www.obrela.com
Swordfish
Real Time Risk
Management
www.obrela.com
2
Real Time Risk Management
OBRELA Security Industries leverages the SWORDFISH
Technology to manage and protect its clients in real time.
“SWORDFISH enables our clients to dynamically manage their security
framework, enforce management, operational and technology security
controls, assess compliance with regulations, policies and standards,
and analyze our risks in real time.
All under a single console.”
Operational security requires a continuous process of awareness, preparedness and readiness; The Information Security Program. A highly
demanding, cross-domain activity that requires effective communication and coordination between people that often have different
knowledge and perspective for information security within the organization. Challenged by the complexity and cost of assembling security
knowledge, which is fragmented, isolated and mostly static, organizations fail to comprehend the real tradeoffs against risk exposure.
SWORDFISH Technology enables organizations to apply an organizational wide information security policy, orchestrating operational security
activities and leveraging the knowledge from people, procedures and technology. The SWORDFISH open architecture, the integration
capability and the potential to adapt to multiple security standards, regulations or frameworks, gives SWORDFISH the power to enforce
organization-wide security models with diverse security requirements, technical infrastructures and risk profiles.
SWORDFISH Technology enables businesses and organizations to take advantage of the unprecedented opportunities created by the
“Internet of things” while mitigating risks. With SWORDFISH the most sophisticated, efficient, sustainable and agile security models can be
realized, across-the-board compliance is achieved and, most important, the whole organization, not just parts of it, is engaged.
www.obrela.com
3
The SWORDFISH Technology is
capable to support and secure
dependable infrastructures mainly
through merging PEOPLE, PROCESS
and TECHNOLOGY.
Why SWORDFISH
Designed as a platform to address different disciplines, security
and organizational models, SWORDFISH does not aim to replace or
compete with any existing product or technology; but rather it
aims to integrate and centralize under a new holistic approach.
SWORDFISH Technology is engineered to dynamically scale and
adopt, providing with the necessary content, applications and gear
(a) to plan, design, build and orchestrate Enterprise Information
Security, (b) to integrate with subset security and business
systems (c) to automate and streamline security procedures, (d) to
consolidate, normalize and correlate information for assets,
people and technology using the unified and structured
SWORDFISH security ontology.
At a glance
SWORDFISH is not
another GRC product or
a new set of tools.
It is a mindset shift.
A shift in real time.
A shift towards
operational security.

Document your Information Security Framework in a
robust, secure and easy to use online environment

Establish and implement an Enterprise Information
Security Program

Enforce your Information Security Framework through a
powerful workflow engine

Measure efficiency and effectiveness of security controls

Assess information and operational risks in real time

Assess, Manage and Demonstrate compliance

Manage and track security assessments for your Vendors
and your organization as well

Assess exposure and rationalize your investments

Plan mitigation actions and track remediation roadmaps
regarding compliance gaps and vulnerabilities

Assign security tasks to appropriate personnel, and
automatically keep track of individual actions

