Integrating Machine and Human Workflows for Compliance Automation

Maintaining the security and compliance posture of a system requires automated machine workflows augmented with human workflows for oversight and change control. With the features added in the recent V2.9 release, Q-Compliance now enables you to create integrated machine and human workflow actions to monitor, detect, and remediate compliance issues. Continuously monitor your systems’ control compliance and effectiveness using data in Splunk that represents an accurate up-to-the-minute view of your IT environment.

Figure 1: System Continuous Monitoring

Let’s walk through a short example.  In Figure 1, we see that the “CM-08 Information System Component Inventory” control is failing.  Using Splunk’s alerting workflows in conjunction with an extensive library of prebuilt compliance analytics from Q-Compliance (shown in Figure 2), we have detected that there are unauthorized software installations on the devices in the Qmulos Windows system. Q-Compliance has built-in custom alert actions to automatically pass or fail security controls based on the findings detected by the analytics. 

Figure 2: Analytics and visualizations to detect compliance findings

System owners will be automatically notified of any alerts on the System Actions dashboard (shown in Figure 3) where they can drill into the alerts to see the details of the findings. Any controls that failed as a result of those findings will also be displayed along with the compliance scores so system owners can see how the findings have impacted their system’s overall compliance posture. In our example, the Qmulos Windows system owner can use the new ticketing feature in Q-Compliance to create a ticket to assign someone to investigate and remediate the discovery of unauthorized software on the Windows machines. In many cases, users install unapproved software because they have a legitimate use for it so it is important to put a human in the loop to investigate before trying to automatically remediate the issue. With its compliance analytics, custom alert actions, and ticketing features, Q-Compliance enables you to combine the speed and automation of machine workflows based on Splunk’s alerting framework with human workflows to make controlled changes for compliance automation.

Figure 3: System Actions and Workflows to Investigate and Remediate Compliance Findings

Combining and automating machine and human workflows in this way has enabled our customers to monitor all relevant technical controls in near-real time, achieving true ongoing assessment, and turning compliance into real operational security! 

The Data-Driven Strategy to Compliance and Cyber Hygiene

Qmulos CEO and Founder, Matt Coose, along with Dr. Ron Ross, NIST Fellow, will host a discussion on compliance and risk management frameworks, and how the right data-driven approach can help organizations go beyond meeting regulatory requirements and provide a foundation for a robust security posture.

While compliance efforts are mandated and top-of-mind across government and education, the wrong approach can be costly and result in excruciating audits and a failing grade on scorecards. But innovators are leveraging their data and finding if properly executed, the initiative can be seamless and ensure critical cyber hygiene.

Within the webinar, the speakers hope to convey the latest in NIST guidance to enhance information assurance in an elevated threat landscape. They will also discuss best practices for implementing compliance frameworks and enabling self-reporting as well as how leveraging a data-driven approach can automate and accelerate compliance initiatives like RMF, FISMA, DFARS, and a host of others.

The event is being hosted from 11am – 2pm on Thursday, August 1st. Please visit the below link in order to reserve a spot to enhance your knowledge on time-relevant topics and learn from some of the brilliant minds pioneering compliance within the data sector.

Register

Speakers:

Dr. Ron Ross

Dr. Ron Ross
Fellow
National Institute of Standards and Technology
Twitter: @ronrossecure

Matt Coose

Matt Coose
CEO
Qmulos
Email: sales@qmulos.com

Ashok Sankar

Ashok Sankar
Director, Solutions Marketing
Splunk Inc. 
Blog: https://www.splunk.com/blog/author/asankar.html

David Hartley

David Hartley
IT Specialist
Western Area Power Administration
LinkedIn: https://www.linkedin.com/in/denvercyber/


Splunk GovSummit 2019

Thank you so much for visiting Qmulos at Splunk GovSummit! It was a privilege introducing you to our revolutionary products, Q-Compliance and Q-Audit, both powered by Splunk.

Team Qmulos was fascinated to learn that along with interest from those in the government sector, we also had many people stop by from commercial industries ranging from finance and insurance to construction, healthcare, technology, and many others. The best practices and standards are clearly answering a need in the both the public and private sectors. It’s energizing to see the both sectors aligning in defense of our enterprises and missions alike.

Our top priority is to help the marketplace migrate from legacy GRC tools to real-time Risk Management solutions. Every year we work to update existing features to better meet our customers’ priorities and create new capabilities they don’t even know they need yet. We will continue to listen to our partners and customers as we challenge ourselves to open the world’s eyes to the value of security and compliance automation.

