Technology Partners

When it comes to cutting-edge managed cybersecurity, nothing but the best will do.

That’s why we’ve partnered with trusted industry leaders Ostendio and Swimlane to marry best-of-breed Governance, Risk, and Compliance (GRC) and Security Orchestration, Automation, and Response (SOAR) tools with TMG’s proven Security Operations Center (SOC) analysts; engineers; consultants; and experts.

The result?

A powerful and unmatched, end-to-end cybersecurity management and protection solution for businesses of all shapes and sizes.

Ostendio is the only risk management platform that goes beyond a Governance, Risk, and Compliance (GRC) platform to strengthen your business operations, supply chain, and everyone you rely on with continuous security that is always on and always advancing. With layers of protection that provide critical support for your unique risk management domains, Ostendio extends to every part of your business.

Internal and External Assessments

  • The Ostendio MyVCM Assessment Module allows security assessments to be created and conducted internally or sent to external organizations, e,g,, vendors
  • Assessments can be sent to both organizations within the MyVCM Trust Network and others as part of an invitation to join the network
  • Assessments can also be received from auditors within the Auditor Connect marketplace, allowing formal industry audits to be conducted by certified auditors within the Assessment Module
  • Assessment responders can provide answers, upload evidence, and link to artifacts directly from within their own MyVCM instance, ensuring information is always current and up-to-date
  • Assessments can be created from over 100 industry templates; from a custom assessment import; or manually
  • All assessments include question text and instructions; standard and custom answer types; question weightings; answer scoring; help text; and links to supporting information such as security tags
  • Questions can be marked complete when finished and locked when being reviewed

Document Management

  • The MyVCM Document module provides all the features of a fully operational Document Management System
  • The module supports multiple file types including documents; spreadsheets; images; media; and many more
  • The module can be used to store and distribute business, security, legal, and HR policies; procedures; contracts; collateral; etc.
  • Documents can be stored in draft or published for broader distribution, including a customizable requirement for acknowledgement by electronic signature
  • The module supports an advanced, multi-level approval workflow
  • Documents can be edited online within the MyVCM platform, supporting most common document collaboration features including track changes; comments; and chat
  • All files are fully version controlled with major, minor, and draft release options, plus a full archive of all previous versions is maintained
  • Documents and PDFs can be published to a fully searchable, web accessible wiki to enable easy access for the entire company

Training and Assessment

  • All security programs require users to be trained and demonstrate comprehension in the subject matter
  • The Ostendio MyVCM Training Module allows one-time and recurring training programs to be scheduled for individuals or groups, e.g., all new employees, all sales, etc.
  • Training content can be hosted within the platform, or linked to external resources
  • Customizable quizzes can be added to test for comprehension, with appropriate pass rates set
  • Students can download a pass certification or resubmit depending on their results
  • Ability to generate reports to track who has been trained and when

Audits, Tasks, and Validation Activities

  • Create recurring tasks to track auditable actions like user account access; data backups; clean desktop policies; recurring security meetings; technical reviews; and more
  • Assign tasks to specific individuals or artifact owners
  • Set compliance requirements, like pass/fail; single/multiple submission; or strict deadline versus allowing late submission
  • Associate or link evidence to activities like screenshots, logs, certificates, etc.
  • Create and track remediation activities with failed audits
  • Demonstrate compliance by linking past and future actions to relevant policies and processes
  • Maintain an auditable history of all actions and changes

Asset Management

  • Track all assets including physical hardware, virtual hardware, software, SaaS, PaaS, and IaaS
  • Manage and track user access to assets
  • Set data policies within assets
  • Set and track asset risk and manage remediation
  • Track change requests and schedule data access audits
  • Track multiple attributes including warranty information, location, documentation, cost, serial and part numbers, and possession information
  • Define Business Impact Analysis (BIA) including Recover Time Objective (RTO), Recovery Decision Objective (RDO), and Recovery Point Objective (RPO)

Incident Management and Breach Response

  • The Ostendio MyVCM platform includes a fully functional ticket management system
  • Tickets and sub-tickets can be created to track access requests; perform change requests; conduct risk mitigation; and manage incidents
  • Tickets can be marked private to add an additional layer of confidentiality for sensitive issues
  • The module supports an advanced, multi-level approval workflow
  • Smart tickets can be used for onboarding and offboarding users
  • The module includes an FDA CFR 21 Part 11 and ISO 13485 Compliant CAPA (Corrective Action/Preventative Action) workflow
  • The tickets module can be integrated via API to other ticketing tools such as Zendesk; JIRA; Salesforce; ServiceNow; and many more

