Could you elaborate on your solution offering?
Our value proposition lies in our flagship software product, CimTrak, a system integrity monitoring software. It runs on-premise in the customer’s organization and helps them understand what has changed throughout their infrastructure. Most of the players in the market look at the changes merely from the file integrity monitoring perspective. We, on the other hand, try to understand what has changed throughout the system overall from files, configurations, users, and registry-related entries. We take a holistic view to check what has changed in point-of-sale systems, database configurations, active directory, or network devices such as Cisco routers, firewalls, and switches. Our solution detects all of these changes throughout enterprise for the main reason of true integrity. If your system is currently running in a state of integrity and you expect it to work in the same state tomorrow, then you have to find out the alterations to the behavior of that system.
We believe that integrity is the foundation of security. Therefore, we focus on maintaining the integrity of key IT infrastructure components and understanding if they have deviated from their expected state. An example of this could be a new virus that has crept into the system. Monitoring IT infrastructures closely gives us the ability to detect new types of threats that alters that state of integrity. It allows us to respond instantly to zero-day attacks, giving our clients a better understanding of their security throughout the organization. This way, organizations know what has changed in real-time, and do not have to face a situation where they would only realize a system has been altered months later. The average time to detect a breach is close to 195 days.
Our mission is to help them reduce that gap from 195 days to milliseconds. Another primary value proposition for us in our tool CimTrak is its ease of use. We make the implementation of the right tools in place as simple as possible, helping them secure the infrastructures.
How do you help clients get up and running with CimTrak? Do you provide any training to your clients to use your software?
The installation of our software is rapid and easy.
We take a holistic view to check what has changed in point-of-sale systems, database configurations, active directory, or network devices such as Cisco routers, firewalls, and switches. CimTrak detects all of these changes throughout enterprise for the main reason of true integrity
How do you help your clients to meet their compliance needs?
Every customer has to deal with one or more compliance-related mandates, and each one of these compliance mandates differs per sector or industry. For instance, if you are a hospital, then you have to be HIPAA compliant. However, hospitals also take credit cards. That means they are also subjected to PCI DSS compliance regulations as well.. Based on the parameters set by the client, such as how often they want to run the tests, our software automatically identifies and associates the tests they should run within their infrastructure to stay compliant with PCI DSS, HIPAA, NERC-CIP, GDPR, SWIFT, or any other compliance mandate needed.
With a subtle and in-depth analysis, we provide the client guidance to alter specific settings of windows machines or system files to meet compliance initiatives. Additionally, if anything goes wrong either from the security perspective or from a compliance perspective, our tool has a built-in ticketing system.
CimTrak can identify these issues and quickly notify the security team while initiating the remediation process simultaneously. Customers receive all details and take the necessary steps to put the system back into a state of compliance.
This way, organizations don’t have to wait to perform an audit on a yearly or quarterly basis. With CimTrak, they can do it everyday, anytime, or whenever they want as per their convenience. Additionally, CimTrak’s ease of use and self-healing capacity gives us a competitive advantage over other players in the space. Unlike our competitors, we don’t stop at letting you know something happened, but we do that in real-time and remediate it, which saves a tremendous amount of man-hours.
Which are the industries that you cater to?
We are not an industry-specific tool; we do our best to create one platform that can be adapted by every significant vertical. From healthcare, retail, utility, to financial services, and every company that accepts or stores credit card information, we cater to all. Moreover, the primary branches of the military and the government use our software to meet their security requirements.
Could you share a case study or customer success story where you have helped your client with the challenges they were facing?
Zoom Video Communications approached us to help them meet the compliance requirements for FedRAMP and Service Organization Controls(SOC) 2 frameworks while ensuring security and integrity across the infrastructure. With thousands of systems deployed across the globe, they were finding it cumbersome to be compliant. CimTrak’s file integrity monitoring software helped Zoom detect changes to servers and network devices in real-time and provided protection against unauthorized access to Zoom’s network infrastructure.
Where do you envision the company in the next few months?
This year, we are launching a new component of our product, called the Compliance Module for CimTrak, which addresses 44 various compliancies. It helps monitor systems to ensure that they are adequately hardened. It also allows users to set policies according to their organization policies, such as password standards and settings, screen lock, and screen saver lock. It involves a variety of high-level features that would enable scanning and auditing against different compliances like PCI DSS and NERC. Also, the system can monitor and scan against CISO benchmarks and DISA STIGS. From a business perspective, we plan to go in-depth exploring our existing markets further to build stronger and deeper relationships while also expanding our international sales presence.