In response to increasingly complex and dynamic IT security and threat environments, MetricStream, a GRC and quality management solutions  provider, has made enhancements to its IT GRC solution to empower organizations and employees with a broad range of new advanced tools and functionalities.

MetricStream IT GRC Solution now offers many new and enhanced features, including:

Sophisticated security and risk analytics based on Big Data architecture: The solution aggregates massive volumes of security and threat data from a wide variety of sources (e.g., social media, vulnerability scanners, threat advisories), using Big Data architecture based on Hadoop or MongoDB frameworks. 

It then maps this data to enterprise assets for comprehensive risk assessments and analysis. MetricStream's cutting-edge predictive security and risk analytics engine leverages the statistical modeling and analysis tool, “R,” and filtering and correlation framework, MapReduce, to sort through these Big Data sets, and support threat scenario and risk modeling, enabling the management team to make strategic, data-driven decisions.

Real-time threat intelligence from social media and information security monitoring: MetricStream's social media GRC engine utilizes advanced natural language processing capabilities to analyze social media conversations, facilitate risk evaluations, and trigger issue remediation workflows. The solution also monitors IT infrastructure performance, user activity, and sensitive data flows, enabling pattern anomalies to be detected, analyzed, and remediated early.

Enhanced monitoring of virtualized assets in the cloud: The solution's enhanced and comprehensive monitoring capabilities enables improved security configuration assessments, continuous controls monitoring, risk management, and threat and vulnerability tracking assets across the vast and complex virtualized IT environment. In doing so, it helps organizations quickly detect new and emerging security risks, and maintain consistent compliance with external regulations and internal policy requirements.

Vendor risk management: The solution provides advanced capabilities to assess, identify, manage, and monitor vendor risks across both traditional and cloud based vendors. It also streamlines and standardizes vendor risk scoring and reporting, and provides an integrated vendor risk profile at the enterprise level which, in turn, helps management proactively identify those high-risk vendors which require additional resources and oversight.

New integrations with National Institute of Standards and Technology (NIST) and support for Security Content Automation Protocol (SCAP) standards: The MetricStream solution provides updates on new security threats and guidelines through its integration with automated feeds from NIST and CERT. It also provides support for NIST (SCAP) standards, vendor hardening guidelines, and security configuration baselines. Additional integrations with various third-party threat and vulnerability management tools, threat advisories, and cyber threat monitoring solutions help organizations gain complete visibility into their enterprise-wide IT risk and compliance posture.

Quarterly releases/ updates of IT GRC content: The MetricStream solution includes the latest release of the Unified Compliance Framework, which simplifies IT compliance, and reduces resources and costs by standardizing a common set of controls across all regulations and policies.

The solution also includes licenses to SIG 2013 and AUP 2103 from Shared Assessments, which provides the world's most comprehensive standards for vendor risk evaluation. The SIG and AUP, which are based on multiple industry standards, enable objective and consistent evaluations of third-party IT risks and controls.