News
Pathlock announced the availability of Continuous Controls Monitoring (CCM)
March 2024 by Marc Jacob
Pathlock announced the availability of Continuous Controls Monitoring (CCM), a product within the Pathlock Cloud Platform that encompasses control management, risk quantification, and change monitoring to streamline control mechanisms from various frameworks into one centralized, automated system. Large enterprises will be able to continuously monitor all business control, separation of duties, and IT configuration change transactions, replacing the current method of periodic sample reviews. The aim is to reduce both business losses and the cost of audits through continuous auditing of controls in financial and other transactional applications.
The availability of CCM will enable Pathlock customers to prioritize risk remediation based on potential impact to make the best use of available resources and limit business process risks (financial, operational, and security) through two key modules:
• Controls Management: This module provides the ability to integrate and streamline business processes and manual process control mechanisms from various frameworks into a centralized, automated system. It provides enhanced risk visibility, improves efficiency, and reduces manual effort in maintaining compliance. The risk quantification feature analyzes transaction data for organizations to quantify the financial exposure of Separation of Duty (SoD) violations and business process transactions within or across application environments.
• Change Monitoring: This module generates events and notifies a business to analyze master data and key application configuration changes in the business system. It enables detailed analysis of the changes including the source of the change, the user initiating the change, along with before and after values including items that have been deleted and carry out corrective and or preventative actions depending on the impact of the change. This capability aids in maintaining a complete audit path over configuration and master data changes.
Through the implementation of standardized, automated process controls based on accepted frameworks, organizations can quickly improve their cybersecurity posture while reducing manual efforts. The reduction of manual efforts results in lower internal and external resource costs, fewer errors, and reduced audit preparation times.
With identity emerging as the new perimeter in cybersecurity, it is important for organizations to maintain total visibility and control over their ecosystems. However, many identity and access management solutions only provide the ability to manage an organization’s joiners, movers, and leavers, but fall short when considering the potential risk a user could cause with their provisioned access. Moreover, legacy Identity Access Management (IAM) solutions may generate alerts for potential risks, but they fail to prioritize or quantify the impact of these risks. This means that every potential risk looks the same and doesn’t enable IT or application security administrators to triage and quickly approach the most important risks first. With technology environments rapidly evolving it’s easy for changes to disrupt an organizations’ security posture and for those changes to go unnoticed. Pathlock’s Continuous Controls Monitoring capabilities provide a comprehensive audit and remediation trail for any changes that may occur creating a proactive and adaptable cybersecurity posture.
Pathlock provides visibility to risks and quantifies the financial impact of those risks so that appropriate remediation can take place to limit exposure to threats that could have a material financial impact on an organization.
