SECURITY AUTOMATION

G2 wrote the book on Security Automation, and we provide our clients with the understanding and capabilities to leverage automation to secure their most valuable information. As long as there has been information, there has been the need to protect its confidentiality, integrity, and availability. At its core, security management, the process of securing a system and maintaining security throughout its life cycle, requires a broad array of technical, management, and operational steps. Successfully managing those steps in today's digital world requires an automated, near-real-time approach.

G2 helped create many of today's security automation standards, such as the Security Content Automation Protocol (SCAP). Automation enables the organization to consistently identify what needs to be protected, and informs about threats and vulnerabilities that affect important people and systems. Automation enables consistent management and reporting about the organization's security posture, and enables effective, resilient response when necessary.

Not only is G2 home to some of the world’s foremost subject matter experts in security automation, we are also big supporters of the security automation cause. To help our clients author Security Content Automation Protocol (SCAP) eXtensible Markup Language (XML), G2 is pleased to release the Enhanced SCAP Editor (eSCAPe)

Our Track Record of Relevant Security Automation Accomplishments


DateAccomplishment
2007
Integrated the Tenable Enterprise Security Feed into the Department of State's iPost application
2007
Provided independent validation of original FDCC content for NIST
2008
Began working with NIST and DoD to develop the following remediation specifications including: Common Remediation Enumeration (CRE), Extended Remediation Information (ERI), Open Vulnerability Remediation Language (OVRL), Event Management Automation Protocol (EMAP) and Common Event Expression (CEE)
2008
Submitted the WUA update searcher test and code for OVALDI for OVAL 5.5
2008
Worked with NIST to write the SP 800-126 Specification for SCAP
2009
Developed the gold disk to SCAP conversion tools that NIST provided to FSO.
2009
Formed a partnership with RedHat to initiate the OpenSCAP Work
2009
Wrote IAVM SCAP content for the Department of Defense
2009
Created Windows 7 STIG SCAP content, was used as basis for remediation tool built by SCC, and content was eventually published by DISA
2010
Created SCAP content for multiple STIGs (apache, sql server, tomcat, HBSS) as part of multi org effort to provide SCAP content to DISA
2010
Created the open source SCAP editor eSCAPe
2011
Led the effort to create USGCB content for windows 7
2011
Generated OCIL for all existing STIGs
2012
Supported NIST and US-CERT in automated incident handling and Structured Threat Information eXchange (STIX).
2012
Wrote draft of next version of OCIL, presented at Dev Days, led working group at ITSAC
2012
Created the SCAP 1.2 Validation program
2012
Wrote the book Security Automation Essentials published by McGraw Hill
2012
Led the USGCB content development for RHEL 5
2012
Helped co-write the specifications for Continuous Asset Evaluation, Situational Awareness, and Risk Scoring (CAESARS) Framework Extension that extends automated assessment to continuous monitoring
2013
Created Security Patch content for NIST