Panaseer launches tool to automate enterprise compliance tasks
Panaseer has announced the launch of its Cyber Frameworks Catalog, designed to automate compliance management for enterprises operating within regulated industries.
The Cyber Frameworks Catalog aims to assist enterprises in mapping, monitoring, and reporting the performance of security controls against significant cybersecurity frameworks and regulations. According to Panaseer, the tool provides pre-built dashboards and automated controls that facilitate the continuous measurement of compliance with standards such as DORA, NIST CSF v2.0, CIS Controls v8, PCI DSS v4.0, and CRI Profile v2.
Research conducted by Panaseer indicates that cybersecurity teams currently spend close to 60% of their time on manual reporting. This situation can lead to inefficiencies, increased operational costs, and an elevated risk of audit failures even when organisations believe that they are operating within compliance requirements.
To address these challenges, teams often implement tactical responses such as isolating systems or creating dedicated environments - a strategy that frequently results in fragmented and unsustainable security operations.
The Cyber Frameworks Catalog claims to streamline these processes by introducing a controls measurement-driven, automation-first methodology. Features such as pre-built dashboards, automated mapping of controls to frameworks, and continuous compliance scoring present security and operational teams with an opportunity to simplify their reporting obligations and regularly demonstrate compliance.
Among the Catalog's features are more than ten out-of-the-box dashboards, each mapped to over 200 control metrics connected to various regulatory frameworks. The automated cross-mapping functionality highlights where a single security control satisfies the requirements of multiple frameworks, a feature intended to benefit sectors such as finance and retail where regulatory overlap is common.
Users are able to identify failing metrics through interactive dashboards, real-time alerts, and configurable thresholds. The Catalog's analytical capabilities allow teams to investigate the underlying causes of compliance failures, prioritise remediation actions, and potentially prevent regulatory breaches.
Historical tracking is integrated into the Catalog, enabling teams to observe compliance trends over time, benchmark the effectiveness of their programmes, and generate defensible evidence for audits and governance reporting. The reporting capacities of the tool allow organisations to develop tailored, multi-framework scorecards reflecting both their compliance and risk management postures, accommodating the diverse needs of stakeholders across business units and regulatory regimes.
Marc Moesse, Chief Product Officer at Panaseer, commented on the purpose behind the Cyber Frameworks Catalog: "Security teams shouldn't have to choose between being compliant and being secure—they need to be both. The Cyber Frameworks Catalog builds on years of working with regulated industries to address real compliance pain points. By productizing control-to-framework mapping into our data-driven platform, we're giving security leaders the automation and clarity they need. With faster prep and reliable data, they can reduce findings and confidently answer to the board, regulators, and auditors, or give them direct access."
Panaseer states that, as regulatory pressures and risks relating to compliance failures continue to mount, the Cyber Frameworks Catalog provides organisations with a systematic approach to managing regulatory requirements while maintaining operational resilience.
The Catalog's integration with Panaseer's Continuous Controls Monitoring platform allows it to aggregate and validate security data from a range of enterprise technology stacks, including platforms managing assets, identities, accounts, and applications. This encompasses more than ten primary cybersecurity domains, offering a centralised view for security teams that includes drill-down capabilities into the specific metrics underlying controls.
The company highlights the value of this approach in enabling organisations to generate validated data suited for scrutiny by auditors, regulators, and internal stakeholders.
