Qmulos’ Principal Security Architect, Sean Donelan is no stranger to internet disaster recovery. Sean has aided local and national governments on recovery, as well as internet disaster preparedness, for over thirty years. In 2002, he served as editor of the White House Internet Disaster Recovery Working Group, and in 2003, co-editor for the National Academy of Sciences report, The Internet Under Crisis Conditions. Sean has worked for the U.S. Department of Homeland Security as the Bureau Chief for Trusted Internet Connections and a variety of internet infrastructure companies.
After Hurricane Andrew, Sean helped recover internet networks for Florida’s public libraries. Naturally, after Hurricane Maria wreaked havoc on Puerto Rico, he stepped up to lend a hand. Immediately, Sean began posting status updates to the North American Network Operator’s Group (NANOG) regarding the island’s connectivity state. The lack of connectivity in Puerto Rico hindered interpersonal communications as well as the coordination of responders aiding in recovery efforts.
Sean continues to play a vital role as recovery efforts are ongoing. He recently joined the Commission on Caribbean Communications Resilience with other regional and international communication technology experts. The Commission will examine the region’s vulnerabilities in order to understand which failures contributed most significantly to the overall outage. Sean will work with the rest of the Commission to produce a report with specific recommendations to Caribbean governments, regulators, and communications ministries in order to increase resilience among the region’s communications infrastructure in the face of future natural disasters. Qmulos is proud of Sean for all his hard work and thanks him for being dedicated to giving back!
Are you using Splunk to store your audit logs? Passively storing audit logs for regulatory compliance is by far the most common use-case for Splunk. But, is this providing you with the security value you expect from your logs? Now there is a way to get real security value from this data based on best practices for Enterprise Audit.
Qmulos Enterprise Audit (Q-Audit), powered by Splunk, provides immediate audit event context to your audit logs so you can proactively use them to monitor, detect, alert, and investigate suspicious activity.
Intelligence Community Standard (ICS) 500-27, widely considered the gold standard for audible events, is mandated for all federal government classified networks/systems. But, all organizations benefit from monitoring a comprehensive list of audible events. Q-Audit was purpose built to this standard to deliver an out-of-the-box commercial solution with real-time analytics, reports, dashboards, and alerts, providing a highly defensible capability for enterprise audit. Request a demo today.
The benefits of implementing Q-Audit include:
- Quickly turn your reactive audit logs into proactive security value
- Improve actionable intelligenceand inform security operations
- Support for enterprise, cloud, hybrid, and sharedservice environments
- Automatically translateobscure vendor event codes into real security insights
- Enable insider threat detection, closely monitor privileged users and activities
- Satisfy compliance audit requirements
Organizations are often faced with requirements for compliance against multiple frameworks, standards, or regulations. Qmulos’ Enterprise Compliance (Q-Compliance) application, powered by Splunk, has a Frameworks Dashboard feature that enables organizations to score themselves against other frameworks using the NIST 800-53 controls catalog as the common Rosetta Stone across these other frameworks. In the Spring Release, Q-Compliance takes this flexibility to the next level with the introduction of the Dynamic Control Architecture.
The Dynamic Control Architecture will enable Q-Compliance to integrate controls from multiple standards beyond NIST 800-53 such as GDPR, HIPAA, PCI and even custom controls. Now organizations can automate compliance against multiple standards down to the individual control level independent of any mappings. Compliance against those multiple standards can be automatically assessed against a single source of truth, the events in the Splunk indexes, using a vast and growing library of reusable components for analytics and visualizations. In addition, these analytics and visualizations for technical control evidence can be added or changed dynamically through a simple plug-and-play interface allowing for easy customization.
I can’t believe it, but Qmulos is celebrating our Five-Year Anniversary! I couldn’t be more excited about our clients, our team, and our future. I don’t usually like to talk about ourselves, I prefer to let our customers to do the talking for us, but I’d like to make an exception, just this once.
We started with an idea and a passion to change how cyber compliance gets done and what it could mean to overall security if it was done right. We used to share the belief, one that many security practitioners still hold, that compliance is a complete waste of time and money and doesn’t actually improve security. People even started calling it “risk management” to get away from the negative connotations of “compliance” but this didn’t actually change anything. CISOs I have worked with in virtually every industry have essentially been forced, due to fear of audit findings, to spend untold millions on armies of people to generate paperwork, issue data calls, fill-in static spreadsheets, and upload “evidence” into extremely expensive legacy GRC tools, where they spend many more millions to show auditors how “secure” they are and how well they are managing risk. Sadly, this had been going on for 30 years and we felt it was finally time for a change.
What we realized when we started the company was that implementing a set of thoughtful security controls, the underpinnings of cybersecurity compliance, and monitoring them in near-real time, is extremely valuable to improving real security. The only bad thing was the way this was being done. Out of necessity, since it was the best technology available, compliance was implemented using relational databases. The Gartner Quadrant for IT-GRC is littered with legacy vendors promoting this type of approach. The problem is that this architecture does not provide the vital flexibility and adaptability necessary to do compliance in a valuable way. Compliance, or, real-time risk management, requires a method to keep up with a large volume of constantly changing disparate data from various tools, operating systems, and devices across your IT infrastructure to inform security personnel and system owners about the real-time status of their security controls and systems.
We solved this problem by building the first, as far as we know, integrated risk management (IRM) solution on top of the world’s leading big data platform, Splunk! As a result, we’ve come full circle to understand that compliance (e.g. monitoring a comprehensive set of security controls), when done on big data, is VITAL to real security. To understand the value, just look at the security controls within the NIST RMF Catalog (NIST SP 800-53). These controls have been defined over many years, are updated frequently, and cover virtually every threat. What does that mean? Well, if you can implement and monitor this holistic set of security controls in near real-time, you will likely have the best security program on the planet- the exact opposite of a complete waste of time and money!
Qmulos has realized the dream of Information Assurance professionals at all levels across the Globe. We have disrupted the legacy compliance market and are enabling CISOs around the country to realize that doing “compliance” on top of big data is the best way to dramatically improve operational security. We are enabling CISOs to finally bring together their operational security budgets and resources with their compliance budgets and resources and align them toward one common goal – better security. At Qmulos, we holistically define what you need to monitor (breadth of security controls), enable you to do so accurately (automation), in a timely manner (near-real time), and on a flexible platform (Splunk) that adapts to constantly changing environments in hours instead of months.
I am very proud of how far we’ve come, very appreciative of all of our forward-thinking customers and partners who immediately saw the value of our “new paradigm” of compliance on big-data, and very grateful for our dedicated team of super-humans, thanks Qmulites! The future is limitless as we continue to help others realize the value of doing compliance and risk management in a way that improves security!