As a part of its “build” offering, BAP has developed a special tool that assists companies in becoming compliant with specific regulations such as PII, PCI, or FISMA, to be more secure and compliant. The tool walks the customer through the process, helping them pick out their required security objectives and build their controls (bapSolution.com/OCS). In the analysis phase, BAP will validate the exact mandates that the customers follow in their implementations to inform them if they are deployed properly. For instance, to an administrator working on the systems’ access control policy, details about how his LDAP servers are set up would be appropriate for the control, although BAP will validate the implementation language to make certain the access control policy does not talk about disposal of sensitive information, for example; an intuitive and context-specific feedback and score card.
Compliance is not security; but by leveraging BAP—Build, Analyze, and Protect—our three levels can be used with all aspects of your cyber strategy
The validation helps customers establish what their controls are, verify if they are following regulation or not. The process then moves into the protect phase. BAP aligns the controls and policies to active threat with continuous monitoring, give customer real-time “health” of their controls. BAP is a 100% self-contained, virtual appliance, that runs on any of the VMware or Hyper V virtualization platforms ranging from the free versions to paid cloud hypervisors.
The company has also designed a dashboard and reports, making it as simple as possible for the most non-technical of users. E-mail alerts will mail users of all their policies and visualize their security status through a very simple “red-yellow-green,” stoplight report. BAP can enable stakeholders to look at the security health of their environment, without having to interpret a security specialists’ terminology or lexicon—they can see it all, as green, yellow, or red.
BAP is the policy and security ops teams’ best friend. BAP integrates any information that can be collected using an event file, for example IoT. With relationships involving some of the major IoT gateway manufacturers, BAP projects that IoT is going to continue to be an influence on the security that their system would reinforce. As IoT continues to be more mainstream, BAP wants to be on top, ingesting all the gateway events, correlating them back to the controls as well to give a true system level health.