Last week we announced our new Investigative Report Builder, an enhancement to our Investigative Portal to help ease the burden of threat intelligence reporting. The new tool, available immediately to all our customers and MSSP partners, is designed to accelerate custom report creation and enable users to generate, edit, or duplicate reports quickly. The Report Builder effectively streamlines communication of investigation findings, insights, and recommendations to clients and stakeholders.
Of the many benefits it provides, perhaps the most important is its ability to help organizations and MSSPs hasten compliance with the reporting requirements of several regulatory standards and industry mandates such as the PCI DSS (Payment Card Industry’s Data Security Standard), NIST’s Cybersecurity Framework, and NERC’s Critical Infrastructure Protection. Additionally, with the increase in security reporting mandates from the FDIC, FTC, and the SEC that require companies to report cyber incidents faster and hold companies more accountable for establishing and maintaining good cyber hygiene – our new Report Builder provides significant relief.
Reduce manual data reconciliation
One of the ways Report Builder streamlines reporting and communications is by reducing the amount of manual data reconciliation that goes along with due diligence processes. Due diligence with cybersecurity posture reporting is required for several business processes like M&As, new or changed bill of materials, new procurement, private equity portfolio additions, and major changes to the security stack. Report Builder enables companies to proactively produce data with immediate business context – a tremendously helpful capability for businesses that must provide evidence-based data to auditors or authorities showing that their cybersecurity posture meets the required level stated by various industry standards and those that require periodic diligence exercises.
Additionally, Report Builder accelerates the process of reporting by providing a consistent, dynamic template that security analysts and compliance assessment professionals can use to quickly create a cybersecurity report. By using established parameters aligned to the right security controls, quick baselining and drift reporting is also possible. Take the latest SEC ruling, which requires companies to report a cyberattack within four days if that attack is determined to have a material impact. This new reporting mandate, while seemingly overly burdensome, can be significantly less so due to Report Builder’s ease of use and the efficiency gains it enables.
Enrich the GRC lifecycle
The Report Builder’s core facility is designed to enrich the entire GRC lifecycle across all departments involved in analyzing and collecting cybersecurity control metrics to demonstrate the organization’s cybersecurity posture. The tool provides significant value for those across the company who are responsible for mandatory or cyclical due diligence reporting and ongoing intermittent enterprise cybersecurity audits, including analysts, CISOs, risk teams, security assessors, incident responders, penetration testers, C-suite executives, and board members. In each case, quick, contextual, and up-to-date measures of the organization’s security and risk posture are required.
In this regard, the Report Builder provides value in its ability to quickly correlate threat intelligence with security control performance to derive risk metrics from evidence-based data. These metrics in turn help demonstrate and prioritize system security gaps and inform remediation and mitigation plans that are also required for regulatory compliance standards. For example, within the new version of the PCI DSS, v.4.0, businesses must provide frequent and provable risk rankings for their high priority vulnerabilities -- a challenging task when performed manually or even with a scanner. The Report Builder can enrich this process and continuously pinpoint high-risk vulnerabilities aligned with actionable threat intelligence data to accelerate the process of meeting these new requirements.
MSSPs gain proof of ROI and build credibility
The Report Builder gives MSSPs a tremendous advantage in helping them communicate risk and ROI to customers and gain credibility. It also helps them quickly report on the status of their ongoing audits with greater frequency and accuracy over manual methods. In essence, the Report Builder can help MSSPs attract and retain more customers through consistent baseline reporting and continuous updates with clarity and enforceable data.
Proactive cybersecurity and prioritization of gaps are key aspects of many industry mandates. As such, businesses must quickly assess their cybersecurity posture and present enforceable proof of security control coverage with evidence-based data during standard audits or at various points along the audit and assessment timeline. While not an easy feat to accomplish, our new Investigative Report Builder takes the pain out of cumbersome reporting and proof-gathering processes. The contextual, detailed posture reports the tool provides can ensure that meeting each mandate’s reporting requirements and providing the necessary proof of vulnerability prioritization and mitigation is far less stressful and can be accomplished much faster.
To learn more about the Investigative Report Builder, watch our quick video tutorial or contact us to schedule a demo.