Panaseer describes its role as supporting organisations to continuously measure the deployment and effectiveness of their security controls, with its CCM platform providing Chief Information Security Officers with insights into their cyber defence performance relative to global frameworks and regulations. The firm asserts that these data-driven processes promote efficient resource allocation and improved prioritisation of security actions.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
08-05-2025
- Techday NZ
Panaseer launches tool to automate enterprise compliance tasks
Panaseer has announced the launch of its Cyber Frameworks Catalog, designed to automate compliance management for enterprises operating within regulated industries. The Cyber Frameworks Catalog aims to assist enterprises in mapping, monitoring, and reporting the performance of security controls against significant cybersecurity frameworks and regulations. According to Panaseer, the tool provides pre-built dashboards and automated controls that facilitate the continuous measurement of compliance with standards such as DORA, NIST CSF v2.0, CIS Controls v8, PCI DSS v4.0, and CRI Profile v2. Research conducted by Panaseer indicates that cybersecurity teams currently spend close to 60% of their time on manual reporting. This situation can lead to inefficiencies, increased operational costs, and an elevated risk of audit failures even when organisations believe that they are operating within compliance requirements. To address these challenges, teams often implement tactical responses such as isolating systems or creating dedicated environments - a strategy that frequently results in fragmented and unsustainable security operations. The Cyber Frameworks Catalog claims to streamline these processes by introducing a controls measurement-driven, automation-first methodology. Features such as pre-built dashboards, automated mapping of controls to frameworks, and continuous compliance scoring present security and operational teams with an opportunity to simplify their reporting obligations and regularly demonstrate compliance. Among the Catalog's features are more than ten out-of-the-box dashboards, each mapped to over 200 control metrics connected to various regulatory frameworks. The automated cross-mapping functionality highlights where a single security control satisfies the requirements of multiple frameworks, a feature intended to benefit sectors such as finance and retail where regulatory overlap is common. Users are able to identify failing metrics through interactive dashboards, real-time alerts, and configurable thresholds. The Catalog's analytical capabilities allow teams to investigate the underlying causes of compliance failures, prioritise remediation actions, and potentially prevent regulatory breaches. Historical tracking is integrated into the Catalog, enabling teams to observe compliance trends over time, benchmark the effectiveness of their programmes, and generate defensible evidence for audits and governance reporting. The reporting capacities of the tool allow organisations to develop tailored, multi-framework scorecards reflecting both their compliance and risk management postures, accommodating the diverse needs of stakeholders across business units and regulatory regimes. Marc Moesse, Chief Product Officer at Panaseer, commented on the purpose behind the Cyber Frameworks Catalog: "Security teams shouldn't have to choose between being compliant and being secure—they need to be both. The Cyber Frameworks Catalog builds on years of working with regulated industries to address real compliance pain points. By productizing control-to-framework mapping into our data-driven platform, we're giving security leaders the automation and clarity they need. With faster prep and reliable data, they can reduce findings and confidently answer to the board, regulators, and auditors, or give them direct access." Panaseer states that, as regulatory pressures and risks relating to compliance failures continue to mount, the Cyber Frameworks Catalog provides organisations with a systematic approach to managing regulatory requirements while maintaining operational resilience. The Catalog's integration with Panaseer's Continuous Controls Monitoring platform allows it to aggregate and validate security data from a range of enterprise technology stacks, including platforms managing assets, identities, accounts, and applications. This encompasses more than ten primary cybersecurity domains, offering a centralised view for security teams that includes drill-down capabilities into the specific metrics underlying controls. The company highlights the value of this approach in enabling organisations to generate validated data suited for scrutiny by auditors, regulators, and internal stakeholders. Panaseer describes its role as supporting organisations to continuously measure the deployment and effectiveness of their security controls, with its CCM platform providing Chief Information Security Officers with insights into their cyber defence performance relative to global frameworks and regulations. The firm asserts that these data-driven processes promote efficient resource allocation and improved prioritisation of security actions.
Techday NZ
30-04-2025
- Techday NZ
Forrester warns of deepfakes & AI extortion in 2025 threats
A report by Forrester has identified the top cybersecurity threats anticipated to impact organisations and security teams in 2025. The Forrester report, entitled "The Top Cybersecurity Threats in 2025," outlines five key risks confronting companies, ranging from global regulatory upheavals to the proliferation of high-quality deepfakes and the rise of advanced extortion schemes powered by generative AI (GenAI). According to Forrester, the first major threat area concerns global regulatory disruptions. In its 2024 Business Risk Survey, 24% of enterprise risk management leaders cited regulatory changes as a top concern. The report notes that shifting global regulations are contributing to a complex compliance environment. Organisations must pay particular attention to those requirements currently enforceable, including major regimes such as the European Union's AI Act, the Digital Operations Resilience Act (DORA), and the forthcoming CMMC 2.0 requirements. Forrester states, "With so much regulatory change, organisations must focus on compliance change management and prioritise requirements that are being enforced now." The second threat highlighted in the report is the danger posed by deepfake technology. The increasing availability and sophistication of tools and algorithms for producing high-quality deepfakes threaten authentication processes, erode trust, and put brand reputations at risk. Forrester emphasises the importance of both end-user education and robust authentication