Automate every technical control out there.

We built this platform ground up with a single purpose - to assess complex controls at application and solution level.
Learn More Learn More
Image

The visible parts

The visible parts



Image

Bots

Each bot is a collection of logically related controls. Bots are modular and licensed. Subscribe to each bot, add it to the platform and instantly enjoy enhanced control coverage.


Image

Bots

Each bot is a collection of logically related controls. Bots are modular and licensed. Subscribe to each bot, add it to the platform and instantly enjoy enhanced control coverage.

Connectors

The data collectors that work hard behind the scenes to bring data securely and automatically from the target application, requiring no agents to be installed on your application. The connectors are themselves modularly architected, supporting multiple versions of an application, to support complex real life deployments. Work on anonymization and pseudonimization is done here. Connectors can be geo-distributed to allow data collection near source in regulated environments.


Image

Image

Connectors

The data collectors that work hard behind the scenes to bring data securely and automatically from the target application, requiring no agents to be installed on your application. The connectors are themselves modularly architected, supporting multiple versions of an application, to support complex real life deployments. Work on anonymization and pseudonimization is done here. Connectors can be geo-distributed to allow data collection near source in regulated environments.




Image

Reports

Assertion ships with out-of-the-box reports that cater to all the stakeholders - CISO, auditor, and operational team. And for more reports, you can always use our reporting engine to slice and dice data the way you need.


Image

Reports

Assertion ships with out-of-the-box reports that cater to all the stakeholders - CISO, auditor, and operational team. And for more reports, you can always use our reporting engine to slice and dice data the way you need.

The architecture



Image

Normalise data

What makes enterprise security a challenge is 'scattered data'. With 100s of data sources, each in a different format, how do you bring them together to get a consistent picture. SIEM gives you that for the logs, but not for configurations and other pieces of info. Therefore Assertion. The platform allows you to pull data from various sources, orchestrate it, and then send it to the bots for control assessment.


Image

Normalise data

What makes enterprise security a challenge is 'scattered data'. With 100s of data sources, each in a different format, how do you bring them together to get a consistent picture. SIEM gives you that for the logs, but not for configurations and other pieces of info. Therefore Assertion. The platform allows you to pull data from various sources, orchestrate it, and then send it to the bots for control assessment.

Assertion Data Format

How do we marry data from Sales force with that from Active directory? The magic is in the abstract data notation called ADF. ADF is a json based data structure that acts as a "standard" container that Assertion's services work on. Data which is streaming in from various sources, in various formats gets first converted to ADF, so all upper level services can work on a single data format.


Image

Image

Assertion Data Format

How do we marry data from Sales force with that from Active directory? The magic is in the abstract data notation called ADF. ADF is a json based data structure that acts as a "standard" container that Assertion's services work on. Data which is streaming in from various sources, in various formats gets first converted to ADF, so all upper level services can work on a single data format.




Image

Separate control and data

Security principles and Regulations are abstract in nature, but when we write specific controls, we tend to bind the control to the data source. This makes the control non-portable. We worked hard to architect the system such that a control can be written once and used multiple times. Control is all about the "intent", and it shall "adaptively" apply based on the data source. E.g. "Close it" is a directive, that will be interpreted by you differently for a door, a window and a bottle.

ADF and data normalisation helps controls to only indicate the "intent", thereby remaining abstract and portable. Now, it is possible to apply the same control irrespective of which vendor you use, or whether you are using an on-Prem or cloud service. Power to IT teams, they can now upgrade, migrate and transform their enterprises, while Assertion takes care of the security and compliance.


Image

Separate control and data

Security principles and Regulations are abstract in nature, but when we write specific controls, we tend to bind the control to the data source. This makes the control non-portable. We worked hard to architect the system such that a control can be written once and used multiple times. Control is all about the "intent", and it shall "adaptively" apply based on the data source. E.g. "Close it" is a directive, that will be interpreted by you differently for a door, a window and a bottle.

ADF and data normalisation helps controls to only indicate the "intent", thereby remaining abstract and portable. Now, it is possible to apply the same control irrespective of which vendor you use, or whether you are using an on-Prem or cloud service. Power to IT teams, they can now upgrade, migrate and transform their enterprises, while Assertion takes care of the security and compliance.

