Posts

Qmulos Named to Inc. 5000 List of America’s Fastest-Growing Private Companies

Qmulos is proud to announce its debut on Inc. Magazine’s 37th annual Inc. 5000 list, the most prestigious ranking of the nation’s fastest-growing private companies. Starting in 1982, this prominent list has become the hallmark of entrepreneurial success.

The list represents a unique look at the most successful companies within the American economy’s most dynamic segment—its independent small businesses. Microsoft, Dell, Domino’s Pizza, Pandora, Timberland, LinkedIn, Yelp, Zillow, and many other well-known names gained their first national exposure as honorees on the Inc. 5000.

This year, the list displays particular growth from past Inc. 5000 lists including a three-year average growth of 538%, “If your company is on the Inc. 5000, it’s unparalleled recognition of your years of hard work and sacrifice,” says Inc. editor in chief James Ledbetter. “The lines of business may come and go, or come and stay. What doesn’t change is the way entrepreneurs create and accelerate the forces that shape our lives.”

Qmulos, a leader in compliance and audit solutions powered by Splunk, has experienced exceptional customer, revenue, and channel growth this year. The company has expanded market penetration in regulated and critical infrastructure sectors to include finance, insurance, healthcare, law enforcement, energy, telecommunications, and technology, while continuing to grow their presence in the federal government defense, intelligence, and civilian markets. Qmulos is poised to become the de-facto standard when an organization needs to dramatically simplify their ability to audit, evaluate, and comply with industry and regulatory IT mandates with real time risk management of technical controls.

“It is an honor to be included on the Inc. 5000 list alongside so many innovative and successful companies,” said Matt Coose, CEO of Qmulos. “I’d like to thank our dedicated team of super-humans and our close partner, Splunk. We have built and are delivering a new paradigm of compliance on big-data, the future is limitless as we continue to help others realize the value of doing compliance and risk management in a way that improves security.”

Qmulos Announces Significant First Quarter Customer and Revenue Growth

Arlington, VA. April 30, 2018 –

Qmulos is poised to become the de facto standard for real-time risk management.

Qmulos, a leader in integrated risk management (IRM) powered by Splunk, announced today that its customer, revenue, and channel growth has accelerated significantly in the first quarter of 2018. Qmulos is poised to become the de-facto standard when an organization needs to dramatically simplify their ability to audit, evaluate, and comply with industry and regulatory IT mandates with real time risk management of technical controls.

The company has expanded market penetration in regulated and critical infrastructure sectors to include finance, insurance, healthcare, law enforcement, energy, telecommunications, and technology, while continuing to grow their presence in the federal government defense, intelligence, and civilian markets.

The launch of Qmulos’ channel partner program in 2017 is demonstrating tremendous success, with over 80% of first quarter deals being partner-led. Most significantly, Qmulos’ customer focused approach has resulted in a 100% retention rate for customer renewals with several customers expanding their relationship with additional license purchases.

Qmulos’ significant achievements in the past quarter:

  • First quarter new customer and revenue grew 75% year-over-year.
  • Expanded reach into additional markets via a growing channel partner program with over 10 authorized Value-Added Resellers (VARs).
  • Added new technology partnerships with industry leading cyber-security product companies in support of Qmulos’ Technical Control Initiative.
  • Expanded joint marketing efforts with go-to-market partners, highlighted by the featured article in the Government Computer News “Innovation in Government” publication.
  • Expanded relationships with several Fortune 1000 System Integrators to support joint customer acquisition efforts.
  • Expanded exposure on government and sector wide purchase vehicles to include availability for both Qmulos solutions via DHS CDM Approved Product List, as well as unique Intelligence Community Blanket Purchase Agreements (BPAs).
  • Expanded Headquarters to accommodate rapid growth, include additional office space for staff, and a training facility that can support over 50 students at a time.

“We are extremely pleased with the strong progress we’re making in 2018, particularly in the commercial and critical infrastructure markets,” said Matt Coose, CEO of Qmulos. “Our momentum demonstrates that the market will make 2018 the year for real-time audit and compliance solutions on big data platforms.  The strength of our ecosystem partners in combination with the strong market demand in critical infrastructure and public-sector markets ensures 2018 will continue to break records for revenue and customer acquisitions for Qmulos.

