Analytics and New Hypersyncs to Automate Evidence Collection
Hyperproof was developed to provide compliance and security assurance professionals with the consistency, visibility and automation they need to stay on top of all their work. That’s why we’re building more features to give you the insights and efficiencies you need to mature your compliance program.
Learn more below about the latest Hyperproof updates, including our new Analytics feature, recurring tasks that can be applied to risks in your risk register, and the latest systems Hyperproof is integrating to automate the collection of evidence.
Gain More Insight into Your Operations with Compliance Analytics
Once organizations begin managing their controls with Hyperproof, they will immediately gain better visibility into their compliance posture through Hyperproof’s built-in dashboards.
While Hyperproof’s built-in dashboards provide answers to many of compliance professionals’ common questions, some compliance professionals like to dig deeper. This month, Hyperproof released something new Analytics feature to meet our customers’ desire to gain more insights into their compliance program and share key findings with their stakeholders.
When you log into Hyperproof, you’ll find something new Analytics Tab. Here, you’ll find three preset dashboards:
- The first highlights metrics about the progress of compliance operations.
- The second presents some key metrics intended to help measure progress in audit preparations.
- The third dashboard contains key metrics about the state and health of controls within an organization.
In our new one Analytics feature, you have many options for digging deeper into your Hyperproof data. For example, you can drill down to specific dashboard widgets, turn dashboard filters on and off, and export dashboards and share them with stakeholders who don’t use Hyperproof. You can also set alerts on specific data points within a dashboard and receive automatic alerts when predefined conditions are met.
Look out for more updates to this area in the coming months, including additional preset dashboards and the ability to create your own dashboards and reports.
Repetitive Tasks Risks
When it comes to managing controls, our customers want the ability to “set it and forget it” functionality repetitive task. Using recurring tasks is a great way to save time in instances where compliance professionals need to remind other team members to do something on a periodic basis.
Recurring tasks can now be applied to any risk in your Risk Registration, which helps you ensure that your team and your colleagues across the organization are consistently executing your organization’s risk management plan. With this feature, we want to remove the need to do one-off tasks and reminders from your plate so you have time to focus on more strategic tasks.
How does this work
You can set up tasks that repeat on a schedule (e.g. daily, weekly, monthly, quarterly, half-yearly, annually), or when an event occurs (e.g. when a tolerance level changes on risk, likelihood of risk, or when new evidence is added to a risk).
New and Updated Hypersync
Hypersyncs are connections that automatically pull proof from the services/apps your organization uses with Hyperproof for faster review/validation controls. For each connection, you can specify what type of data Hyperproof receives as proof.
So far, we’ve added new Hypersyncs for Kubernetes Engine on Google Cloud Platform and on AWS, ServiceNow, and JumpCloud. We’ve also made several updates to some existing Hypersyncs to support new authentication types, including Tenable.io, Azure AD, AWS, Google Cloud Platforms, and GitLab Hypersyncs.
| Application | Proof Types to Sync Automatically | Why This is great |
| Kubernetes Engine on Google Cloud Platform and AWS (New) | List of Clusters. List of Pod Security Policies. List of Workloads | Automatically get Kubernetes configurations report. |
| ServiceNow (New) | List of Users. List of Groups. List of events. Additional types of proof are forthcoming. | Automatically get a report of any incidents from ServiceNow IT Service Management. |
| Jumpcloud (New) | List of devices. List of Users. Password Policy. Policy outcomes. User group membership list.coming soon. | Confirm that the correct policies have been placed on your organization’s assets. |
| Durable | Vulnerability results of a scan specified in Tenable. | Automatically get a report of vulnerability scans and be alerted to any critical issue |
| GitLab | List of members with their email addresses. Branch protection settings. | Confirm that the correct settings are in place for branch protection and be alerted if they are changed to non-compliance. |
| Cloudflare | Cloudflare: firewall | Confirm that the correct settings are in place for your firewall and be alerted if they are changed to be non-compliant. |
| AWS | A Hypersync (or AWS connection) can collect credentials from multiple AWS accounts. | You can effectively create Hypersyncs that collect data from a specific set of regions. |
| Azure | List of backup policies and list of backup jobs. Resource Groups. | Confirm that the correct policies are in place for backup jobs and be alerted if they are not being followed. |
| Google Cloud Platform | SQL: Backup configuration. SQL: Backup is running | Confirm that the correct configuration is in place for backup jobs and be alerted if it does not comply. |
Testing and Monitoring Automatic Controls
While automating the step of extracting evidence from multiple systems is a great way to help compliance professionals save time, we don’t stop there. We are currently working to deepen our automation capabilities by automatically testing and monitoring certain controls on behalf of our users.
In fact, we recently developed a control testing engine that allows customers to write and run automated Hypersync-ed proof tests – so the effectiveness of controls can be validated on a more frequent basis than what is possible today.
For example, an organization using Cloudflare for their firewall can have Hyperproof automatically test their Cloudflare firewall settings to verify that the firewall settings are compliant; the organization using the Tenable vulnerability scanner can have Hyperproof test the vulnerability results report to see if their security team has remediated the vulnerabilities according to their company policy. This automated controls monitoring capability is currently in beta and will be available to all customers in the coming weeks.
New Compliance Framework Templates Available
Knowing that organizations’ compliance demands tend to grow over time, Hyperproof continues to add new standards, guidelines and regulations as structured framework templates to our Content Library based on customer requests. We also work to ensure that the Hyperproof framework templates remain up-to-date as the standards themselves are refreshed and customers have an easy way to migrate to the latest version of a standard (eg PCI DSS 3.0 to PCI DSS 4.0).
Here are some new framework templates we’ve added in recent weeks:
- ISO 14001:2015 Environmental Management System
- ISO 27799:2016 Health Informatics – Health information security management using ISO/IEC 27002
- ISO 28000 Security and stability – Security management systems – Requirements
- ISO 45001:2018 Occupational health and safety management
- StateRAMP
- Australian Government Information Security Manual (ISM) Produced by the Australian Cyber Security Center (ACSC)
- CMMC 2.0. Hyperproof has supported CMMC since 2021. However, we have updated the framework extensively to ensure it is up-to-date with selectable baselines, crossings, SSP reports, and description controls.
- The Cisco Cloud Controls Framework (CCF) V1.0
- CryptoCurrency Security Standard (CCSS)
To get the most up-to-date list of frameworks, check out this guide.
If you are an existing customer and would like to use a framework that is not currently supported by Hyperproof, please contact your Customer Success Manager to request it.
What’s On Deck
As the Hyperproof team wraps up our summer, we’re still hard at work developing some exciting new features to release. Stay tuned for upcoming announcements about some highly requested features and enhancements in the coming months or schedule a demo to hear more.
The post New Features in Hyperproof: Q3 2022 appeared first on Hyperproof.
*** This is a Security Bloggers Network syndicated blog from Hyperproof written by Jingcong Zhao. Read the original post at: https://hyperproof.io/resource/product-updates-august-2022/