Normalise controls

Anyone who has gone through 2 audits know that comparing reports to know if you have improved or not, is impossible. This is because everyone uses their own control nomenclature, making historical comparisons and forward predictions tough. We do two things to help you normalize controls:

  1. We map our controls to content providers like UCF, so you can benchmark against a reference and keep your controls up to date with standards and regulations.

  2. Our controls help you standardize your assessment. Now, when you want to report against a particular regulation, all you need to do is pull out a report to submit to the auditors.


Image

Image

Normalise controls

Anyone who has gone through 2 audits know that comparing reports to know if you have improved or not, is impossible. This is because everyone uses their own control nomenclature, making historical comparisons and forward predictions tough. We do two things to help you normalize controls:

  1. We map our controls to content providers like UCF, so you can benchmark against a reference and keep your controls up to date with standards and regulations.

  2. Our controls help you standardize your assessment. Now, when you want to report against a particular regulation, all you need to do is pull out a report to submit to the auditors.




Image

AI and ML

Our intent is to learn what controls are failing in real life, when, where and why. Based on the results, we learn to strengthen the controls and "suggest" when you should be scanning. We also learn the resolutions done to fix the identified violations and can "suggest" when similar violations are found. Based on historical data, and how your posture is moving, we can "predict" what controls will fail and how to reign in the risk.


Image

AI and ML

Our intent is to learn what controls are failing in real life, when, where and why. Based on the results, we learn to strengthen the controls and "suggest" when you should be scanning. We also learn the resolutions done to fix the identified violations and can "suggest" when similar violations are found. Based on historical data, and how your posture is moving, we can "predict" what controls will fail and how to reign in the risk.

Expandable



Image Image

Connector building blocks

Extend Assertion's control assessment to your proprietary applications. Write a connector using the API provided and place the building blocks together to rachet up a quick connector. Become our development partner, get your security key, and get started with the development.

Image

API for controls

Have a huge set of home grown controls that you want to automatically assess? Code your own controls using the development environment, combine them into bots and load it on your platform. Become our development partner, get your security key, and get started with the development.


Image


Image

Image

REST based UI

The UI is loosely bound to the core, allowing front-end customisations, re-skinning, re-branding and aggregations easily. If you would like to partner with Assertion, and have us do the back haul work, while you retain the front-end to the customer, please write to us.

Where are we headed


Image

B.Y.O.A

Bring your own application (data source) to the party. With the graphical data mapper, running automated control assessments on your application is just minutes away. Connect your application, select a bot, map the data the app exposes to what the bot needs, and off you go!


Image


Image Image

Conversational interface

Web and mobile apps are so passe. It is time to talk to your Assertion. Very soon we will be introducing conversational interface to Assertion as a BETA program for select customers. Now, they can interact with the system in natural language. Ain't that cool?

Image

O.C.N

Open Compliance Network, our vision to close the loop on regulators, auditors, enterprises, universities that foster research and device manufacturers in a block chain-like trust network. With IoT devices taking over the world, the number of connected devices that pump out data is exploding. How do we ensure security and compliance posture in real time?

OCN is a platform play that allows anyone to link up their device, use the available bots to monitor their device(s) continuously. With universities and students actively pursuing their research, the depth and breadth of controls available will explode - helping companies manage the exploding risk


Image


Image

Image

Assertion protocol

With IoT devices taking over this earth, there is no way we can play catch up trying to wire up all of them into our security net. The best way, invent a protocol that encourages (and then mandates) these devices to expose certain information towards Assertion. Just like SNMP is a standard today, we need a standard to assess controls, so we can maintain a relatively safe operating environment. Assertion protocol is an attempt to do that.

Image

T-model of risk management

Our philosophy on how risk needs to be managed in an ideal enterprise, the T-model talks about automation in security design, starting from Governance all the way into Compliance functions. This decade long journey will see us bring in a declarative language to author controls, auto-generating bots, influencing regulations to be published in a machine readable format, auto processing of regulations to generate controls, mapping controls to business applications, role playing a regulation to understand business impact and so on.


Image

Don't think. Just click.

Learn how your organisation can leverage our platform
Learn More