Develop Dashboards and create Reports tailored to your
regulators and senior management needs
www.obrela.com
4
The SWORDFISH Technology offers a modular architecture for tailoring
information security frameworks, building new workflows and integrating with
external data sources.
The Swordfish Technology is engineered to be fully customizable
in terms of user and group access privileges, aligned with both
Corporate and Information Security roles and organizational
structure as well. In effect, our solution addresses the business
needs of the corresponding corporate audiences using the
following modules:
CISO Portal
SWORDFISH serves as the single gateway to the security
organization, allowing easy access to corporate policies and
execution of security procedures through a centralized and access
controlled intranet gateway. CISO portal is used as the central
repository of information throughout the organization. Users can
easily access security policies and standards (respecting the
corporate classification scheme and the “need to know”), and can
easily initiate procedures to complete their tasks. In addition,
available questionnaires and security polls are very effective and
can produce impressive results in terms of security training and
awareness.
Dynamic Workflow and Business Process Modeling
Module
The enterprise governance and compliance management
capability of the Swordfish Technology smoothly connects all
major elements of Information Security Management, from
framework establishment and maintenance to continuous
monitoring and reviewing. Using its powerful workflow engine
clients can develop, define and streamline security procedures.
SWORDFISH allows the allocation of tasks to security roles as well
as end-users, and defines deadlines, priorities and escalation
paths, based on corporate security requirements and regulations.
Access Control
An embedded classification scheme allows client organizations to
restrict access to information based on the “need to know”.
Access Control is enforced upon security roles and individual users
as well, and the corresponding classification scheme is honored
before access privileges are granted.
Reports and Dashboards
Powerful reporting functionality and dashboards are provided by
default, but reports can also be developed dynamically by the
reporting engine. Real time reports can be used to monitor the
implementation of corporate security procedures by business
units or third parties.
Logging and Notifications
An integrated logging and notification system provides detailed
activity records that can be reviewed and audited on a regular or adhoc basis. Notifications can be designed and triggered according to
corporate security procedures and can be sent via SMS or Email.
Content Management
Content that facilitates the development of new security policies or
assists compliance with new regulations can be easily reused and
tailored to your business requirements. A preloaded Content
Library, which includes best-practice policies, control standards,
control procedures, authoritative sources and assessment questions,
is also provided.
Document Management
All documentation of the corporate Information Security
Framework, including policies, standards and control procedures, is
centrally managed. SWORDFISH also provides effective versioning
control and document ownership management. Additionally, easy
import and export of your content is supported.
Asset Management
Using the SWORDFISH Technology, all security related corporate
assets can be centrally mapped in terms of location, owners,
criticality and more. This allows effortless asset decomposition and
supports the assessment of asset related risks. By employing the
embedded asset decomposition functionality, assets can be
decomposed to network or system elements creating a relative risk
matrix, which can be leveraged to interconnect SWORDFISH with
most modern SEM and SIM systems. It is then possible to respond
on a real time basis to risks as soon as they occur.
Vulnerability Management
SWORDFISH Vulnerability Management (VMC) is a centralized
security reporting web application environment, based on a
customized information workflow, optimized for Penetration Testing
and Vulnerability Assessment activity projects. On top of security
reporting, SWORDFISH VMC offers a versatile customizable
workspace, providing monitoring capabilities based on user defined
parameters, allowing the visual presentation of report statistics,
criticality, resolution status etc. according to the reported security
findings.
Collaboration
www.obrela.com
5
The platform facilitates the design and
development of Information Security
Frameworks supported by embedded content
and process models that vary depending on the
industry sector as well as related standards and
regulations.
SWORDFISH functions
as the Single Security
Gateway for
Operational Security.
One through which
everyone and
everything can be
managed, measured
and monitored.
Manage Compliance
The implementation and monitoring of an Information Security Framework constitutes
not only a business need but also a regulatory obligation for many organizations.
Identifying such needs in the market, SWORDFISH assists businesses in demonstrating
the compliance of their entire organization against internal security policies,
international standards and government regulations, through audit questionnaires and
procedure enforcement statistics. Our solution is able to compile real-time and ad-hoc
reports for senior management, auditors and regulators.
By leveraging the SWORDFISH capabilities, client organizations will be able to map
policies and standards to their corporate objectives and regulative sources, such PCI,
