TraceSecurity today announced a cloud-based risk, compliance and audit tool that lets enterprises poll internal network assets and deliver live reports about how well the enterprise is keeping up complying with various security standards and regulations.
The tool, called TraceCSO, is largely cloud-based but does have a virtual appliance component for vulnerability assessment of enterprise computing and networking assets that needs to be installed on premises, according to Dariel LeBoeuf, TraceSecurity's executive vice president of sales and marketing. The tool is being tested by early adopters, including Lansing, Mich.-based Lake Trust Credit Union, which plans to deploy it to track remediation processes and assure the financial institution is in line with risk-compliance responsibilities.
"We can run these reports for auditors," says Richard Reinders, information security analyst at Lake Trust Credit Union, about how TraceCSO is being tested in its VMware-virtualized infrastructure. Though there may still need to be "some kinks" worked out with it, the tool works to track vulnerabilities and remediation of internal assets, and it can share information with other management tools that the bank is using.
TraceCSO can be configured to monitor and evaluate a network based on standards that include the Payment Card Industry (PCI) requirements, the NIST FISMA guidelines, and other regulations such as SOX and the banking FFIEC standards.
"TraceCSO takes these regulations, we pick the ones we're subject to, and it shares us the results in human-readable form," says Reinders.
The tool, available now, starts at $5,000.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: email@example.com.