Hands-on Review: Cynomi AI-powered vCISO Platform
The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcing security and compliance leadership to a vCISO, these organizations can more easily obtain cybersecurity expertise specialized for their industry and strengthen their cybersecurity posture.
MSPs and MSSPs looking to meet this growing vCISO demand are often faced with the same challenge. The demand for cybersecurity talent far exceeds the supply. This has led to a competitive market where the costs of hiring and retaining skilled professionals can be prohibitive for MSSPs/MSPs as well. The need to maintain expertise of both security and compliance further exacerbates this challenge.
Cynomi, the first AI-driven vCISO platform, can help.
Cynomi enables you - MSPs, MSSPs and consulting firms - to provide vCISO services at scale - without straining your existing resources. Cynomi is modeled after the knowledge of the world's best CISOs, allowing you and your clients to gain access to expert-level security and compliance insights and tools.
Cynomi provides the two main vCISO pillars, security and compliance, in an automated and actionable manner. This includes security assessments, gap analysis, compliance readiness, policy creation, task management and reporting. With Cynomi, you will benefit from increased revenue, a growing customer base, reduction in risk assessment time, a decrease in report generation time, well-structured processed and shorter employee onboarding times.
Let's see how easy Cynomi is to work on:
Setting Up and Managing Multi-Tenant Accounts
Focusing on partners, Cynomi was designed to support multi-tenancy. You can independently create and manage a separate sub-account for each of your clients, allowing you to easily manage and track each one, as well as giving them access to Cynomi.
Figure 1: Cynomi account management screen |
To support your scalability and growth, you can delegate roles and ownership among your team for each client account. You will still enjoy admin-level cross-account visibility and privileges.
For centralized management of all your clients, Cynomi provides a unified account management screen where you can edit user details, resend invitations, unlock blocked accounts and more.
Wherever you are on the platform, you're always just a click away from the admin panel and all your user accounts.
Building a Cyber Profile with an Onboarding Questionnaire
Onboarding a new client starts with gathering high-level information about them, allowing to build a relevant remediation plan. This includes an onboarding questionnaire about their infrastructure. Once completed, Cynomi generates a tailored set of short follow-up questionnaires for security posture evaluation.
Figure 2: Cynomi onboarding questionnaire |
Figure 3: Cynomi tailored-made follow-up questionnaires |
Completing all the questionnaires delivers a comprehensive view of client security posture and gaps. Based on the responses, Cynomi offers custom tailored policies that cover all steps required for remediating security gaps.
Questionnaires can be revised at any time if a client's environment changes. Policies will be automatically updated accordingly.
Internal and External Scans
To augment and complete your understanding of your client's cyber profiles, Cynomi allows you to scan and assess their external and internal assets.
External Scanning:
For assessing the security of externally exposed assets, Cynomi scans IPs and URLs and discovers vulnerabilities as well as secured configurations. This includes scanning risky ports, checking protocols and encryption, verifying email configuration parameters, technology updates of web applications and more.
Figure 4: Cynomi scan results screen |
Users can drill down into each scan finding to see an in-depth description and remediation options. Any detected vulnerabilities are automatically added to the account's task list, according to their severity.
Figure 5: Drill-down to a specific finding |
Scan results are available in just a few minutes.
Internal Scanning:
For discovering vulnerabilities in the client's internal networks. Scans cover client assets like active directory and endpoints and assess its security hygiene and configuration.
You can also upload your NESSUS external scan, Qualys external scan or Microsoft Secure Score CSV files.
Scan findings are aggregated in an aggregated table and linked to the relevant tasks and policies they are related to.
Security Assessment
Cynomi continuously parses each client's cyber profile against industry-specific security standards, regulatory frameworks and industry-specific threat intelligence. These are coupled with the information from the security questionnaires and the scans.
Based on the company-specific profile, the relevant cyber domains are dynamically picked with the optimized requirements. Each requirement is assigned a criticality level, representing the importance of this requirement for the organization's security posture. Risks such as ransomware and data leak are calculated as well, based on the organization's sensitivity to those attacks.
The result is a single pane of glass view of each client's overall security posture and its progress over time.
The dashboard includes:
- Overall security posture score
- Vulnerability and exploit gap analysis
- Risk score for a specific threat vector
- Remediation plan with actionable prioritized tasks
- Status against various compliance frameworks requirements
Figure 6: Cynomi main dashboard |
Comprehensive, Continuous Compliance Assessment
For meeting compliance requirements, Cynomi presents the client status against various compliance and security frameworks (list continuously updated):
- CIS v8
- ISO 27001
- NIST CSF 1.1
- NIST CSF2.0
- NIST-171
- NIST-SSDF
- SOC 2
- CMMC L1, CMMC L2
- GDPR
- NIS2
- PCI-DSS
- HIPAA security
- Cyber Essentials
- FTC Safeguard Rule
- SEC compliance
- ICS Cyber Security
- CCPA
- FFIEC
The compliance module is actionable and allows seeing the details of each control in each framework and how each task maps into each framework.