ISO/IEC, COBIT, HIPAA, SOX and privacy protection acts. Objectives and sources can be
added over time as your business evolves and new regulations, best practices and
internal requirements emerge. Procedures generate events that can be analyzed
depending on their perceived gravity and the corresponding risk model. Risks can then
be controlled, avoided, or accepted. In addition, the Swordfish Technology offers
compliance management for external Vendors along with mitigation planning. The
solution also provides real-time results and compliance reports designed for different
audiences, including regulators and senior management.
Manage Policy
SWORDFIDH Technology enables organizations to consolidate information, orchestrate
and streamline security activities across the Enterprise in order to reduce overheads,
improve client operational security and rationalize security investments. With
embedded content and a vast number of applications and connectors SWORDFISH
enables organizations to dynamically manage their security framework, enforce
management, operational and technology security controls, assess compliance with
regulations, policies and standards, and analyze information risks in real time - all
under a single interface carefully designed for ease of use.
Automatic procedure monitoring supports the continuous internal auditing of the
organization and provides essential information to decision makers regarding the
enforcement of Information Security Frameworks.
www.obrela.com
6
SWORDFISH as a Service (SaaS) helps you leverage SWORDFISH Technology
without requiring capital expenditures in technology infrastructure or staff
training.
SWORDFISH as a Service (SaaS) helps you leverage SWORDFISH
solutions without requiring capital expenditures in technology
infrastructure or staff training. SWORDFISH services can be
tailored to your information security model and integrated to your
existing security organization and procedures.
Key features:
The look and feel can also be adjusted to address corporate
branding and internal marketing requirements. SWORDFISH is also
integrated with the Obrela Security Industries Corporate Security
Intelligence Services and can be monitored on a real time basis
leveraging existing Security Operations Centers and Infrastructure.
SWORDFISH services can be tailored to your information security
model and integrated to your existing security organization and
procedures.
•
Unique Real Time Risk Management
•
Managed Content and Framework
•
Ongoing Risk Assessments
•
Managed Assurance – Regular Penetration Testing and
Vulnerability Assessments through the vulnerability
management console
•
Managed Compliance
•
Event Management
•
Integration with third party devices and applications
•
Realize lower Total Cost of Ownership (TCO), including
zero capital expenditures
.
Address the root causes of vulnerable infrastructures rather than
developing painkillers for the emerging security threats.
www.obrela.com
7
Applying a horizontal enterprise-wide versus a vertical and typically
technical security model SWORDFISH Technology can improve
operational security in the following domains:
Intelligence
SWORDFISH process automation creates invaluable security related data and records we were never able to
use before, which can now feed correlation engines and produce advanced intelligence and complete three
dimensional enhanced security vision; Correlation of physical security with information security events,
further, enable effective identification of asymmetric security attack patterns that combine property
violation, bypassed procedures, fraud and computer security.
Real Time Risk Management
By using SWORDFISH organizations can now integrate real time intelligence and replace any static
algorithms with real time data. Leveraging SWORDFISH organizations can now adopt dynamic security
models that can prevent foreseen and emerging threats as well as provide the ground for effective response
and threat containment. Risks can be measured, controlled, avoided or accepted. In real time.
Centralization
SWORDFISH functions as the Single Security Gateway for Operational Security. One through which everyone
and everything can be managed, measured and monitored. Organizations can leverage SWORDFISH
platform to design, implement, enforce and monitor operational security through a unified horizontal
organizational workflow comprising vertical and horizontal security processes that are activated, sustained,
or interrupted based on information provided from people, (other) processes and technology (systems).
Automation
With out of the box connectors and the ability to integrate with a vast number of security and business
systems (external workflows, document management systems, ERPs, etc) SWORDFISH integrates people,
process and technology and delivers 3D (three dimension) security as the substance of next generation
information security. Automating procedures and integrating workflows unveils a unique potential for
enterprise security, in terms of recording and monitoring previously invisible fragments of the security
workflow.
Integration with SIM and SEM
SWORDFISH includes embedded connectors that communicate events to respective correlation engines.
The SWORDFISH Technology supports special indexing and metadata formats in order to produce
meaningful events that can be processed and analyzed using prioritization and correlation techniques.
Events that reflect running procedures can be correlated with events that are created by systems,
applications and networks, offering a unique ability to understand risk in real time.
www.obrela.com
Learn More
http://www.obrela.com/SWORDFISH