Unlock the Value of your Audit Data in less than One Week with Q-Audit

Are you using Splunk to store your audit logs? Passively storing audit logs for regulatory compliance is by far the most common use-case for Splunk. But, is this providing you with the security value you expect from your logs? Now there is a way to get real security value from this data based on best practices for Enterprise Audit.

Qmulos Enterprise Audit (Q-Audit), powered by Splunk, provides immediate audit event context to your audit logs so you can proactively use them to monitor, detect, alert, and investigate suspicious activity.

Intelligence Community Standard (ICS) 500-27, widely considered the gold standard for audible events, is mandated for all federal government classified networks/systems. But, all organizations benefit from monitoring a comprehensive list of audible events. Q-Audit was purpose built to this standard to deliver an out-of-the-box commercial solution with real-time analytics, reports, dashboards, and alerts, providing a highly defensible capability for enterprise audit. Request a demo today.

The benefits of implementing Q-Audit include:

  • Quickly turn your reactive audit logs into proactive security value
  • Improve actionable intelligenceand inform security operations
  • Support for enterprise, cloud, hybrid, and sharedservice environments
  • Automatically translateobscure vendor event codes into real security insights
  • Enable insider threat detection, closely monitor privileged users and activities
  • Satisfy compliance audit requirements

Introducing the Dynamic Control Architecture

Organizations are often faced with requirements for compliance against multiple frameworks, standards, or regulations. Qmulos’ Enterprise Compliance (Q-Compliance) application, powered by Splunk, has a Frameworks Dashboard feature that enables organizations to score themselves against other frameworks using the NIST 800-53 controls catalog as the common Rosetta Stone across these other frameworks. In the Spring Release, Q-Compliance takes this flexibility to the next level with the introduction of the Dynamic Control Architecture.

 

The Dynamic Control Architecture will enable Q-Compliance to integrate controls from multiple standards beyond NIST 800-53 such as GDPR, HIPAA, PCI and even custom controls. Now organizations can automate compliance against multiple standards down to the individual control level independent of any mappings. Compliance against those multiple standards can be automatically assessed against a single source of truth, the events in the Splunk indexes, using a vast and growing library of reusable components for analytics and visualizations. In addition, these analytics and visualizations for technical control evidence can be added or changed dynamically through a simple plug-and-play interface allowing for easy customization.

Happy Fifth Anniversary!

 

5th_photo1
5th_photo2
5th_photo3
5th_photo4

I can’t believe it, but Qmulos is celebrating our Five-Year Anniversary!  I couldn’t be more excited about our clients, our team, and our future.  I don’t usually like to talk about ourselves, I prefer to let our customers to do the talking for us, but I’d like to make an exception, just this once.

We started with an idea and a passion to change how cyber compliance gets done and what it could mean to overall security if it was done right.  We used to share the belief, one that many security practitioners still hold, that compliance is a complete waste of time and money and doesn’t actually improve security.  People even started calling it “risk management” to get away from the negative connotations of “compliance” but this didn’t actually change anything.  CISOs I have worked with in virtually every industry have essentially been forced, due to fear of audit findings, to spend untold millions on armies of people to generate paperwork, issue data calls, fill-in static spreadsheets, and upload “evidence” into extremely expensive legacy GRC tools, where they spend many more millions to show auditors how “secure” they are and how well they are managing risk.  Sadly, this had been going on for 30 years and we felt it was finally time for a change.

What we realized when we started the company was that implementing a set of thoughtful security controls, the underpinnings of cybersecurity compliance, and monitoring them in near-real time, is extremely valuable to improving real security.  The only bad thing was the way this was being done.  Out of necessity, since it was the best technology available, compliance was implemented using relational databases.  The Gartner Quadrant for IT-GRC is littered with legacy vendors promoting this type of approach.  The problem is that this architecture does not provide the vital flexibility and adaptability necessary to do compliance in a valuable way.  Compliance, or, real-time risk management, requires a method to keep up with a large volume of constantly changing disparate data from various tools, operating systems, and devices across your IT infrastructure to inform security personnel and system owners about the real-time status of their security controls and systems.