Third Party/Vendor Risk Management

  • Track and manage all vendors, partners, and other third-party stakeholders
  • Associate relevant artifacts including vendor contracts, agreements, SLAs, etc.
  • Invite third parties to connect via the MyVCM Trust Network
  • Send ad-hoc or recurring Risk Assessments to one or multiple vendors
  • Use over 100 industry standard templates or create your own custom assessments
  • Risk score responses, apply risk weightings and assign remediation tasks
  • Gain access to real-time security data from your vendors

Enterprise Risk Management

  • Take a risk-based approach to building your cybersecurity management program
  • Create risks and associate risk items, e.g., people, assets, facilities, and locations
  • Use risk qualification to assess risk level and perform risk scoring
  • Set risk targets and develop risk mitigation activities to achieve target objectives in a timely manner
  • Track, measure, and manage risks and risk mitigation at an artifact; group; organizational; or geographic level
  • Map risks to any industry standard to measure compliance
  • Maintain a three-dimensional risk register to see all risks by severity, stage, and status
  • Easily visualize risk progress from initial risk to current risk, and current risk to target risk
Ostendio is the only risk management platform that goes beyond a GRC platform to strengthen your business operations, supply chain, and everyone you rely on with continuous security that is always on and always advancing. With layers of protection that provide critical support for your unique risk management domains, Ostendio extends to every part of your business.

Internal and External Assessments

  • The Ostendio MyVCM Assessment Module allows security assessments to be created and conducted internally or sent to external organizations, e,g,, vendors
  • Assessments can be sent to both organizations within the MyVCM Trust Network and others as part of an invitation to join the network
  • Assessments can also be received from auditors within the Auditor Connect marketplace, allowing formal industry audits to be conducted by certified auditors within the Assessment Module
  • Assessment responders can provide answers, upload evidence, and link to artifacts directly from within their own MyVCM instance, ensuring information is always current and up-to-date
  • Assessments can be created from over 100 industry templates; from a custom assessment import; or manually
  • All assessments include question text and instructions; standard and custom answer types; question weightings; answer scoring; help text; and links to supporting information such as security tags
  • Questions can be marked complete when finished and locked when being reviewed

Document Management

  • The MyVCM Document module provides all the features of a fully operational Document Management System
  • The module supports multiple file types including documents; spreadsheets; images; media; and many more
  • The module can be used to store and distribute business, security, legal, and HR policies; procedures; contracts; collateral; etc.
  • Documents can be stored in draft or published for broader distribution, including a customizable requirement for acknowledgement by electronic signature
  • The module supports an advanced, multi-level approval workflow
  • Documents can be edited online within the MyVCM platform, supporting most common document collaboration features including track changes; comments; and chat
  • All files are fully version controlled with major, minor, and draft release options, plus a full archive of all previous versions is maintained
  • Documents and PDFs can be published to a fully searchable, web accessible wiki to enable easy access for the entire company

Training and Assessment

  • All security programs require users to be trained and demonstrate comprehension in the subject matter
  • The Ostendio MyVCM Training Module allows one-time and recurring training programs to be scheduled for individuals or groups, e.g., all new employees, all sales, etc.
  • Training content can be hosted within the platform, or linked to external resources
  • Customizable quizzes can be added to test for comprehension, with appropriate pass rates set
  • Students can download a pass certification or resubmit depending on their results
  • Ability to generate reports to track who has been trained and when

Audits, Tasks, and Validation Activities

  • Create recurring tasks to track auditable actions like user account access; data backups; clean desktop policies; recurring security meetings; technical reviews; and more
  • Assign tasks to specific individuals or artifact owners
  • Set compliance requirements, like pass/fail; single/multiple submission; or strict deadline versus allowing late submission
  • Associate or link evidence to activities like screenshots, logs, certificates, etc.
  • Create and track remediation activities with failed audits
  • Demonstrate compliance by linking past and future actions to relevant policies and processes
  • Maintain an auditable history of all actions and changes

Asset Management

  • Track all assets including physical hardware, virtual hardware, software, SaaS, PaaS, and IaaS
  • Manage and track user access to assets
  • Set data policies within assets
  • Set and track asset risk and manage remediation
  • Track change requests and schedule data access audits
  • Track multiple attributes including warranty information, location, documentation, cost, serial and part numbers, and possession information
  • Define Business Impact Analysis (BIA) including Recover Time Objective (RTO), Recovery Decision Objective (RDO), and Recovery Point Objective (RPO)

