Brian Berger, president of Cytellix, said merging governance, risk and compliance with managed detection and response could enable organizations to improve their cybersecurity posture.
“When companies combine GRC and MDR capabilities, however, they create a measurable and comprehensive approach to cybersecurity risk and compliance,” Berger wrote in an article published on Carahsoft.com.
He discussed how a security tool like Cytellix Cyber Watch Platform works to help organizations safeguard critical information as mandated by regulatory requirements like the Department of Defense’s Cybersecurity Maturity Model Certification program through the combination of GRC and MDR capabilities with Extended Detection Response or XDR.
“It also helps them understand whether they are under attack, whether information is leaking out of the organization and whether any employees are acting in a way that increases the company’s security risks,” Berger said of CCWP.
The Cytellix executive cited CCWP works across cloud-based, on-premises and hybrid environments and enables a company to prepare for certification and audit by a third-party assessment organization as part of the CMMC program.
According to Berger, organizations looking to comply with CMMC and other cybersecurity frameworks should be proactive and work with experts who could assist them through the process in order for them to determine their cyber risks and gain real-time situational awareness of their cybersecurity posture.
“The preparation work to secure the company including: Employees, Infrastructure and Applications may include development of policies, configuration management and/or technology procurement — typically takes 12 to 18 months,” he stated. “For companies that want to achieve CMMC compliance and win and maintain government contracts, the time to start is now.”