In part 3 of this series, we investigate meeting the Risk Management Framework’s Implement step, using a data-driven approach. The main objective of the Implement step is to “implement the controls in the security and privacy plans for the system and for the organization and to document in a baseline configuration, the specific details of the control implementation.” Thus, to achieve this, you design and develop custom security functionality in your systems; integrate commercial and open source components and security tools; rely on common control providers for shared capabilities; and establish and implement security policies and practices to operate and maintain your systems and controls to provide the required levels of assurance.
With traditional GRC tools, the focus is only on documenting implementation statements in the Implement step. At Qmulos we realize that documenting is not all that should be done. We believe all data is security relevant. Thus, it should be collected to fuel the data-driven RMF process. And all of the activities, systems and tools in the Implement step generate a VERY rich stream of machine data.
The Implement Step using Q-Compliance
Our flagship software solution, Q-Compliance, is built on top of the Splunk’s Data to Everything platform. This allows us to collect, store and analyze all of this data in real-time, as shown in Figure 1. Our solution integrates with ANY cyber security tool, application, device, and platform from on-premises or in the cloud. As a result, Q-Compliance’s flexibility provides a revolutionary real-time single source of truth about an organization’s actual security state.
Figure 1: Q-Compliance’s Data Architecture
The log, configuration, and event data that are collected are used to populate the Control Analytics Data Model in Q-Compliance that we described in Part 2 of this series. This data model normalizes differences in data formats from different data sources so that a common set of compliance analytics can be applied regardless of the underlying data source (e.g. a Cisco firewall vs Palo Alto Networks, Tenable vulnerability scanner vs. Rapid7, etc.). As you start ingesting data from your control implementations, the data automatically flows to execute the control analytics for the relevant subjects (organizations, systems, assets, users, etc.).
To assist with onboarding of the control implementation data, Q-Compliance provides capabilities such as the Control Monitoring Coverage dashboard, shown in Figure 2, to tell you which controls have relevant data to drive the analytics and where there are gaps. When you have gaps, the Data Sources dashboard, also shown in Figure 2, can help you fill those gaps by listing common sources that can provide data for each control.
Figure 2: Control Monitoring Coverage and Data Sources dashboards
The benefits of using Q-Compliance for Step Three – Implement include:
- High performance, scalable platform to collect ANY data from ANY source on premises or in the cloud
- Thousands of out-of-the-box connectors/adaptors to integrate with various data sources
- High performance analytics data model that abstracts away tool-specific dependencies for interoperability. This enables you to easily change control implementations or tools
- Analytics that help you identify your gaps in control monitoring coverage and recommendations for potential tools and/or data sources