We solved this problem by building the first, as far as we know, integrated risk management (IRM) solution on top of the world’s leading big data platform, Splunk!  As a result, we’ve come full circle to understand that compliance (e.g. monitoring a comprehensive set of security controls), when done on big data, is VITAL to real security.  To understand the value, just look at the security controls within the NIST RMF Catalog (NIST SP 800-53).  These controls have been defined over many years, are updated frequently, and cover virtually every threat.  What does that mean?  Well, if you can implement and monitor this holistic set of security controls in near real-time, you will likely have the best security program on the planet- the exact opposite of a complete waste of time and money!

Qmulos has realized the dream of Information Assurance professionals at all levels across the Globe.  We have disrupted the legacy compliance market and are enabling CISOs around the country to realize that doing “compliance” on top of big data is the best way to dramatically improve operational security.  We are enabling CISOs to finally bring together their operational security budgets and resources with their compliance budgets and resources and align them toward one common goal – better security.  At Qmulos, we holistically define what you need to monitor (breadth of security controls), enable you to do so accurately (automation), in a timely manner (near-real time), and on a flexible platform (Splunk) that adapts to constantly changing environments in hours instead of months.

I am very proud of how far we’ve come, very appreciative of all of our forward-thinking customers and partners who immediately saw the value of our “new paradigm” of compliance on big-data, and very grateful for our dedicated team of super-humans, thanks Qmulites!  The future is limitless as we continue to help others realize the value of doing compliance and risk management in a way that improves security!

Qmulos Announces Participation at Splunk .conf2017 and Fall 2017 Release of Q-Compliance

Arlington VA – September 25, 2017 – Qmulos, a Splunk Technology Alliance Partner, today announced the Fall 2017 release of Qmulos Enterprise Compliance (Q-Compliance) to help customers streamline and automate IT compliance activities in alignment with the NIST Risk Management Framework (RMF).

Designed to automate, integrate, and provide continuous monitoring of all categories of security controls, the solution includes support for all four types of IT compliance evidence (Policies & Procedures, Human Activity, Technical, and Ad-Hoc Queries), built on the Splunk® platform.

Q-Compliance leverages the Splunk platform to transform compliance activities into actionable security value, connecting previously siloed compliance and security functions towards a common goal.  Qmulos Enterprise Compliance helps users of Splunk Enterprise uncover the value of compliance automation. Qmulos’s compliance experts will be at Splunk .conf2017 in Booth G6 to demo the solution, and an online preview is available here.

Highlights of the solution include:

  • Unlimited Multi-Tiered Organization Hierarchies
  • Support for System and Enterprise Level Risk Management Assessments derived from SCAP (Security Content Automation Protocol) validated tools
  • Out-of-the-box and custom overlay development templates
  • Integrated POAM management support
  • Role-based dashboards for executives, ISSOs, and compliance staff
  • “Measure once, Report Many” for leading Frameworks – support for reporting against frameworks and mandates to include NIST SP 800-53r4 Control Instrumentation, NIST RMF and CSF automation, HIPAA, DFAR CUI (NIST SP 800-171) Requirements, SANS/CAG 20 Critical Controls, FedRAMP, CJIS, and others.

“IT Audit and Compliance automation is an investment that pays for itself, not only in savings, but in improving a customer’s actual security posture,” said Matt Coose, CEO and founder of Qmulos.  “Leveraging the Splunk platform enables IT data to be repurposed for compliance and audit use cases, cybersecurity investigations, and even preparing board-level presentations, enabling enterprises to more easily gain value from their data.”

“As organizations continue to undergo digital transformations, it’s important to leverage the data needed for security and compliance to deliver business insights, automation controls and value to the boardroom,” said Haiyan Song, senior vice president and general manager of Security Markets, Splunk. “Qmulos is a great example of a Splunk partner providing unique compliance expertise to enable that capability for our mutual customers.”

“By 2020, 100 percent of large enterprises will be asked to report to their board of directors on cybersecurity and technology risk at least annually, which is up from today’s 40 percent,” noted Gartner in the March 2016 report How to Build an Effective Cybersecurity and Technology Risk Presentation for Your Board of Directors by Paul Proctor, Jeffrey Wheatman, and Rob McMillan.