The compliance status against frameworks is updated continuously so you are always aware of your client's readiness level.
Figure 7: Cynomi compliance dashboard |
You can also download a dedicated compliance status report per client. The report includes:
- Overall compliance status
- A list of controls
- Maturity level
- Control status
- Control mapping to framework
- Implementation status
- A link to the relevant Cynomi tasks
With this information, you can easily understand where your clients stand and what gaps need to be closed in order to comply with different frameworks. You can then build a remediation plan for each framework you selected with just a few clicks.
Tailor-made Security Policies
It's time to get down to business. Cynomi automatically generates a set of policies for each client. They are custom-created leveraging decades of built-in CISO expertise and crafted to be easy to follow and actionable.
On the policies view, you'll find:
- The company score for all generated policies
- The option to drill down into the details of each policy, including purpose, scope and protection requirements
- Information on the tasks and progress that need to be completed for securing the policy's domain
For example, this policy screen shows the client's score per policy and allows you to drill down to see a breakdown of the policies requirements.
Figure 8: Cynomi policies screen |
Policies are editable and customizable.
Actionable, Prioritized Remediation Tasks
Modeled after the knowledge of the world's best CISOs, each policy requirement is also translated into an actionable task for remediation. Tasks are easy and intuitive to understand and follow and are displayed in an AI-generated prioritized list that includes its severity and status.
Task types include:
- Technical controls
- Administrative procedures
- Security components configurations
- And more
Figure 9: Cynomi tasks screen |
The list and tasks can be edited. This flexibility allows the operating vCISO to postpone or defer certain tasks without affecting policy status or severity.
To track and manage tasks, users can apply filters, jump back to tasks that are already in progress, or focus on high severity tasks only. All progress is tracked, and tasks completed are automatically reflected in the client's overall security posture score.
To execute and understand tasks, each task can be drilled into for step-by-step guidance on putting a control in place or mitigating the risk. Tasks are also customizable, allowing you to add best practice guidance, as well as evidence that supports the task.
Figure 10: Drill-down to a specific task |
Plan and Roadmap
Cynomi leverages AI and automations to create a suggested plan. Then, the Cynomi platform provides the user with a wealth of tools and capabilities for planning, ongoing task management optimization and progress tracking:
- Assigning tasks to short-, medium- and long-term plans
- Allocating tasks to plans
- Adding due dates
- Filtering according to framework, due date, status, and more
- Editing tasks per changing needs
- Adding information and evidence to each task, per account or across the board, with specification, details and recommendations
- Adding product and service recommendations to tasks for upselling new services
Figure 11: Cynomi automated risk mitigation plan |
Customer-facing Reports
Cynomi includes built-in customer-facing reporting for each client. You can generate reports at the click of a button with your own branding showing the client's security level, improvement, trends, compliance gaps and comparisons with industry benchmarks. Reports include:
- Full Report - Your client's cybersecurity posture. Use the report to present your clients' status to them and your suggested remediation plan. Over time, updating the report will show the security improvements you helped them make.
- Risk Findings Report - Your clients' risk exposure based on the platform scans.
- Compliance Report - Your clients' compliance readiness and status.
Figure 12: Cynomi reports |
These reports can help you to easily show your clients their current cyber posture status, the progress you helped them make and the impact of your work. Use these reports to open up conversations with management, IT and other stakeholders. Show them the security risks, help them understand requirements and demonstrate progress as each task is completed.
Continuous Optimization
Unlike one-time assessment tools, Cynomi continuously updates your client's risk score, compliance readiness policies and tasks and shows progress over time. These are based on changes in your client environment, regulatory requirements and industry-specific threat intelligence. With this information, you can rest assured that you will always stay on top of your clients' compliance and cybersecurity posture and demonstrate the value of your strategic cybersecurity service to them.
The Bottom Line
Cynomi's AI-powered vCISO platform is designed to help MSPs and MSSPs grow their business and revenue through vCISO services. Cynomi helps service providers deliver comprehensive vCISO services to SMBs and SMEs, from risk assessments to security policies to plans and reporting, across both vCISO pillars: security and compliance. By understanding the impact of each task and action on both security and compliance, MSPs/MSSPs can make the most professional decisions for their clients. This allows MSPs and MSSPs to expand their customer base and secure recurring revenue with existing customers.
Cynomi also reduces vCISO tasks' time by over 40% and helps onboard new employees quickly, so responsibilities can be delegated to them, regardless of seniority. By simplifying and standardizing processes, MSPs/MSSPs can onboard employees and customers quickly and cut time-to-value by half.
Finally, Cynomi's reports allow MSPs and MSSPs to leverage reports and demonstrate tangible impact. This opens up conversations with leadership and increases upsell of services and products.
Visit Cynomi website to test it yourself.
Source: thehackernews.com