMC 2.0 will transform compliance techniques from a historical paper exercise to a real-time, agile cybersecurity system.

As a previous director of Federal Network Security (FNS) for the National Cyber Security Division of the Department of Homeland Security, I am highly sensitive to the great regulatory compliance struggle facing businesses and organizations. From NIST 800-171, NIST 800-53, ICS 500-27, SOX, HIPAA, FedRAMP, PCI DSS, and most recently,…

Qmulos is excited to have hosted a virtual thought leadership discussion, regarding CMMC 2.0, and how using the right technology stack can simplify and ensure security measures, and even assist in winning new business!

Data breaches happen to all companies. However, the demand for better executive accountability is on the rise as seen in the recent cases of Uber and Drizly. Regulators continue to get more serious about enforcing data protection rules, and the severity of penalties issued against enterprises who fail to secure…

Finally, automated, real-time macOS compliance management at enterprise scale Qmulos is proud to announce the release of Qmulos Apple Compliance to address the needs of the macOS Security Compliance Project. “The project uses a set of tested and validated controls for macOS, and maps these controls against any security guide…

Chantilly, Virginia – May 25, 2022 – Qmulos, a pioneering cybersecurity software and professional services firm driving the Converged Continuous Compliance™ revolution in enterprise security, compliance and risk management automation, today announced a strategic alliance with Arrow Electronics, a global provider of technology products, services, and solutions. In today’s cybersecurity…

2018 was pivotal year for me. My mom passed away in the early morning of May 14th that year. She was a strong and scrappy Visayan woman (you’ve got to be strong and scrappy to start life living in poverty in rural Leyte, move to the other side of the…

Mergers and other major changes in corporate governance carry inherent integration risk. As functions shift and staff transition, oversight and internal control capabilities are frequently impacted, creating openings to be exploited by nefarious actors including malicious insiders. The need for extra vigilance and increased attention to corporate security, including cyber,…

Qmulos is pleased to announce the general availability of Q-Compliance V3.8.0! Here are some of the key exciting upgrades for this release: More granular assessments and correlation against specific control requirements, e.g., objectives from NIST 800-53A or custom control sub-requirements Improved performance of analytics and visualizations for security controls Streamlined…

With v2.2, Q-Audit introduced Systems that allow admins to restrict the data visible to users through the use of Splunk roles. Beginning in v3.0, System managers can define system-specific Baseline and Watchlist applications and system-specific Privileged users. Consequently, the Admin Access and Escalation, User/Host Investigation, Real Time Monitoring, and Risk…

It'd be hard to miss the conflict between Russia and Ukraine, and the danger that individuals, companies, and European governments face, from land, air, and cyber attacks. So, we'll assume that you don't live under a rock. With the vast majority of Western national critical infrastructure assets under the control…

Operational Technology (OT) environments have increasingly come into scope of cyberattacks as continuing IT/OT convergence has eroded the boundary between these traditionally segregated domains. Despite the network convergence, the convergence of thinking and understanding of risk as an enterprise-wide issue that transcends organizational boundaries has not kept pace. You've heard…

In an effort to address growing concerns about the maturity of cybersecurity practices within the Federal Government, in May of 2021 the White House released Executive Order 14028 (EO), Improving the Nation’s Cybersecurity, outlining a set of measures designed to improve the security of Federal networks, assets, and supply chains,…

The Qmulos Dev Team has been hard at work adding great new features to Q-Audit. Some of the most recent additions include updates to system boundaries, multi-tenancy support, audit records and review processes, as well as some significant performance enhancements. So far, our customers are loving the changes, but read…

Qmulos is pleased to announce the general availability of Q-Compliance V3.7.0! Here are some of the key exciting features added for this release: • Dynamic tracking of the RMF process • Automated transfer of system data from rev. 4 to rev. 5 • Applying 800-53B (rev. 5) baselines • POA&M…

Falling victim to a ransomware attack is something you want to avoid. Trust me. It won’t be fun. If you didn’t already know, ransomware is a type of malicious cyberattack where cybercriminals encrypt an organization’s data and hold it for ransom to restore access. In some instances, attackers may also…

If your enterprise has mission critical systems with complex or classified data, you need a solution with full audit abilities. Effective operational security means 1) finding abnormal activities and attacks. And, 2) identifying misuse of information resources before threats occur.

