Panaseer launches tool to automate enterprise compliance tasks
The Cyber Frameworks Catalog aims to assist enterprises in mapping, monitoring, and reporting the performance of security controls against significant cybersecurity frameworks and regulations. According to Panaseer, the tool provides pre-built dashboards and automated controls that facilitate the continuous measurement of compliance with standards such as DORA, NIST CSF v2.0, CIS Controls v8, PCI DSS v4.0, and CRI Profile v2.
Research conducted by Panaseer indicates that cybersecurity teams currently spend close to 60% of their time on manual reporting. This situation can lead to inefficiencies, increased operational costs, and an elevated risk of audit failures even when organisations believe that they are operating within compliance requirements.
To address these challenges, teams often implement tactical responses such as isolating systems or creating dedicated environments - a strategy that frequently results in fragmented and unsustainable security operations.
The Cyber Frameworks Catalog claims to streamline these processes by introducing a controls measurement-driven, automation-first methodology. Features such as pre-built dashboards, automated mapping of controls to frameworks, and continuous compliance scoring present security and operational teams with an opportunity to simplify their reporting obligations and regularly demonstrate compliance.
Among the Catalog's features are more than ten out-of-the-box dashboards, each mapped to over 200 control metrics connected to various regulatory frameworks. The automated cross-mapping functionality highlights where a single security control satisfies the requirements of multiple frameworks, a feature intended to benefit sectors such as finance and retail where regulatory overlap is common.
Users are able to identify failing metrics through interactive dashboards, real-time alerts, and configurable thresholds. The Catalog's analytical capabilities allow teams to investigate the underlying causes of compliance failures, prioritise remediation actions, and potentially prevent regulatory breaches.
Historical tracking is integrated into the Catalog, enabling teams to observe compliance trends over time, benchmark the effectiveness of their programmes, and generate defensible evidence for audits and governance reporting. The reporting capacities of the tool allow organisations to develop tailored, multi-framework scorecards reflecting both their compliance and risk management postures, accommodating the diverse needs of stakeholders across business units and regulatory regimes.
Marc Moesse, Chief Product Officer at Panaseer, commented on the purpose behind the Cyber Frameworks Catalog: "Security teams shouldn't have to choose between being compliant and being secure—they need to be both. The Cyber Frameworks Catalog builds on years of working with regulated industries to address real compliance pain points. By productizing control-to-framework mapping into our data-driven platform, we're giving security leaders the automation and clarity they need. With faster prep and reliable data, they can reduce findings and confidently answer to the board, regulators, and auditors, or give them direct access."
Panaseer states that, as regulatory pressures and risks relating to compliance failures continue to mount, the Cyber Frameworks Catalog provides organisations with a systematic approach to managing regulatory requirements while maintaining operational resilience.
The Catalog's integration with Panaseer's Continuous Controls Monitoring platform allows it to aggregate and validate security data from a range of enterprise technology stacks, including platforms managing assets, identities, accounts, and applications. This encompasses more than ten primary cybersecurity domains, offering a centralised view for security teams that includes drill-down capabilities into the specific metrics underlying controls.
The company highlights the value of this approach in enabling organisations to generate validated data suited for scrutiny by auditors, regulators, and internal stakeholders.
Panaseer describes its role as supporting organisations to continuously measure the deployment and effectiveness of their security controls, with its CCM platform providing Chief Information Security Officers with insights into their cyber defence performance relative to global frameworks and regulations. The firm asserts that these data-driven processes promote efficient resource allocation and improved prioritisation of security actions.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
30-07-2025
- Techday NZ
Panaseer launches AI tool for real-time analysis of cyber risks
Panaseer has launched Key Drivers, the first AI-powered product within its new AI Suite, designed to provide real-time analysis of security controls and enhance enterprise risk management. Key Drivers enables organisations to swiftly identify and explain shifts in their risk profile by examining millions of security control records within seconds. This new product aims to support CISOs and security teams in prioritising their responses and reducing the time spent on manual investigation and reporting. Purpose and Functionality Key Drivers analyses high volumes of cybersecurity data and uncovers patterns that may not be apparent through manual inspection. For instance, the product can highlight specific scenarios such as concentrated phishing test failures within a given business unit, or persistent patch breaches across critical Windows 8 devices. These insights give teams the information needed to understand root causes, accelerate remediation, and adapt their security efforts accordingly. The system is integrated with Panaseer's existing actionable dashboards, which are tailored for different industries and regulatory frameworks. This approach allows for not only detecting anomalies, but also providing clear explanations that facilitate business communication and informed decision making. "With breaches continuing to rise, security professionals are under incredible pressure to act fast, but it's often hard to pinpoint what's really driving changes to their risk posture," says Marc Moesse, Chief Product Officer at Panaseer. "When you're dealing with this level of complexity, it's