Q-Compliance V3.0 Release

Qmulos is pleased to announce the general availability of version 3.0 of its flagship cybersecurity continuous monitoring and compliance automation solution, Q-Compliance.  With Q-Compliance V3.0 customers can achieve true Ongoing Assessment and Authorization (A&A) or continuous Authority to Operate (ATO) for their systems. Building upon existing foundational capabilities to automatically assess controls and compute compliance scores for systems, version 3.0 adds more automation actions to grant or deny system authorizations based on time-driven or event-driven conditions, e.g. automatically grant or deny an ATO when a system’s compliance scores exceed or fall below a certain threshold, or when a critical set of controls pass or fail their assessments.

A new System Authorization dashboard has been added to visualize each system’s authorization status along with other important information such as control assessment results, Plan of Actions and Milestones (POAM), and other required documents such as the System Security Plan. In addition, there is a new Organization Systems Authorizations dashboard that provides key metrics into the ATO statuses of all the systems owned by an organization (e.g. number of authorized systems, number of unauthorized systems, number of authorizations expiring in the next twelve months, etc.) to enable senior leaders to plan and prioritize resources to improve their ATO posture. Customers can download Q-Compliance V3.0 now on the Qmulos Customer Support Portal.

For more information on how Qmulos can help your organization achieve true Ongoing A&A, please Request Additional Information here.

Integrating Machine and Human Workflows for Compliance Automation

Maintaining the security and compliance posture of a system requires automated machine workflows augmented with human workflows for oversight and change control. With the features added in the recent V2.9 release, Q-Compliance now enables you to create integrated machine and human workflow actions to monitor, detect, and remediate compliance issues. Continuously monitor your systems’ control compliance and effectiveness using data in Splunk that represents an accurate up-to-the-minute view of your IT environment.

Figure 1: System Continuous Monitoring

Let’s walk through a short example.  In Figure 1, we see that the “CM-08 Information System Component Inventory” control is failing.  Using Splunk’s alerting workflows in conjunction with an extensive library of prebuilt compliance analytics from Q-Compliance (shown in Figure 2), we have detected that there are unauthorized software installations on the devices in the Qmulos Windows system. Q-Compliance has built-in custom alert actions to automatically pass or fail security controls based on the findings detected by the analytics. 

Figure 2: Analytics and visualizations to detect compliance findings

System owners will be automatically notified of any alerts on the System Actions dashboard (shown in Figure 3) where they can drill into the alerts to see the details of the findings. Any controls that failed as a result of those findings will also be displayed along with the compliance scores so system owners can see how the findings have impacted their system’s overall compliance posture. In our example, the Qmulos Windows system owner can use the new ticketing feature in Q-Compliance to create a ticket to assign someone to investigate and remediate the discovery of unauthorized software on the Windows machines. In many cases, users install unapproved software because they have a legitimate use for it so it is important to put a human in the loop to investigate before trying to automatically remediate the issue. With its compliance analytics, custom alert actions, and ticketing features, Q-Compliance enables you to combine the speed and automation of machine workflows based on Splunk’s alerting framework with human workflows to make controlled changes for compliance automation.

Figure 3: System Actions and Workflows to Investigate and Remediate Compliance Findings

Combining and automating machine and human workflows in this way has enabled our customers to monitor all relevant technical controls in near-real time, achieving true ongoing assessment, and turning compliance into real operational security! 

The Data-Driven Strategy to Compliance and Cyber Hygiene

Qmulos CEO and Founder, Matt Coose, along with Dr. Ron Ross, NIST Fellow, will host a discussion on compliance and risk management frameworks, and how the right data-driven approach can help organizations go beyond meeting regulatory requirements and provide a foundation for a robust security posture.

While compliance efforts are mandated and top-of-mind across government and education, the wrong approach can be costly and result in excruciating audits and a failing grade on scorecards. But innovators are leveraging their data and finding if properly executed, the initiative can be seamless and ensure critical cyber hygiene.

Within the webinar, the speakers hope to convey the latest in NIST guidance to enhance information assurance in an elevated threat landscape. They will also discuss best practices for implementing compliance frameworks and enabling self-reporting as well as how leveraging a data-driven approach can automate and accelerate compliance initiatives like RMF, FISMA, DFARS, and a host of others.

The event is being hosted from 11am – 2pm on Thursday, August 1st. Please visit the below link in order to reserve a spot to enhance your knowledge on time-relevant topics and learn from some of the brilliant minds pioneering compliance within the data sector.

Register

Speakers:

Dr. Ron Ross

Dr. Ron Ross
Fellow
National Institute of Standards and Technology
Twitter: @ronrossecure

Matt Coose

Matt Coose
CEO
Qmulos
Email: sales@qmulos.com

Ashok Sankar

Ashok Sankar
Director, Solutions Marketing
Splunk Inc. 
Blog: https://www.splunk.com/blog/author/asankar.html

David Hartley

David Hartley
IT Specialist
Western Area Power Administration
LinkedIn: https://www.linkedin.com/in/denvercyber/


Qmulos Announces Significant First Quarter Customer and Revenue Growth

Arlington, VA. April 30, 2018 –

Qmulos is poised to become the de facto standard for real-time risk management.