Qmulos is pleased to announce the general availability of Q-Compliance V3.5.0 and Q-Audit V2.2.1 for Splunk Cloud. “We have seen an increased demand to leverage the capabilities of our cybersecurity auditing and compliance automation solutions by customers who don’t have the resources to manage their own Splunk infrastructure”, said Matt…

With the debut of the Cybersecurity Maturity Model Certification (CMMC), any organization engaging with the DoD must quickly become compliant. Not being compliant means that you can no longer operate in the DoD contracting space, no longer bid on defense contracts, and may lose existing contracts. It can feel overwhelming…

By monitoring Network Data Transfer Activity, we can gain insight into possible security threats that are exfiltrating data or maintaining a connection from an outside source to our internal network resources. Internal and external threats pose security threats to your sensitive data, and you should know beforehand or at the…

Qmulos is pleased to announce the general availability of Q-Compliance V3.6.0.  Some of the exciting new features that we’ve added in this latest release of Q-Compliance include: More robust compliance alerting and automation capabilities Improved control data coverage analytics Improved eMASS integration capabilities POA&M management enhancements Read on for more…

Washington, DC, March 16, 2021 Inc. magazine, on March 16th, revealed that Qmulos, with a Two-Year Revenue Growth of 199.67% Percent, is No. 133 on its second annual Inc. 5000 Regionals: D.C. Metro list, the most prestigious ranking of the fastest-growing Washington, D.C., area-based private companies. Born of the annual…

Qmulos is pleased to announce the general availability of the new Qmulos Compliance Content (QCC) application. QCC leverages the experiences of our professional services engineers from the field as well as the research of our in-house security and compliance experts to bring new and advanced compliance content and analytics to…

Qmulos is pleased to announce the general availability of Q-Compliance V3.5.0.  This latest release of Q-Compliance includes some important new features that will really streamline the activities of system owners, information system security officers (ISSOs), and information system security managers (ISSMs).  Some of the highlights include: Major enhancements to control…

As part of our Q-Compliance solution, Qmulos has the industry’s only custom input for Splunk that will parse and ingest the National Institute of Standards and Technology’s (NIST) Security Content Automation Protocol’s (SCAP) native XML formats for configuration compliance checks.  We support the Extensible Configuration Checklist Description Format (XCCDF), Asset…

A new year is right around the corner, and Qmulos is looking forward to it for so many reasons. This year was all about overcoming challenges, pushing through roadblocks, and forging ahead to make our team bigger, better, and stronger than ever! And next year, we get to build on…

Continuous Diagnostics and Mitigation, fondly referred to as CDM, is a familiar term for federal agency security teams and leadership. The original intent of the CDM Program was to help federal agencies improve their security posture, providing technical capabilities to minimize cybersecurity risk. In practice, however, the focus has shifted…

2020 was a year of change and adaptation. Within the cyber-compliance sphere alone, we have seen huge changes, such as the creation of CMMC, the Department of Defense’s new cybersecurity certification standard for awarding and maintaining contracts, as well as the recent, much anticipated release of NIST 800-53 Rev 5…

Month after month, security teams spend countless hours manually tagging individual systems to keep track of compliance, despite having a single source of truth for the system boundaries. I found myself asking why, while thinking their system data should tell its own story. While on a customer site, I implemented…

The Cybersecurity Maturity Model Certification (CMMC) came onto the IT security stage in September of 2020, introducing new standards of accountability and security. It was then updated to CMMC 2.0 in November 2021 to streamline the model, reduce assessment costs, and add more flexibility to help the hundreds of thousands…

Qmulos Named 2020 Global Services Partner of the Year, and 2020 Public Sector Professional Services Provider of the Year Washington DC – October 07, 2020 – Qmulos, “out with the old, in with the new,” today announced it has received the 2020 Global Services Partner of the Year, and the…

In part 6 of this series, we explore the Monitor step of the RMF is implemented using a data-driven approach.  The main objective of the Monitor step is to “maintain an ongoing situational awareness about the security and privacy posture of the information system and the organization in support of…

In part 5 of this series, we explore implementing the Authorize step of the Risk Management Framework using a data-driven approach. The main objective of the Authorize step is to “provide organizational accountability by requiring a senior management official to determine if the security and privacy risk (including supply chain…

In part 4 of this series, we explore the Risk Management Framework Assess step, using a data-driven approach.  The main objective of the Assess step is to “determine if the controls selected for implementation are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the…

In part 3 of this series, we investigate meeting the Risk Management Framework's Implement step, using a data-driven approach. The main objective of the Implement step is to “implement the controls in the security and privacy plans for the system and for the organization and to document in a baseline…

In part 2 of this series, we investigate implementing the Risk Management Framework's Select step, using a data-driven approach.  The main objective of the Select step is to, “select, tailor, and document the controls necessary to protect the information system and organization commensurate with risk to organizational operations and assets,…

In part 1 of this series, we look at how the Categorize step of the Risk Management Framework is implemented using a data-driven approach. The main objective of the Categorize step is “to inform organizational risk management processes and tasks by determining the adverse impact to organizational operations and assets,…

Qmulos will be publishing a six-part blog series on a data-driven approach to the Risk Management Framework (RMF) defined in “NIST Special Publication 800-37 Risk Management Framework for Information Systems and Organizations." Why use a data-driven RMF approach? A data-driven approach to RMF uses data automatically collected from your IT…