easy to fall back on assumptions or gut instinct, rather than evidence – increasing the likelihood of bias and blind spots. Key Drivers doesn't just flag anomalies, it explains them. Our plan is to build responsible AI features to act as force multipliers, allowing security teams to make smarter, faster, data-driven decisions, and focus their efforts where it really matters." Key Drivers brings several features to streamline risk management, including automated analysis triggered by predefined metric thresholds, report-ready concise summaries, business context filtering by dimensions such as device type, unit, country, or criticality, and asset-level drill-downs to pinpoint affected systems, assets, or users. Risk Management and Reporting The product is designed to detect 'residual risk drift', referring to subtle changes in controls or vulnerabilities that might slowly increase overall risk even after mitigations have been applied. By alerting teams to these changes in near real-time, Key Drivers is intended to make it easier to localise issues and respond effectively before they escalate. The tool can be used by both security analysts and CISOs. For CISOs, it reduces the burden of translating technical findings for business reports or board meetings, while providing up-to-date evidence of security posture improvements. For analysts, Key Drivers operates as a personal assistant, automating the complex process of investigating security issues, speeding up triage, and allowing more time to focus on high-value activities. Industry Perspective "Residual risk isn't some abstract concept – it's the security gaps hiding in plain sight," adds Jonathan Gill, CEO of Panaseer. "Every time we run an assessment, we uncover the same surprises: incomplete CMDBs, thousands of unprotected endpoints, misconfigured cloud environments with no ownership, and even 'retired' servers that still live on the network. And these gaps never stay the same; what looks safe on Monday can be wide-open by Friday. That's why visibility is everything." "With Key Drivers, we give security leaders a living, breathing view of their environment – a system of record that allows security teams to spot residual risk the moment it drifts, understand the control failures behind it, and close the gaps before they become tomorrow's headlines." Key Drivers is the first in a range of products to be released within the Panaseer AI Suite, with further developments planned to enhance AI governance, accelerate cyber risk management and compliance, and reinforce cyber resilience across client organisations. The product is now available to all Panaseer customers.
Techday NZ
20-06-2025
- Techday NZ
Commvault & Kyndryl partner to boost cyber recovery services
Commvault and Kyndryl have announced a partnership to deliver incident recovery services for organisations aiming to enhance data security and meet regulatory requirements. The two companies will work in collaboration with Pure Storage to provide services intended to help organisations recover faster from cyber incidents, improve cyber resilience, and address complex regulatory demands. Kyndryl's cyber resiliency services portfolio includes Incident Recovery Services, Managed Backup Services, and Hybrid Platform Recovery. Through this new partnership, it will be supported by Commvault and Pure Storage to assist organisations in adhering to regulations such as the European Union's Digital Operational Resilience Act (DORA), NIS2 Directive, Payment Services Directive 2 (PSD2), New York Department of Financial Services (NYDFS) regulation NYCRR 500, and Australia's Prudential Regulation Authority (APRA) CPS 230 standard. Expanding cyber recovery services Under the collaboration, Commvault and Kyndryl plan to enhance support for enterprise customers facing persistent cyber threats and increasing data management complexity, particularly in multi-cloud environments. "Cyber preparedness is no longer regarded as optional for global organizations; it is mandatory," stated Allen Downs, Vice President of Security and Resiliency Services at Kyndryl. "Through this collaboration with Commvault and Pure Storage, we are further positioned to assist some of the world's most esteemed organizations in completely redefining their data protection strategies." The joint approach leverages Pure Storage technology alongside Commvault's cyber resilience and recovery solutions. This combined offering introduces a four-layer architecture designed to streamline compliance and speed up recovery for hybrid cloud customers. Technology and features The four-layered architecture includes the following components: Cyber Resilient Vault—an isolated, immutable data vault, based on zero-trust, to safeguard backup data from unauthorised access and tampering. Clean Recovery Zone—a controlled setting for forensic review and staged recovery using validated clean backups. Production Rapid Restore—capability for swift, reliable dataset restoration by using Pure Storage FlashBlade, with immutability features such as S3 Object Lock and SafeMode. Immutable Snapshot Recovery—enables quick, application-consistent restoration of key workloads through Commvault IntelliSnap and Pure Storage FlashArray. The services are developed to promote automated and ongoing cyber recovery testing. Support extends to Commvault Cleanroom Recovery within both public cloud and on-premises isolated environments overseen by Kyndryl. Organisations are enabled to validate their recovery processes to comply with DORA Chapter II (Risk Management), Chapter IV (Operational Resilience Testing), and related regulation. Meeting regulatory needs The collaboration is set against a backdrop of increasingly rigorous and complex regulatory landscapes. Organisations are now required to demonstrate not only the protection of their critical data, but also the capability to restore operations swiftly following a digital disruption. "Our partnership with Kyndryl is built to address the biggest challenges facing the enterprise today, such as the persistent threat of cyberattacks, including ransomware, and the increasing complexity of managing massive data growth across multi-cloud environments," said Alan Atkinson, Chief Partner Officer at Commvault. "When combined with the innovative Pure Storage platform, the