eGestalt announces a new security posture management product called Aegify that is powered by Rapid7's vulnerability scanning technology and integrates eGestalt's existing SecureGRC compliance tool; Aegify provides cloud-based security posture management including asset discovery, vulnerability analysis, and compliance mapping to help organizations improve security and compliance. eGestalt partners with Rapid7 to leverage their technology in Aegify and provide a unified security and compliance product through a software-as-a-service model.

1. eGestalt Announces Next Generation Security Posture Management with Aegify
Cloud-based, Software-only solution is powered by Rapid7 technology
SANTA CLARA, Calif., November 19, 2012– eGestalt Technologies (www.eGestalt.com), a provider of IT security
monitoring and compliance management for SMBs and enterprises, today announced Aegify, the world's first
completely integrated and unified IT-GRC and cloud-based Security Posture Management (SPM) product using a
completely software-based solution.
Security Posture Management (SPM) is the art and science of monitoring and managing business security status
by orchestrating process, people, and technological resources to achieve security objectives. This involves
identifying business critical IT assets, evaluating their risks based on vulnerabilities and the impact of potential
threats, and mapping results directly to controls to initiate appropriate countermeasures.
Aegify SPM is powered by Rapid7's Nexpose vulnerability management technology, which scans physical and
virtual networks, databases, operating systems and web applications, enabling customers to remediate
vulnerabilities and misconfigurations and to enforce policies. Rapid7 (www.rapid7.com) is a leading provider of IT
security risk management solutions used by more than 2,000 enterprises and government agencies in more than
65 countries.
Aegify is a complete integration of eGestalt's HIPAA and PCI compliance tool SecureGRC, with security posture
management capability using an innovative, patent-pending expert systems technology to automatically map the
security vulnerabilities to compliance mandates. The tool can import data from other standard vulnerability
scanners in the industry as well.
Says eGestalt President Anupam Sahai, "We are very excited about the strategic partnership with Rapid7. Aegify is
the first true software- and cloud-based unified security and IT-GRC solution on the market with end-to-end
automation including vendor management and support for multiple compliance business frameworks such as PCI,
HIPAA/HITECH, SOX, FISMA, and GLBA. This is also the first product in the market which can automatically map
security vulnerabilities to compliance mandates using an innovative expert systems approach thereby eliminating
manual work required and saving significant costs. It advances the state of the art in the industry besides still
continuing to be 10 to 20 times more cost-effective than any other competing solution."
There are thousands of security exposures identified and documented as vulnerabilities. Tools used by cyber-
attackers are very sophisticated and attackers can breach the perimeter and steal data within seconds and
minutes. Businesses are often caught unaware, discovering the breach only weeks and sometimes months
afterwards.
"Aegify SPM brings a new cloud-based approach to managing security posture that is innovative, easy to use, and
extremely valuable for defenders," said Sheldon Malm, Senior Director of Strategic Partners and Alliances at

2. Rapid7. "By leveraging Rapid7 technology, Aegify SPM provides a comprehensive view of exposure risk that is
directly connected to business assets and compliance management. This is a complementary offering that will
benefit our joint customers."
A cloud application, Aegify's SPM "all hands on deck" threat management approach performs asset discovery,
vulnerability analysis, risk profiling, threat impact analysis and compliance mapping. It can identify 92,000
vulnerability checks for more than 31,800 vulnerabilities across physical and virtual networks, operating systems,
databases, and Web applications.
The cloud-based Aegify engine is driven in large part by eGestalt's flagship product Aegify SecureGRC, a unified
security and compliance management tool that includes all of the necessary security and IT-GRC functionality
required to gain control and improve compliance levels across more than 400+ regulations.
While the framework allows for the easy plug-in of any regulation or standard, eGestalt currently offers to the
channel ready-to-roll compliance services with built-in frameworks to support the most stringent and popular
regulations including PCI, HIPAA/HITECH, SOX, FISMA, and GLBA, as well as more country-specific regulations.
Extensible with built-in frameworks, the Aegify SecureGRC solution offers a simplified approach for PCI,
HIPAA/HITECH and other country specific frameworks ready-to-use out of the box. It provides automated mapping
of a network's security posture to compliance controls.
All told, the integrated Security Posture Management solution Aegify offers a single approach to security and
compliance management, and because it is delivered as SaaS, it is available at low cost due to its pay -as-you-grow
model.
A Community Edition for diagnostics is available as a free download at http://www.egestalt.com/. For further
details please call (408) 689-2586 or email sales@egestalt.com .
About Rapid7 Nexpose
Nexpose proactively supports the entire vulnerability management lifecycle, including discovery, detection,
verification, risk classification, impact analysis, reporting and mitigation. This gives organizations immediate insight
into the security posture of their IT environment by conducting over 92,000 vulnerability checks for more than
31,800 vulnerabilities. The solution leverages one of the largest vulnerabilities databases to identify vulnerabilities
across networks, operating systems, databases, Web applications and virtual assets. Risk is classified based on real
exploit intelligence combined with industry standard metrics such as CVSS, as well as temporal and weighted risk
scoring. Nexpose provides a detailed, sequenced remediation roadmap with time estimates for each task. Nexpose
is used to help organizations improve their overall risk posture and security readiness as well as to comply with
mandatory regulations, including security requirements for PCI, HIPAA, ARRA HITECH ACT, FISMA (including SCAP,
USGCB, FDCC and CyberScope Compliance), Sarbanes-Oxley (SOX) and NERC CIP. Nexpose is a Common Criteria
EAL3+ product and received the SC Magazine Vulnerability Assessment Tool of the Year Award in 2012.

3. About eGestalt Technologies Inc.
eGestalt (www.egestalt.com) is a world-class, innovation driven, leading provider of cloud-computing based
enterprise solutions for information security and IT-GRC management. eGestalt is headquartered in Santa Clara,
CA, and has offices in the US, Asia-Pacific and Middle East. eGestalt SecureGRC was given a rating of 4.5 stars (out
of a maximum 5) with 5 stars for Features, Support and Value for money by SC magazine in June 2012. In Feb. 2012
eGestalt President Anupam Sahai was named a Channel Chief by Everything Channel's CRN. eGestalt has been
ranked in the Top 10 Vendors for Compliance Management and Data Access & Security by Hypatia Research, Q4
2011. eGestalt was nominated Breakthrough Technology Vendor at XChange Americas, Aug. 2010, and selected by
SiliconIndia among the "Top 10 Security Companies to Watch." Its SecureGRC application was voted runner-up in
the Managed Services Category at XChange Tech Innovators, Nov. 2010. In Sept. 2011 it was selected by Everything
Channel as a 2011 CRN Emerging Technology Vendor as well as a 2011 Tech Innovator for Managed Services.
Press Contact:
Victor Cruz
Principal, MediaPR.net
For eGestalt Technologies
vcruz@mediapr.net