How it Works
How we use machine-intelligence to manage your security program.
Under the Hood
Managing a comprehensive cyber-security program is a complex task and typically requires many years of education, training and experience.
Integrating management decisions, scripted interviews, system telemetry, and manual reporting FortMesa’s CyberMarshal triages the highest priority security actions at all times and delegates them to your team the way a human security program manager would.
Let’s drill down and look at some of the ways CyberMarshal performs its job as Deputy CISO.
CyberMarshal continually collects the information it needs to triage your security.
Building the Asset Inventory
Vulnerability Detection & Reporting
Building the Threat Map
Based on gathered intelligence CyberMarshal determines the actions that need to be performed and breaks them down into small discrete tasks.
Chartering & Governance
Security Control & Policy Management
Users with a security program managed by CyberMarshal will choose their security framework from a list of well regarded standards.
For each control in the framework CyberMarshal manages deployment, management and documentation using a triage methodology to ensure security resources are always allocated toward improvements with the highest value potential.
In cases where the customer organization already has a solution CyberMarshal will help document and manage a current control deployment. In other cases CyberMarshal will help the customer choose from low-cost vetted solutions to implement the selected control. CyberMarshal endeavors to keep your team on track but allows you to reprioritize as required. At any time the control framework can be reviewed by management and tasks can be reprioritized. At any time Policy Documentation can be generated which accurately reflects the current up-to-date control deployment.
In some cases an Asset Custodian (often a sysadmin) may determine that the vulnerability has already been resolved or does not apply; in this case the custodian logs a technical exception. In other cases the Asset Owner may elect to accept the risk of a vulnerability.
In both of these examples the management action must be approved by an Information Security Engineer, this separation of duties provides extra assurance that vulnerabilities have been managed effectively.
We help you communicate trust to your customers and stakeholders.
A Fully-Documented Security Architecture
Documents autogenerated by CyberMarshal include:
- A Security Charter
- Control Deployment Policies
- A Threat Model
- An Asset Inventory
- A Vulnerability Summary
- A Certificate of Attestation
Together, these documents can short-cut the audit process required by insurance underwriters.
Additionally, documentation generated automatically by CyberMarshal directly supports evaluating your organization against ISO 27000, NIST CSF or SP800-53, and PCI.
The FortMesa Trustmark Badge
A short HTML snippet allows embedding an awarded trustmark badge into most websites and applications.
Use the FortMesa Trustmark badge to help communicate trust during transactional customer interactions.
Using a Certificate of Attestation
While some information may be disclosed under NDA it’s better to communicate trust without disclosing highly sensitive information.
A third-party endorsed Certificate of Attestation can help assure others of your commitment. These documents often satisfy due diligence requests from partner organizations.