Two security firms, the established Rapid7 vulnerability manager and eGestalt, a cloud-based compliance management provider, have signed an OEM deal that will do something for the IT security industry that hasn't been done before: a combination security and compliance posture management offering called Aegify SPM.

1. Compliance Combines with Vulnerability Scanning to Create Aegify
SANTA CLARA, Calif., December 11, 2012 - Two security firms, the established Rapid7 vulnerability manager and
eGestalt, a cloud-based compliance management provider, have signed an OEM deal that will do something for the
IT security industry that hasn't been done before: a combination security and compliance posture management
offering called Aegify SPM.
The SPM stands for Security Posture Management, and eGestalt of Santa Clara defines SPM as "the art and
science of monitoring and managing business security status by orchestrating process, people, and technological
resources to achieve security objectives."
SPM is about identifying IT assets, evaluating their risks based on known vulnerabilities, then calculating the
impact of these threats. These threats are then mapped directly to a set of regulatory compliance frameworks,
whether for PCI or HIPAA, where the final output can be used to initiate appropriate countermeasures, eventually
bringing the company into compliance.
Inside the Aegify SPM power train is the Rapid7 Nexpose vulnerability technology. Nexpose has a long history with
2,000 enterprises and government agencies using their wares. It must be doing something right. It can sniff out
31,800 vulnerabilities and it conducts more than 92,000 vulnerability checks that comprise
Discovery, detection, verification, risk classification and mitigation. Impact analysis and reporting, like most of
these security tools, are par for the course.
Riding on top of Nexpose and serving as the interface and compliance imperative is eGestalt's own SaaS software
called SecureGRC, which as the name implies, does governance and risk management by applying a compliance
imperative on 400 regulations such as PCI, HIPAA/HITECH, SOX, FISMA, and GLBA.
The integration of these two programs has created a patent-pending system designed by eGestalt that can
automatically map security vulnerabilities to popular compliance mandates, thereby automating the task of
security posture management and compliance management. The tool can import data from other scanners as well.
A cool feature is how it provides a sequenced remediation roadmap with time estimates for each task.
Who among us likes to deal with government regulatory pressure? Most companies do nothing but stand in the
middle of the shooting range and "hope it won't happen to me." They hope no auditor will come knocking. It
should be pointed out that ignorance is no excuse.
eGestalt President Anupam Sahai, who holds two master's degrees from MIT's Sloan School, claims the
combination of Nexpose with his compliance driver eliminates manual work and is "10 to 20 times more cost-
effective than any other competing solution." He thanks the beauty of SaaS for those kind of savings.

2. Going to the cloud with this "all hands on deck" threat management approach can be a smart way to isolate
trouble brewingacross physical and virtual networks, operating systems, databases and Web applications.
Whatever peace of mind you get out of this will be high, knowing that the Feds can't disrupt your business with
their eager probing.
That alone is worth something.
About eGestalt Technologies Inc.
eGestalt (www.egestalt.com) is a world-class, innovation driven, leading provider of cloud-computing based
enterprise solutions for information security and IT-GRC management. eGestalt is headquartered in Santa Clara,
CA, and has offices in the US, Asia-Pacific and Middle East. eGestalt SecureGRC was given a rating of 4.5 stars (out
of a maximum 5) with 5 stars for Features, Support and Value for money by SC magazine in June 2012. In Feb. 2012
eGestalt President Anupam Sahai was named a Channel Chief by Everything Channel's CRN. eGestalt has been
ranked in the Top 10 Vendors for Compliance Management and Data Access & Security by Hypatia Research, Q4
2011. eGestalt was nominated Breakthrough Technology Vendor at XChange Americas, Aug. 2010, and selected by
SiliconIndia among the "Top 10 Security Companies to Watch." Its SecureGRC application was voted runner-up in
the Managed Services Category at XChange Tech Innovators, Nov. 2010. In Sept. 2011 it was selected by Everything
Channel as a 2011 CRN Emerging Technology Vendor as well as a 2011 Tech Innovator for Managed Services.
Press Contact:
Victor Cruz
Principal, MediaPR.net
For eGestalt Technologies
vcruz@mediapr.net