Analytics and New Hypersyncs to Automate Evidence Collection
Hyperproof is built to provide compliance and security assurance professionals with the consistency, visibility and automation they need to stay on top of all of their work. That’s why we’ve been building more features to provide you with the insights and efficiency you need to mature your compliance program.
Learn more below about Hyperproof’s latest updates, including our new Analytics feature, repeating tasks which can be applied to risks in your risk register, and the latest systems Hyperproof integrates with to automate evidence collection.
Gain More Insight Into Your Compliance Operations with Analytics
Once organizations start to manage their controls in Hyperproof, they are immediately able to get better visibility into their compliance posture through Hyperproof’s built-in dashboards.
Although Hyperproof’s built-in dashboards do provide answers to many of the common questions compliance professionals have, some compliance professionals want to dig even deeper. This month, Hyperproof has released a new Analytics feature in order to satisfy our customers’ desire to get more insights into their compliance program and share key findings with their stakeholders.
When you log into Hyperproof, you’ll find a new Analytics tab. Here, you’ll find three preset dashboards:
- The first one highlights metrics about the progress of compliance operations.
- The second one shows some key metrics meant to help gauge progress in audit preparations.
- The third dashboard contains key metrics about the state and health of controls within an organization.
With our new Analytics feature, you have multiple options for digging deeper into your Hyperproof data. For instance, you can drill into specific widgets on the dashboard, toggle dashboard filters on and off, and export dashboards and share them with stakeholders who aren’t using Hyperproof. You can also set alerts on specific data points within a dashboard and receive automated alerts when predefined conditions have been met.
Keep an eye out for more updates in this area over the coming months, including additional preset dashboards and the ability to create your own dashboards and reports.
Repeating Tasks on Risks
When it comes to managing controls, our customers love the ability to “set it and forget it” with repeating tasks. Using repeating tasks is a good way to save time in instances where compliance professionals need to remind other team members to do something on a periodic basis.
Repeating tasks can now be applied on any risk in your Risk Register, helping you ensure that that your team and your colleagues across the organization are consistently executing your organization’s risk management plan. With this feature, we wanted to remove the need to create one-off tasks and reminders from your plate so that you can have time to focus on more strategic work.
How It Works
You can set up tasks that either repeat on a schedule (e.g. daily, weekly, monthly, quarterly, semiannually, annually), or when an event occurs (e.g. when there’s a change to risk tolerance level, risk likelihood, or when new proof is added to a risk).
New and Updated Hypersyncs
Hypersyncs are connections that automatically pull proof from the services/apps your organization uses into Hyperproof for faster review/validation of controls. For each connection, you can specify what type of data gets pulled into Hyperproof as proof.
At this time, we have added new Hypersyncs for Kubernetes Engine in the Google Cloud Platform and in AWS, ServiceNow, and JumpCloud. We have also made some updates to some existing Hypersyncs to support new proof types, including Tenable.io, Azure AD, AWS, Google Cloud Platforms, and GitLab Hypersyncs.
|Application||Types of Proof You Can Automatically Sync||Why It’s Great|
|Kubernetes Engine in Google Cloud Platform and AWS (New)||List of Clusters. List of Pod Security Policies. List of Workloads||Automatically pull a report of configurations in Kubernetes.|
|ServiceNow (New)||List of Users. List of Groups. List of incidents. Additional proof types coming soon.||Automatically pull a report of any incidents from ServiceNow IT Service Management.|
|Jumpcloud (New)||List of devices. List of Users. Password Policy. Policy results. User group membership list.coming soon.||Confirm that the right policies are in place across your organization’s assets.|
|Tenable||Vulnerabilities results of a scan defined in Tenable.||Automatically pull a report of vulnerability scans and be alerted of any critical issues|
|GitLab||List of members with their email addresses. Branch protection settings.||Confirm that the right settings are in place for branch protection and be alerted if they are changed to be out of compliance.|
|Cloudflare||Cloudflare: firewall||Confirm that the right settings are in place for your firewall and be alerted if they are changed to be out of compliance.|
|AWS||A single Hypersync (or connection to AWS) can collect proof from multiple AWS accounts.||You can efficiently create Hypersyncs that collect data from a specific set of regions.|
|Azure||List of backup policies and list of backup jobs. Resource Groups.||Confirm that the right policies are in place for backup jobs and be alerted if they fall out of compliance.|
|Google Cloud Platform||SQL: Backup configuration. SQL: Backup runs||Confirm that the right configuration is in place for backup jobs and be alerted if it falls out of compliance.|
Automated Controls Testing and Monitoring
While automating the step of pulling evidence from multiple systems is a good way to help compliance professionals save time, we are not stopping here. We are currently working to deepen our automation capabilities by automatically testing and monitoring certain controls on behalf of our users.
In fact, we recently developed a controls testing engine that enables customers to write and execute automated tests on Hypersync-ed proof – so controls’ effectiveness can be validated on a much more frequent basis than what’s possible today.
For instance, the organization that uses Cloudflare for their firewall can have Hyperproof automatically test their Cloudflare firewall setting to validate that the firewall settings are compliant; the organization that uses Tenable vulnerability scanner can have Hyperproof test the vulnerabilities results report to see whether their security team has remediated vulnerabilities according to their company policy. This automated controls monitoring capability is currently in beta and it will become available for all customers in the coming weeks.
New Compliance Framework Templates Available
Knowing that organizations’ compliance demands tend to grow over time, Hyperproof continuously adds new standards, guidelines and regulations as structured framework templates into our Content Library based on customer requests. We also work to ensure that Hyperproof’s framework templates remain up-to-date as the standards themselves are refreshed and customers have an easy path to shift to the latest version of a standard (e.g. PCI DSS 3.0 to PCI DSS 4.0).
Here are some new framework templates we’ve added in the recent weeks:
- ISO 14001:2015 Environmental Management Systems
- ISO 27799:2016 Health Informatics – Information security management in health using ISO/IEC 27002
- ISO 28000 Security and resilience – Security management systems – Requirements
- ISO 45001:2018 Occupational health and safety management
- Australian Government Information Security Manual (ISM) Produced by the Australian Cyber Security Centre (ACSC)
- CMMC 2.0. Hyperproof has supported CMMC since 2021. However, we’ve substantially updated the framework to ensure it is up-to-date with selectable baseline, crosswalks, SSP report and illustrative controls.
- The Cisco Cloud Controls Framework (CCF) V1.0
- CryptoCurrency Security Standard (CCSS)
To get the most up-to-date list of frameworks, check out this guide.
If you are a current customer and would like to utilize a framework Hyperproof doesn’t currently support, please contact your Customer Success Manager to request it.
What’s On Deck
As the Hyperproof team wraps up our summer, we are still hard at work building some exciting new features to release. Stay tuned for upcoming announcements about some highly requested features and enhancements in the coming months or schedule a demo to hear more.