We rely on Splunk’s robust and scalable infrastructure to provide our IT risk management solution to meet the needs of the world’s largest enterprises. Thanks again to Splunk for featuring us on their Partner Spotlight Blog! Check it out to learn more about our passion for providing secure, cost-effective, and innovative real-time security solutions. 

Cyber Risk Scoring You Can Use Today

Qmulos is excited to share the new capabilities, derived from the Department of Homeland Security’s (DHS) Continuous Diagnostics and Mitigation (CDM) program, available in our December 2018 release of Q-Compliance.

DHS, in collaboration with other agencies and industry partners, established an AWARE risk scoring algorithm to help organizations prioritize remediation of the most critical cyber hygiene issues across their environments. With risk management now elevated to a board-level discussion, our product incorporates this algorithm, powered by Splunk, and provides CISOs with both real time, granular information and alerts for fixing their worst problems, as well as summarized reporting suitable for briefing executives and board members.

Whether you’re an agency or commercial entity, this risk scoring algorithm will provide insights and help you to greatly improve your security posture. We expect it to evolve over time, however, the current algorithm focuses on three critical cyber hygiene domains; unauthorized assets, vulnerabilities, and misconfigurations, and incorporates asset classification, tolerance, aging, and severity.

We’d like to invite you to engage us for a discussion and live demo for how this could apply to you and how it could benefit your organization. Request a demo or call us, 1.844.476.8567 today!

Qmulos Wins Innovation Award at Splunk .conf18

Each year the Splunk Revolution Awards recognizes truly spectacular achievements of Splunk teams and users around the world.

For the past six years, we’ve been using the Splunk platform to deliver innovative apps to help enterprises improve their security and compliance posture.

Qmulos is changing the paradigm for cybersecurity integrated risk management (IRM) with Enterprise-Class software for cloud, enterprise, and hybrid environments. Our approach harnesses machine data to provide real-time insight into what security and privacy controls are actually in place, whether or not they are effective, and automates adaptive response actions driven from live technical evidence.

Thanks to our partner, Splunk for honoring us with the 2018 Innovation Award at .conf18. Continue to follow us to stay up-to-date with all the exciting things on the horizon for Qmulos!

Qmulos Named to Inc. 5000 List of America’s Fastest-Growing Private Companies

Qmulos is proud to announce its debut on Inc. Magazine’s 37th annual Inc. 5000 list, the most prestigious ranking of the nation’s fastest-growing private companies. Starting in 1982, this prominent list has become the hallmark of entrepreneurial success.

The list represents a unique look at the most successful companies within the American economy’s most dynamic segment—its independent small businesses. Microsoft, Dell, Domino’s Pizza, Pandora, Timberland, LinkedIn, Yelp, Zillow, and many other well-known names gained their first national exposure as honorees on the Inc. 5000.

This year, the list displays particular growth from past Inc. 5000 lists including a three-year average growth of 538%, “If your company is on the Inc. 5000, it’s unparalleled recognition of your years of hard work and sacrifice,” says Inc. editor in chief James Ledbetter. “The lines of business may come and go, or come and stay. What doesn’t change is the way entrepreneurs create and accelerate the forces that shape our lives.”

Qmulos, a leader in compliance and audit solutions powered by Splunk, has experienced exceptional customer, revenue, and channel growth this year. The company has expanded market penetration in regulated and critical infrastructure sectors to include finance, insurance, healthcare, law enforcement, energy, telecommunications, and technology, while continuing to grow their presence in the federal government defense, intelligence, and civilian markets. Qmulos is poised to become the de-facto standard when an organization needs to dramatically simplify their ability to audit, evaluate, and comply with industry and regulatory IT mandates with real time risk management of technical controls.

“It is an honor to be included on the Inc. 5000 list alongside so many innovative and successful companies,” said Matt Coose, CEO of Qmulos. “I’d like to thank our dedicated team of super-humans and our close partner, Splunk. We have built and are delivering a new paradigm of compliance on big-data, the future is limitless as we continue to help others realize the value of doing compliance and risk management in a way that improves security.”

Qmulos Aids in Puerto Rico’s Internet Disaster Recovery

Qmulos’ Principal Security Architect, Sean Donelan is no stranger to internet disaster recovery. Sean has aided local and national governments on recovery, as well as internet disaster preparedness, for over thirty years. In 2002, he served as editor of the White House Internet Disaster Recovery Working Group, and in 2003, co-editor for the National Academy of Sciences report, The Internet Under Crisis Conditions. Sean has worked for the U.S. Department of Homeland Security as the Bureau Chief for Trusted Internet Connections and a variety of internet infrastructure companies.