According to the FBI, there have been 72,295 violent bank robberies since 2005. However, in the same time period, there have been over 234 million sensitive record data breaches. Banks have been, and will continue to be the main target for financial crimes as they have the big bucks. But…

The Federal Risk and Authorization Management Program (FedRAMP) Overview FedRAMP applies to any cloud service or solution provider aiming to work with the U.S. federal government. In 2011, the National Institute of Standards and Technology (NIST), the General Services Administration (GSA), the Department of Defense (DOD), the Department of Homeland…

V3.3 Overview Maintaining compliant systems is an ongoing process requiring well-coordinated efforts from many stakeholders. The latest version of Q-Compliance, Q-Compliance V3.3, is aimed at simplifying compliance tasks and identifying problem areas requiring attention. With new customizable Compliance Notifications, getting ahead of upcoming and overdue compliance tasks across your systems,…

What is "The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) program?" NERC CIP is a set of operational standards for entities deemed critical to the bulk power system (BPS). BPS organizations includes reliability coordinators, balancing and interchange authorities, transmission and generation providers, owners, operators and users of…

The Health Insurance Portability and Accountability Act (HIPAA) went into effect as part of the Social Security Act of 1996. HIPAA was originally designed to protect health care coverage for individuals who lost or changed their jobs. But, growing with the times, it has expanded to ensure secure transfers of…

No matter how hard it is to find the match, everyone loves clean socks. While we at Qmulos have not yet solved the problem of monitoring that pesky left sock that constantly sneaks off, we have created a way for you to monitor and report on a different "SOX "...…

When it comes to securing your enterprise, ensuring basic cyber hygiene and proving compliance with industry standards is best practice. But what happens when compliance means simply checking a box at one point in time? Best practices may not adequately protect your increasingly complicated enterprise. Look at it this way…

Our premium Splunk-based solutions, Q-Compliance and Q-Audit, are now approved on Splunk Cloud! And your company no longer needs to worry about managing an on-premise Splunk environment in order to use Qmulos applications. Our solutions are available anywhere and anytime. Taking advantage of our industry leading cybersecurity and IT compliance…

Achieving a strong security and compliance posture is not a Big Bang event. It is a journey in which organizations have to start with the basics and mature their people, processes, and technologies to develop the necessary capabilities. Part of this involves investing in the right tools that can grow…

Feature Highlight: Automatic System Security Plan (SSP) Generation! Want to avoid spending time doing paperwork? Hopefully this can save you hours, if not days and weeks. With Q-Compliance, generating an SSP is as easy as clicking a button. Here’s how. Simply navigate to the System Action Page and click the Generate…

You may have read our NextGen GRC blog in January. If not, we talked about how we deliver robust traditional Enterprise GRC features right alongside our NextGen real-time continuous monitoring capabilities.  However, what we didn’t highlight, is for half the cost, we offer all features of GRC solutions, and more.…

Working from home has changed the IT infrastructure landscape, introducing new security challenges. While the weary and wary IT staff may not have to walk down the hallway to help someone connect to the printer, Felix the cat sitting on the armchair isn’t going to be of much help changing…

Qmulos is pleased to announce general availability of version 3.2 of its flagship cybersecurity continuous monitoring and compliance automation solution Q-Compliance.  Our dev team has been hard at work so V3.2 is jam-packed with new features to help you turn compliance into operational security value.  Some key features in this…

Remote "Controls" using Q-Compliance 2020 has started off with a few unexpected challenges. As we self-quarantine, many people are trying to work remotely. Those able to do their tasks from the comfort of their homes are thankful for solutions allowing telework. While collaboration suites like WebEx and Zoom and cloud…

According to Thomson Reuters’s 2019 Cost of Compliance Survey, 89% of firms forecast their security and compliance budget to increase or stay the same in 2020. With the majority of companies still operating with outdated legacy GRC tools, this is no surprise. Drilling into the data, one can see a…

Qmulos is proud to announce the general availability of Q-Audit V2.0. Version 2.0 enhances Q-Audit’s industry leading support for the ICS 500-27 standard (a gold standard for comprehensive auditing in support of insider threat use cases) to add risk scoring capabilities. With the new risk scoring capabilities, organizations using Q-Audit can now automatically score users and…

In 2013, the Department of Homeland Security (DHS) introduced the Continuous Diagnostics and Mitigation (CDM) program. The CDM program set the standard for federal agency cybersecurity. The objectives of the program are to reduce agency threat surface, improve Federal cybersecurity response capabilities, increase visibility into the Federal cybersecurity posture, and…

Qmulos CEO and Founder, Matt Coose, along with Dr. Ron Ross, NIST Fellow, will host a discussion on compliance and risk management frameworks, and how the right data-driven approach can help organizations go beyond meeting regulatory requirements and provide a foundation for a robust security posture. While compliance efforts are…