Kevin Dowd, Director of Security Assessment & Founder of CNS, comments “The concept of the COMPLIANCEngine Service became obvious at CNS. After years of auditing to a full range of regulation and governance requirements, we needed a tool that would allow us to audit a network once and provide the information for many controls. So we built one and I am pleased to say it works”.
The CNS COMPLIANCEngine works for any industry or in-house standard by automating compliance-specific functions such as build validation, log management (SIEM), vulnerability assessment, configuration and patch management. As a highly accredited consultancy, (PCI DSS (QSA), CESG CHECK & CLAS) CNS is then able to work with in-house IT teams to resolve the issues raised.
CNS has developed the services using its own scripting engine. It is completely customisable with customers’ applications, systems, IT estate and risk management methodology.
Most recently, CNS has used the CompliancEngine with managed hosting provider NetBenefit, to ensure its continued compliance with the Payment Card Industry Data Security Standard (PCI DSS), a significant piece of regulation in the retail sector.
Gerry Lawrence, CTO at NetBenefit explains, “Like any regulation the requirements of PCI DSS compliance can be quite daunting. We wanted to be able to offer our customers a PCI DSS compliant solution that can scale with their requirements whether our customers are merchants using payment gateways or larger retailers who manage the payment process themselves”. He continues, “CNS provides an easy to use tool which is supported by a fully managed service. The fact that there are people behind the technology proactively interpreting the outcomes means that we can be confident of providing the best service to our customers, 24x7.
As a managed service, the COMPLIANCEngine frees up time for the internal team by delivering the information needed by regulations such as PCI-DSS, GPG-13 and others. Key features include:
Threat Engine – automated and scheduled security scanning & vulnerability management.
Patch Engine – automated & scheduled patch scanning & management.
Validation Engine – automated and scheduled build checks against bespoke baseline templates.
Configuration Engine – securely stored config backups with differential comparisons to identify changes.
Log Engine – collates information from multiple devices and ensures logs are parsed, normalised, indexed and alerted in real time.
Log Watch – combines one or more of the features above with the CNS Service Desk to analyse logs and respond to alerts.
Service Watch – assistance with the analysis of the results and remedial work required, including preventative measures.
Results from these features are then presented on the COMPLIANCEngine portal for assessment by clients & CNS consultants.
In addition to NetBenefit, CNS has also used the CompliancEngine with a FTSE 100 finance house and a major public service body. The finance house uses it solve its scanning and build validation needs across diverse technologies and systems, enabling the company to manage compliance issues from one location and focus on the business rather than IT. The public body, struggling with budgets and maintaining staff levels, uses the COMPLIANCEngine to detect and monitor events in its infrastructure, as well as guarantee a response.
Notes to Editors
Media contact details
For more information on CNS or to attend the launch, please contact;
Kate Warwick, PR Savvy
Tel: +44 (0) 78 1069 7282
CompliancEngine Launch event
When: 14th April 2011, 4pm
Where: City - for further details contact Kate Warwick
What: A presentation and drinks reception.
Who: Shannon Simpson, Sales and Marketing Director at CNS, CNS & Gerry Lawrence, CTO at NetBenefit.
CNS is a specialist IT security and networking consultancy;
CNS is a PCI DSS Qualified Security Assessor (QSA), CESG CHECK & CLAS Consultancy & ISO27001 Lead Auditor providing advisory, project and managed information assurance and compliance services. www.cnsuk.co.uk www.compliancengine.com
For further information on NetBenefit, please contact Ross Furlong, ross.furlong@
NetBenefit is a leading managed hosting provider whose clients include The National Archives, The New Statesman, Polar, The Hospital Club and Kiddicare.
NetBenefit is part of London listed Group NBT, which has over 350 employees worldwide with offices in London, Copenhagen, New York, Nice, Munich, Zurich, and Oslo.
Other Group NBT brands include NetNames, Easily.co.uk, Speednames, Ascio and Envisional.