All documentation of the corporate Information Security Framework, including policies, standards and security procedures, is centrally managed. SWORDFISH also provides effective versioning control and document ownership management.
Using the SWORDFISH platform, all security related corporate assets can be centrally mapped in terms of location, owners, criticality and more. This allows effortless asset decomposition and supports the assessment of asset related risks.
An embedded classification scheme allows access control to information based on the “need to know” principle. Access Control is enforced upon security roles and individual users as well, and the corresponding classification scheme is honored before access privileges are granted.
Logging and Notifications
An integrated logging and notification system provides detailed activity records that can be reviewed and audited on a regular or ad-hoc basis. Notifications can be designed and triggered according to corporate security procedures and can be sent via SMS or Email.
Analytics and Reporting
The Analysis and Reporting engine spans across all SWORDFISH components in order to collect, analyze and provide querying capabilities on all entities of the SWORDFISH ontology model. Users are given a powerful query builder in order to construct queries and save them as views, ready to assist in analytics and decision making.
Powerful reporting functionality and dashboards exist out of the box, but custom reports can also be developed dynamically, addressing individual customer needs. Real time dashboards can be used to monitor the implementation of corporate security procedures by business units or third parties, track down the progress on tasks and monitor activities of external system integrations.
Vendor Agnostic Data System
A single multitenant and scalable database structure providing with a unique ability to analyze and extract valuable information from multiple diversified sources in real time. Our hybrid persistence model combines the best features from RDBMS and NoSQL worlds, in order to support:
- Asset decomposition with customer-defined structures plus unlimited tags and attributes per asset.
- Dynamic workflow forms and questionnaires, which adapt to customer needs and can have multiple sections with unlimited fields per section.
- Flexible relationships between different data-structures (assets, workflow instances, log data, organization-related data) in order to support correlation and business intelligence.
- Big-data ready, supporting large amounts of structured and unstructured data from SIEM, Workflow execution, Correlation engine, external sources etc.
- Analytics and reporting based on dynamic-data aggregation and per customer requirements.
SWORDFISH utilizes a vendor agnostic data layer, storing entities in a distributed nature.
SWORDFISH pushes data and analytics metadata into the unstructured data store to facilitate further correlation and business intelligence based on the raw data collected from internal (Workflow Engine, Ticketing) or external Data Sources (SIEM, WAF, UTM etc)
The workflow engine spans horizontally across all SWORDFISH components, ensuring the smooth execution of the organizational business processes (security-related or other).
A workflow engine developed specifically to address security procedures and activities that typically enable multiple decision paths and require multi forking capabilities based on internal data or integration with external services and/or applications. The workflow engine also includes an integrated logging and notification system, providing detailed activity records that can be reviewed and audited on a regular or ad-hoc basis. Notifications can be designed and triggered according to corporate security procedures and can be sent via SMS or Email.
Dynamic Workflow and Business Process Modeling Subsystem
The enterprise governance and compliance management capability of the Swordfish Governance Component smoothly connects all major elements of Information Security Management, from framework establishment and maintenance to continuous monitoring and reviewing. Using its powerful workflow engine clients can develop, define and streamline security procedures. SWORDFISH allows the allocation of tasks to security roles as well as end-users, and defines deadlines, priorities and escalation paths, based on corporate security requirements and regulations.
The Unified Ticketing engine is utilized by the Risk, Compliance and Operations components, providing a centralized ticket repository regardless of the task types and special characteristics of each module. Through this unified ticketing engine, users can be massively assigned and notifications can be sent. Last but not least, through unified ticketing, each task is a subclass of a ticket, sharing common properties and utilizing the same search and reporting capabilities.
The SWORDFISH Technology can be integrated with a number of third-party technologies in order to collect information valuable to compliance, risk and vulnerability management. Data can be collected, normalized and analyzed using “connectors” technology that brings together valuable information under one database that however exists in difference worlds. Such “hidden” information, when normalized and consolidated, can unveil very important information in terms of the client’s security posture.
- Asset Discovery Connectors for populating the SWORDFISH Universe.
- Vulnerability Connectors for importing scan results and related vulnerabilities for organizational assets.
- SIEM Connectors for utilizing popular SIEM technologies and correlating event data with the workflow engine.
- Third-party workflow systems in order to support inter-process communication between the SWORDFISH workflows and external custom or commercial software.