SureShield Tech Update May 2024

Tech Updates
May 13, 2024

Keep ahead of cyber threats with SureShield’s groundbreaking solutions. Discover our newest developments today:

1. Fixed the issue of remediation tasks not closing automatically when all the associated vulnerabilities are verified to be fixed.
2. Remediation task priority is now set based on the severity of the associated vulnerabilities.

1. ComplyShield now includes a compliance management framework for FedRAMP and CompTIA. We are currently working on policy content for these two frameworks.
2. FedRAMP (Federal Risk and Authorization Management Program) is a U.S. government-wide program that standardizes the security assessment, authorization, and continuous monitoring of cloud products and services. It aims to ensure that cloud services used by federal agencies meet a baseline level of security to protect sensitive government data. Compliance with FedRAMP ensures that cloud services adhere to strict security controls and protocols, reducing the risk of data breaches and ensuring government information’s confidentiality, integrity, and availability. Organizations that must comply with FedRAMP include Federal Agencies and Departments, Cloud Service Providers (CSPs), and Third-Party Assessment Organizations (3PAOs).
3. CompTIA Security Controls refer to a set of best practices and guidelines developed by the Computing Technology Industry Association (CompTIA) to help organizations enhance their cybersecurity posture. These controls provide a framework for managing and mitigating cybersecurity risks effectively. The CompTIA Security Controls are based on widely-accepted security principles and cover various aspects of cybersecurity.
4. Responding to a practice/control with only comments/evidence and without selecting a compliance status was setting the compliance status to “Yet to Be Assessed” even if the previous status is something else such as “Remediation In Progress” or “Compliant”. The tool now mandates the user to select a compliance status and provide a comment at the minimum to respond to a control.
5. Survey Questions content was not shown fully for some questions. We have fixed this issue.
6. IRIS module now includes a new Compliance Executive Summary report output, modified if required, and shared with the customers.

Whenever a record is added for monitoring that has any alias names included within the record name, the additional names are now added as key contacts to the record so that all these names come under surveillance. For example, if the record name is given as “John Smith AKA Johnson S DBA Johnson’s Bus Services”, all the three names “John Smith”, “Johnson S” and “Johnson’s Bus Services” will be added to the integrity monitoring list.

1. We have added support for Single-Sign-On (SSO) from 3rd party applications to integrate and launch the SureShield application using SSO.
2. Google API for QA Code generation for 2FA setup has been deprecated. It is now replaced with QACode.com API.

ShieldScout (Beta):

ShieldScout is a business-specific AI chatbot that provides generative security insights. ShieldScout can aid you in proactively mitigating customer security risks and decrease your operational work effort by over 90%.

ShieldScout features are early and experimental. Human reviewers may read, annotate, and review your chat threads to improve our services and AI-driven responses, as described in the Privacy Notice and Terms.

The salient features of ShieldScout are:

1. Dynamic generative security insights based on your questions/prompts
2. Ready to use Trending Prompts on security data
3. Curated Security & Threat advisories to review and query your customer data on them
   1. Cyber Security Advisories
   2. Emerging Vulnerabilities

Please email us at support@dstest.in with questions, suggestions, or feedback. Thank you for being a part of our tech community.

Best regards,
Thomas Leahy
SVP, SureShield Inc.