measures in tackling this issue. The report projects, "Forrester anticipates biometrics vendors will allocate 20-30% of R&D budgets to enhance deepfake detection by 2025." Another listed concern is the potential for so-called "tech exuberance" over generative AI. Forrester warns that the ungoverned deployment of AI without adequate security evaluation and oversight may create fresh vulnerabilities for enterprises. "Organisations must implement a comprehensive AI security strategy that includes discovery, policy enforcement, and detection and response capabilities for real-time detection," Forrester advises. Economic pressures and their impact on insider risks comprise the fourth area of concern in the report. The ongoing trend of job cuts worldwide has created conditions under which the risk of insider threats is elevated. According to Forrester, "Post-layoff dissatisfaction increases the risk of insider threats as financially stressed employees may turn malicious, leading to data breaches and other security incidents." The report recommends that organisations combine proactive insider risk management with efforts to encourage a positive workplace culture: "A robust insider risk management program combined with initiatives to foster a positive work culture is critical for minimising these threats." The fifth threat outlined is a shift from traditional ransomware to GenAI-driven extortion schemes. Forrester points to the growing sophistication of such schemes, which now use generative AI for advanced sentiment analysis as part of broader data breach strategies. To address these threats, Forrester says, "Businesses must adopt a holistic Zero Trust approach and consider investing in phishing-resistant multifactor authentication and passkeys, data loss prevention tools, and ongoing employee training to counteract these threats." With cybercriminal tactics continuing to evolve and regulatory requirements growing in complexity, the report indicates that security teams will need to adopt multi-faceted and adaptive cybersecurity strategies to prepare for the year ahead. The full Forrester report provides detailed analysis and specific recommendations for Chief Information Security Officers and risk management leaders navigating these developments. Follow us on: Share on:
Techday NZ
27-04-2025
- Techday NZ
Qualys launches Policy Audit to slash compliance audit costs
Qualys has announced an enhancement to its policy compliance solution with the launch of Policy Audit, aiming to streamline audit efficiency, reduce compliance costs and lower regulatory risks for organisations. The increase in regulatory requirements has presented significant challenges for enterprises; according to the Compliance Digital Transformation Report by Coalfire, nearly 70% of service organisations are subject to six or more regulatory frameworks. These requirements stretch operational resources and often result in higher costs. The complexity is further complicated by system misconfigurations which can lead to instances of non-compliance and potential regulatory penalties. Policy Audit introduces several automated features designed to address these challenges by reducing the reliance on manual processes. Sandeep Khanna, Chief Information Security Officer at the Unique Identification Authority of India (UIDAI), commented on the integration of Policy Audit, stating: "Integrating Qualys Policy Audit into our workflows has transformed how we manage compliance. The seamless collaboration between teams, combined with real-time visibility across multiple mandates, has streamlined our operations and enabled proactive risk management. It's a game-changer for audit readiness." The Policy Audit solution works by automatically mapping collected evidence to major compliance frameworks such as PCI DSS 4.0, DORA, NIST, CMMC, and FedRAMP. It provides coverage across 450 technology types, includes over 1,000 out-of-the-box policies, and supports compliance with more than 90 frameworks. This is intended to foster continuous compliance and audit readiness while helping to mitigate the risk of audit failures. Among its features, the continuous audit readiness capability automates evidence collection and reduces the risk of human error, offering organisations a way to monitor audit gaps via real-time compliance posture dashboards. According to Qualys, the use of automated policy compliance can reduce audit failure rates by as much as 95%, allowing organisations to proactively address risks that could result in fines or penalties. Policy Audit also incorporates Qualys TruRisk, which maps compliance and data privacy risks automatically while identifying and prioritising critical misconfigurations according to business impact and asset and threat exposure. This functionality is intended to help organisations focus resources on the most significant vulnerabilities, and to understand the effect of these vulnerabilities across various regulatory mandates. With regard to operational workflow, Policy Audit includes automated IT Service Management (ITSM) workflows to connect silos between teams, ensuring necessary information moves efficiently to the relevant parties. Its integration with Governance, Risk, and Compliance (GRC) tools aims to improve visibility and streamline both compliance tracking and risk management. Policy Audit features automated remediation workflows to accelerate the response to compliance gaps and reduce the window of exposure to breaches. On the reporting side, the solution enables organisations to generate multiple customisable reports from a single data collection process, utilising more than 90 pre-mapped mandates. These reports can be adapted for audiences such as executives and stakeholders, facilitating audits on demand and reportedly cutting audit costs by up to 50%. Sumedh Thakar, President and Chief Executive Officer of Qualys, commented: "Organisations are facing a growing number of mandates, and audit readiness is more critical than ever. Yet many struggle with complex regulations, limited staff, tight budgets, and manual processes—making compliance costly and error-prone." "Policy Audit transforms audits from a source of stress into a streamlined, automated process that empowers teams to do more while keeping the organisation continuously audit ready." In conjunction with Policy Audit, Qualys has introduced Audit Fix, an optional feature designed to help limit breach exposure. Audit Fix allows users to remediate audit findings before they escalate into compliance issues using a library of pre-defined scripts and policies, which can be integrated into continuous integration and deployment (CI/CD) pipelines. Customisable remediation workflows further contribute to continuous compliance and risk reduction. Qualys Policy Audit is expected to be available in the second quarter of the year.