three companies are together helping organizations stay resilient and prepared to act decisively in the face of disruption." As businesses face mounting pressures from both cyber threats and regulatory scrutiny, integrating compliance with resilience strategies is becoming increasingly necessary. "As regulatory frameworks like DORA set higher standards for operational resilience, organizations are implementing strategies that integrate regulatory compliance with the ability to recover swiftly from cyber disruption," said Maciej Kranz, General Manager, Enterprise at Pure Storage. "Together with Commvault and Kyndryl, we're delivering advanced security features and a scalable foundation of layered resilience that helps organizations meet these mandates and restore critical operations quickly and reliably." The services provided by the three companies are typically available across North America, Europe, and the Asia-Pacific region. Clients and partners will have opportunities to engage through existing partner programmes and access supporting resources aimed at enhancing cyber resilience and compliance capabilities. Follow us on: Share on:
Techday NZ
06-06-2025
- Techday NZ
Bitdefender unveils GravityZone tool for easier compliance
Bitdefender has released a new compliance management solution designed to address the growing regulatory and audit requirements faced by organisations across industries. The company has introduced GravityZone Compliance Manager, which aims to assist businesses in reducing the costs and operational obstacles associated with compliance while streamlining the process of achieving audit readiness. The solution comes at a time when regulations such as GDPR, PCI DSS, NIS2, and DORA are enforcing stricter penalties for non-compliance, including fines up to EUR €20 million or 4% of global annual turnover under GDPR, and USD $100,000 per month under PCI DSS. These penalties are in addition to reputational harm that can result from regulatory breaches. GravityZone Compliance Manager provides real-time visibility into an organisation's compliance posture, automates remediation tasks, generates audit-ready reports, and allows for one-click compliance documentation. The solution is fully integrated with Bitdefender's existing endpoint security and risk analytics platform. Andrei Florescu, President and General Manager of Bitdefender Business Solutions Group, commented on the release: "The consequences of non-compliance, including financial loss, operational disruption, and reputational damage, rival those of a data breach or ransomware attack, yet most businesses lack the resources or specialised talent needed to manage compliance with confidence." "GravityZone Compliance Manager is a game-changer that consolidates compliance, risk management, and endpoint security on a single platform, enabling businesses to meet regulatory demands effortlessly and reduce complexity to strengthen cyber resilience." Patria Bank has served as an early access client for GravityZone Compliance Manager. Alin Paunescu, Chief Information Security Officer at Patria Bank, shared insights on the tool's impact: "GravityZone Compliance Manager performed well for us during early access. The continuous monitoring and assessment feature reduced our reliance on manual scans, saving valuable time. Because it's integrated into our existing security stack, we've avoided the additional cost and complexity of using external tools. It has simplified our operations by eliminating the need for multiple point solutions." Recent guidance from Gartner has underscored the importance of integrating compliance and risk management via automated, continuous monitoring and impact-based assessments. According to research cited by Bitdefender, organisations increasingly risk severe consequences for fragmented or manual approaches to regulatory compliance. Despite escalating regulatory demands globally, many organisations continue to rely on siloed tools and manual processes that may be insufficient to address comprehensive compliance requirements. GravityZone Compliance Manager is designed as an add-on to the company's core GravityZone platform to provide a unified approach, bringing together compliance, risk, and security operations in one system. This integration includes real-time compliance scoring, automated reporting, and guided remediation without requiring specialised in-house compliance expertise. The solution's features include automated audit-ready reports that can be generated in seconds, using information already collected by Bitdefender tools. These reports are structured to meet auditor standards and include an executive summary, an analysis of compliant versus non-compliant checks, and a risk overview with a severity breakdown. Additionally, the platform integrates compliance management with security and risk analytics alongside tools like Bitdefender Proactive Hardening and Attack Surface Reduction (PHASR). This combination allows organisations to reduce system vulnerabilities and maintain ongoing alignment with compliance requirements. Whenever risks are mitigated, the platform automatically updates compliance status, enhancing operational efficiency and cybersecurity posture. GravityZone Compliance Manager supports immediate alignment with a broad range of industry and geography-specific frameworks, such as GDPR, HIPAA, DORA, NIS 2 Directive, PCI DSS, SOC 2, ISO 27001, CISv8, and CMMC 2.0. Organisations can identify and address compliance gaps with a single click and access detailed information on risks and affected assets per standard. The solution's full feature set is available to new and existing GravityZone customers. Organisations using the platform's risk management functions gain immediate access to a standard set of compliance tools, while a full Compliance Manager add-on licence provides support for advanced frameworks, comprehensive scoring, enhanced visibility, and exportable reports. Bitdefender has indicated that while GravityZone Compliance Manager is intended to assist organisations with compliance-related activities, it does not replace internal compliance efforts or guarantee the outcome of external audits. The company recommends that organisations work with approved auditors for formal compliance certification processes.