Qmulos, a leader in integrated risk management (IRM) powered by Splunk, announced today that its customer, revenue, and channel growth has accelerated significantly in the first quarter of 2018. Qmulos is poised to become the de-facto standard when an organization needs to dramatically simplify their ability to audit, evaluate, and comply with industry and regulatory IT mandates with real time risk management of technical controls.

The company has expanded market penetration in regulated and critical infrastructure sectors to include finance, insurance, healthcare, law enforcement, energy, telecommunications, and technology, while continuing to grow their presence in the federal government defense, intelligence, and civilian markets.

The launch of Qmulos’ channel partner program in 2017 is demonstrating tremendous success, with over 80% of first quarter deals being partner-led. Most significantly, Qmulos’ customer focused approach has resulted in a 100% retention rate for customer renewals with several customers expanding their relationship with additional license purchases.

Qmulos’ significant achievements in the past quarter:

  • First quarter new customer and revenue grew 75% year-over-year.
  • Expanded reach into additional markets via a growing channel partner program with over 10 authorized Value-Added Resellers (VARs).
  • Added new technology partnerships with industry leading cyber-security product companies in support of Qmulos’ Technical Control Initiative.
  • Expanded joint marketing efforts with go-to-market partners, highlighted by the featured article in the Government Computer News “Innovation in Government” publication.
  • Expanded relationships with several Fortune 1000 System Integrators to support joint customer acquisition efforts.
  • Expanded exposure on government and sector wide purchase vehicles to include availability for both Qmulos solutions via DHS CDM Approved Product List, as well as unique Intelligence Community Blanket Purchase Agreements (BPAs).
  • Expanded Headquarters to accommodate rapid growth, include additional office space for staff, and a training facility that can support over 50 students at a time.

“We are extremely pleased with the strong progress we’re making in 2018, particularly in the commercial and critical infrastructure markets,” said Matt Coose, CEO of Qmulos. “Our momentum demonstrates that the market will make 2018 the year for real-time audit and compliance solutions on big data platforms.  The strength of our ecosystem partners in combination with the strong market demand in critical infrastructure and public-sector markets ensures 2018 will continue to break records for revenue and customer acquisitions for Qmulos.

Qmulos Announces Participation at Splunk .conf2017 and Fall 2017 Release of Q-Compliance

Arlington VA – September 25, 2017 – Qmulos, a Splunk Technology Alliance Partner, today announced the Fall 2017 release of Qmulos Enterprise Compliance (Q-Compliance) to help customers streamline and automate IT compliance activities in alignment with the NIST Risk Management Framework (RMF).

Designed to automate, integrate, and provide continuous monitoring of all categories of security controls, the solution includes support for all four types of IT compliance evidence (Policies & Procedures, Human Activity, Technical, and Ad-Hoc Queries), built on the Splunk® platform.

Q-Compliance leverages the Splunk platform to transform compliance activities into actionable security value, connecting previously siloed compliance and security functions towards a common goal.  Qmulos Enterprise Compliance helps users of Splunk Enterprise uncover the value of compliance automation. Qmulos’s compliance experts will be at Splunk .conf2017 in Booth G6 to demo the solution, and an online preview is available here.

Highlights of the solution include:

  • Unlimited Multi-Tiered Organization Hierarchies
  • Support for System and Enterprise Level Risk Management Assessments derived from SCAP (Security Content Automation Protocol) validated tools
  • Out-of-the-box and custom overlay development templates
  • Integrated POAM management support
  • Role-based dashboards for executives, ISSOs, and compliance staff
  • “Measure once, Report Many” for leading Frameworks – support for reporting against frameworks and mandates to include NIST SP 800-53r4 Control Instrumentation, NIST RMF and CSF automation, HIPAA, DFAR CUI (NIST SP 800-171) Requirements, SANS/CAG 20 Critical Controls, FedRAMP, CJIS, and others.

“IT Audit and Compliance automation is an investment that pays for itself, not only in savings, but in improving a customer’s actual security posture,” said Matt Coose, CEO and founder of Qmulos.  “Leveraging the Splunk platform enables IT data to be repurposed for compliance and audit use cases, cybersecurity investigations, and even preparing board-level presentations, enabling enterprises to more easily gain value from their data.”

“As organizations continue to undergo digital transformations, it’s important to leverage the data needed for security and compliance to deliver business insights, automation controls and value to the boardroom,” said Haiyan Song, senior vice president and general manager of Security Markets, Splunk. “Qmulos is a great example of a Splunk partner providing unique compliance expertise to enable that capability for our mutual customers.”

“By 2020, 100 percent of large enterprises will be asked to report to their board of directors on cybersecurity and technology risk at least annually, which is up from today’s 40 percent,” noted Gartner in the March 2016 report How to Build an Effective Cybersecurity and Technology Risk Presentation for Your Board of Directors by Paul Proctor, Jeffrey Wheatman, and Rob McMillan.

Qmulos announces June 20th 2017 Industry Briefing featuring Dr. Ron Ross, NIST Fellow, on Executive Order 13800