Dashi USM™ Features
See the below table for a high-level overview of the features and capabilities of Dashi USM™. If you prefer to get a visual, check out our Product Tour.
| Feature | Supported | Description |
|---|---|---|
| Information security management system | ||
| Asset inventory | Knowing what it is you're setting out to protect is the first step in securing your data. Quickly and easily document all your information assets in Dashi USM™. | |
| Risk register | In order to reduce risk, you first need to know what risks you're facing. Dashi USM™ includes an example risk register to kick start your risk management process. | |
| Risk treatment plan | Dashi USM™ takes an integrative approach whereby risk treatment is integrated into the risk register. Score inherent and residual risk, and track the effectiveness of your risk treatments. | |
| Risk assessment | Dashi USM™ provides a structured approach to assessing risks with defined Confidentiality, Integrity and Availability impact thresholds, likelihood, scoring matrix, acceptable risk levels and defined treatment actions. | |
| Policy management | Policies are the foundation of your information security management system. Dashi USM™ helps you manage them with starter templates and an easy to use editor. | |
| Policy tracking | Track policy version history, map policies to controls, and track user policy acceptance. | |
|
Controls (Statement of Applicability) |
Built-in list of controls based on ISO 27001. Add your own controls and map them to your policies. Track implementation status, justification for exclusion/inclusion, and link to policies and risks. Export as Excel. | |
| Enforcements | Keep track of the legal and contractual requirements by which your organization is bound. These form the basis of your information security obligations, and determine when Events become Incidents. | |
| Classifications | Define the classification levels in use within your organization. This helps you to categorize information assets and define policies on handling of assets. | |
| Objectives | Defining, tracking and reporting on information security objectives is a feature we're working on and will be available in a future release. In the meantime, you can use the Documents area to keep track of your objectives and progress. | |
| Supplier management | It is currently possible to add a list of suppliers to Dashi USM™ and link Endpoints to Suppliers. Supply chain risk assessment and supplier management features are planned for a future release. | |
| Security information and event management | ||
| Event management | Search, sort and filter. Acknowledge, close or re-open events. Search for repeat events. Escalate an Event to an Incident. Add comments, review the timeline, log corrective actions. Tag risks and set impact scores for Confidentiality, Integrity and Availability. | |
| Triage guidance | Dashi USM™ provides guidance on how to score event impact, and whether an event can be closed, action taken, or escalated to an incident. | |
| Heatmap | The heatmap provides a visual representation of the impact of Events on your organization. It can help you to identify trends and areas of concern. | |
| Ingestion | Log events manually in the Dashi USM™ interface, or ingest events from external sources via the API or simply by sending an email. Link any system to Dashi USM™ by sending an email to create Events. | |
| Rules engine | Define rules to automatically process Events based on conditions and perform defined actions. | |
| Incident log | Incidents are automatically created when an Event is escalated. Incidents can be linked to Risks and tracked to resolution. A timeline of Events can be created and root cause analysis completed. | |
| Change log | Log changes you make to your systems in the process of managing Events and Incidents for a complete audit trail. | |
| Corrective actions log | Track actions taken to address and prevent recurrence of identified problems or non-conformances. | |
| Event timeline | Repeat events, comments, incidents, actions and changes are all recorded in the event timeline for an easy overview. | |
| Scanning tools | ||
| Subdomain scanning | Add your domain names to Dashi USM™ and it will immediately begin scanning for subdomains linked to them. | |
| Port scanning | Dashi USM™ scans all your Endpoints that have a public IP or hostname assigned for open ports and services. | |
| Vulnerability scanning - external | Perform an external, unauthenticated scan any Endpoint with a public IP or hostname for known vulnerabilities. This is the type of recon a hacker might do when looking for ways to attack you. | |
| Vulnerability scanning - authenticated | An authenticated scan is more thorough and can find vulnerabilities that an external scan might miss, such as missing patches or misconfigurations that cannot be easily detected externally but might still be exploitable. | |
| Vulnerability scanning - Windows | Please note that Dashi USM™ does not currently support authenticated scanning of Windows Endpoints. Unauthenticated scans can still be performed, but the results may not be as comprehensive. Only servers accessible via SSH (Linux/*nix) can be scanned using authenticated scans. | |
| Website security scanning | Dashi USM™ can scan your websites and APIs for known vulnerabilities and misconfigurations. Cross-site scripting (CSS), cross-site request forgery (CSRF), SQL injection, and other common vulnerabilities can be detected. Scans are conducted by trained security professionals using enterprise grade software and are a paid service starting at just $199. | |