After Hurricane Andrew, Sean helped recover internet networks for Florida’s public libraries. Naturally, after Hurricane Maria wreaked havoc on Puerto Rico, he stepped up to lend a hand. Immediately, Sean began posting status updates to the North American Network Operator’s Group (NANOG) regarding the island’s connectivity state. The lack of connectivity in Puerto Rico hindered interpersonal communications as well as the coordination of responders aiding in recovery efforts.

Sean continues to play a vital role as recovery efforts are ongoing. He recently joined the Commission on Caribbean Communications Resilience with other regional and international communication technology experts. The Commission will examine the region’s vulnerabilities in order to understand which failures contributed most significantly to the overall outage. Sean will work with the rest of the Commission to produce a report with specific recommendations to Caribbean governments, regulators, and communications ministries in order to increase resilience among the region’s communications infrastructure in the face of future natural disasters. Qmulos is proud of Sean for all his hard work and thanks him for being dedicated to giving back!

Qmulos Announces Significant First Quarter Customer and Revenue Growth

Arlington, VA. April 30, 2018 –

Qmulos is poised to become the de facto standard for real-time risk management.

Qmulos, a leader in integrated risk management (IRM) powered by Splunk, announced today that its customer, revenue, and channel growth has accelerated significantly in the first quarter of 2018. Qmulos is poised to become the de-facto standard when an organization needs to dramatically simplify their ability to audit, evaluate, and comply with industry and regulatory IT mandates with real time risk management of technical controls.

The company has expanded market penetration in regulated and critical infrastructure sectors to include finance, insurance, healthcare, law enforcement, energy, telecommunications, and technology, while continuing to grow their presence in the federal government defense, intelligence, and civilian markets.

The launch of Qmulos’ channel partner program in 2017 is demonstrating tremendous success, with over 80% of first quarter deals being partner-led. Most significantly, Qmulos’ customer focused approach has resulted in a 100% retention rate for customer renewals with several customers expanding their relationship with additional license purchases.

Qmulos’ significant achievements in the past quarter:

  • First quarter new customer and revenue grew 75% year-over-year.
  • Expanded reach into additional markets via a growing channel partner program with over 10 authorized Value-Added Resellers (VARs).
  • Added new technology partnerships with industry leading cyber-security product companies in support of Qmulos’ Technical Control Initiative.
  • Expanded joint marketing efforts with go-to-market partners, highlighted by the featured article in the Government Computer News “Innovation in Government” publication.
  • Expanded relationships with several Fortune 1000 System Integrators to support joint customer acquisition efforts.
  • Expanded exposure on government and sector wide purchase vehicles to include availability for both Qmulos solutions via DHS CDM Approved Product List, as well as unique Intelligence Community Blanket Purchase Agreements (BPAs).
  • Expanded Headquarters to accommodate rapid growth, include additional office space for staff, and a training facility that can support over 50 students at a time.

“We are extremely pleased with the strong progress we’re making in 2018, particularly in the commercial and critical infrastructure markets,” said Matt Coose, CEO of Qmulos. “Our momentum demonstrates that the market will make 2018 the year for real-time audit and compliance solutions on big data platforms.  The strength of our ecosystem partners in combination with the strong market demand in critical infrastructure and public-sector markets ensures 2018 will continue to break records for revenue and customer acquisitions for Qmulos.

Woodworking After Work

Thanks to Kyle, our multi-talented Qmulite, we recently received a custom, hand-made, wood sign for our new office.

For 15 years, Kyle has been perfecting his woodworking skills. He is always one to seek out a challenge and creating the Qmulos sign was no different. He completed the masterpiece in a single weekend using everyday wood pallets and his keen, creative eye.

To begin, Kyle refined the materials by cutting off the boards and pulling out the nails. Next, he flattened the wood with an electric hand planer, and then used a thickness planer to ensure all the boards were the same width.

The advantage of using pallet wood is each panel has a different grain pattern giving the sign a unique look. Kyle chose to alternate between light and dark boards to create a rustic backdrop.

To create the logo, Kyle used underlayment, a thinner type of wood made from sawdust. He meticulously cut out each letter individually and painted them before placing them on the pallet wood.

The custom-made sign was the perfect finishing touch to our new office and hangs in our entrance hall, greeting every visitor. Thanks to our talented team members, the Qmulos brand will continue to proliferate across the world!