Incident Management and Breach Response

  • The Ostendio MyVCM platform includes a fully functional ticket management system
  • Tickets and sub-tickets can be created to track access requests; perform change requests; conduct risk mitigation; and manage incidents
  • Tickets can be marked private to add an additional layer of confidentiality for sensitive issues
  • The module supports an advanced, multi-level approval workflow
  • Smart tickets can be used for onboarding and offboarding users
  • The module includes an FDA CFR 21 Part 11 and ISO 13485 Compliant CAPA (Corrective Action/Preventative Action) workflow
  • The tickets module can be integrated via API to other ticketing tools such as Zendesk; JIRA; Salesforce; ServiceNow; and many more

Third Party/Vendor Risk Management

  • Track and manage all vendors, partners, and other third-party stakeholders
  • Associate relevant artifacts including vendor contracts, agreements, SLAs, etc.
  • Invite third parties to connect via the MyVCM Trust Network
  • Send ad-hoc or recurring Risk Assessments to one or multiple vendors
  • Use over 100 industry standard templates or create your own custom assessments
  • Risk score responses, apply risk weightings and assign remediation tasks
  • Gain access to real-time security data from your vendors

Enterprise Risk Management

  • Take a risk-based approach to building your cybersecurity management program
  • Create risks and associate risk items, e.g., people, assets, facilities, and locations
  • Use risk qualification to assess risk level and perform risk scoring
  • Set risk targets and develop risk mitigation activities to achieve target objectives in a timely manner
  • Track, measure, and manage risks and risk mitigation at an artifact; group; organizational; or geographic level
  • Map risks to any industry standard to measure compliance
  • Maintain a three-dimensional risk register to see all risks by severity, stage, and status
  • Easily visualize risk progress from initial risk to current risk, and current risk to target risk

Full-code, legacy Security Orchestration, Automation, and Response (SOAR) solutions tend to be overly complex and resource intensive. They require dedicated developers to build integrations and customize playbooks. This leaves smaller or less mature security operations centers (SOCs) ill-equipped to successfully handle legacy SOARs.

Beyond that, legacy SOAR solutions tend to lock organizations into certain vendors and allow little to no ability to automate beyond SOC use cases. They also tend to have been acquired by larger security vendors, slowing down innovation and hindering the ability to integrate with other tools.

That’s why Swimlane’s low-code security automation hits that sweet spot between overly complex full-code solutions and feature/flexibility-poor no-code solutions. The solution is user-friendly, flexible, and powerful enough to automate any security process. Plus it successfully keeps up with an ever-changing threat environment to advance operational efficiency for your business time and time again.

Like our GRC solution, Swimlane’s SOAR is the best in the game. It’s the one we trust.

Security Orchestration, Automation, and Response (SOAR)

Our Security Orchestration, Automation, and Response solution is built on Swimlane’s “Turbine” SOAR engine, customized and integrated for CyberCTRL.

The resulting environment is an always-on, active, autonomous, and adaptable window into your security and privacy programs. CyberCTRL is your “single pane of glass,” powered by low-code security automation, that delivers on the promise of XDR—no matter how complex or decentralized your environment.

Constantly updated by the latest threat and intelligence feeds, CyberCTRL keeps its finger on the pulse of your infrastructure 24×7. It integrates telemetry from every single source in your environment; correlates the results; and reports back to you a fully developed incident response workflow (not just a bunch of meaningless alerts!). These can either be automatically executed or collaboratively produced by your security experts and ours. Moreover, all integrations (not the actual software) and configurations are included as part of the subscription price, including all the necessary work to “load up the system” and tune it to your specific environment.

Turbine

Swimlane Turbine is a breakthrough, low-code security automation platform that captures hard-to-reach telemetry and expands actionability beyond the closed extended detection and response (XDR) ecosystem.
It is different from the traditional security orchestration, automation and response (SOAR) platforms that are notoriously complex and used exclusively to automate basic security operations center (SOC) workflows like SIEM alert triage, phishing, and threat intelligence.

CyberCTRL, through the Turbine Active Sensing Fabric, makes the evolution of security operations possible. Turbine is built to ingest petabytes of data from distributed big data sets. This is important because modern infrastructure has to account for various data streams with webhooks, poll requests, pub/sub, file creation, SMS messages, email messages, and IoT. Turbine ingests from all of these sources, in addition to SIEM logs as needed, in order to move action closer to the source to reduce dwell time. The Active Sensing Fabric listens across the security ecosystem, taking immediate action directly at the source.

Phishing

Reduce mean time to resolution (MTTR)

SIEM Triage

Automate up to 80-90% of incident response processes

Threat Hunting

Increase staff capacity

EDR Alert Triage

Stop breaches earlier in the attack cycle

Digital Forensics & Incident Response

Speed up investigation and response times

Insider Threats

Prevent data loss